FST US 10

Page 1

COVER FST 10 viz2:jan09 29/01/2009 10:54 Page 1

BAPTISM OF FIRE Credit Suisse CIO Karl Landert on his turbulent first months in the job Page 32

www.usfst.com • Q1 2009

STAY ON TARGET Huntington Bancshares CIO Zahid Afzal keeps his head in a crisis Page 86

Sunken

Citi

THE FIFTY BILLION DOLLAR MAN How Bernie Madoff almost pulled off the biggest Ponzi scheme in history Page 38

From domination to disintegration, is the financial supermarket dead in the water? Page 26


IBM_DPS.indd 2

28/1/09 08:39:00


IBM_DPS.indd 3

28/1/09 08:39:04


> CYBERSPACE FAST FACTS

73

5,200

Percentage of all email which is spam

Average number of new strains of phishing attacks per day

900

30

Number of targeted Trojans intercepted per day in Feb 2008

Average number of new strains of email malware per day

150,000

Average number of email-borne malware interceptions per day in 2007

1 billion

Number of web requests scanned by MessageLabs each day

1 in every 17 emails The ferocity of the forst global botnet, Sobig.F

2 million

Estmated number of compromised computers within the Storm botnet

1 in 105

Ratio of emails containing malware

US $ 105 billion

Estimated value of the online shadow economy

2.5 billion Number of emails filtered by MessageLabs every day

DPS2.indd 32

28/1/09 08:40:22


>FURTHER INFORMATION For more information on MessageLabs, please contact: MessageLabs, Inc

8

Toll free 1-866-460-0000 or 1-646-519-8100

www.messagelabs.com USinfo@messagelabs.com

my

DPS2.indd 33

28/1/09 08:40:26


CHoicePoint1.indd 1

28/1/09 08:18:11


EDITORS NOTE FSTUS10:nov08

28/1/09

16:13

Page 5

FROM THE EDITOR

5

He who pays the piper Everybody likes to get value for money. The US government is no exception.

F

“The specific merger transaction clearly has to be seen to have been a mistake. The stockholders have not benefited, the employees certainly have not benefited and I don’t think the customers have benefited.” Ex-Citigroup CEO John Reed (page 26)

“We are not a service provider; we are an IT organization of a financial services institution and we need to understand our business. We need to be respected and accepted by our counterparts and our colleagues in the business.” Credit Suisse CIO Karl Landert (page 32)

all behind on your mortgage payments and your bank is liable to foreclose. So, if you ask the government for $700 billion to stop your business going under, you shouldn’t be too surprised if it wants a say in how you run it. In recent years, whisper the word ‘nationalization’ on Wall Street and you’d be liable to give your audience an attack of the vapors. But desperate times call for desperate measures. The simple fact is that the economy is frozen solid, and there are scant signs of any thaw in the near future. With banks and other financial institutions reporting staggering losses, something clearly needs to be done. Before this year ends, the unthinkable could become a reality. In certain respects, a major financial organization is like a shark. Not, as some might suggest, because it is an implacable predator that cares only about satisfying its appetites, but rather that if it stops swimming forwards, it will sink to the bottom like a stone. The sheer size of a company like Bank of America or Citigroup, means that if it isn’t growing its business it is effectively operating at a loss. As long as the specter of nationalization hangs over the market, shareholders aren’t going to be parting with any more money. The lesson of the now government-run Northern Rock in the UK is too fresh in their minds. That doesn’t leave too many options. Banks could try to attract foreign money, but the idea of investors in the Middle East or Asia owning so much of the US financial system is not altogether popular. In any case, the slowdown is inexorably working its way around the globe, so these potential saviors may not be prepared to splash the cash. That leaves the government as the benefactor of last resort for failing banks. It has already served up huge chunks of taxpayer money, but still the industry falters. How long until President Obama’s new administration decides that the state can do a better job than the private sector and forces itself into a position of more direct control? Many analysts contend that it is now a matter of when rather than if. But the implications of such an event are staggering. Even the US government doesn’t have the financial clout to nationalize the entire banking system, so the best we would get is a takeover only of those poorly performing banks that are deemed too big to fail. This would effectively create a two-lane system where nationalized institutions would be forced to refocus their efforts on providing fewer, simpler products to a principally US customer base. The banks that escape government intervention would be free to innovate in a market dramatically shorn of competition. Or maybe not. Whatever happens with regard to nationalization, increased regulation for the entire industry is a certainty. Fresh controls on transparency, accountability and risk are coming and by accepting so much help from government, the industry’s power to resist its demands is virtually non-existent. Sooner or later, everyone has to pay their debts. For the financial industry, that day is fast approaching.

“It’s all about the people skills, processes skills and then most importantly, the business leadership skills that are a must.” Huntington Bancshares CIO Zahid Afzal (page 86) Huw Thomas


OpenLink.indd 1

28/1/09 08:20:15


CONTENTS fst:jan09

28/1/09

16:12

Page 7

7

CONTENTS FEATURES

Over the hedge? Following last December’s arrest of Bernie Madoff and the discovery of history’s largest Ponzi scheme, FST’s Matt Buttell looks at how its repercussions are likely to reshape the industry for years to come

32 Interesting times Karl Landert’s first few months in the job at Credit Suisse have coincided with an unnaturally turbulent period for the industry. How can we manage IT in an age of uncertainty?

38

86 Route causes How do you navigate through the toughest six months the industry has faced in decades? For Huntington Bancshares CIO Zahid Afzal, it’s all about knowing where you’re going

26 Citi breaks A decade after it changed the financial landscape, Citigroup is falling apart. FST editor Huw Thomas traces the decline of a banking giant


CONTENTS fst:jan09

29/1/09

8

10:41

Page 8

CONTENTS SECURITY RISK & COMPLIANCE

64

100

Jack Halprin

ASK THE EXPERT 48 Andy Jimenez, Anixter 70 Debra Geister, LexisNexis 100 Jack Halprin, Autonomy 104 Christopher McLaughlin, Thunderhead 42 Play your cards right Building solid purchasing card programs requires careful planning

60 No time to lose Data loss is an oft overlooked issue that needs to be tackled immediately, says Michael Osterman

64 Line of defense Challenging markets are changing the rules of the risk management game, says Bank of America’s Nick Jayanetti

68 One small step, one giant leap 46 Lockdown The so-called ‘rock star’ of the security industry, Bruce Schneier, exclusively reveals his thoughts regarding current security issues

Do current markets provide opportunity for smaller organizations to shoot for the moon?

144

David Krauss

72 A broader focus

David Jevans discusses the global war on phishing during the financial crisis

James Beeson of GE Commercial Finance talks to FST about risk management, technology advances and how looking at the GE’s broader setup for inspiration helps provide real ROI

54 Going under

76 Dangerous games

50 Chris Fedde, SafeNet 62 Ken Knowles, OpenLink 94 Steve Stein, EED Inc

TowerGroup’s Bobbi Britting discuses how financial institutes need to serve the underbanked market during the credit crisis

With its enthusiastic trade in credit default swaps, the financial industry is playing a deadly version of pass the parcel, says Sunil Poshakwale

EXECUTIVE INTERVIEWS

52 Phish tales

INDUSTRY INSIGHT

58 The road ahead Hank Farrar and Lauren Hargraves explain how The Federal Reserve and The Clearing House are creating value for banks and their corporate clients

82 Core transformation – evolution, revolution, or die? You’re either re-architecting or it’s too late, says Adam Burns

80 Sanjay Beri, Juniper Networks


Zantaz1.indd 1

28/1/09 08:23:09


CONTENTS fst:jan09

28/1/09

10

16:13

Page 10

CONTENTS BUSINESS STRATEGIES

90 On the lookout

124

E-discovery solutions offer better efficiency and can help reduce IT costs, say Jeffrey Hill and Andrew Stamer

96 The law of the land In a global economy, e-discovery is far from a purely technical issue. Alison Brecher untangles the legal complexities

102 What’s the color of money? Bank of America’s Robert Kee explains that going green makes sense for the business as well as the environment

106 It’s not enough to manage content Doug Miles knows a thing or two about how the ECM industry is changing

110 The end is nigh The age of the static display is over. James Bickers and David Drain explain that digital is future for financial institutions

114 Storage issues Maxim Samo details the challenges of managing not one, but two major data center projects during an economic downturn

118 In the hot seat FST sits down with Liberty Mutual CIO Joanna Young to discuss current issues that are cooking up a storm in both the technology and insurance space

122 The bigger picture It’s not just pricing optimization, it's business optimization, says Tom Schwartz

124 Take one for the team

134

John Lee talks to exclusively to FST and about the challenges inherent in IT today and the real importance of cross-functional teamwork

IN THE BACK

128 Do the right thing?

134 Away on business 136 Quote/Unquote 138 Face off 140 In review 141 Leading by example 142 The onus on bonus 144 Final Word: David Krauss, Symantec

Keith Darcy tells Huw Thomas that the state of business ethics is inextricably linked to the current financial meltdown


Anixter1.indd 1

28/1/09 08:16:53


CREDITS FST10:jan09 28/01/2009 15:40 Page 12

15-17 April 2009 The Lansdowne Resort, Virginia, USA

Chairman/Publisher SPENCER GREEN CEO/Publisher JAMES CRAVEN Director of Projects ADAM BURNS Editorial Director HARLAN DAVIS

Editor HUW THOMAS Managing Editor BEN THOMPSON Associate Editor MATTHEW BUTTELL Deputy Editors NATALIE BRANDWEINER, REBECCA GOOZEE, DIANA MILNE, JULIAN ROGERS, MARIE SHIELDS

Creative Director ANDREW HOBSON

The Financial Services Technology Summit is a three-day critical information gathering of C-level technology executives from the financial services industry. A Controlled, Professional & Focused Environment

Design Directors ZÖE BRAZIL, SARAH WILMOTT Associate Design Directors MICHAEL HALL, CRYSTAL MATHER, CLIFF NEWMAN Assistant Designer ÉLISE GILBERT

Online Director JAMES WEST Online Editor JANA GRUNE

FST ’09 is an opportunity to debate, benchmark and learn from other leaders. FST ’09 is a C-level event reserved for 75 participants that includes expert workshops, facilitated roundtables, peer-to-peer networking, and coordinated technology meetings.

Sales Executives CAITLIN M. DOHERTY, DANIEL, REINHOLD-SHOR, JONATHAN

A Proven Format

Head of Production and Events ROBERT SIMMS

This inspired and professional format has been used by over 100 CIOs and CTOs as a rewarding platform for discussion and learning.

Production Coordinators HANNAH DRIVER, HANNAH DUFFIE, JULIA FENTON

Project DIrector HEATHER C. BRIDEN

MALAVE, STEFANI SEALS

Finance Director JAMIE CANTILLON

“This event continues to be one of the most worthy of the time and expense expenditure for the development of networks and an overview of what is on the minds of other financial services companies.” Robert Kee, Bank of America

Director of Business Development RICHARD OWEN Operations Director JASON GREEN Operations Manager PHILIPPA LUDIN

Subscription Enquiries +44 117 9214000. www.usfst.com General Enquiries info@gdsinternational.com (Please put the magazine name in the subject line)

Letters to the Editor letters@gdspublishing.com

Financial Solutions Technology

“The organisation was excellent with easy transition from private meeting to workshops. Quality of participants was outstanding.” Thomas Butler, Anglo Romanian Bank

33 Whitehall Street, 14th Floor, New York NY 10004, USA. Tel: +1 212 920 8181. Fax: +1 212 796 7010. E-mail: newyork@gdsinternational.com

Find Out More

The advertising and articles appearing within this publication reflect the opinions and attitudes of their respective authors and not necessarily those of the publisher or editors. We are not to be held accountable for unsolicited manuscripts, transparencies or photographs. All material within this magazine is ©2009 FST.

Legal Information

Contact FST at +44 (0) 292 066 3626 www.fstsummit.com

GDS International GDS Publishing, Queen Square House, 18-21 QueenSquare, Bristol BS1 4NH. +44 117 9214000. info@gdsinternational.com


LRN.indd 1

28/1/09 08:19:26


UPFRONT FST US10:12june

28/1/09

16:40

Page 14

UPFRONT

14

P16 From the vault P18 Issue in numbers P20 Top 10 P22 The five-minute exec P24 Company index

A NEW ERA

14

www.usfst.com

J

anuary 20 saw Barack Obama sworn in as the first African-American president in US history.Inhisinauguraladdress,labelledby some as “a speech ushering in an Obama Era,”thenewpresidentmadeacool-headedandobjective analysis of the US’s current situation and stressed his “new economic policy.” The president called for “bold and swift” action ontheeconomy,“notonlytocreatenewjobs,butalso tolayanewfoundationforgrowth”.Obamaalsosaid he would take a pragmatic stance on the economy. Theonlyrightthingtodo,hewentontosay,istoexert

thegreatmarketpowerofmakingwealthwhilelearning lessons from the current financial crisis. “The success of our economy has always depended not just on the size of our gross domestic product, but on the reach of our prosperity; on our ability to extend opportunity to every willing heart,” said Obama. Since his inauguration analysts have been commenting how the speech set the tone for his future policies, however, what determines the success or failure of Obama’s administration will be his performance in office, especially during the first


UPFRONT FST US10:12june

28/1/09

16:40

Page 15

NUMBER CRUNCHING

1,120,000 metro train rides taken on January 20th, setting a new record for one-day ridership

18,000 volunteers provided support for the inaugural activities

8000 members of America’s police departments provided security on Inauguration Day

DATA PROTECTION & PRIVACY EMERGES AS NEW TOP RISK AREA

I

ncreased global competition, economic downturn and tighter regulation has brought greater pressure on business and with it, greater risk. Both companies and governments worldwide have had to make adjustments to cope with these changes in the business climate. Enterprises worldwide now cite electronic data protection and data privacy as their top two business ethics and corporate compliance risks, according to LRN’s 2008 LRN Ethics and Compliance Risk Management Practices Report. Compliance with these electronic data protection and privacy laws is now more complex and has migrated beyond traditional IT functions. Companies doing business in the US have had to respond to the new eDiscovery rule that went into effect in 2007, requiring them to account for and maintain all their internal electronic records including emails, instant messages and electronic documents that

might prove critical in investigations. Increased concern about electronic data risk is the result of the growing amount of electronic data being generated across organizations, combined with new, more stringent regulations and requirements regarding the management and security of data. Global businesses have long had to protect their trade secrets, customer data and employee records, but now they must also comply with the eDiscovery Rule and new data privacy laws and regulations imposed by European governments. Germany, for example, has instituted specific new laws on data protection that go beyond existing EU data protection laws, and in the US 47 states have ratified separate data privacy laws protecting individuals from fraud and malicious use of their data. For more information and to learn more about the research and download the report, please visit http://www.lrn.com/RiskManagement/form.php

Top Ethics and Compliance Risks

13,000 participants marched in the Inaugural Parade

10 jumbo screens on the National Mall broadcasted inaugural events months. History indicates that a new president’s popularity and power to overcome opposition is usually at its peak during his first three months in office. As an American Broadcasting Company (ABC) News poll showed, up to 80 percent of Americans have expressed confidence in Obama, while 71 percent back the president’s new policies. While only time will be the true indicator of whether President Obama can save America from this mess, all eyes are currently fixed on both the White House and, more significantly, it’s newest occupant.

TO STABILITY, AND BEYOND

A

t the end of January, world leaders, economic advisors and business executives convened in Davos, Switzerland to focus on the global financial crisis at the annual World Economic Forum. Klaus Schwab, Founder and Chairman of the Forum, said this financial crisis is unprecedented in scope. He said it should be seen as a wake-up call to reform global institutions, systems and ways of thinking. This year a record 41 heads of state and gov-

ernment attended the Forum, including Chinese Premier Wen Jiabao, Russian Prime Minister Vladimir Putin, and the Prime Minister of Kenya, Raila Odinga. Members of Obama's administration were also in attendance, including US National Security Adviser General James Jones. In all, more than 2500 participants from 96 countries convened in the small Alpine village from January 28 to February 1. Their main objective: to search for ways to stabilize and re-launch the global economy.

www.usfst.com

15


UPFRONT FST US10:12june

28/1/09

16:41

Page 16

FROM THE VAULT Q2 2008

16

FSTUS: issue eight Chris Perretta, CIO at State Street Banking Corp

Back in issue eight of FST we spoke exclusively to Chris Perretta, CIO at State Street Banking Corp. At the time, State Street had just posted a record-breaking $2.6 billion profit for the first quarter of 2008. “We believe that we can deliver things quantitatively faster with new technologies and really increase the quality of the delivery for the customer,” he told us. “We are really making a lot of effort in developing our personnel here and building bridges around the world to have a single dialogue about technology and architecture across the industry. It’s key to our efforts going forward.” To read the article in full, access an entire archive of past issues, and subscribe to the magazine, please visit www.usfst.com

1 2 3 4 5 6 7 8 9 10 16

Citgroup

$50,000m

15.4*

Bank of America

$25,000m

15.4*

JPMorgan Chase

$25,000m

8.3*

Wells Fargo

$25,000m

14.0*

Goldman Sachs Group $10,000m

N/A*

$10,000m

N/A*

Morgan Stanley

IS THE BAILOUT ON TRACK?

A

s part of the $700 billion Troubled Asset Relief Program, literally hundreds of banks – along with a handful of insurers and automakers –have applied for funds from the Treasury Department. Here, we review which banks got what out of the first $350 billion The amounts shown are in millions and are from the first $350 billion of the available funds. Also shown is the banks’ Texas Ratio – a measure of the bank’s credittroubles,theTexasRatioisa ratioofeachbank'snonperformingloanstocashonhand.

*Texas Ratio

PNC Financial Services Group

$7579m

15.1*

US Bancorp

$6599m

9.9*

SunTrust Banks

$4850m

32.3*

Capital One Financial

$3555m

5.1*

www.usfst.com

Source: New York Times


UPFRONT FST US10:12june

28/1/09

16:41

Page 17

THE GOOD, THE BAD AND THE FDIC

F

ederal Deposit Insurance Corp anybody else but the FDIC. That’s what the FDIC (FDIC) Chairman, Sheila Bair, is does, it takes bad assets out of banks and manpushing to run the so-called ‘bad ages and sells them.” bank’ that the Obama administraThe bad bank initiative may also allow the tion is likely to set up. The bad bank would government to rewrite some of the mortgages buy the toxic assets clogthat underpin banks’ bad Obama is under ging banks’ balance sheets debt, in the hopes of stemincreasing presure to ming a crisis that has stripped and Bair is arguing that her drastically revamp the more than 1.3 million agency has the expertise and could help finance the Americans of their homes. effort by issuing bonds Some lenders may be taken guaranteed by the FDIC. over by regulators as the govPresident Obama’s Troubled Asset Relief ernment seeks to provide a team may announce the outshield to taxpayers. Program lines of its financial-rescue Still, nationalization of a plan as early as February, an administration ofportion of the banking industry is unlikely, ficial has said. John Douglas, a former general with Barney Frank, House Financial Services counsel at the agency who now is a partner at Chairman, recently commenting that the Paul, Hastings, Janofsky &Walker, a law firm in government should not take over all the Atlanta said, “It doesn’t make sense to give the banks, and Bair herself having previously authority to stated that she would be ‘very surprised’ if

$700Bn

that happened. Meanwhile, Obama is under increasing pressure to drastically revamp the $700 billion Troubled Asset Relief Program for the ailing industry. While setting up a bank to buy underwater assets is emerging as a favored option, it could drive up the cost of the rescue to in excess of $1 trillion.

WRITE DOWNS

A recent Bloomberg report highlighted some thought-provoking statistics regarding the shrinking market value of some of the world’s biggest banks

Market Value as of January 20th 2009 in billions Market Value as of Q2 2007 in billions

$215

$156

CRISIS OF CONFIDENCE

O

nly 21 percent of Chief Executives are currently showing confidence that their business will grow – down from 50 percent a year ago – as business confidence of top bosses around the world has plummeted in recent months. The poll, commissioned by PricewaterhouseCoopers (PwC), also shows that company chiefs believe any recovery there is will be slow and take at least three years. Samuel DiPiazza, Global Chief Executive of PwC, said in a statement that the “speed and intensity of the recession has rocked the psyches of CEOs and created a global crisis of confidence”. Meanwhile business leaders in Brazil, Russia, India and China who had been pretty bullish about their economics prospects at the start of 2008, they are now nearly as concerned as their colleagues in Europe and North America. The report’s authors call this the ‘downside of globalization’, where a crisis that began in the United States has now infected all the world’s major economies.

Only

21% of executives have confidence in business growth for 2009 That’s down from

$255

$228

50% in 2008

$82

$68

HSBC

JPMorgan

$15

Citigroup

$33

Bank of America

Real signs of recovery will take at least

3 years

Source: Bloomberg

www.usfst.com

17


UPFRONT FST US10:12june

28/1/09

16:41

Page 18

YET MORE CASUALTIES

I

n what looks like a worrying start to 2009, January has already seen two US banks fail. Regulators shut down two small US banks earlier in the month, marking a disappointing start to the year. Bank of Clark County, Vancouver, Washington, with approximately $446.5 million in assets and approximately $366.5 million in deposits was closed, with Oregon-based Umpqua Bank agreeing to assume its non-brokered insured deposits. Meanwhile, National Bank of Commerce in Illinois, with approximately $430.9 million in total assets and $402.1 million in total deposits, was closed. In addition to assuming all of the failed bank’s deposits, Republic Bank of Chicago, also based in Illinois, agreed to pay a discount of $44.9 million, and will purchase approximately $366.6 million of assets. The FDIC will retain the remaining assets for later disposition.

ISSUE IN NUM8ERS On the 15 january 2008, Citgroup announced

$18.1billion in writedowns (p26)

More than 100 million individuals in the US are considered unbanked, underbanked or credit underserved (p54) The average costs of legal discovery is around $130,000 and e-discovery solutions can save

2.1million

29%

computers over the past two years because of online threats (p46)

of these expenses (p90)

American consumers have replaced about

Bernie Madoff arrested with liabilities of approximately

$50 billion (p38)

ROI STUDIES SHOW BENEFITS OF MODERNIZING SCHEDULING

A

challenging aspect of informationtechnologyhas alwaysbeento introduce new technology environments into the business. Mission critical enterprise applications have become genuine business assets that the enterprise cannot do without, even for a short period of time.Yet, the businesses are constantly pressurizedto move to newer, lower cost and more agile ITenvironments. Job scheduling is one of the mission critical enterprise applications that fits the above picture. Many enterprises adopted solutions long ago, but legacy scheduling solutions suffer from several drawbacks in today’s ITlandscape.These include lack of support for today’s mission-critical business applications, higher outage risks; limited functionality leading to the need for custom extensions; excessive maintenance and training costs; poor usability, leading to lower productivity. Studies have shown that moving to a modern scheduling solution can ease a lot of these issues as well as provide an extremely favorable ROI in a short period of time. Modern scheduling platforms like Tidal Enterprise Scheduler provide advanced scheduling capabilities, enhanced service availability and job monitoring capabilities, greater ease-of-use and integration capabilities, while reducing maintenance and training costs and improving employee productivity. Tidal Enterprise Scheduler provides scheduling capabilities for ERP applications (SAP, Oracle, PeopleSoft, JD Edwards, Lawson), Business Intelligence applications (SAP BW, Informatica, Business Objects, Cognos, Hyperion), Databases (Oracle, MSSQL), File & Storage (FTP/SFTP/FTPS, Veritas, Tivoli Storage Manager, Backup Exec), SOA (Web Services, JMX, JMS), and Virtualization (VMWare, HyperV). In addition, it can easily integrate into most management frameworks. To learn more about the ROI you can get by modernizing your legacy scheduling solution, read Tidal Software’s ROI Case Studies at http://www.tidalsoftware.com/r/roi

18

www.usfst.com


Tidal.indd 1

28/1/09 08:22:24


UPFRONT FST US10:12june

28/1/09

16:42

Page 20

TOP 10

20 1

With global economies now experiencing recessionary conditions we decided to take a look at some of history’s other dramatic financial crises

Argentine Economic Crisis (1999-2002) In 1999,Argentina entered a three-year recession. Investors ran on banks for dollars, which they then sent abroad for safety. In response, the government froze bank accounts. Citizens protested and destroyed property and fatalities ensued. In 2001, the government collapsed.

2 3 4 5 6 7 8 9 10 20

Russian Financial Crisis (1998) In August 1998, Russia’s markets collapsed. Investors, fearing a devaluation of the ruble and a debt default, panicked, leaving the market with a 65 percent drop in one day. As a result, several major banks closed, and inflation increased.

1997 Asian Financial Crisis (1997-1999) Policies leading to large amounts of credit pushed up asset prices, which then collapsed, leading to massive debt defaults. International investors panicked and withdrew credit. To keep the region attractive to foreign investors, ASEAN governments jacked up interest rates and bought up excess domestic money using foreign reserves.

The Dotcom Bubble (1995-2000) When early dotcoms’ stock values shot skyward, venture capitalists jumped aboard en masse to finance internet startups. Dotcoms burned through their money, positive it would come back. But in 2000, the NASDAQ began to trend downward.

The Japanese Asset Price Bubble (1986-1990) Rather than a dramatic crash, Japanese real estate and stock values decreased slowly, leading to Japan’s ‘lost decade’. People started investing outside of the country and companies lost some of their international competitive advantage.

US Wall Street Crash (1929) In the late 1920s, hundreds of investors contributed to a speculative bubble in the stock market. Many went into debt to purchase stock, resulting in more than $8.5 billion in debt throughout the nation – more money than was in circulation at the time.

Tulip Mania (1637) In order to secure new varieties of tulips, a market developed in the Netherlands around their trade where futures contracts were signed. Professional growers were willing to pay more and more for flowers and some tulips were more valuable than peoples’ annual wages.

The UK’s Northern Rock Bailout (2007) When global liquidity dried up, Northern Rock couldn’t cover its money market borrowings. It asked the Bank of England for money in 2007, at which point the Tripartite Authority gave it emergency financial support.

United States Savings and Loan Crisis (1980s-90s) Old, incompetent policies were behind the mess as the government chose S&L’s, traditionally funded by short-term deposits, to finance long-term, fixed-rate mortgages resulting in a massive crash.

Swedish Financial Crisis (1990-1994) In 1985, Sweden deregulated its credit market, leading to a commercial property speculation bubble. But the bubble burst, leaving 90 percent of the banking sector with massive losses, including all of Sweden’s largest banks.

www.usfst.com


UPFRONT FST US10:12june

28/1/09

16:42

Page 21

A CHANGE OF DIRECTION

O

n January 28th Federal Reserve officials replaced interest rates with emergency credit programs as their main tool for steering the economy, meaning investors are now likely to have a tough time assessing current policies. What’s more, reports suggest that without rates as their main policy gauge, the Federal Open Market Committee will also find it more difficult to anticipate the impact of their statements on financial markets during the worst credit crisis in 70 years. Nonetheless, the new focus on changes of the central bank’s assets makes it harder for policy makers to revive confidence in bond and stock markets. Such

confidence is needed after financial shares tumbled 29 percent and unemployment hit a 16-year high since the Fed cut the main rate to a record low 0.25 percent back in December. The central bank may once again break with usual practice as it pushes ahead with the aggressive efforts to reinvigorate credit markets, as the Fed attempts to summarize progress on several different credit-easing programs. However, all this means analysts can’t base their predictions for Fed decisions on a simple interest rate benchmark for the first time since the FOMC began releasing policy statements in 1994 and criticism of the shift is gaining momentum.

MERGER AHEAD

S

tate Street has been back in the news again this month with reports that the firm’s share price fell back 60 percent on thenewsthatitsunrealizedlossesonassets had increased to $9.1bn as at December 30th 2008.SpeculationisnowmountingthatStateStreet mayneedfurtheraccesstotheTroubledAssetRelief Program, and rumors abound that the time may be right for Goldman Sachs to make a move and acquire the firm. In addition to this, Reuters has reported that French traders are now touting the rumor that Société Générale and Credit Agricole may well decide to merge their asset management units, saying that a deal could lead to some important synergies.‘Thebankingsectorissoweakenedright now that anything that can make a bank stronger hasacompellinglogicbehindit’,thereportclaimed. Meanwhile, Bloomberg reports that Bank of America CEO Ken Lewis and five fellow firm directorshavebeenbuyingthebank’sstockand,overat JPMorgan Chase, CEO Jamie Dimon has also been investing in his firm. Finally,theWallStreetJournalreportsthatFitch Ratings has put Credit Suisse on watch for a downgrade,asthefirmmayfacefurtherpressuresdueto itsexposuretoinvestmentbankingwhilefundmanager BlackRock has posted an 84 percent fall in its fourth-quarter earnings.

States Street’s share price fell back

WRITE DOWNS

More from Bloomberg’s report highlighting the shrinking market value of some of the world’s biggest banks

Market Value as of January 20th 2009 in billions Market Value as of Q2 2007 in billions

$100

$75

60% After unrealized losses on assets increased to

$116

$80

$9.1bn Meanwhile, BlackRock has posted an

$28

Goldman Sachs Source: Bloomberg

$22

Credit Suisse

$53

S19

Santander

Societe Generale

84% fall in its fourth-quarter earnings

www.usfst.com

21


UPFRONT FST US10:12june

28/1/09

16:43

Page 22

THE FIVE-MINUTE EXEC

22

The innovative thinker Barclaycard was the first company to launch credit cards in the UK but today the firm is investing millions in contactless technology that could lead to the demise of plastic payments. CEO Antony Jenkins explains more

One of the things that we care most about at Barclaycard is how to make customers lives easier.We think that contactless technology has great potential in that regard. All of us as consumers are busy in our daily lives and anything that can make that transaction at the point of sale a little bit easier is going to be appreciated by customers, whether it’s buying a newspaper or a coffee or whatever. We will have over one millioncontactlesscards in market in the UK this year and tens of thousands of places where customers can use that technology,so we feel there is very significant potential both in the UK and other parts of Europe for this technology. If you look at the heritage of Barclaycard from its establishment in the 60s it’s always been an innovative and market leading brand. It’s in our DNA and we think this is the next wave of consumer benefits we should be leading with given the strength of our brand. Like all of the products we offer we think that this provides a high level of security for consumers and we think the convenience and security will provide a huge benefit. The main challenge you always get with this sort of project is the issue of consumer adoption.Likeallofus,consumersareinherentlyconservative and you need to be able to communicatethebenefitsoftheprojecttothem. Once consumers experience the benefits for themselves then adoption quickly follows because they are able to see what it can do for them. Our business is a cyclical business. We know that and respond to it and work very hard to make sure that we help our customers through what are challenging times for them. We have a good set of European businesses. In Germany we are number two in the market and number one in the revolving credit market in Scandinavia. We’re also the third largest credit

22

www.usfst.com

card issuer in Sweden, the second largest in Norway, the sixth in Denmark. We have businesses in France, Portugal, Italy and Spain and we believe we will continue to grow those businesses over time. Obviously that growth will moderate in the current economic climate but as economies recover across Europe, the growth will resume. We’re very happy with our business in the US. We’ve become one of the 10 largest credit card issuers in the United States and we also have very strong business in South Africa, in Dubai and India and, of course, the international growth and our

ability to transfer skills and experts across those markets is a key factor in our success. As any CEO you have to think about the long termaswellastheshortterm.Inmanyways we have to think about everything we have to do in the next 60 to 72 months as well as today. At Barclaycardwe always think about our business inabalancedway.Wethinkaboutourcustomers and what we have to deliver for them. We think about our colleagues and our communities and our responsibilities in terms of how we act as a responsible lender and a payment provider.


UPFRONT FST US10:12june

1

28/1/09

Having attempted to corner the silver market by purchasing approximately 100 million ounces of silver bullion throughout the 1970s, brothers Nelson and William witnessed silver prices crash on March 27 1980, a day now deemed as Silver Thursday. Nelson was fined $10 million for attempting to control silver prices.

2 3

JULIAN ROBERTSON Lost $16.3 Billion

5

Page 23

HUNT BROTHERS Lost Undisclosed Amount

PETER YOUNG Lost $580 Million

4

16:43

In 1996, Young secretly created several companies in order to exercise stock warrants for his own benefit. Two years later, he was charged with conspiracy to defraud, but was found mentally ill and unfit to stand trial. At one court appearance he was dressed as a woman and answered only to the name ‘Elizabeth’.

Robertson started the hedge fund firm Tiger Management in 1980 and turned a $7.6 million investment into $6.8 billion. However, he failed to participate in the tech-stockcraze,whichhedeemedirrational. As a result, Tiger Management suffered massive losses, with all funds closing at a value of $5.7 billion (previously worth $22 billion in 1998).

THE BIGGEST NO MORE AID LOSER

I

t’s a sad fact, but rogue trading makes headlines. The idea of a single person losing millions or billions of cash is always interesting, but even more so when that person is losing other people’s money. When a trader feels that he or she has a special gift for sniffing out money-making positions, it can be a dangerous situation. Unfortunately, luck is a fickle friend. When these formerly ‘magical’ traders start losing, they often look for ways to magnify their bets and win back their losses. Aside from the financial damages that rogue traders inflict upon the market, they do serve one very important function: they remind us that seeking exceptional returns means taking on equally exceptional risk. Because of this, take a look at five tradersandfundmanagersthathavebecome very famous for their very public losses.

Wachovia recorded a loss of

JEROME KÉRVIÉL Lost $6.6 Billion

$11.2bn

The SocGen rogue trader Kérviél’s losses occurred from an unauthorized speculation in European futures.Since he was initially employed with Société Générale before becoming a trader,he was, for a time, able to manipulate the system and hide his losses.

Wells Fargo is now being hit hard with a

42%

JOHN MERIWETHER Lost $5.5 Billion

In 1994,Meriwether founded the LongTerm Capital Management (LTCM) hedge fund,which managed more than $96 billion in assets. In 1998, LTCM made a bet that the troubled Russian financial markets would revert back to normal,and took a large,unhedged positioning Russian debt. The fund ultimately collapsed and LTCM was forced into liquidation in early 2000.

S

an Francisco-based Wells Fargo – the second-largest US home lender – has reported its first quarterly loss since 2001 because of unpaid loans inherited with the acquisition of Wachovia Corp. According to the statement, Wachovia recorded a loss of $11.2 billion. It added that Wells Fargo doesn’t plan to seek additional governmentfunds.Previously,WellsFargohad received$25billionaspartoftheTreasury’sindustry bailout and raised $12.6 billion in a stock offering the following month. After sidestepping much of the worst of the crunch for most of 2008, Wells Fargo is now being hit hard with a 42 percent collapse in Californian housing prices compared to a year ago. The bank is also grappling with debts acquired in its $12.7 billion purchase of Wachovia. This new statement makes Wells Fargo the last of the four biggest US banks to report fourth-quarter results. Of its three top competitors, only JPMorgan Chase reported a profit, with earnings declining 76 percent. Citigroup posted an $8.29 billion loss, while Bank of America lost $1.79 billion, not including a $15.3 billion deficit at Merrill Lynch & Co.

collapse in house prices JPMorgan Chase reported a profit, with earnings declining

Source: www.investopedia.com

76% www.usfst.com

23


UPFRONT FST US10:12june

28/1/09

16:43

Page 24

COMPANY INDEX Q1 2009

24

Aberdeen Group 90 ADFLOW Networks 110 Adobe 99 Adore 134 AIG 136 AIIM 106 Amazon.com 42, 110 American Broadcasting Company 14 AmeriCredit 122 Anixter 11, 48 Applied Discovery 93 APWG 52 ATB Financial 68, 82 Autonomy 9, 100 Aviva Canada 124 Banco Bilbao Vizcaya Argentaria 38 Banco Santander 38 Bank of America 14, 64, 102 Bank of Clark County 14 Banque Safdie 38 Barclaycard 14 Barclays 142 Bear Stearns 26, 136 Bernard L Madoff Investment Securities 38 Best Buy 42 BlackRock 14 Bloomberg 14 BNP Paribas 38 CA 82 Capital One Financial 14 Captive Indoor Media 110 Casita 134 CBC Innovis 54 CCS 26 Celent 82 CGI Technologies 117 Chevron 42 Citadel Investment Group 38 Citigroup 14, 26

Companies in this issue are indexed to the first page of the article in which each is mentioned 42 ConocoPhillips 100 CPR 14 Credit Agricole 14, 32, 38 Credit Suisse 141 CyberArk 110 DecisionPoint Media 26 Deutsche Bank 110 Digital Signage Association 134 Disney 134 Dolce & Gabbana 134 Dunhill 54 Early Warning Services 57 Eastman Kodak 42 eBay 54 eBureauLLC 94 EED Inc 54 Equifax 136 European Central Bank 36 54 Experian 94 Facebook 54 Fair Isaac 97 FAST 58, 136 Federal Reserve Bank of New York 128 Fedex 14 Ferguson Wellman Capital Management 82 Financial Insights 136 Financial Services Committee 14 Financial Times 54 First American 14 Fitch Ratings 38 Fortis 134 Four Seasons 100 FRCP 72 GE Commercial Finance 14, 142 Goldman Sachs Group 82 Grupo Santander 142 HBOS 134 Higashiyama Gantan 26 HSBC

Huntington Bancshares IBM ID Analytics ID Insights IDC Infosys Technologies Limited International Paper Jimmy Choo JPMorgan Chase Juniper Networks Keio Plaza Keywest Technology Lehman Brothers LexisNexis Liberty Mutual Lloyds TSB Long-Term Capital Management LRN Marsh & McLennan Mastercard Merrill Lynch MessageLabs Metatomix Monsanto Morgan Stanley Nanonation National Bank of Commerce NCR New York Times Nomura Holdings New York University Nordstrom Northern Rock OpenLink Osterman Research PayPal Pilot Fish Technology Pivotal PNC Financial Services Group

86 IFC 54 54 82 82 42 134 14, 26, 42 31, 80 134 110 26 4, 70 118 142 14 13, 15 96 63 14, 136 2 109 42 14, 142 110 14 132 14, 38 14 26 128 14 6, 62, OBC 60 42, 46 127 121 14

Porsche Design 134 PRBC 54 Republic Bank of Chicago 14 Retail Customer Experience Magazine 110 Reuters 14 Royal Bank of Scotland 142 SafeNet 50 ScreenRed 110 Sears 42 SEC 38 ServiceMaster 42 Signera 113 Société Générale 14 Southwest Airlines 128 Starbucks 42 State Street 14 SunTrust Banks 14 Symantec 25, 89, 108, 144, IBC Target 42 TCS Financial Solutions 82 The Clearing House 58 The Full Picture 110 Thunderhead 104 Tidal Software 18, 19 Tiger Management 14 TowerGroup 26, 54 TransUnion 54 Traveler's Group 26 UBS 142 Umpqua Bank 14 University of Tokyo 134 US Bancorp 14 Wall Street Journal 14, 38, 136 Wal-Mart 42 Wells Fargo 14 Windows FS 37 Wolters Kluwer Financial Services 45 Xenos 79 Yves Saint Laurent 134


UPFRONT FST US10:12june

28/1/09

16:44

Page 25

A TOUCH OF CLAMOR

V

eteran Hollywood actress Zsa Zsa cluding All About Eve actor George Sanders. Gabor is said to have lost at least It seems that Gabor is not the only $7 million as a result of investHollywood figure apparently to have sufments with accused US businessfered losses because of an investment conman Bernard Madoff. nected to Madoff, with a Zsa Zsa Gabor is said to Gabor, who turns 92 this foundation run by the have lost at least year, is among a number of Oscar-winning film direccelebrities affected by the tor Steven Spielberg, and alleged scam. the actor Kevin Bacon and A lawyer for Gabor his wife, also reportedly as a result of investments fallen victim. said the actress had diswith Bernard Madoff covered her losses in the Madoff, a former chairlast few weeks, adding that she may have man of the NASDAQ stock market, was arrestlost as much as $10m. The Hungarian-born ed and charged with fraud last December in. actress starred in films such as Moulin If convicted, Madoff, who was arrested at Rouge, Lili and Touch of Evil but is most fathe end of last year faces up to 20 years in mous for her long list wealthy husbands, inprison and millions of dollars in fines.

$7million

You can read more on the Madoff incident in our feature on page 38 of this issue.

NEWSBITES • It’sofficial.OnDecember12008theBusinessCycleDatingCommittee oftheNationalBureauofEconomicResearch–widelyacknowledged arbitersofwhentheUSeconomyentersandexitseconomicdownturns –peggedthestartofthecurrentUSslumptoDecember2007. • UnderpressurefromPresidentObama,Citigroupannouncedthatitwill nottakedeliveryofthejetithadplannedtopurchasebeforethecredit crisisunfolded.Thecanceleddealcameasmanypoliticiansvoicedconcernabouthowbanksarespendinggovernmentbailoutmoney.

EASTERN PROMISES, BROKEN

N

omura Holdings, Japan’s No.1 brokerage house, has reported heavy losses for the final three months of 2008, as it struggles to integrate parts of failed US bank Lehman Brothers. The broker made a net loss of 342.9 billion yen ($3.8bn) compared with a profit of 21.8 billion yen a year ago. The results represent the fourth consecutive quarterlylossforthecompanyandtotalrevenuefor the period shrank to just 2.71 billion yen, compared with 400.37 billion yen for the final quarter of 2007. Nomura’s decision to buy the Asian and European operations of the collapsed Lehman Brothers is blamed for the hard hit earnings. “Last quarter was extraordinary for our industry and Nomura was no exception,” said boss Keniche Watanabe. ChiefFinancialOfficer,MasafumiNakada,also noted that this set of results was regrettable. The companywasforcedtoabsorbcostsincurredbythe Lehmandealatatimewhentheglobalfinancialcrisis triggered big losses on its investments. These latest results highlight the fact that the balance of income and costs at Nomura is not good and that the company needs to cut costs.

Nomura Holdings made a net loss of

$3.8bn One off losses for the quarter totalled

243 billion yen www.usfst.com

25


CITI:jan09 28/01/2009 15:49 Page 26

COVER STORY

Citi breaks A decade after it changed the financial landscape, Citigroup is falling apart. FST editor Huw Thomas traces the decline of a banking giant

W

here did it all go wrong for Citigroup? When it was formed by the merger of Citibank and Traveler’s Group in 1998, it was envisaged as the epitome of the modern financial services firm. A one-stop shop that rolled up credit cards, insurance, retail and investment banking and wealth management under one roof. No-one had ever seen something this big before, a financial services supermarket where you could take out a loan to buy a new car, or a new company. Speaking in 1998, Roy Smith, a professor of finance at New York University, described Citigroup’s genesis as a fundamental game changer. “This new company will look more like Procter & Gamble than it will look like a bank,” he said. “That's because what is being created here is a retail-products-distribution company for people interested in financial services.” At first this bold move seemed to be paying off. Citi became the most successful financial institution in America, reporting a profit of $24.6 billion in 2005. In that year, the company took second place in the Fortune 500 list, only beaten to the top by oil giant ExxonMobil.

26

www.usfst.com

Fast forward to 2009. At the end of January, CEO Vikram Pandit announced losses of $18.7 billion for the previous year and that Citi would ‘realign’ itself into two separate sections, Citicorp and Citi Holdings. Though this is officially not yet a full-scale split, the feeling is that this is a precursor to exactly that. The fact that many of Citi’s worst performing businesses, as well as $300 billion in toxic debt, have been assigned to Citi Holdings could well be significant, particularly in light of Pandit’s stated intention to only keep the parts of the organization that ‘work’. In any case, Citigroup’s fall from grace has been spectacular, and there is every possibility that it could yet plummet further. Was the company purely a victim of the credit crunch or one of its major architects? And exactly what were the factors that led to its decline?

“What we are doing is creating a company headquartered in the US that will be able to compete very effectively all over the world.” Sandy Weill, April 1998.


CITI:jan09 28/01/2009 15:49 Page 27

“The specific merger transaction clearly has to be seen to have been a mistake. The stockholders have not benefited, the employees certainly have not benefited and I don’t think the customers have benefited because our franchises are weaker than they have been.” John Reed, April 2008. Upon its creation, Citigroup’s model of the all-encompassing financial supermarket was a new paradigm. In bringing together Citibank and Traveler’s Group co-CEOs Sandy Weill and John Reed redefined what a financial organization could be. Citigroup’s birth was a key factor in the repeal of the last remnants of the Glass Steagall Act, which restricted the types of services a single financial institution could offer. This in turn ef-

fectively paved the way for deregulation and the tangled financial environment we live in today. The Act was introduced in the wake of the Great Depression in order to prevent any repeat of the large-scale bank failures of 1929, a fact that will not be lost on connoisseurs of cruel irony. But at the end of the 20th century, the birth of this gigantic organization promised much. Economies of scale would enable huge cost reductions, while the sheer range of customers touched would provide virtually limitless options for cross selling. Citi’s share price and reported results certainly seemed to vindicate the wisdom of the model, at least at first. Nonetheless, even a decade ago, there were certain dissenting voices. “When you create these oversize companies, they become vulnerable by definition," said Porter Bibb, a senior investment banker at Ladenburg Thalmann back in 1998. For all its benefits, the size of Citigroup does present certain disadvantages. Maintaining any sort of agility in such a monumental entity is a major challenge. The ability to quickly react to changing market requirements could leave Citi trailing behind smaller, more nimble competitors. A good analogy would be that of a supertanker and a frigate. Sure, the tanker can carry more cargo, but good luck to you if you need to make a quick turn. Weill, the architect of the Citi/Traveler’s merger, dismissed such concerns. His theory was that people simply didn’t want to shop around for financial products. If they could get a mortgage, credit card, loan and current account in the same place, then that is exactly what they would do. Such an attitude now seems dangerously misguided. The way in which the internet has reshaped not only the financial services industry but business in general has irrevocably changed things. Quite simply, choice matters. As the web has gained in sophistication and popularity, it has become increasingly easy for customers to shop around and find the exact products they are looking for.

www.usfst.com

27


CITI:jan09 28/01/2009 15:50 Page 28

INSTRUMENTS OF DESTRUCTION In fact, technology can be seen as both one Citi’s biggest achievements and one of its greatest failures. While it undeniably has some of the most advanced and best-funded IT in the industry, this hasn’t always been to its advantage. “They spared no expense,” says Ralph Silva, a Research Director at TowerGroup. “But as a result of all this expense, the only way they thought they could make their money back was to implement this technology everywhere. Nobody had a choice.” While it might have been superior technology, it didn’t necessarily serve the specific need of every customer everywhere. When you try to make everybody happy, you often wind up making nobody happy. Compared to some of its contemporaries, Citi’s ability to respond to changing market requirements often seemed lacking. “Look at some of their competitors,” says Silva. “Often they use the same middleware software but each implementation has the ability to add in something unique to their region. Citi never had that.” While it had a far better efficiency ratio in its IT, it also had far worse customer satisfaction because it lacked the ability to make changes. These problems are only compounded by current events. Due to its sprawling technology infrastructure, making even small changes can be a slow process, often leaving it lagging behind its peers. “When the economic conditions are like they are, you need to have the ability change quickly. I don’t think Citi have that now,” confirms Silva. But Citi’s structural problems aren’t purely a question of technology. Culturally too, it has often seemed disjointed. According to one former Citi employee now working at Deutsche Bank, Traveler’s and Citi didn’t really come together following their merger. “That the two firms were never truly integrated, and that the resulting entity become too large and cumbersome for senior managers to really understand the ground realities and operating environments, is a view that is shared by many Citibankers,” he says. “After

t the heart of Citi’s troubles has been the company’s heavy involvement in collateralized debt obligations (CDO), a form of asset-backed security. CDOs bundle up different types of debt, with varying degrees of risk and gained a great deal of popularity during the boom time of the early noughties. Despite warnings from certain quarters, notably legendary investor Warren Buffett, that such derivatives were greatly increasing risk the market continued to surge. In 2007 Citigroup was the world’s biggest issuer of CDOs. It accounted for 11.1 percent of the global market in the instruments, with investments totaling $49.3 billion. Unfortunately for everybody, subprime lending was a major component of many CDOs. When the bottom fell out of that market, something had to give. By mid 2008 the value of CDOs issued by Citi had dropped to just $5 billion.

A

John Reed’s departure, I doubt there remained a senior manager who really understood the firm. So long as the tide was rising, it kept lifting Citi's boat, but at some point in time, the tide starts going out.” Considering Citigroup’s ceaseless appetite for expansion through mergers and acquisition, this scenario certainly has the ring of truth. “Citi was a huge beast, devouring very many businesses in a very short time,” agrees Bob MacDowall, another Research Director at TowerGroup. “While the legal and regulatory issues were addressed, culturally I don’t believe they were ever fully integrated.” The risk for merging institutions that fail to take differing cultures into consideration is that they simply end up running different brands. Quite simply, time and effort has to be made stitch disparate elements together, otherwise you wind up with a single entity in name only. “When HSBC bought CCS in France, they allowed it to run independently for seven years, because they felt that that was the length of time required for the cultures to merge,”

A CITI IN DECLINE: KEY DATES 15 Jan 2008 – Reveals $18.1 billion in writedowns

4 Nov 2007 – CEO Charles Prince resigns as Citi announces $8-$11 billion in writedowns

18 Nov 2008 – Announces a further 52,000 job cuts, following 23,000 earlier in the year


CITI:jan09 28/01/2009 15:50 Page 29

says Ralph Silva. “Citi’s mentality was ‘I’ll buy you on Friday and you’re Citi on Monday.’ They didn’t give a lot of opportunity for that change.”

“We see a lot of people on the Street who are scared. We are not scared. Our team has been through this before.” Charles Prince, Aug 2007 “It is my judgment that given the size of the recent losses in our mortgagebacked securities business, the only honorable course for me to take as Chief Executive Officer is to step down.” Charles Prince, November 2007 Any institution of Citigroup’s size requires an extremely firm hand on the tiller particularly in trying times. When the bullish Sandy Weill anointed his protégé Charles Prince as his successor, it was generally seen as a fairly uncontroversial move. The company was riding a wave of huge profits and strong share prices and Prince had been a loyal servant. It was only his lack of a heavyweight financial background that gave any pause. Besides, Prince would be backed up by plenty of people who did know the money game inside out, not least Director Robert Rubin, who boasted credentials as a former Treasury Secretary under president Clinton. But as the economic winds shifted, Prince’s suitability for the job became less certain. Reports from insiders suggest that he was unaware

20 Nov 2008 – Share prices slump 26.4 percent, closing at just $4.71

of the full extent of Citi’s exposure to the subprime market, only learning that the bank owned $43 billion in such assets as late as September 2007. No one was necessarily expecting him to be checking up on every calculation made by his subordinates, but such an oversight made his ousting from CEOs office a question of ‘when’ rather than ‘if’. “Prince understood the business but I don’t think he was the right man for the job,” says Silva. “He’s the perfect strategic thinker, in a good economic situation he was great. But in this situation what Citi needs is a three star general with battlefield experience.” What they got was Vikram Pandit, undoubtedly a competent and experienced candidate, but perhaps not one to rally the troops in such a dire climate. Since his appointment, he has continually been called upon to justify himself, both to shareholders and the industry at large. “It would be a shame to see Pandit go because I think the bank would do very well with him but in a different economic situation,” says Silva. “I think they should put him one step down, just for a while and get a Norman Schwarzkopf-type figure who has nothing to lose on a short year contact and just get it done. Right now they seem to be changing their minds as often as I change my shoes.” New chairman Richard Parsons, who succeeds Sir Win Bischoff, certainly has experience of turning failing companies around, as demonstrated by his recent work at Time Warner. However, his lack of experience in the financial space does raise some concerns. It is here that Pandit has the opportunity to prove his worth. “Parsons background might supply leadership skills but I don’t think is going to lead the strategic initiatives,” says Bob MacDowall. “I see him almost as mollifying figure. He has had a glittering career, but not in banking, so will have to work closely with the chief executive on strategy.”

2 Jan 2009 – Citi’s top executives declare that they will forgo their 2008 bonus

16 Jan 2009 – Announcement that Citigroup will split into Citicorp and Citi Holdings after losses of $18.7 billion the previous year


CITI:jan09 28/01/2009 15:50 Page 30

CASUALTIES OF THE CRISIS Bear Stearns When Bear was forced into a sale to JPMorgan Chase in March 2008 for a paltry $2 per share, it was a clear sign that the downturn was for real. Essentially a victim of a lack of confidence rather than a lack of capital, Bear Stearns stock had been worth $175 only a year before its collapse.

IndyMac When this Californian thrift with assets of $32 billion and deposits of $19 billion was taken over by the government in July 2008, it was the largest failure of an FDIC-insured institution since 1984. After losing $184.2 million in the first quarter and dropping 95 percent of its stock price over two years. The final straw came in the bank’s exposure to the Alt-A mortgage sector.

Lehman Brothers Unfortunately for those at the 158-year old investment bank, it was not deemed too big to fail, filing for bankruptcy in September 2008. As one of Wall Street’s biggest fixed-interest traders, it was heavily involved in the subprime market. As the risks of mortgage-backed securities became clearer, Lehman’s share price dived by 95 percent and efforts to find outside investors foundered.

make enough money to cover their ongoing expenses.” Right now, the only source of cash to help them meet their obligations is the state. And as long as the specter of nationalization hangs in the air, shareholders aren’t going to part with any more funds. After all, if the government steps in, investors get zero. The US has always been extremely hostile to government involvement in private enterprise, but it has now reached the point where that hostility will have to be tempered. Citi alone have already accepted $45 billion in government bailouts. It would be astonishingly naïve to think that a new Democratic administration isn’t going to want something back in return. “At the end of the day, it’s the taxpayers money,” says MacDowall. “Taxpayers have rights too and the government will want to see a return on its funds. These monies are not grants. I suspect it will be a three or five year extrication. This is not something that’s going to turn around in a year or so.” So what does a nationalized Citi look like? “If Citi is taken over, I think its international operations get sold, they get rid of all their fancy products, you will never get a discount on any Citi product and it will only be a US bank,” says Silva. From a corporate point of view that’s not great news. But for a customer who just wants to know their money is safe, it could be the best possible outcome. What is certain is that fresh regulation is on the way. Financial institutions are going to face fresh demands for transparency and much tighter controls on the way risk is managed and how they handle the funds entrusted to them. Citigroup, the institution that put the final nail in the original’s coffin, could well be a key player in the birth of a new Glass Steagall Act. n

Vikram Pandit

“We will continue to move aggressively to get Citi back on the right track and return it to a position of sustainable financial success.” Vikram Pandit, Jan 2009 “There must be a clear understanding that government support for any company is an extraordinary action that must come with significant restrictions on the firms that receive support.” Barack Obama, Jan 2009 So what will the future of Citi and the financial industry in general look like? “I believe that within the next three months we will have significant ownership by the US government,” states Silva. Looking at the realities of the situation, such an outcome doesn’t seem as unlikely as it did a few years ago. Citi is still carrying a lot of toxic debt and it basically has no new business. If an organization of Citi’s size isn’t growing, it is essentially running at a loss. “The economic situation has stagnated so much that they’re not growing their business, so from a revenue perspective they can barely

30

www.usfst.com

Sanford Weill


Juniper.indd 1

28/1/09 08:19:12


KARL LANDERT:jan09 28/01/2009 15:44 Page 32

“We are not a service provider; we are an IT organization of a financial services institution and we need to understand our business. We walk the talk and what we say is what we deliver�


KARL LANDERT:jan09 28/01/2009 15:45 Page 33

FEATURE

Interesting times Becoming Credit Suisse CIO in May 2008, Karl Landert’s first few months in the job have coincided with an unnaturally turbulent period for the industry. FST editor Huw Thomas spoke to him about managing IT in an age of uncertainty

A

sked to define his role as head of Credit Suisse’s IT functhat threatens to blast them out of their corner office, it can be hard to both tion, Landert likens it to being mayor who has to manget their attention and convince them to part with jealously guarded funds. age the different aspects of day-to-day life in a busy city. Though Landert is far too discreet to voice such a forthright assessment, “There are dozens of buildings and an infrastructure he nonetheless recognizes such pressures. “Given the seismic events we which is sometimes old,” he says. “You need to replace are seeing right now, we see these profound changes coming along,” he it to cope with growth and the influx of people coming confirms. “Nobody can afford to have a long-range strategy which is very in from rural areas. Your detailed. I think one of the common themes role is not purely a technology role anymore.” which I see throughout all the things we do in VIRTUAL REALITY If Landert is a mayor, then the city he became our long-term strategy is about becoming a responsible for little over half a year ago is one very agile IT division of financial services or of The driving force for any virtualization strategy located in the middle of a war zone, facing unthe bank. The agility has to be within the comes down to three aspects. First, you want to predictable attacks from all sides. Good news whole IT organization in structural technoloemploy your machinery better, so that you utilize is in short supply in the financial services ingy-type of activities, in the way you set up your servers to a higher degree than having only dustry, with the ongoing credit crisis leading your operating model in order to react to and five percent utilisation on them. the Swiss giant to report a third quarter loss of be able to survive some of the volatility we Second, you want to reduce power more than €800 million. Given the situation, a have and some of the changes which will consumption. We have a lot of power issues and siege mentality would be understandable. come along.” It seems that even the biggest it’s becoming a driving cost factor. In many areas But if Landert is fazed by this baptism of organizations are going to have put major of the world it’s a constrained resource. So you fire, he does a good job of hiding it. “It’s been plans on the back burner in favour of being want to reduce your power and with that you also a challenge because a lot of things have prepared for an increasingly uncertain envireduce the power consumption, you reduce the changed in the first few months,” he confirms. ronment. data centre space you need. You don’t need to go “But it’s also been highly rewarding. If you For Credit Suisse at least, this shift in and construct new data centres and buildings. don’t enjoy working with your own people, focus is already underway. Though, as with Last but not least, it allows you also to your IT organization, but also with your peers any move that requires a drastic direction simplify the overall management and systems on the business side, don’t do this job. It’s a change, it cannot be done overnight. “You management processes. It has an effect on people job and with all the challenges that we need to look at the way that you do financials sustainability, but there are also very good are facing and all the bad news, the one most and how you account for IT costs and the ineconomic reasons to pursue virtualization. rewarding thing you have is working with a vestments you do,” Landert continues. good team, having a good spirit, and making “You’ve got to tackle some structural aspects some of the tough decisions you need to make. But as long as the team is of the organization. You’ve got to look at the operating model that includes working well, people enjoy working with each other, I think that gives you some of the sourcing strategies you have. You’ve got to look at your archia lot of motivation.” tecture and your infrastructure, at technology processes and standards, In the choppy waters currently being navigated by those in IT in the fiand last but not least, at your workforce. It’s the key point that you align nancial industry, a major challenge is building any kind of long-term strateall these activities because they all highly depend on each other and you gic plan. When the managers are anxiously awaiting the next bombshell cannot change one without affecting another.”

www.usfst.com

33


KARL LANDERT:jan09 28/01/2009 15:45 Page 34

IT’S NOT JUST IT

Landert explains the importance of Credit Suisse’s people o attract and retain best talent we have what we call strategic workforce management programs in every region, which are co-ordinated globally. We have career development paths and the whole framework to develop people. It is pretty unique and it’s something we use globally where to show the career paths which we have in the company. We have a very good and successful mobility program for people to move between the different divisions within the IT organization. And when I speak about mobility program we are speaking about an organization of roughly 12,000 people, including contractors and some of our partners. We’ve got more than 1000 projects running simultaneously, more than 1000 applications. There are lots and different cultures of every multinational environment. This gives you the ability to attract a lot of talent who will actually enjoy working in such organizations. I think there’s another change that is also happening right now; you need to hire for potential. You need to hire people that also enjoy moving along the organizations as you start to be more process-oriented, especially in certain application development areas. You also need to specialize people in a certain type of roles, like grouping together test people and having a quality assurance test competence centre, which you may locate in whatever geography. That’s also a change in the way that people have been working in the past.

T

A common response to uncertainty and constrained budgets is a greater reliance on outsourcing. By not actually owning technology and processes themselves, organizations can find it that much easier to walk away if circumstances change suddenly. Landert confirms that this is very much a part of Credit Suisse’s plans, but that the issue is not as black and white as it might sometimes appear. “You’ve got to have a clear strategy, and the clear strategy now regarding outsourcing is what parts of the overall value chain you outsource what you keep in-house,” he says. “More and more you want to keep in-house design knowledge and architectural knowledge, beyond the pure contract management that you always keep inhouse, in the retained organization. And you want to have the ability to do what is called today multi-sourcing. By keeping that in-house you can utilize different partners and use competition between different partners. But it’s also easier to switch vendors.” Of course, any decision regarding outsourcing has to take geographic and vendor risks into account. The key issue for Landert is that design and management authority remains inside the company. But contrary to the prevailing winds blowing through the industry, Credit Suisse is even looking at bringing some previously outsourced elements back into the organization. Landert tells us that the possibility of

34

www.usfst.com

bringing certain helpdesk functions back in house are currently being explored. “I think it’s the realization that most companies, although they are global by nature, have a very big challenge in providing you with a consistent global service,” he explains. “Sometimes you have local champions, who are better prepared to do that. Secondly, what is driving it is where we have customer satisfaction issues, which are leading us to this conclusion. For example, in Europe we ‘re-insourced’ some of the helpdesk and the desktop end-user computing services, which we had outsourced previously in some of the European offices. We’re looking at it on a broad scale right now.” It’s an important consideration. While it can be tempting to go for the lowest cost option in difficult times, doing so at the risk of alienating customers can lead to yet bigger headaches. Credit Suisse operates an integrated bank model with IT acting as a shared services unit to all the sections of the organization, from asset management, to private banking, to investment banking. Serving all these specific needs at a time when financial markets are in such a state of flux must surely present some problems? “Right now one of the challenges we have is certainly sizing IT and the way we provide our services to some of the peak volumes we have seen,” Landert responds. “We have been reacting very fast to deal with some of the volumes which were created by this mar-


KARL LANDERT:jan09 28/01/2009 15:45 Page 35

ket volatility and by the events we have seen. Right now the challenge is how can we sustain the business, how can we make sure that when we have these events where you triple and quadruple your volumes, that all the systems are really delivering on their SLAs. Reaction to these events has kept us pretty busy.” So what of the future? It’s virtually impossible to open a newspaper without seeing stories about falling budgets and brutal cost cutting. Speak to most people working in financial IT and they will tell stories about being asked to do more with less. While Landert is cautious about sounding too many alarm bells, he nonetheless acknowledges that the current situation requires some very careful use of resources. “Going forward I think there are going to be some of the tough decisions that we need to make about where we continue to invest and where we reduce investments,” he says. “That’s not an IT call you make alone; that’s the one you do with your business.” Making these kinds of calls really puts a spotlight on the quality of IT’s governance and its interaction with the business. It’s an area where Landert believes his team has demonstrated considerable success. “I think that over the last couple of months, we have made significant progress in providing the full transparency of the levers we have,” he continues. “This is a business IT alignment which is absolutely crucial in difficult times. You have to be agile, to have the full transparency, and to understand the lever-

“It’s a people job and with all the challenges that we are facing and all the bad news, the one most rewarding thing you have is working with a good team” age you have on what you can do and you cannot do with your IT infrastructure in supporting the business. That’s going to be very important in the coming months in deciding where we put your investments and where we don’t invest.” In any case, Landert is sanguine about the bank’s ability to weather any effects a prolonged downturn may bring to technology expenditure, largely due to the work that has been done recently. “We had the luxury to be in the situation where we could gain a lot of synergies through combining all the different IT units whilst at the same time continuing to invest,” he says. “So we are looking at three or four years of having done healthy

CREDIT SUISSE – EDITED HIGHLIGHTS

1856 – Credit Suisse’s predecessor Schweizerische Kreditanstalt (SKA) is founded

1989 – SKA’s sister company CS Holding becomes parent company of the group

1905 – Opens first branch outside Zurich

1997 – CS Holding becomes Credit Suisse Group

1910 – Unveils representative office in Paris

2005 – Credit Suisse implements its One Bank strategy by merging its Credit Suisse legal entities in Switzerland with Credit Suisse First Boston

1940 – SKA launches New York Agency


KARL LANDERT:jan09 28/01/2009 15:45 Page 36

investments and increases in the IT development.” Landert clearly believes that this groundwork will be enough to see him through, but also seems generally upbeat that budget cuts won’t have too big an impact on his work. Though he acknowledges that the current uncertainty will have an effect, he remains confident that IT will retain the capability to be effective, simply because IT is so fundamental in coping with some of the challenges that the industry is facing. To ensure that the company’s IT doesn’t stagnate, Landert promotes the concept of managed evolution. It essentially boils down to a constant evaluation of the bank’s IT assets which enables change to be made with-

36

www.usfst.com

out potentially crippling investments. “To survive and to keep your cost levels acceptable you need to have a constant process of eliminating your heritage and your end-of-life application systems,” he says. The approach allows the technology portfolio to be contained, both in size and complexity, reducing redundancy and enabling a much greater level of component reuse. Key to its success are solid architecture and strong standards. “That is one thing we do and we have been very successful in it in the last 10 years, in different parts of the IT organization,” Landert continues. “Constantly re-engineering and reinvesting in our systems enables us to eliminate some of the old ones and reduce complexity. That allows you to become more flexible and agile and to also meet business needs in a faster way.” It is maintaining this overarching philosophy which is key to Landert’s role. Returning to the idea of what the modern CIO actually is and what responsibilities the IT function has, he offers a stark assessment. “We are not a service provider; we are an IT organization of a financial services institution and we need to understand our business,” he says. “We need to be respected and accepted by our counterparts and our colleagues in the business, and we need to speak with them in the same language. We walk the talk and what we say is what we deliver. These are some of the key principles.” As stated earlier, Landert sees being a CIO as like being a mayor. Making sure there aren’t potholes in the roads and that the buses run on times. To do this requires the ability to get a good overview of the business, to avoid getting bogged down in details. “At this level I don’t want to make a call about which kind of technology we want to use or what application we want to build,” he says. “You need to have a view on how you spend and how you prioritize spend along the business areas you are supporting. You need to have a view about what kind of skills you need today, what you will need in the future and how it will develop.” Perhaps most importantly, it is about setting the right tone. In times as trying as those we now face, it is essential that management leads from the front and brings together all the disparate elements of this global organization. “These interdependencies are what you need to manage besides the people side and interfacing with the business and working with your people to keep them engaged,” Landert concludes. “Engagement of the organization is a key factor in being successful.” n


Windows.indd 1

28/1/09 08:22:37


Madoff ED:25JUNE

28/1/09

16:16

Page 38

FEATURE

Over the hedge? Following last December’s arrest of Bernie Madoff and the discovery of history’s largest Ponzi scheme, FST’s Matt Buttell looks at how its repercussions are likely to reshape the industry for years to come 38

www.usfst.com


Madoff ED:25JUNE

28/1/09

16:16

Page 39

I

t was in 1960, at the age of just 22, that Bernie Madoff began his financial career by taking the $5000 he had saved from summer jobs as a lifeguard and a sprinkler system installer and setting up the investment firm Bernard L Madoff Investment Securities LLC. The beginning of his story reads like the perfect urban fairytale: a man realizing that he has a talent for making money and applying it in a realistic and sensible fashion. Over time, Madoff went on to chair the NASDAQ stock exchange, as well as continuing his responsibilities as the chair of his own firm, gaining a trustworthy reputation among industry insiders and investors alike. Then, on the 11 December 2008, Madoff was charged with perpetrating the largest investor fraud ever committed by a single individual this urban fairytale exploded into global news. Madoff's assets and those of the firm were frozen and according to federal charges Madoff himself admitted that his firm has “liabilities of approximately $50 billion”. Since the case has come to light many banks, including several from outside the US, have reported that they have potentially lost billions of dollars as a result of fraudulent activities. Many investors, journalists and economists are already questioning Madoff's statement that he alone is responsible for the large-scale operation, and investigators are looking to determine if there were others involved in the scheme. As the investigation continues, much of this remains unanswered. One thing, however, is obvious: the mess couldn’t have come at a worse time. And during a period when stock markets are falling, it does beg the question of why so many wealthy and sophisticated savers were conned into believing that Madoff had come up with an investment strategy that allowed him to pay such handsome returns? After all, if something in this world sounds too good to be true that’s usually because it is too good to be true. One unnamed senior regulator, who has been involved in formulating public policy for many years, was quoted in the New York Times as saying the reason these people were conned is depressingly simple: “People are prone to believe what they want to believe,” he said, “and in rising markets a kind of irrational euphoria takes hold in which we are not inclined to ask ourselves difficult questions.”

Scrutiny The massive bailout of the American financial system in October last year demonstrated the concept that our banks are ‘too big to fail’. In other words, banks are of such importance to the world's financial system that governments would rather prop them up with public money than allow them to suffer the consequences of their own greed or incompetence and – in his own way – Madoff is the same as these banks: an investment advisor too respectable to scrutinize.

www.usfst.com

39


Madoff ED:25JUNE

28/1/09

16:16

Page 40

CLOSE-UP: WHAT IS A PONZI SCHEME? A Ponzi scheme is a fraudulent investment operation that pays returns to investors out of the money paid in by subsequent investors rather than profit. The Ponzi scheme usually offers abnormally high short-term returns in order to entice new investors. The perpetuation of the high returns that a Ponzi scheme advertises and pays requires an ever-increasing flow of money from investors in order to keep the scheme going. The system is destined to collapse because the earnings, if any, are less than the payments. The scheme is named after Charles Ponzi, who became notorious for using the technique after emigrating from Italy to the United States in 1903. Though Ponzi did not invent the scheme, his operation took in so much money that it was the first to become known throughout the US. It was, in theory, based on arbitraging international reply coupons for postage stamps, but soon diverted investors' money to support payments to earlier investors and Ponzi's personal wealth.

And now, as if the housing crisis, liquidity freeze, deepening recession and a prospect of deflation weren’t enough for the world’s financial system to deal with, we also have the Madoff affair pulling at the strings of our economy. Hedge funds for example have been in a downward spiral for months, as, in response to the worrying economy, investors have been pulling money out fast. Even supposedly untouchable portfolios such as those at Citadel Investment Group have lost half their value over the past 12 months. Nonetheless, Wall Street had remained optimistic that investors would stick by hedge funds if the markets stabilized, thereby buoying the industry’s fortunes. But as the list of victims affected by the Madoff

40

www.usfst.com

scandal continues to grow, hopes for the future of hedge funds looks increasingly bleak. Reports now indicate that investor confidence has sunk to an all-time low, and it could take years for managers to regain the trust they once had. Economists have gone on to predict that the industry that emerges from the other side of this crisis will most likely be considerably smaller, humbler and cheaper than the one that began 2008, with near $2 trillion in assets. And Claude Le Ber, CEO of Geneva-based Banque Safdie SA, who three years ago withdrew money invested with Madoff, has said that the scandal will likely mean considerably more hedge fund regulation. “What Madoff has done is highlight the lack of regulation,” Le Ber said during a recent press conference in Geneva. “There’s going to be a shake out. Even before Madoff, the hedge fund industry was seeing redemptions and wasn’t producing absolute returns.” Safdie, with $5.9 billion under management at the end of 2007, is the second Swiss bank after Credit Suisse Group AG to disclose withdrawals of money before Madoff confessed to swindling investors. “A lot of Swiss private banks were hurt,” Le Ber continued. “He was able to cultivate a circuit and put people in a position where they felt that opening an account was doing them a favor.” he added that Bank Safdie withdrew money that it had placed with Madoff back in October 2005 because it wasn’t getting enough information about the investment.

Global ramifications On December 15, three days after Madoff’s arrest, a number of Europe’s largest financial companies revealed their exposure – most notably Spain’s Banco Santander, Iberian rival Banco Bilbao Vizcaya Argentaria and France's BNP Paribas, who all confirmed losses to address the growing concerns of their investors. Later, troubled Benelux bank Fortis said that its Dutch subsidiary had indirect exposure of some-


Madoff ED:25JUNE

28/1/09

16:17

Page 41

where between $1.17 billion and $1.38 billion to Madoff's investments, while French insurance giant AXA also revealed potential losses in the range of $136 million. What’s more, even those who pulled out of Madoff’s funds before the blow-up even happened could be forced to return their proceeds and principal. Just a few months before Madoff’s arrest, the Fort Worth Employees’ Retirement Fund pulled $10 million out of a hedge fund that invested exclusively with Madoff. But now the managers face the possibility of having to give back the money – a sum that includes all of the pension's purported gains over the years, plus its initial investment. The consequences of the Madoff scandal are running far and wide. At the beginning of January, at the first hearing of the Financial Services Committee on the alleged fraud, both Republican and Democratic House members said the debacle surrounding Madoff reflected deep, systemic problems of the US Securities and Exchange Commission. “Clearly our regulatory system has failed miserably and we must now rebuild it,” said Representative Paul Kanjorski, a Democrat who chaired the hearing, adding that the scandal, “fell through the cracks” of the regulatory system. “It now appears that regulators should have detected the Madoff wrongdoing earlier because of the red flags raised by others.” With a continuing investigation, it is hard to make any solid predictions regarding how the Madoff scandal will ultimately impact our economy. However, already it is clear that the ramifications will be felt for years to come. Without the huge source of ready money, both from funds of funds and bank credit line hedge fund returns will suffer even after the markets eventually bounce bank.

16 YEARS OF INVESTIGATION For over a decade and a half, regulators from the SEC and other agencies conducted numerous examinations at Madoff’s offices, but failed to uncover fraud.

1992 NY SEC sues four individuals for illegally raising $440 million in what was thought to be a massive Ponzi scheme apparently unrelated to Madoff. The money, however, is managed by Madoff, and is both intact and redistributed back to investors.

1999 SEC in Washington DC opens limited examinations into Madoff and two other firms to review trading practices. SEC finds violations in trade executions and Madoff says he will address them.

2004 SEC in Washington DC opens a limited exam looking into whether Madoff is front-running his market-making trades to benefit hedge fund clients. SEC finds no violations and refers the case to its New York office.

VICTIMS OF MADOFF

2005

In the case of Bernie Madoff, there have been some notably high-profile victims. Here, FST takes a look at some of the most prolific.

NY SEC opens a limited examination looking into suspicious emails found during the review of a hedge fund as well as news stories that raised questions about Madoff’s consistent returns. The SEC issues a delinquency letter citing execution and trading violations.

• Director Steven Spielberg’s charity, Wunderkinder Foundation, ‘appears to have invested a significant portion of its assets with Madoff, based on regulatory filings,’ according to the Wall Street Journal.

2005

• Real estate and publishing magnate Mort Zuckerman had a large amount tied up in a fund that invested heavily in Madoff's firm. • Nobel laureate Elie Wiesel’s charity organization, Foundation For Humanity, reportedly had $10 million tied up in Madoff's organization. • Lawyers for Sen. Frank Lautenberg said they weren’t sure how much the senator’s charitable organization has lost but said ‘the bulk of its investments had been handled by Madoff.’

SEC investigators in New York meet with Harry Markopolos, a former executive of Madoff’s who, in a 21-page presentation, suggests Madoff is running the world’s largest Ponzi scheme

2006 SEC NT staff opens an enforcement investigation. The SEC finds that Madoff and one of his clients misled the agency about investors in the past and about its money-management business. Madoff agrees to register as an adviser and the SEC closes the investigation 22 months later.

www.usfst.com

41


CARD PURCHASING

PLAY YOUR CARDS RIGHT Building solid purchasing card programs requires careful planning. JPMorgan’s Eduardo Vergara reveals the best practices of several leading companies.

O

rganizations are increasingly taking steps to cut costs and bring greater control over spending. In today’s highly regulated environment where the main focus is on compliance and auditing controls, a purchasing card program provides the foundation and visibility tools to better manage corporate spending. By following the best practices and innovative strategies shared by some of JPMorgan’s purchasing card customers, corporations are better positioned to launch an effective card program, improve compliance and auditing processes and practices, and further accelerate efficiency. The risks of inefficiency are significant. A university employee in Georgia was recently indicted for ringing up more than $300,000 in personal charges on a state-issued purchasing card. Items acquired included foosball tables, season tickets to football games and a $1900 frozen drink machine. A state audit report blamed the university for its lax supervision of the card program.

42

In Tennessee, county employees resigned amid a purchasing card scandal that included close to $50,000 in undocumented or inadequately documented expenses; reports of fabricated receipts; purchases of cruises, alcohol, lobster dinners and family members’ plane tickets; as well as gas purchases for private cars. Though such cases of flagrant misuse are fairly isolated, hearing such stories causes treasurers and purchasing card administrators to pause and question. No matter the industry, market segment or program size, concerns regarding out-of-policy spending, fraud detection and card misuse remain the same. Here are some key steps to take to ensure that your program is up to par.

Establish checks and balances A set of checks and balances and a segregation of duties must be established between the various individuals involved in card program management. No matter how clearly roles and responsibilities are

www.usfst.com

EduardoVergara.indd 42

28/1/09 15:53:45


documented, they will prove ineffective in mitigating risk unless there is logical segregation of duties. At a minimum, cardholders should not be their own approving manager or approving executive. Separate individuals must be identified for card program responsibilities related to requests, authorization and execution. Pam Henton, director of accounts payable and card services for energy company ConocoPhillips, manages about 13,500 cardholders and 120,000 expense reports per year. All expense reports and associated receipts must be reviewed and approved by the cardholder’s direct manager. By placing some burden on the manager, expense reports have already been through one review cycle.

Establish consistent policies The development of policies should support various aspects of card program control including establishing card issuance guidelines, transaction controls, and rules for card usage, documentation and record retention. No matter how the management of your card program is structured, the same policies and processes should apply to all cardholders. Whether your company is acquiring an established business or if you have oversight of a single program based in one location or multiple programs spread across a number of business units, be consistent when establishing parameters. Only then can rules be enforced without confusion. According to Sears card manager Wayne Randall: “When Sears Holdings Corporation acquired Kmart and Land’s End, we realized from the onset that our purchasing card policies and procedures differed in a number of ways. Some of the initial goals were to gain buy-in to the program, establish consensus with a companywide policy and roll out the cards to leverage the already established spending practices. We audited 100 percent of all new cardholders for the first few months to inform, educate and enforce compliance during their transition to a new corporate culture. If out-of-policy spending occurred, an email was sent to the cardholder outlining existing policies. New cardholders quickly adapted.”

Mandate training before a card is issued Education and a clear understanding of cardholder roles and responsibilities are vital to any program. Once an application is received, companies should consider having card applicants participate in some form of training course before they receive their card. While training in-person or via conference call could be offered every month or so, companies may want to consider establishing a brief online course or quiz. A record of those who took the course or passed the quiz can be maintained to further support your company’s SarbanesOxley initiatives. Chevron Corporation employees are required to take a training course every two years to continue using the card. Monsanto Company requires that its cardholders take a computer-based training course and receive a score of 100 percent in order to apply for their card. Upon completion of the course, users receive a ‘digital diploma’ or certificate that then must be submitted along with their application. Cardholders who are on a watch list as a result of multiple audits are required to take the course again.

Establish protective controls upfront All successful purchasing card programs are safeguarded with a combination of upfront controls and back-end auditing practices. In addition to required training, some common upfront measures include the establishment of cardholder transaction limits, monthly spending limits and the blocking of unauthorized Merchant Category Codes (MCCs). An increasing number of companies have deployed single-use or limited-use account technology to bring greater control over spending. ServiceMaster, the parent company of pest control business Terminix, has implemented single-use account technology to bring greater spend control and efficiency to its payment processes. The company is using the technology throughout its network of Terminix branches as a means to make one-time payments to its subcontractors. Once a Terminix subcontractor’s work is complete and the associated claim has been approved by ServiceMaster, a limited-use account number is issued to securely pay the subcontractor’s approved claim. In the past, ServiceMaster would pay its Terminix subcontrac-

No matter the industry, market segment or program size, concerns regarding out-of-policy spending, fraud detection and card misuse remain the same tors by giving them a credit card number and expiration date. ServiceMaster would have no control over how often the subcontractor could charge the card or how much they charged. According to Mike Gaffney, ServiceMaster’s Director of Card Services: “We were running into situations where subcontractors would double charge us or they would charge us before the work was complete. The control is now very tight.”

Use technology to streamline back-end auditing Technology is key to helping card administrators more effectively pinpoint potential card misuse and guide the back-end auditing process. Corporations should seek to partner with an issuer that provides web-based payment management tools designed to support all areas of card program administration, including enhanced reporting and real-time visibility into spending. Best-in-class systems enable administrators to block unauthorized purchase categories, monitor corporate compliance, modify spending limits and cancel cards. Administrators should have access to a variety of standard reports that provide the transaction detail needed, including vendor analysis, unusual activity analysis and delinquency reports. Cardholders can assist with compliance efforts by viewing their statement information in real-time. Raymond Williams, accounts payable manager at coffee giant Starbucks, oversees a program with 4300 cardholders and approximately 45,000 expense reports per year. Williams and his team use an online reporting tool on a daily basis to oversee spending in real-time. A specialist identifies transactions that fall under certain restricted Merchant Category Codes (MCCs), as well as merchant names that have been placed on Starbuck’s high-risk transaction list or ‘Hot List’. Four

www.usfst.com

EduardoVergara.indd 43

43

28/1/09 15:53:46


or five emails are sent out each day asking cardholders for additional information on questionable transactions. The cardholder’s manager is copied on these messages. According to Williams, “It is an effective control if employees sense that their spending is being monitored. The card is for business purposes only, not for personal use.”

Audit beyond the traditional

company card to buy a personal item, they should self-report immediately to demonstrate that they are operating within the spirit of the program and not engaged in suspicious activity. According to the airline’s purchasing card manager: “We are very parental in a number of ways. If you have used the card in a non-compliant manner, we can work out the issue if you are honest upfront. Everyone is human and mistakes can occur. But we will monitor your reports more closely over the coming months to make sure that your behavior has improved. Like baseball, we have a ‘three strikes and you’re out’ approach. After the third strike, you lose card privileges and disciplinary action will be taken. But if you have received one strike and proven over the following months that you are following policies correctly, that one strike may be removed from your record.”

Best-in-class organizations enhance their traditional auditing practices by looking beyond spend limit and MCC violations. Additional controls also may need to be established depending on your industry. Some companies conduct audits on purchases that are made in the evening or on Eduardo Vergara is a Managing Director in Treasury weekends. Purchases that are shipped to Services and Global Commercial Card Executive. He an individual’s home as opposed to campus is responsible for the day-to-day management of are also investigated. Other items that are the global commercial card business and for setting red-flagged: personal technology purchasand implementing Treasury Services’ strategic vision es such as computers, cell phones or PDAs, for its card products. He also provides industry and items acquired through PayPal. Many leadership and helps grow the business by expanding companies focus on retail spending by auPeriodic peer reviews its international card platform and Order-To-Pay and diting statements that include purchases To mitigate improper card use and emerging Procure-To-Pay product capabilities. from Amazon.com, Best Buy, eBay, Target help support Sarbanes-Oxley, best-inVergara joined the firm in 2008, from American or Wal-Mart. Audits are also conducted on class organizations also perform ongoing Express, where he was the global head of Product purchases made outside of its published peer reviews of purchasing practices well Management & Marketing for the Global Commercial list of preferred suppliers. in advance of regularly scheduled audits. Card business. Prior to American Express, Mr. Sears Holdings Corporation focuses on Sarbanes-Oxley Section 404 requires Vergara worked for Bank of America, where his the travel-related practices of its OneCard management to report on the adequacy roles included head of international Business users. When renting an automobile, cardof their company’s internal control over fiDevelopment, Latin America, and Canada, global holders should not sign up for the rental nancial reporting. Informal, periodic peer Treasury Services, head of Prepaid Cards and head agency’s fueling option. In order for meals reviews can help determine any program of International Remittances. to be reimbursed, cardholders must be on weaknesses while promoting efficiencies, overnight status. Cardholders must provide ongoing training and limiting overall risk. supporting documentation to demonstrate International Paper’s purchasing that an overnight trip occurred. card practices are audited every other year by internal audit. These Foster positive relationships While monitoring and enforcement audits take place at each of International Paper’s seven divisions. are vital to success, it is important that card program administrators In anticipation of these audits, cursory peer reviews are conducted not be viewed as the enemy. In order for your program to grow and annually at each location. Divisions also perform monthly transacsucceed, positive, interactive relationships must be established with tional reviews. your cardholder base. Take a consultative approach. Create an enviThe purchasing card program at Monsanto is audited at least twice ronment where cardholders feel comfortable reaching out to you with a year, once by an internal team and once by an external firm. Card adquestions and issues. Sometimes spend limits or other restrictions ministrators prepare for these audits by conducting approximately eight need to be loosened in order for cardholders to be more effective in random audits per month and reviewing at least 40 percent of spend. their job. Card program policies should be reviewed and updated periThe purchasing card manager at a major US airline reviews deodically to reflect any changes in the company that affect the use of cline reports daily and proactively investigates why such declines the card. Despite the existence of written policies in the majority of occurred. Perhaps MCCs should be unblocked for certain buyers companies surveyed by the Association of Financial Professionals, or spending limits need to be raised. Perhaps a cardholder needs only 38 percent of those companies update their policies annually. to be further educated on policies. The company also reviews its At a minimum, it is recommended that reviews of the card program spending reports daily. If a cardholder has accidentally used the policies should be scheduled on an annual basis. n

44

www.usfst.com

EduardoVergara.indd 44

28/1/09 15:53:48


Wolters.indd 1

28/1/09 08:22:52


You’re on record criticizing post 9/11 airport security measures as little more than window dressing that don’t actually make passengers safer. Do you see any similarities to this situation and the steps financial companies take to protect their customers? Bruce Schneier. The phrase I use is ‘security theater’, and one of the reasons we fall for it in airline security is that attacks are very, very rare. Security theater is exposed when it’s obvious that it’s not working, and there simply isn’t the attack data to assess the effectiveness of bag screening, liquid confiscation, photo ID checks and other useless security measures. Financial fraud is different, because there is a measurable crime rate that reacts as security countermeasures are applied. Financial companies know what is and isn’t working. They may decide not to tell their customers and keep up a charade of security theater, but that only works in the short term. So while there certainly is security theater in the financial industry, it won’t last. People will, for example, eventually figure out that two-factor authentication doesn’t reduce identity theft and fraud.

LOCK DOWN The so-called ‘rock star’ of the security industry, Bruce Schneier, exclusively reveals some interesting thoughts regarding current security issues 46

What do you see as the key security issues currently facing financial institutions and their customers? BS. Crime. Crime, crime, crime. Crime in the form of fraud. It may come with the fancy name of identity theft, but it’s really just fraud due to impersonation. That’s the key issue, and it’s not changing. The tactics of fraud might change – phishing, pharming, key logging, social engineering, password guessing, whatever – as security measures make some tactics harder and others easier, but the underlying issue is constant. Are customers concerns about online security matched by that of their banks and credit providers or is there any disconnect with what consumers want and what companies are prepared to do? BS. There is always a mismatch, and you can easily see it when you look at where the liabilities are. If financial institutions manage to pass off the cost of fraud onto consumers, then of course the consumers will want more recourse than the banks provide. Think of a

www.usfst.com

Bruce Schneier Ed P46-47.indd 46

29/1/09 09:05:50


Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a ‘security guru,’ he is best known as a refreshingly candid and lucid security critic and commentator. The best selling author of eight books, he has written articles and commentary that have appeared in numerous prominent publications. Regularly quoted in the media, he has testified on security before the United States Congress and is also Chief Security Technology Officer of BT.

situation where someone steals a customer’s password, breaks into a customer’s account, and steals money. It’s far cheaper for the bank to foist the cost of that fraud onto the consumer. But the consumer is perfectly right when he says: ‘What do you mean, it’s my fault? I wasn’t involved.’ The best way to mitigate security risks is to have the entity best situated to mitigate the risk be responsible for the risk. Customers can’t improve a bank’s computer security, so it makes no sense to give them the risk. The bank can improve security, so it should be responsible for the risk, regardless of who is at fault. Think about credit card security. In the UK the law states that customers are only responsible for the first £50 of card-present fraud, and not at all for card-not-present fraud, even if they were at fault. That law

has done more to improve credit card security than anything else. FST. What needs to be done to truly create an environment where customers are protected from threats such as identity theft? Are banks and other financial institutions capable of achieving this on their own or will outside influence be required? BS. It’s easy. Make banks responsible for all the costs of identity theft. Once you set the economic incentives properly, the marketplace will come up with all sort of technical and procedural solutions. Do you see any particularly striking new security threats emerging at the moment? BS. No. I’m asked to make predictions like this regularly, but honestly, I think we’re going to see more of the same for the foreseeable future. Does the increased ubiquity of online commerce mean that resolving new security threats is a purely technological issue or is there other aspects to consider? BS. Mitigating security threats is never a purely technological issue. Security always involves people – people doing the attacking, and people as the victims – so security will always have a people component. And actually, one of the reasons online crime is so suc-

cessful is that so much security tries to take people out of the equation. Technology can do a lot to improve security, but it can only augment what people do, not replace them.

“The tactics of fraud might change as security measures make some tactics harder and others easier, but the underlying issue is constant” We recently spoke with PayPal’s CISO Michael Barrett. He believes that the war on phishing is winnable, but it will require a great deal of hard work and coordination between many different parties. What is your feeling on the subject? BS. I think that comment illustrates a lot of what’s wrong with current security thinking. It’s not a war on phishing, it’s a war on fraud. Phishing is just a tactic, and if you concentrate your effort on defeating that particular tactic – something I agree is possible but will take a great deal of hard work and coordination – the criminals will just move to another tactic. If we’re ever going to truly reduce fraud, we need to look beyond tactics and deal with the economic motivations of both the criminals and the victims. n

Wormhole: security in action n recent weeks a worm, a malicious software program, has swept through corporate, educational and public computer networks around the world. Known as Conficker or Downadup, it is spread by a recently discovered Microsoft Windows vulnerability, by guessing network passwords and by hand-carried consumer gadgets like USB keys. Experts say it is the worst infection since the Slammer worm exploded through the internet in January 2003, and it may have infected as many as nine million personal computers around the world. Worms like Conficker not only ricochet around the internet at lightning speed, they harness infected computers into unified systems called botnets, which can then accept programming instructions from their masters. Many computer users may not notice that their machines have been infected, and computer security researchers

I

said they were waiting for the instructions to materialize, to determine what impact the botnet will have on PC users. It might operate in the background, using the infected computer to send spam or infect other computers, or it might steal the PC user’s personal information. Microsoft rushed an emergency patch to defend the Windows operating systems against this vulnerability in October, yet the worm has continued to spread even as the level of warnings has grown in recent weeks. Earlier this month, security researchers at Qualys, a Silicon Valley security firm, estimated that about 30 percent of Windows-based computers attached to the internet remain vulnerable to infection because they have not been updated with the patch, despite the fact that it was made available in October last year. The firm’s estimate is based on a survey of nine million internet addresses.

www.usfst.com

Bruce Schneier Ed P46-47.indd 47

47

28/1/09 15:44:12


Anixter ATE:25JUNE

29/1/09

08:58

Page 48

ASK THE EXPERT

Designer trends Andy Jimenez, Anixter VP of Technology, looks at what IT managers need to be aware of when designing and managing a data center

W

ith more than three trillion bits of data created every second, the world’s appetite for more feature-rich information keeps growing, and with it comes the need for data centers to store and process that information. Consequently, the data center growth rate is roughly 50 percent a year. However, as the worldwide pool of data grows, corporations are increasingly consolidating and centralizing data center operations to save costs associated with their operation and maintenance, such as real estate, taxes, utilities and other physical support groups. These new high-density data centers save on physical costs by reducing equipment and floor space costs for servers in remote offices, cutting software licenses and distribution costs and reducing operating expenses. One consolidation strategy is server virtualization, which harnesses the computing power of multiple servers into logical groupings, known as virtual servers, running concurrently on the corporate network. Virtualization

essentially breaks the link of the physical server and the software applications that run on it. Because the software applications run on virtual machines, virtualization realizes greater computing and power efficiencies by maximizing the utilization of the physical servers that support the software. Virtualization provides network administrators with essential flexibility and agility in managing data center environments while delivering rapid deployment, rapid adoption of change and flexible disaster recovery. From a physical hardware perspective, the use of high-density blade server technology facilitates server virtualization. By containing multiple servers in a single chassis-based enclosure, blade servers maximize CPU processing power per watt of power consumed. However, its higher density platform changes the design paradigm on which traditional data centers were built. As computing resources consolidate into smaller physical footprints, the kW usage per square foot increases as does the associated cooling requirements.

Andy Jimenez is Vice President of Technology, Enterprise Cabling Solutions and has over 19 years experience in the fields of telecommunications testing and product certification. He has held various engineering and management positions with test laboratories specializing in the certification of voice/data communications systems and components. He has also given numerous technical presentations at trade shows, and is a regular speaker at Anixter's National Seminar Series.

With next-generation data centers consuming upward of one megawatt of electricity and producing as much as 20kW of heat on a per cabinet basis, data center managers will need to contend with power and thermal management challenges as well as increased distances between standalone and redundant data centers. Even with these concerns, organizations are finding it increasingly difficult to maintain a network of servers distributed across the country or world and are turning to data center consolidation to cut IT costs, tighten data security, meet regulatory requirements and improve operational efficiency. To fully realize the many organizational benefits of consolidation and virtualization, there are inherent design challenges that must be overcome. An understanding of the complexities associated with provisioning of high-output, high-efficiency 3-phase power distribution systems used to support blade server technology is essential. Once the power requirements for supporting the computing load is understood, the correct thermal management or cooling strategy can then be developed. A passive or active cooling solution with the ability to provide enough capacity for upwards of 20kW a cabinet heat loads will be needed. Virtualization also requires an improvement of network bandwidth and latency performance. High-bandwidth technologies such as 10 Gigabit Ethernet using laser-optimized 50-micron fiber (ISO OM3) and Category 6A (ISO Class EA) twisted-pair cabling will alleviate the potential bottlenecks associated with aggregating computing resources using virtualized servers and storage platforms. Lastly, following the TIA-942 and other global data center standards will ensure the cabling infrastructure is designed to effectively support virtualized server environments as well as scale with network growth. For more details on industry standards, go to anixter.com/standards to order your copy of the Anixter Standards Reference Guide.

48

www.usfst.com


Anixter2.indd 1

28/1/09 08:17:10


Safenet:25JUNE

28/1/09

16:22

Page 50

INDUSTRY INSIGHT

Reducing the cost and complexity of consolidation Chris Fedde discusses the best practice strategies for ensuring efficient business processes and security during consolidation

T

he ecomonic distress of the financial community has added new dimensions to the protection of sensitive information. Always of the highest priority, the financial community has to protect the privacy of personal information and institutional data while securely transacting all forms of commerce. Now, with consolidations and take-overs occurring at a breathtaking pace, there is an even greater challenge – combining institutions in a manner that is rapid and cost effective without jeopardizing the sensitive data. It is more important than ever to find ways to cut costs, retain customers, maintain business processes and demonstrate a positive return on investment to stakeholders even while incompatible systems and infrastructures are being merged. For years, financial institutions have focused on security solutions that thwart the everincreasing number of serious threats to sensitive data assets. However, during transitional times, institutions are once again vulnerable to threats as data is consolidated amongst multiple heterogenous systems that are complex, often incompatible and difficult to secure. Over the coming months, as IT departments bring together these vast amounts of data, consolidate IT systems and develop new business processes, they need to consider solutions that provide business efficiency, scalability and continuity of information. And, with a heightened level of scrutiny on technology purchase decisions in the areas of goverance, risk management and compliance, it is important for financial institutions to take an enterprise approach to establishing their new combined infrastructure to maximize IT investments and protect sensitive data. In the past, most organizations were able to establish a perimeter defense, employing firewalls, intrusion detection and antivirus software to keep threats to information at bay and meet compliance requirements. But now, with more than 50 percent of security breaches perpetrated internally, perimeter security mechanisms

50

www.usfst.com

Chris Fedde was named President and Chief Operating Officer of SafeNet in October 2006. Throughout his tenure at SafeNet, which began in February of 2001 as Director of Corporate Product Management and Business Development, Fedde has been a key contributor to building the company’s security presence in the Federal Government and the financial community. During this time, SafeNet has seen a significant increase in demand for the company’s technology solutions and managed services.

are no longer sufficient for addressing the many threats to sensitive data. Additionally, companies are required to extend their data infrastructure across business units, partners, suppliers, customers and an increasingly mobile workforce. The outsider is now an insider, and, here again, the perimeter security is no longer sufficient. All this is further exacerbated when multiple, disparate products create security gaps and heterogenous environments, which are costly to manage, create vulnerabilities and inhibit business.

Protecting the information withinin the enterprise is the only way to provide core to edge protection. Encrypted information, integrated under a centralized security platform, provides seamless, cost-efficient management of data across databases, applications, networks and endpoint devices. Securing data at all times – at rest, in motion, and in use. Protecting the information within the enterprise extends security and compliance across all systems where data resides – network, application, database, or storage. The overall security model will determine the points of protection, which then determines the scope of the integration task. Typically, modes of implementation for a data protection solution vary in terms of security model, but each have strong commonalities that represent the essential building blocks of data privacy implementations: • • • • • •

Cryptographic operations Secure key management Specialized, dedicated hardware Authentication and authorization Logging, auditing, and management Backup and recovery

In essence, an effective and comprehensive data protection solution must follow the data from the core, where key data repositories exist, to the edge, where the data is used. When selecting a data protection solution – especially in times of transition or consolidation – you should know the fundamental elements that make up the solution, be sure to leverage standardsbased technologies and ensure that the proper planning and cooperation occurs within and across the enterprise. Doing so will ensure an effective solution that meets security requirements, reduces the overall complexity, management, and maintenance costs of the organization’s IT infrastructure, and provides a foundation for addressing future data protection needs, business processes and regulatory compliance requirements.


SafeNet.indd 1

28/1/09 08:20:44


EMAIL SECURITY

Phish tales David Jevans discusses the challenges faced in fighting the global war on phishing and crimeware during the financial crisis

W

hen I founded the Anti-Phishing Working Group in 2003, I thought that we would have eliminated phishing by mid2004. How wrong I was. The Anti-Phishing Working Group (APWG) was founded to bring together the diverse communities of banks, ISPs, e-commerce companies, security vendors and law enforcement agencies. Our core philosophy was to create a forum where these diverse players could talk frankly and honestly about the evolving phishing attack situation, without fear that these conversations would become public. This format proved to be immensely successful, and the APWG now has over 1500 member companies and government agencies. In 2003, phishing attacks spread from attacks against eBay and PayPal customers to a wave of coordinated attacks against the customers of Australian financial institutions. In the summer of 2003, these attacks were then aimed against customers of UK financial institutions and in late 2003 US banking customers began to be targeted. This global pattern indicated that cyber criminals were becoming just as organized as traditional crime gangs. They were testing new techniques in smaller markets like Australia, where users are easily targeted by both their network address and because there are a smaller

52

Jevans.indd 52

number of financial institutions. The model was then perfected and expanded in the UK, where there were still a small number of institutions, and an easily targeted customer base. The scam was then scaled up to the US market, particularly targeting customers of the top few banks. It became clear that one particular group could not solve the phishing problem on their own. It would require cross-industry collaboration. Thus the APWG was formed. As phishing scams became ever more sophisticated and professional, members of the APWG were able to discuss the evolving tactics and best practices for detecting these attacks, shutting down the phishing sites and tracking and reducing losses. In closed-door APWG meetings, members were able to discuss the indirect financial losses from phishing attacks, for example the costs of call centers receiving tens of thousands of phone calls from consumers when a major attack was launched. The APWG publishes monthly reports that track phishing statistics around the globe. These statistics allowed us to see patterns where some financial institutions would be attacked with much more intensity than others. Eventually it became clear that one significant factor in the number of attacks that an institution faced was related to how

www.usfst.com

28/1/09 14:31:13


easily criminals could transfer funds out of compromised customer accounts. We also began to see cross-channel fraud, where account numbers and PINs were used to create ‘white plastic’ ATM and debit cards. Financial institutions started to realize that the phishing problem spanned all types of fraud, and was involved in ATM, debit card, check card, wire transfer, ACH and account opening fraud. More recently we have been seeing the telephone banking channel used as an attack vector, where phishers send out emails requesting customers to call a fake call center, where the IVR system is used to collect account numbers and PINs from customers without them ever having to visit a spoofed bank website.

the cyber criminals fight back

net Corporation for Assigned Names and Numbers, to create policies for rapid takedowns of fraudulent domain names that are being used to host phishing and fast-flux sites. This has been a multi-year effort, and there is still much work to do with policy and education among the registrar and registry communities. A very disturbing trend over the last year has been the use of social networks to spread crimeware and phishing. There have been attacks against users of MySpace and LinkedIn that have infected tens of thousands, and in some instances up to a million users in a very short time frame. These attacks do not rely on traditional email, as they spread inside the social networks using their internal web-based messaging systems. This can make these attacks very difficult to track and profile.

Through 2005 and 2006 the security community began to develop 2009 and beyond anti-phishing technologies and service offerings such as outsourced We expect that the current global financial crisis will continue to takedown services to get spoofed websites shut down in a timely give phishers new ways to create believable social engineering attacks fashion. The phishers responded by increasingly hosting their spoofed to steal account credentials and to spread crimeware. In the fourth websites in foreign countries, making takedowns very time consuming quarter of 2008 there were numerous attacks against customers of and requiring foreign language skills and working around the clock to major financial institutions that were being acquired or were in the deal with sites hosted in varying time zones. news receiving government aide. In 2009 we can expect an increase For every defensive measure that is put in place by the industry, the in money mule recruitment scams, where criminals recruit unemployed criminals react with a creative new approach to continue their fraudulent consumers to act as online funds transfer agents, or to reship goods activities. For example, the security and web browser community began that were purchased using stolen credit card numbers. to track known phishing sites and share those web addresses as a blockThe rapid and continuous evolution and expansion of online financial list, which would allow browsers and email servers to prevent users from fraud through phishing, crimeware and social engineering is something receiving known phishing emails that requires a coordinated global or visiting known phishing sites. response from the financial services CRiMeWaRe esCalatiON One of the prominent phishing industry, ISPs, security vendors, gangs, known as the ‘Rock Phish e-commerce merchants and law ver the last several years we have seen phishing be Gang’, responded by using tens of enforcement agencies. The APWG augmented by the spread of malicious software that is thousands of sub-domains on their and our members have been workdesigned to steal online account credentials. This malicious phishing sites, thus overwhelming ing to expand our systems and tools software that is designed for electronic crime has been dubbed the block-lists. for secure collaboration and data ‘crimeware’. The crimeware wave seems to have started in Brazil Another example of escalation in the 2003 timeframe, and has naturally spread around the sharing. We have facilitated the in the war against cyber fraud was world. Crimeware variants are merged with remotely controlled sharing of phishing site URLs bethe invention of fast-flux technolmalicious software to create networks of hundreds of thousands tween members, and are expanding ogy by the leading phishing gangs. of compromised home computers (botnets) that are used by cyber this to allow financial institutions Fast-flux is a DNS technique used criminals to launch phishing, crimeware and spam attacks. The and security researchers to share by botnets to hide phishing and botnet explosion since 2006 seems to have infected millions of information about fraudulent webmalware delivery sites behind an personal computers around the world that are being used by criminals sites and IP addresses of known and ever-changing network of comprowithout the knowledge of the person who owns the computer. suspected cyber criminals. mised hosts acting as proxies. A Recent activity in the crimeware landscape is the evolution of In these challenging financial sophisticated type of fast-flux is targeted crimeware that is designed to get onto the computer of a times, its more important than ever when multiple nodes in the fraud targeted employee in a large corporation or government agency. Once for the financial services industry, network register and de-register that person’s computer is infected, the criminals can upgrade the the security industry, ISPs and their addresses as part of the DNS crimeware to add new functionality to compromise other computers, law enforcement to work together record list for the DNS zone. This steal intellectual property, create backdoor access paths into the to share information and pool our makes taking down phishing and corporate network, or even to run customized software to generate resources to keep our customers crimeware sites extremely difficult transactions inside the company network. This represents the safe, and to secure our assets. as they are hosted on many maultimate professionalism of the cyber crime industry, where crime Come and join us.  chines with changing IP addresses. gangs are plotting these attacks for many months, and using highly David Jevans is the chairman of the Anti-Phishing The APWG and our members have sophisticated crimeware and targeted social engineering to get this Working Group. For more information please visit www.antiphishing.org been working with ICANN, the Intercrimeware into corporate networks. We call this ‘spear phishing’.

O

www.usfst.com

Jevans.indd 53

53

28/1/09 14:31:14


ANALYSIS

Going under TowerGroup’s Bobbi Britting discusses how financial instutions need to serve the underbanked market during the credit crisis

M

ore than 100 million individuals in the United States today are considered unbanked, underbanked or credit underserved. These people have no bank accounts or far fewer accounts than the average American. While the US economy is caught up in the current worldwide credit crisis and recession, some important questions arise: Are bankers even thinking about the underbanked? And why should they? Underbanked consumers have traditionally relied heavily on a cash-based economy or alternative, nonbank providers of financial services to conduct their financial transactions, which are profiting nicely from these relationships. Traditional financial services institutions (FSIs) could be on the profit side of the equation, but to emerge from the current credit crisis, they will need to create the right products and tools for financially underserved consumers. For the most part, existing bank products, including loan underwriting processes, do not meet the needs of underbanked consumers and were not built with them in mind. This population typically falls into one of three categories related to credit: • N o hits. These individuals have no record at traditional credit reporting agencies such as Equifax, Experian and TransUnion. Approximately 20 million people in the US are in this group. Without a record at a credit reporting agency, they will nearly always be declined credit by a bank, thrift or credit union and often will be unable to open a demand deposit account (DDA) or savings account.

54

• U nscorable. The unscorable population includes people with ‘thin’ credit files containing little or no credit history or payment data. Again, lenders won’t have enough data to score their credit worthiness and/or make a lending decision. Consumers with thin credit files include young people who have not had time to build a credit history, recent immigrants who have been in the US only a short time, and others who are undergoing a life change, such as losing a spouse whose credit history was tied to theirs. • Subprime. For each type of loan product, the exact definition of subprime will vary. In general, the subprime category includes consumers with unfavorable credit history based on credit bureau reports. More Americans are falling into this category because of their delinquent or unpaid credit balances, overextension of credit, and extreme factors such as defaulted loan accounts and loan foreclosures, and because bankruptcy is becoming more prevalent.

The regulators and the underbanked In 1977, the US Congress enacted the Community Reinvestment Act (CRA) to ensure that banks serve a greater portion of the population. The intent of the act is to encourage depository institutions to help meet the credit needs of the communities in which they operate, including low- and moderate-income neighborhoods. CRA does not require institutions to make high-risk loans that will jeopardize their safety. Today, some would argue that subprime borrowers who benefited by receiving mortgages from lenders struggling to meet CRA objectives contributed to the mortgage crisis. However, a study released by the University of North Carolina at Chapel Hill’s Center for Community Capital on default rates among low-income and minority homebuyers notes, “Risky mortgage products, not risky borrowers, are the root cause of the mortgage default crisis.” The study shows that mortgage borrowers with similar risk characteristics defaulted at much higher rates if they took subprime mortgages than if they took loans made under the auspices of CRA. Although not all consumers can afford a home, the actual mortgage product, features and underwriting guidelines are more the cause of the default than is the risk profile of borrower. Banks may be missing an opportunity to serve and profit from the underbanked markets, but consumers are not going completely without financial services. Nonbank financial service centers (FSCs) and community financial centers (CFCs) operate nationwide in around 20,000 physical locations today. Financial Service Centers of America (FiSCA), a trade association of nonbank FSCs, estimates that 30 million customers are being served annually through 350 million transactions representing more than $106 billion in various products and services. According to a 2007 FiSCA key member survey, some notable volume estimates for products and services purchased at the associa-

www.usfst.com

BRITING.indd 54

28/1/09 16:38:10


tion’s member organizations included 137 million checks cashed, for $56 billion; 86 million money orders sold, with a value of $17.6 billion; 2.8 million prepaid value cards sold and $5.4 billion transferred to the cards; 32 million payday advances for a total of $13.2 billion; and 21 million wire remittances, with a value of $8.3 billion. Check-cashing services and payday loans for small dollar amounts may represent the most abusive services to the unbanked and are the ones banking institutions have the greatest opportunity to disrupt. Numerous sources estimate total payday lending loans at approximately $40 billion annually. Although loan amounts range from $100 to $1500, the average is just over $400 for the 100 million loans made annually.

models by rank ordering risk of an applicant, thus offering the ability to evaluate additional credit applications and increase the lendable population as well as support lenders’ CRA initiatives and efforts to serve underbanked consumers. In addition, a number of nontraditional providers have entered the market with new scoring products using nontraditional credit data to bring new risk management insights to FSIs. The products offered by both traditional and nontraditional risk management providers, are highlighted in Figures 1 and 2. To compete with nonbanks, traditional FSIs will need to expand their products’ features and offer attractive intangible benefits to underbanked consumers. This population needs products and services tailored to their unique needs, preferences and economic

Nonbank FSCs serve

30 million

How banks can compete for the underserved market

customers annually

Traditional FSIs need to rethink strategies for attracting underbanked and credit underserved populations to compete with these other organizations. Accessing current practices and realigning their offerings with the needs and desires of the underbanked and credit underserved markets will be critical to garnering profitable market share. To aid in reaching the underbanked, traditional credit reporting agencies are now providing a variety of risk models using nontraditional data to score no hits and previously unscorable files. New products typically try to emulate the efforts of traditional scoring

circumstances rather than ‘stripped-down’ versions of those designed for more affluent consumers. The volume of services being provided to underbanked consumers proves the market need, but some important features are typically missing from traditional FSI product offerings. Underbanked consumers need product features at no or low costs that help them avoid heavy expenses involved with financial transactions. These include access to small-dollar, short-term, unsecured credit; ability to build or rehabilitate credit histories; ability to transact in the internet

FIG 1: Underbanked risk management products and services from traditional providers Vendor

Product name Partner

Equifax

MarketMax

LexisNexis

Experian

Emerging Credit Score

eBureauLLC

Fair Isaac

Expansion Score

First American

Anthem Score

TransUnion

Link2Credit

Numerous data and distribution partners

NA L2C (Thin File Model)

Additional data provided Uses Equifax data as well as LexisNexis on rent utilities, negative information, etc. Score range is 501-900. Uses Experian trade and public record data combined with alternative data sets such as internet catalog and direct mail sales, property and asset information, and utility and telecom information. Score range is 100-999. Designed to score ‘not hits’ and ‘unscorable’ records. Rank orders risk incorporating alternative data such debit, membership, utility, bill payment and public record data and property and asset information. Score range is 300-850.

For use mainly in mortgage lending, utilizes alternative data such as for payment of rent, insurance and utilities. Combines TransUnion data with L2C data such as that on payday loans, rent, and cellular and utility payments. Score range is 1-999.

Source: TowerGroup review of the companies

www.usfst.com

BRITING.indd 55

55

28/1/09 16:38:11


FIG 2: New risk management products and services for the underbanked Vendor

Product name

Additional Data Provided

LexisNexis

RiskView

Additional tools and data for the underbanked, fraud and identification that are not available through the bureaus: Alternative data can include information from private and public records, utility companies’ payments data, bankruptcies and liens and licensing information.

ID Insights

Safe2Change

Address change verification and compliance with Red Flags Rules.

ID Analytics Credit Optics Examining

ID verification, fraud, Red Flags analysis. Offers visibility into the stability of an individual by changes to identity and credit risk over time.

Early Warning Services (EWS)

NA

Industry co-operative focused on fraud management, including internal and employee theft identification.

CBC Innovis

NA

Fourth credit bureau.

Payment Reporting Builds Credit (PRBC)

PRBC Reports

Consumer credit reports incorporating self-reported and third-party-verified data on rent, mortgage, mobile home payments, utilities, and insurance and bill payment data from FSI bill pay services, money service providers, and lenders. Also PRBC report with FICO Expansion Score.

Bill Payment Score (BPS)

BPS takes a time-series bill payment history using a weighted scorecard. Score range is 100-1000.

(noncash) economy; immediate liquidity for paper checks, including shortening or eliminating hold periods; ability to pay bills at the last minute to avoid late fees and overdraft fees; wire transfer services; and low-balance checking and savings accounts with no or very low fees. Another feature not offered by or thought about at most main-

“Underbanked and credit underserved consumers form a large portion of the US population” stream FSIs is the ability to accept alternate forms of identification that are compliant with the USA PATRIOT Act, such as the Mexican Matricula Consular Card or the Guatemalan Consular ID card. As important as responding to unique product needs of the vast array of underbanked consumers is understanding other intangible characteristics of the market and meeting those needs as well. Factors include trust, which requires banks to show respect for the customer while offering acceptance and understanding of customs

56

and culture. Many underbanked consumers consider confidentiality extremely important, possibly because of a previous negative experience with a bank. Easy access to FSIs’ locations in neighborhoods where consumers live and work and offices that are open at times allowing for nontraditional work schedules are also vital. To succeed in reaching underbanked consumers, FSIs need to provide services in the languages they speak as well as in English.

Conclusion Underbanked and credit underserved consumers form a large portion of the US population, and although the world focuses on FSIs struggling through the credit crisis, innovative institutions will likely be positioning themselves to create new products and serve a greater portion of the population. They will make a full-scale evaluation of the market and address its unique needs where they operate. For lending transactions, a number of risk tools using alternative data elements not previously available for credit evaluation purposes can help FSIs ascertain the credit worthiness of credit underserved consumers. They also will be able to consider other aspects to attract this population, including office locations and hours, language barriers, marketing, account documentation and cultural traditions. n

This article is based on research by the consumer lending service at TowerGroup, a leading research and advisory services firm focused exclusively on the global financial services industry. To learn more please contact service-info@towergroup.com

www.usfst.com

BRITING.indd 56

28/1/09 16:40:43


CheckScanning Ad_OL.indd 71

28/1/09 08:38:42


PAYMENTS

The road

ahead

Hank Farrar and Lauren Hargraves explain how the Federal Reserve Banks and The Clearing House are creating value for banks and their corporate clients

I

n less than two years, the nation’s major wire transfer systems, the Fedwire Funds Service and CHIPS, are set to deliver significant new functionality that will streamline the wire transfer process for corporations. By the end of 2010, US dollar wire transfer systems will be upgraded to allow invoice and other business remittance information to flow along with wire transfer payments, a significant improvement that will enable corporate customers to reconcile their payments with much greater efficiency. This will save corporations time and money by eliminating the source of confusion about why a wire transfer was sent.

The business challenge Payments professionals at US corporations have expressed frustration for years about their inability to apply wire payments to appropriate accounts/bills because wire payments arrive with limited remittance information. For corporations, there simply wasn’t

58

sufficient space or structure in a wire transfer message to carry the necessary information. At the prompting of these professionals, the Federal Reserve Banks and The Clearing House worked with financial institutions, global payments systems operators, corporations and software companies over the past two years to create this muchdesired enhancement. The Federal Reserve Banks and The Clearing House worked together with the Association for Financial Professionals (AFP), a leading trade association for treasury management professionals, to verify and better understand the demand for an expanded wire transfer message that could carry standard business remittance information, such as invoice numbers. The Federal Reserve Banks and The Clearing House validated demand for this enhancement through a joint research project. Together, they retained Granite Research Consulting and conducted a nationwide study from February to August 2006. A total of 381 questionnaires were completed by companies that sent and/or received at least 10 wire payments in 12 months and had annual revenues of at least $5 million. As a follow-up, eight focus groups were held in Dallas, San Francisco, Chicago and New York to solicit further comment and insight from corporations. The findings, contained in the October 2006 report Business-toBusiness Wire Transfer Payments: Customer Preferences and Opportunities for Financial Institutions, included the following:

www.usfst.com

greg baradi.indd 58

28/1/09 15:46:54


• A consensus exists among users of wire payments that there is a need to create a common standard for sending and receiving remittance information with the wire payment. • 9 4 percent of corporate respondents said it is ‘valuable’ to include remittance information with the wire payment; 65 percent said it is ‘very valuable’ and they are willing to pay for capabilities that streamline their operations. • Corporations say that more than 80 percent of their payments (by volume) are still made by check, in part due to the availability of remittance information on the check stub. • Most accounting and bank-provided cash management systems do not work together, making process automation and straight-though processing of wire transfer payments difficult to achieve today. In addition to the joint research, the Federal Reserve Banks sought feedback in through a webbased survey sent to thousands of banks that use the Fedwire Funds Service. The Federal Reserve Banks reviewed 366 responses from a variety of users, in a wide range of user categories, including high volume users, low volume users, domestically focused users, internationally focused users, browser-connected users, and computer interface-connected users. The results of the survey demonstrated that banks understand and support the need for this enhancement. By a substantial margin, the number of respondents who were ‘very interested’ or ‘somewhat interested’ in adding business remittance to a wire transfer message outnumbered those who were ‘not interested’ across every user category that the Federal Reserve Banks analyzed.

sential payments products will be even more valuable to their best corporate clients. To facilitate adoption of this change, the Federal Reserve Banks and The Clearing House are enlisting the support of banks, corporations and technology providers to adapt their processes for the new message format. As part of the initiative, the Federal Reserve Banks and The Clearing House are engaging high-value payment system operators from around the globe to discuss interoperability and global compatibility.

Banks To take advantage of the opportunity to send remittance information with wire transfer payments, banks need to engage with their corporate clients to understand better how customers intend to use these messages. Banks can make this transition smoother – and perhaps get an edge on their competition – by increasing staff awareness and understanding of this enhancement.

94%

Corporations

For their part, corporations need to engage with their banks to understand the type of interfaces to be supported – XML, EDI, and SWIFT, among others. Corporations should review how they use their treasury workstations, cash management software, and enterprise resource planning (ERP) software for these types of wire transfer messages. They should also work with the providers of these products to identify, plan for, and implement the IT changes that will support this initiative. Corporations looking for ways to ease the transition of paperbased to electronic payments should evaluate the role that new wire transfer capabilities could play in that transition. From prior research, it is known that there are a small percentage of checks that are relatively high dollar, high importance, or time sensitive that continue to be written in part due to the availability of remittance information on the check stub. With upcoming enhancements to the US dollar wire transfer systems, there may be opportunities to improve efficiencies of some paper-based payments.

say it is valuable to include remittance information with wire payments

New process will bring substantial benefits The inclusion of business remittance information with wire transfer payments is a significant improvement with the potential to save time and money for corporate users by reducing or eliminating the need to research incoming wire transfer payments. A 2005 AFP survey found that corporations typically need to research 17 percent of incoming wire transfers at an average research cost of $35 and approximately 30 minutes of staff time per wire. The enhancement planned for the Fedwire Funds Service and CHIPS at year-end 2010 will provide the tools for corporations to reduce or eliminate the need to research wire transfers because these payments will have sufficient information for a corporation to apply these payments to their accounts receivables systems. Small and large firms alike will benefit from this change, but IT-savvy corporations have the potential to benefit the most – they will be able to automate the entire wire transfer process, if they so desire. The process improvements will result in substantial benefits. No longer will corporations incur the time and expense of follow-up phone calls and emails to match invoice and other key information with wire payments. For corporations, that means a significant cost reduction in managing wire transfers. For banks, it means one of their most es-

Technology providers Finally, technology providers need to identify their bank and corporate clients that will be affected by these changes, so that the required functionality is delivered on time. After many years of discussion and planning, a new era of efficiency is arriving for wire transfer payments. By continuing to work in the spirit of cooperation, banks, corporations, and technology providers can realize even more value from the nation’s two major wire transfer systems. n Lauren Hargraves is Senior Vice President, Wholesale Product Office, Federal Reserve Bank of New York.. Hank Farrar is Senior Vice President of The Clearing House, responsible for CHIPS.

www.usfst.com

greg baradi.indd 59

59

28/1/09 15:46:55


DATA LOSS

No time to lose Data loss is an often overlooked issue that needs to be tackled immediately, says Michael Osterman

C

onsider the facts. According to a 2008 Osterman Research survey, 100 percent of organizations have deployed anti-virus capabilities, 99 percent have deployed anti-spam capabilities and 96 percent have deployed anti-spyware capabilities. However, even using a fairly broad interpretation of data loss prevention (DLP) capabilities, which would include products that do not provide true DLP functionality, only 49 percent of organizations have deployed these capabilities. Any organization should deploy DLP capabilities, but none more so than the financial services industry. Clearly, this data suggests that organizations of all sizes are well aware of the need to monitor their inbound communications for spam and malware. However, they are not nearly as aware of the need to monitor outbound communications, or they are not taking the threat as seriously as they should. This, despite the fact that 27 percent of organizations in the same survey reported that during the previous 12 months data or information was accidentally or malicously leaked from their organization. Given the tight regulation of the financial services industry relative to most others, coupled with the increased level of oversight and compliance that will be required of firms in the financial services space in 2009 and beyond, DLP is not simply an option – it is a business requirement.

Knowing the risks One of the key reasons that organizations have not yet deployed DLP systems is that many decision makers are simply not aware of the potential risks they face, nor might they be aware of the data breach examples in their own industries. For example: • E mployees will often accidentally send confidential data in an email

60

– such as credit card numbers, Social Security numbers or other confidential information – without realizing that the data needs to be encrypted during transmission. • T here are many cases in which confidential data, unbeknownst to the sender, is buried in an email thread that is forwarded to others. • Email is sometimes sent to the wrong person, often resulting in the leak of confidential information. • S ome employees will send confidential data via personal webmail accounts to others or to themselves to avoid file size limitations on attachments or so that they can work on documents at home. • W eb 2.0 applications represent a significant potential for data loss. For example, MySpace, Facebook and other social networking sites have been on the receiving end of healthcare-related data. Hidden malware installed on endpoints has harvested personal information like credit card numbers and quietly uploaded this content via HTTP/HTTPS.

Serious breaches Data breaches are becoming more numerous and more serious. For example, the Privacy Rights Clearinghouse has tracked data breaches since early 2005 and has recorded many examples in which data breaches were caused by emails sent mistakenly; cases in which laptops, CD-ROMs and backup tapes with confidential data were lost or stolen; employees discarding printed content in dumpsters or at the curb for trash pickup; and many other instances in which sensitive data was compromised. There are many risks that organizations know about and often do not address, such as employees who use corporate email systems in violation of stated policies or who use personal webmail ac-

www.usfst.com

Osterman.indd 60

28/1/09 15:51:20


counts to send company data home – a 2007 Osterman Research survey found that 47 percent of organization allow employees to use personal webmail for business purposes. There are also a variety of unknown risks, such as keystroke loggers that can infect corporate computers and distribute confidential data to hackers and others. It is also important to distinguish between authorized and unauthorized data breaches. For example, an employee who is authorized to place information on a company website or a corporate wiki can mistakenly post confidential information. By contrast, a terminated employee who is no longer authorized to send email can still use the system to send trade secrets to competitors or others until their access credentials are removed. Whether inadvertent or intentional, the damage caused by such breaches can be enormous. There are many tools and systems from which confidential or sensitive information can be sent in violation of corporate policy, including corporate email systems, employees’ home computers, consumer and enterprise instant messaging systems, personal webmail accounts used at work, thumbdrives and other portable storage devices, social networking tools, other web 2.0 applications, including wikis and blogs, file transfer protocol (FTP) tools, chat tools, Skype and other consumer-oriented VoIP tools, peer-to-peer file-sharing tools and message boards and forums. As a result, there are a large number of data sources and communications tools that organizations must monitor closely in order to protect corporate data from accidental or unauthorized distribution, although email and instant message are clearly the most important channels to monitor given their pervasive and much more frequent use by employees than most other tools.

Potential problems Data breaches can be very expensive: for example, an Osterman Research survey found that if a data breach were to occur in which disclosure of the breach would have to be made to customers and other external contacts, nearly two-thirds of organizations estimated that a single such breach would cost their organization at least $100,000, not to mention other operational costs, damage to their brand and other problems. Organizations that do not properly address DLP can suffer a variety of problems, including: • • • • •

Loss of intellectual property Loss of reputation Harmful legal judgments Compromise of corporate security Violation of statutes and compliance requirements

California’s SB1386 (the Database Security Breach Notification Act) is a far reaching law that requires any holder of personal information about a California resident to notify each resident whose information may have been compromised in some way. This requirement makes it important to retain and transmit records in an encrypted form, since doing so exempts an organization from the reporting requirement in the event of a breach.

Since California passed its groundbreaking data breach notification law, most other US states have passed similar laws. For example, Nevada put into effect a law (NRS 597.970) on October 1, 2008 that that requires protection of confidential information. Massachusetts has passed a similar, but more restrictive law that went into effect on January 1, 2009. Osterman Research believes that most organizations are waking up to the fact that they need to implement DLP capabilities. For example, a survey that Osterman Research conducted in 2008 found that 53 percent of mid-sized and large organizations in North America will very likely invest in DLP capabilities through the first quarter of 2009. Further, the same survey found that 68 percent of organizations plan to have some of DLP capability in place by the end of 2009.  Michael Osterman is President of Osterman Research, a leading analyst firm in the messaging and collaboration space.

?

WHAT CAN BE DONE? There are a number of steps that organizations should undertake as they attempt to prevent data leaks in their organizations: The first step that decision makers may want to take to solve the data breach problem is to audit the current state of electronic communication and file management in the organization. Doing so will reveal the extent of the risks that an organization faces and will help to make real the problem to IT management, as well as senior line-of-business decision makers. In many cases, this will help an organization to realize that the risks and problems it faces are not merely a potential, theoretical problem, but are instead a real and present business danger that it must address. While this is not always a necessary step given the abundance of evidence that exists for the data breach problem, it may be required by some organizations in order to convince senior managers of the extent of their own organization’s problems. After the audit has been completed and digested by senior managers, an organization should establish very detailed and thorough corporate policies that focus on all of the issues related to the use of electronic communication and file management capabilities. Develop country-specific requirements, since organizations must understand any regulations that govern monitoring polices, particularly in countries that place restrictions on how monitoring practices may be carried out. The next step is to deploy the technologies that will enforce the corporate policies that have been established. While policies are necessary to establish what an organization needs to protect, they will be ineffective at solving all of the data breach problems an organization might experience.

www.usfst.com

Osterman.indd 61

61

28/1/09 15:51:20


Openlink ED:25JUNE

28/1/09

16:17

Page 62

INDUSTRY INSIGHT

An integrated approach Ken Knowles of OpenLink explains how a unified future may be the best thing for better credit and operational risk management

R

isk managers have found themselves in a tailspin for much of the last 18 months. While not exactly forgotten, it’s fair to say that risks beyond market risk are now much more clearly in focus than they were before the financial crisis began. Banks’ willingness to lend to borrowers with lower credit quality and buy into securitizations of this credit risk, alongside inadequate borrower documentation and data management are exemplars of the credit risk and operational risk management challenges that lay at the heart of the US subprime mortgage crisis. We’ve also witnessed numerous examples of how one form of risk can quickly transform into another. For example, how: • Heightened market risk can prompt poor operational risk to accentuate credit risk. Just think about the several headline-grabbing instances when financial and corporate treasury groups have found themselves nursing huge losses, as extreme market volatility has exposed unauthorized derivatives trading activity. • Concern about credit risk can lead to greater market risk, and vice versa. Hedge funds, for instance, have suffered as heightened market risk prompts investment strategies to unravel, prime brokers to reel in credit and investors to scramble for the exits. Similarly, this de-leveraging has amplified market volatility and stressed liquidity further, and so the cycle continues. Regulators and politicians are understandably focusing a lot of their attention on the key roles that regulation, executive compensation and government-induced moral hazard have played in creating and exacerbating the crisis. Perhaps equally significant is the role of risk management. It could be argued that the severity of the US subprime crisis – one of the initial catalysts of our current financial woes – might have been lessened if banks had better appreci-

62

www.usfst.com

ated that lax operational processes were exposing them to much more credit risk than might be apparent. It has therefore become abundantly clear that to be measured and managed effectively, market, credit and operational risks must be dealt with in a holistic manner. But as some firms may have also discovered during the financial crisis, market stress can expose shortcomings in trading and risk management approaches and solutions that, although effective in some ways, are not truly integrated. The value proposition of truly integrated and extensible risk management technologies such as those created by leading New Yorkbased vendor, OpenLink, has never been more compelling. OpenLink’s Findur and Endur solutions are targeted at financial capital markets and energy markets participants, respectively. Both are built upon the same core architecture and functionality and allow users to manage the entire lifecycle of a trade: from deal entry right through to settlement and accounting. There is a definite industry-wide desire to improve risk management. According to an American Banker/Greenwich Associates Executive Forum, 52 percent of participants said that their company had plans to improve their operational risk management effort, and 57 percent of these said they would do so by mid-

2009. From OpenLink’s perspective, we’ve witnessed a definite upswing in end-user interest in making greater use of workflow functionality and our solution’s collateral management capabilities – especially in light of the emergent dynamic policies and processes that have developed in the current market environment. Using our easy-to-implement ‘point-and-click’ interface, exceptions-based management is straightforward – hopefully enabling users to prevent unauthorized trading activity from escalating into a major exposure, by triggering additional levels of review prior to automatic confirmation and settlement when user-defined triggers are hit. We believe that this kind of functionality is liberating. It empowers clients to dynamically implement their own business controls and monitoring processes and not be constrained, as has often been the case, by a technology that assumes standard trade processing. Echoing our earlier discussion of the transformation and overlap of risks, user-defined workflows can also be a powerful tool to deploy at the intersection of operational and credit risk. Rules could, for example, be set up so that a particular workflow is invoked when the credit rating of a specific counterparty is changed or put under review. The failure of major derivative counterparties and heightened systemic counterparty credit risk concerns are naturally leading to increased interest in measures that look at the sensitivity of credit exposures to market rates and the downstream impacts of credit and market events on liquidity. Recognition of the imperative to fold collateral management into an overall risk management framework is growing too. These developments and recent market experience have demonstrated beyond a doubt that effective risk management can only be achieved when you have a truly integrated and adaptable system in place. Ken Knowles, EVP, Risk Management and Analytics, has full responsibility for the risk and analytic elements of OpenLink’s solution sets. These include the management and oversight of a multi-functional team of developers, consultants, and Ph.D’s.


Mastercard.indd 102

28/1/09 08:39:49


JAYANETTI:jan09 28/01/2009 15:42 Page 64

RISK MANAGEMENT

LINE OF

Challenging markets are changing the rules of the game. By Nick Jayanetti, SVP for Operational Risk at Bank of America

L

et me start off by talking about the operational risk model that we have for the bank. Within Bank of America we have three lines of defense. The first line of defense is that risk management is everyone’s responsibility. The second line of defense is comprised of operational risk and compliance that builds the enterprise risk program and works with the first line to implement those risk management practices. They work with the individual lines of businesses to look for deficiencies and control risk and also look at emerging risk. This line reports to the enterprise risk function and to the risk officer. The third line of defense is internal audit: an independent group that provides the oversight for the entire risk management program and assesses the control environment for the bank. This line reports to the audit committee. My function is to build the risk governance process controls that are aligned to the enterprise risk function. What risk management means to

me and to our business is fundamentally to make sure that we protect our customers, that we comply with the laws and regulations and that all the customer information is protected. We aim to ensure that as a Bank of America customer you have a very secure environment in which to conduct your financial business.

The need for structure We have a very structured program around policies and procedures, the elements within the risk and compliance program and related training. We have certain training sessions in which all associates are required to do some risk related training – for example, on ethics and money laundering. We at Bank of America touch about 50 percent of the US population in some fashion. So customer experience and customer satisfaction are fundamental to us. We want to make sure that we care about our customers, that we know them and act for them in everything we do. With a model like that we have to not only look within the financial industry, we also have to look at some of the other best practices and benchmarks that are outstanding. For example, Ritz-Carlton is known for their customer satisfaction, and we do look at the level of service they provide. It doesn’t mean that we have to operate like a hotel, but there are certain key aspects that we can learn


JAYANETTI:jan09 28/01/2009 15:43 Page 65

DEFENSE from a company like that in servicing and how we could deal with customers that are appealing to our clients. During the past few years we have become increasingly customer-centric and customer-focused. If you look at most of the recent products that we’ve come out with – for example, Keep the Change, No Fee Mortgage, Zero Dollar Trades – they’re all based on customer feedback and aimed at providing better solutions to our customers. We wanted to make sure that a customer who goes through the Bank of America experience walks away delighted. From a customer experience to an activity that a Bank of America associate performs in a backend operation, we had to make sure we had that link. I may never interact with a customer, but the work that I do in some form or fashion impacts the customer. Everything I do today looks at, ‘How is my work going to impact the customer and how are we going to improve that customer experience?’

Measuring success There are several different measures of success. We look at customer experience, at surveys that are conducted in industry, and then more locally and personally there are certain performance metrics that I look for within my group more around risk controls – the time it takes to resolve certain issues and how many problems we are identifying internally.

We consider that as a success metric. If we encourage our associates to identify problems and if we can get those problems resolved in a very quick and efficient way, that’s a success metric that we look for. We also look for associate satisfaction. Almost all of our associates are also customers and we do look at associate experience, not only as a customer but also as an associate. In terms of possibilities for improvement, we look for some key indicators and we measure that almost on a weekly basis. If you think of what we do, we are primarily a consumer bank and we also have a lot of different areas – for example, investment banking, commercial banking and so on. The way each area looks at and measures customer experience could be quite different. Within each business there are certain indicators that we look for. Depending on how those indicators are performing we change our initiatives, keeping in mind that by the time we see a change in an indicator it may be somewhat lagging. We change the way we do things to make sure that they are supporting a move in the right direction or a customer expectation. These changes can be bi-directional. We follow a top-down plan. The CEO, Ken Lewis, has a plan for the year that encompasses his goals at a very high level, and then each one of the businesses support those goals. For


JAYANETTI:jan09 28/01/2009 15:41 Page 66

example, the activities I carry out in my function as well as those of the associates in my group eventually support the plan for our company. It’s a tiered approach – everything flows up. The work we do on a day-and-day basis needs to support the overall objectives of the company.

Managing through turbulence In challenging times there’s a danger of becoming risk-averse. The way I look at it, risk is something we always have to keep in the forefront of our business. It’s not something that you need to keep changing depending on the market commissions or the environment. You always have to make a risk/reward tradeoff. Publicly traded companies have certain responsibilities to our shareholders, and in everything we do we have to make certain risk/reward tradeoffs. Considering the current market environment, there are certain types of risk that you may need to pay more attention to. For example, if you look at the current market conditions you would probably see more fraudulent activities, so you may want to strengthen your controls in fraud detection. Also, if you look at historically what’s happened with the credit crunch and the mortgage industry there are obviously lessons to be learned. I don’t think you necessarily need to change your risk practices, but you may need to be more in tune with some of you risk practices and also pay more attention to existing controls that you perhaps haven’t examined closely in the past. The mortgage industry is a good example. If you were to look at the control environment for some of the financial organizations that are in trouble on the mortgage side, you would probably say, ‘We wish we had paid more attention to them, from a risk perspective. We wish we had guided and influenced those organizations a little differently.’ Nick Jayanetti Maybe this is one case where the risk/reward tradeoff didn’t pay off. It’s not necessarily a matter of changing but paying more attention to certain controls and practices. One of the things I’m building is proactive monitoring. With risk management, you’re trying to prevent something from occurring. If you’re very successful at it, you prevent potential problems or breakdowns or issues. If you have a very effective risk management program, obviously you have the right tools, and you would have the right people looking at the right areas. Fundamentally, you need to understand all the activities within the organization and then be able to look at those individual activities and come up with potential failures. If you have the right people with the right risk mindset and then you have the people that understand the process, you can mesh the two and say, ‘What can go wrong here? What are all the different potential failure modes?’ Based on those potential failure modes, you need to ask yourself, ‘Do I have the right controls to mitigate those failures?’ If you do, then you need to see how effective they are. If you don’t, then you have a potential gap and you need to build a control to mitigate that

66

www.usfst.com

particular risk. That’s how you can insulate yourself from potential breakdowns and potential risk. Coupled with this, you need to have a program to monitor the existing controls to make sure that the people are doing what they’re supposed to do: monitoring the processes and making sure that the controls are effective. If you have those two components, you should be able to prevent 99.999 percent of risk and potential failures.

Technology advantage Technology is the way to go to limit variation. Wherever you have people involved, obviously there’s a lot more variation. You need to look at the controls you have in a business and try to use technology as much as possible to monitor and assess your controls. That’s a very efficient method and is obviously cost effective. Of course there are areas where you don’t have the luxury of using technology, and that’s where you’re depending on the associates or the human element. Having the right people, providing people with the right training and having the right oversight and a dual level of control to make sure people are doing what they’re supposed to be doing is the correct approach. In a way, technology is the easy part. The real challenge comes when you are dealing with operations in which you have a lot of associates and you’re depending on the variation in what they do, and then you multiply that by thousands.

“Fundamentally, you need to understand all the activities within the organization and then be able to look at those individual activities and come up with potential failures” It can be difficult to control risk without stifling it. If you look at some of the risk we have today, it’s very different from the types of risk we had a year ago or five years ago or 10 years ago. As technology changes, risk changes. You can look at risk as a cat and mouse game, where you’re upgrading certain controls to mitigate certain risk. We will always need risk management. We will never be able to say, ‘I’ve mitigated all the risk and I can now sit back and relax.’ Unfortunately that won’t be the case. It’s the nature of things; things are always going to change. As technology changes, as people change, as the landscape changes, risk changes, and we have to continuously go after it. We have to have the right people, the tools and the technology to continuously look for emerging risk. One of the key components is to make sure that you’re not reacting to what’s happening today but that you’re looking at the environment and you’re looking at future trends. The differentiating factor between a risk mindset company and one that is not would be a company that looks for emerging risk and puts controls in place today to mitigate future risk. n


CATALOGUE PAGE FSTUS10:jan09 28/01/2009 16:37 Page 67

Your World. Covered From the people you hire to the products you sell, if you’re in business, we’ve got it covered...

US Edition

Europe Edition

Financial Services Technology

Find out more: www.usfst.com

CXO Technology leadership is merging with strategic and financial leadership, and senior management is being called into a partnership for the future. CXO brings together a range of voices with one shared vision: to develop a strategy that considers business needs and technology’s role in moving your company forward. Available for: US, Europe, Asia-Pacific Find out more: www.cxoamerica.com

Providing for its customer’s needs and demands is the goal of financial institutions now more than ever. But it is a tricky remit to fulfill. Your customers want it all – security, costefficiency, speed, added functionality and, most of all, convenience. Can it be done? Read FST to find out…

Available for: US, Europe

Next Generation Pharmaceutical Approximately 50% of new drug development fails in the late stages of phase 3 – while the cost of getting a drug to market continues to rise. NGP is written by pharmaceutical experts from the discovery, technology, business, outsourcing, and manufacturing sectors. It is committed to providing information for every step of the pharmaceutical development path. Available for: US, Europe, Asia-Pacific Find out more: www.ngpharma.com

Business Management

Executive Healthcare Management

What business processes work? What are the proven, successful strategies for taking advantage of domestic and international markets?

The healthcare industry is changing. Understanding how to improve clinical processes, meet industry standards and merge the maze of disparate systems is vital.

Business Management is about real, daily management challenges. It is a targeted blend of leadership and learning for key decision makers in government and private enterprise.

EHM combines unbiased industry news with thought leadership from the most respected executives in healthcare, providing a platform for strategy and learning.

Available for: US, Middle East, Russia Find out more: www.busmanagement.com

Oil & Gas Collaboration between Government and multinationals to ensure the energy supply is developing on two fronts. O&G is the definitive publication for stakeholders and service companies to read about the regional projects, technologies and strategies affecting their group. Available for: US, MENA, Russia Find out more: www.ngoilgas.com

gdsinternational

Available for: US Find out more: www.executivehm.com

HRManagement HR needs three eyes: one on the past – don’t lose sight of the systems that generate value; one on the present – determine if current processes are efficient; and one on the future – be proactive in meeting new challenges. HRManagement concentrates on the development of HR strategies, directions and architectures. Available for: US, Europe Find out more: www.hrmreport.com

www.gdsinternational.com


REDEKER:25JUNE 28/01/2009 15:46 Page 68

TRANSFORMATION

ONE SMALL STEP, ONE GIANT LEAP Over the last 18 months we have become accustomed to hearing about how some of the world’s biggest banks are suffering at the hands of the economic crisis. Perhaps then, current markets provide some opportunity for smaller organizations to shoot for the moon? ATB Financial’s VP and CTO Mike Redeker seems to thinks so

A

t ATB Financial we have a two-pronged approach to our overall strategy. One is that we are in the process of replacing our core banking application; we recently put a deal together with SAP and are now implementing that end-to-end across our entire enterprise. In conjunction with that, what we want to do is replace our infrastructure so that over the next 18 months, as we refresh, we can effectively overlay the SAP application so that it runs very effectively in our overall production environment. We’re actually in the enviable position that we’re small enough, in comparison to the big banks, where we believe we can take out our old application and put in the new application, and yes, there will be risks associated with data conversion, but we actually have a pretty large team in place focused on the areas where we think we’re going to have risk. It’s not the technology that’s going to be difficult, it’s actually how the people are going to associate with the data and use that technology that is going to be the challenge for us. Ultimately, this is not an IT project, this comes straight from our CEO that this is a business transformation pro-

68

www.usfst.com

ject – it’s just that the technology enables it to make the difference. This is driven out of the business, for the business and IT will support the business units to make it successful. The way we look at it is that we have an architectural team that is actively involved in the core banking transformation project and that team is helping us define what our strategy and our direction will be architecturally across the enterprise going forward. Given the order of magnitude around our efforts in SAP, it only makes sense to say that if you’re going build that solid foundation, take that and leverage it going forward. I firmly believe that the CIO function starts right with the core data itself. Data is at the heart of running our business. We can have technology challenges all we want, but if we have an issue with our customers’ data, we have a much bigger challenge inside the marketplace. Everything is encompassed by data privacy, compliance and how we leverage that data, what we do with it, the storage of it and so forth. The bottom level is around the CIO’s function of how that data is distributed and shared inside the lines of business. What’s more, research shows


REDEKER:25JUNE 28/01/2009 15:46 Page 69

IF AT FIRST YOU DON’T SUCCEED According to Peter Weill in his, some say, definitive book on the subject, IT governance must account for three questions. He says, “What decisions need to be made? Who’s accountable for making those decisions? How will those decisions be made?” It sounds so simple, so why do so many IT projects fail? Mike Redeker. I think a large number of IT projects fail because nobody really wants to say no. If you look at most of the successful IT projects, it’s because there’s a governance model in place with leadership inside the organization that is willing to say, ‘No, this is the box we’ve agreed to build within, and that’s what we’re going to go forward with.’ The harsh reality is that the business units often say, ‘Now that I understand what that box looks like, I actually want it to be bigger’. And if you’re not careful, you allow that project to get bigger and you end up tripping over yourself. How do you stop that from happening? MR. In my mind its about leadership and it’s about communication. That’s leadership from the perspective that says, ‘We need to manage this as a collective leadership team inside that bank’; that says, ‘We’ve got to manage it to ensures success’. It’s also about building a collaborative relationship with your business units and having a trusting relationship that is committed to delivering on a smaller scope to build a solution that meets 100 percent of the business requirements. It is interesting then that IT leadership is clearly a key issue. How do you achieve that business acumen within the IT space? MR. I think it’s about who is actually in the CIO position, who’s in your CTO position and so forth. I’m of the opinion that technology will always work; that’s not the issue. What is the issue is having the right team, the right ROI and the right relationship with the business units. If you address those things, then you can build a collaborative relationship with your lines of business, and then you can build a trusting relationship that will enable you to manage the projects to a smaller scope, delivering expectations and addressing additional business requirements as you move forward. It’s not about the technology; it’s about the people.

that nearly $30 billion was spent on compliance alone back in 2000, and that is clearly an unsustainable situation. The reason we’re seeing such a huge spend is because of minimal efforts in the past, so a number of my peers inside the banking industry are trying to catch up with compliance and move forward. In addition, many analysts are now predicting increased outsourcing in financial services. I consider myself pretty lucky because I have a background where I have been in the outsourcing space for the last decade, first as a vendor with IBM Global Services and now as a customer. Also about 10 years ago, ATB Financial outsourced a huge portion of its operations, and we have slowly but surely brought services back in-house. Outsourcing provides a lot of benefits to our organization, but

“We’re actually in the enviable position that we’re small enough, in comparison to the big banks, where we believe we can take out our old application and put in the new application” Mike Redeker is responsible for providing IT leadership in the areas of computing operations, security, architecture and disaster recovery for IT services and communications networks, as well as corporate project management implementation and tracking to all business units. He joined ATB Financial in 2007, having previously spent 11 years with IBM Canada, where he focused on delivering quality Information Technology services within the Financial Services Industry.

you have to look at the risk associated with that. You do lose intellectual capital, a certain amount of control and a certain amount of the abilities associated with ensuring you’re maintaining industry compliance. So while I do see how outsourcing may continue to grow because of the downturn in the economy, with people looking at it as an avenue to save on their costs, I think that if the balance isn’t right, it just creates a significant number of other challenges going forward. If you outsource a number of products and services, by default you lose that intellectual capital and you’re not going to be any different from anybody else. However, if you maintain that intellectual capital it allows you to be flexible, innovative and provide products and services that your competition doesn’t bring to the table. That’s what makes us different. n

www.usfst.com

69


The eleventh hour of compliance Debra Geister discusses last-minute strategies that financial institutions can follow to help ensure Identity Theft Red Flags Rule compliance ost financial institutions are regulated by federal functional regulators and are therefore still subject to the original November 1, 2008, deadline. Fortunately, there are several strategies to help ensure your organization is fully compliant with the regulation when the examiners arrive at your doorstep.

M

Implement a cross-channel approach Identity theft occurs in many industries – in any type of organization, in many departments and at any time during the customer lifecycle. In fact, fraud, and identity theft in particular, often involve multiple channels. This helps explain why a cross-channel approach is expected. For example, addressing identity fraud only in internet banking may fail to address identity theft in credit card fraud or mortgage fraud.

to protect customer information. A smart approach is to look at each and every service provider and determine how much data they handle and any points of weakness. Audit your service providers to determine whether they have policies and procedures to adequately guard against identity theft. If any service providers are not willing to share their Identity Theft Red Flags Rule program information, or if their programs fall considerably short of your requirements, begin formal discussions about your program requirements and how that impacts your vendor selection. Be sure to document these conversations.

Initial examinations Early reviews are likely to seek evidence of evolutionary progress toward a comprehensive program rather than a completed program. Initially, most examiners will want

“Fraud, and identity theft in particular, often involve multiple channels. Addressing identity fraud only in internet banking may fail to address identity theft in credit card fraud or mortgage fraud” Compliance with the Identity Theft Red Flags regulation should involve looking across your entire organization and bringing together efforts to mitigate risk. A cross-channel approach should help drive programs at your institution to better protect the customer and ultimately lead to lower risk for the organization – which is simply good business.

Review Even if you outsource your operations to one or more service providers, you remain ultimately responsible for compliance with the rules. Service providers often have access to your customers’ private information. This can seriously compromise or hinder your efforts

70

to see that you conducted an enterprisewide risk assessment, developed a written program, obtained board approval and completed sufficient training to implement an effective program. Document all conversations and efforts pertaining to your program: project plans, risk assessments, meeting minutes, departmental procedures, training materials, documentation of training, board minutes, service provider contracts, etc. Some of our clients create a book for examiners that is very much like a training manual you would give to a new hire. By compiling this information into a single document, you can provide your examiners a tangible guide that walks them through your program and leaves little to question.

Debra Geister manages the development of fraud prevention and compliance solutions for the Risk and Information Analytics Group of LexisNexis. She spends most of her time working with customers to understand their needs, challenges and business processes. She also works with the ABA, other industry groups and the regulatory community.

Getting started The good news is that financial institutions should not have to start from scratch. You should be able to leverage current programs – CIP, credit card fraud prevention, data privacy, multi-factor authentication and online banking, among others – to cover a significant portion of these new requirements. An enterprise-wide, cross-channel approach to your Identity Theft Prevention Program will build the foundation for a sound program. We expect compliance will evolve as this new regulation is further defined. n

www.usfst.com

Choice Point Ed P70.indd 70

28/1/09 15:50:51


CHoicePoint2.indd 1

28/1/09 08:18:32


Beeson ED:25JUNE

29/1/09

09:19

Page 72

FEATURE

James Beeson of GE Commercial Finance answers our questions on risk management and technology advancement, and tells us how looking at GE's global set-up can provide real ROI

T

ake a look at General Electric’s company overview and you’re faced with a rather extensive list of disciplines and work areas. From jet engines to power generation, financial services to water processing, and medical imaging to media content, GE claims that its people are dedicated to turning imaginative ideas into leading products and services, which in turn help to solve some of the world’s toughest problems. Furthermore, the organization continues to pride itself on its slogan ‘imagination at work’. That’s all well and good, except that in today’s climate the ‘world’s toughest problems’ are massive, and the idea of ‘imagination at work’ – for many – undoubtedly seems a little stifling. Headquartered in Norwalk, Connecticut, is GE Commercial Finance, described as one of General Electric’s largest ‘growth engines’. With lending products, growth capital, revolving lines of credit, equipment leasing, cash flow programs, asset financing and more, GE Commercial Finance plays a key role for client businesses in over 35 countries. The industries served include healthcare, manufacturing, fleet management, communications, construction, energy, aviation, infrastructure and equipment, and as a main

72

www.usfst.com

component of GE Capital – General Electric's financing unit that serves consumers, retailers and businesses around the globe – GE Commercial Finance has assets of over $276 billion. You have to admit, it’s a pretty impressive portfolio. Especially given the current state of our economy. But such achievements don’t come without their challenges, as CISO James Beeson is only too aware of: “It’s certainly a big stumbling block if we have a major breach somewhere. For a company like GE that trust and reputation is absolutely critical. We’ve got one of the best known brand names in the world and the last thing we want to do is harm that reputation. Building trust is a big piece of that.” Do you think that it’s your role to bring in new technology approaches and do you ever look outside of banking’s four walls for best practices? I would argue that our job is to enable the business to take a risk. That requires us to bring new ideas in to the business and to say to management, ‘Here’s a way that you could take a bigger risk’, and that’s a massive part of our job to do that.


Beeson ED:25JUNE

28/1/09

16:24

Page 73

The way we go about it is through various methods. We certainly look within the financial services arena for best practice, but of course, being GE, we’re part of this huge conglomerate with stuff in aerospace and healthcare and we have a very diverse set of product lines that we can look into and get best practices that we may not otherwise have thought of using in the information security space. Of course, most of the things that you’re battling against in information security are commonalities, regardless of what kind of business you’re in. Some businesses may have more physical threat than logical threat, but still, when you get down to it, we’re mostly fighting the same bad guys. We look everywhere for best practices and opportunities to collaborate on solutions that might help us be more secure or improve our posture. We go out and we look at government and do collaborative work with government and academia to see what things are coming that we might be able to take advantage of. We look everywhere. We leave no stone unturned.

“The more you share and virtualize, the more risk you have as you put all your eggs in a single basket; on the other hand, the more autonomy you give people, the more they’re likely to bring in extra threats that you’re not aware of”

What lessons has GE Commercial Finance taken on during your tenure? There is certainly more focus on awareness and education. I know one of the things that we have found is that education is a tough thing to sell on. We’ve learned from a lot of statistics out there that people will click through things, and everybody certainly does that at home: ‘Oh, I know there’s a security warning, but I don’t care. I just want to get to whatever I want to get to.’ What we have found is that one useful way to help educate people is to bring it closer to home, so we will have brownbag lunches at our facilities and the draw is ‘Come on in and we’ll give you some suggestions or ideas as to how to better protect yourself on your home PCs or protect your children on the internet.’ Amazingly enough, we get a lot more interest from people who’ve got kids and who’ve got PCs at home who want to know how to set up a wireless network and how to secure that network to keep their kids from going to all the bad sites on the internet. And even though it’s not really got anything to do with business security per se, the fact is we’ve found that when we get them in that mindset at home, they begin to think smarter in the work-

www.usfst.com

73


Beeson ED:25JUNE

28/1/09

16:24

Page 74

place too. They use more common sense around security and they tend to then take better care of GE’s proprietary data and information. As CISO, there’s often a real danger of only seeing symptoms and not causes. How do you work around this? You have to deal with both. We ‘patch’ our systems, but we don’t patch them based on what’s actually being taken advantage of but based on vulnerabilities. Just because there’s a vulnerability doesn’t mean somebody’s exploiting the system, and I think that’s what’s driven us into this area of treating the symptom instead of the cause. We need to figure out how to shift that and become more focused. That doesn’t mean we can ignore vulnerabilities all together, but we do need to get more focused on where the threats are coming from. And how do you ensure that focus and then move towards a more causecentric solution? I think we have to get smarter at using the tools and the information that’s out there. There’s a huge amount of information today that companies are

constantly merging, etc.? They may outsource to another third party – how do you maintain that? It’s a problem across all industries and there’s not a good process for dealing with that. Sure we can go out and we do due diligences but as soon as you’ve done that, tomorrow it may not still be the way they handle things. In this day and age we can quite happily say that everybody has security software. Yet there are still these very public security breaches. What is missing from the overall picture? Is it the people or the processes? It’s probably a mixture of those things. There’s no simple answer. I don’t think there’s a silver bullet to what’s missing. The SocGen incident is an excellent example of what has got everybody scared right now. There, there were billions of dollars that this one individual was able to perpetrate from within the organization and all of a sudden antifraud committees across the board found some energy. I’m no expert, but it was probably all of those things that made up that particular issue at SocGen – and so we have to continue to look at all of them. We have to get access controls, process controls and people controls in place. You have to have it all.

James Beeson has been with General Electric for 11 years. He started as a Technical Services Manager in GE Capital, Vendor Financial Services, moved into Information Security in 2000 with responsibility for Mid-Market Finance, and is now responsible for Information Security and Data Protection globally at General Electric - Commercial Finance. Prior to that, he worked at Trinity Industries, Inc., a Fortune 500 Dallas based manufacturing company, for eight years in a variety of IT leadership positions.

74

getting from different sources and we don’t necessarily take advantage of pulling that information together and putting things against that to allow us to correlate the information and help us predict what’s going to happen. The other way is that we have to collaborate more with each other as well as with the information that is out there. The public, private and even the academic side of the equation need to pull together and collaborate more. We don’t do enough of that today.

Of course, the more complex the environment becomes and the more bad guys come that into the environment, the harder the job is to maintain those controls. Currently, there’s somewhere in the region of 800,000 to a million new people that come onto the internet every day, 365 days a year, and some percentage of those are bad guys. And so on top of that, and the fact that you’ve now got organized crime supporting these guys, all you can do is just try to stay on top of it as best you can.

What are the greatest risks that you face from an information security standpoint? My spin is that education is still probably the number one risk, and making sure that users understand what those risks look like. We have to spend time and resources educating people and making sure they understand that. Number two is the issues surrounding third parties, and as more and more companies are outsourcing a lot of information we have to make sure that we have processes in place that ensure these third parties, who are storing, using and processing our information, are handling it appropriately. This is an even bigger challenge given the thousands of third parties that most big companies have. Something that I loose sleep over is how you maintain that, in a really dynamic space, where third parties are

And as things like the BlackBerry and the iPhone continually pave new consumer experiences, the demand for technological change is happening far more rapidly than businesses are comfortable with and reacting to. How do you as the CISO face that challenge? While I think most CIOs are going to react by saying ‘Keep them out. Block them. Don’t let employees have these devices’, I don’t necessarily think that is the best option. While I agree that you have to take precautions to not cause a problem, I think what you really need to do is take the other side of that and say, ‘How can we make this work to our advantage? What new technologies can we bring? What can the suppliers and vendors bring that will help us enable the business to take more risk with these devices?’

www.usfst.com


Beeson ED:25JUNE

28/1/09

16:24

Page 75

THE GE PORTFOLIO • ENERGY INFRASTRUCTURE We’re kidding ourselves in the business world if we don’t realize that this generation that is coming into the workforce aren’t going to want to use these devices. So we need to figure out how to enable these new technologies because we’re going down a path that would suggest that we’re going to get to a time where a new employee will say, “I’ve already got one or two devices. They’re my little personal devices and I don’t want a GE machine anymore. Just let me access what I need to access through whatever device I’m comfortable with’. How do you balance the need for autonomy in technology solutions by each business line with the demand and need for synergy across the whole enterprise? For us, we have obviously a lot of divisions or subdivisions within the commercial finance business and I tend to frame it up in my mind as a target. The question really is how do you find the right balance between those things and typically it’s about flexibility. You want them to be able to be more agile and more quickly respond to a business need and, again, there’s no simple formula for what’s the right balance. You have to understand what those business processes look like out at the front edge of the business and understand what your business model is. From a security perspective there’s also two sides to the puzzle: The more you share and virtualize, the more risk you have as you put all your eggs in a single basket; on the other hand, the more autonomy you give people, the more they’re likely to bring in extra threats that you’re not aware of. You just have to find the right balance. The key lies in sitting down with the business partners and understanding how, operationally, the business is run and not just having your ‘IT blinders’ on. You have to take these off and look at the business processes and understand them from a universal perspective.

GE’s Energy Infrastructure segment is leading the field in the development, implementation and improvement of the products and technologies that harness our resources such as wind, oil, gas and water.

• TECHNOLOGY INFRASTRUCTURE Around the world, GE is helping build the healthcare, transportation and technology infrastructure of the new century. Many of GE’s fastest growing businesses are in GE's Technology Infrastructure segment.

• GE CAPITAL GE Capital offers an astonishing array of products and services aimed at enabling commercial businesses and consumers worldwide to achieve their dreams. Services include commercial loans, operating leases, fleet management, financial programs, home loans, insurance, credit cards, personal loans and other financial services.

• NBC UNIVERSAL NBC Universal is one of the world’s leading media and entertainment companies, developing, producing and marketing film, television, news, sports and special events to a huge global audience.

• CONSUMER & INDUSTRIAL From the familiar light bulb to the latest advancements in consumer technology, GE Consumer & Industrial has a long tradition of life changing innovations that have improved the quality of life for millions of people.

www.usfst.com

75


DERIVATIVES

A dangerous

game T

he current financial crisis gripping the investment industry in the US and other parts of the world reminds me of the ‘pass the parcel’ game that children play at birthday parties. You probably know the game – a parcel is passed around and whoever ends up with the parcel in their hands when the music stops, wins a prize. However, in the case of the investment industry, the parcel called Credit default swaps (CDS), which were being passed by one bank to another, contained a ticking time bomb in the shape of contaminated assets that no bank bothered to look at since there was plenty of money to be made from this game. Credit default swaps provide insurance against the potential losses on the investments in certain assets such as municipal bonds, corporate bonds, mortgage securities, etc. CDS are similar to taking home insurance to protect against losses from fire and other causes. The credit default swaps market is not regulated and as a consequence, CDS contracts can be traded or swapped by one

76

With its enthusiastic trade in credit default swaps, the financial industry is playing a deadly version of pass the parcel, says Sunil Poshakwale

investment bank to another without anyone overseeing the trades. Thus, there is no oversight to ensure that the holder of CDS has the required financial capital to meet losses in case the underlying security defaults. In the last few years, CDS became very popular with investment banks as an easy way to make money because in the booming economic period that we experienced in the last decade or so, the general perception was that big corporations and/or banks whose credits were insured via CDS markets were unlikely to fail. No wonder then that the CDS market has grown very fast and according to the International Swaps and Derivative Association (ISDA), it is worth more than $60 trillion which is approximately twice the size of the US stock market and also dwarfs the $12 trillion US mortgage market and the $6 trillion UStreasuries market. It is worth mentioning that the American Insurance Group (AIG), recently rescued by the US Federal Reserve through a capital injection of $85bn, had written off $450bn worth of CDS.

www.usfst.com

CDS Ed P76-78.indd 76

28/1/09 16:38:32


Besides the CDS, the market for securitized assets such as the the quest for more profits, investment managers and traders started Collateralized Debt Obligations (CDO) has also been growing over to develop clever trading strategies in a bid to outsmart each other. the years. CDOs are attractive investments for investment banks and This led to the development of proprietary investment strategies that hedge funds because of the high potential to make large profits, and became too complicated to price for rest of the market. like CDS, markets for CDOs are unregulated. CDOs comprise a portThe vast profit potential led to excessive greed to make maximum folio of fixed-income assets which are divided into different tranches money in the shortest possible time. This short-termist behavior was based on the credit ratings of the underlying mortgages. For example, encouraged by the compensation packages that were available to the an AAA rated CDO is considered safer compared to a BB rated CDO investment bankers and trading community since more profits directly because the exposure to losses is greater in the BB rated CDO comtranslated into higher bonuses. Years of good economic conditions pared to the AAA rated CDO. with low inflation and low inOver the years, CDOs have terest rates further fueled the become an important vehicle growth of financial markets for funding of fixed-income and encouraged excessive assets. Around April 2006, risk taking by investment the rating agencies began to banks. Investment success The CDS market is worth nearly $50 trillion re-rate the BB rated bonds lavishly compensated by Wall as they sensed that given the Street and in London plagued higher risk, returns on these rational decision-making. bonds were not high enough. Central bank and regulaAs a consequence, the tory bodies have been badly spreads on mortgages began exposed in the current crisis. to widen and the investors To some extent the criticism began to leave the BB rated of these institutions that have bond market. Around the primary responsibility to regsame period, the subprime ulate the banking sector and residential mortgage market financial market operations in the US started to experiis justified. In my view, reguence high defaults, which lators can only effectively caused lenders to become regulate if they understand more risk averse. The inveswhat they are regulating. tors perceived higher risk in Therefore, it is not a question holding CDO backed bonds. of more or less regulation but $890 billion Consequently, availability rather how ‘effective’ is the of credit became scarce and regulation. Regulatory au$2.1 trillion bond yields (return required thorities allowed investment $3.7 trillion by investors from investing in banks to race ahead with $8.1 trillion bonds) started to rise. One of trading of complex products $16.6 trillion the reasons for the downfall and deals without making of Lehman Brothers was that sure that both the regulator $33.4 trillion they had a high exposure to and the banks doing such $60.3 trillion the CDO market. It is estimatdeals understood the risks $52 trillion ed that Lehman’s exposure and that the counterparties 2001 2002 2003 2004 2005 2006 2007 2008 2009 to all outstanding corporate involved had the necessary CDOs is nearly 60 percent. capital base to take those Many commentators and risks. There is an urgent need financial experts have been blaming the derivative markets for the curfor governments to ensure that those who are responsible for regularent financial crisis. However, in my view, derivative products such as tion are either appropriately qualified or trained so that they have a options, futures, swaps and their complex combinations were primarily sound understanding of the underlying risks. invented to hedge risk. However, since most derivative instruments One of the central tenets of the free market economy is that the principally rely on leverage, the investment industry started to use markets are generally efficient. It is believed that markets are able to derivatives to make money and quite rightly so. Soon the profit making price risks appropriately and therefore reflect correctly the fair value potential began to dominate the hedging motive and greed overtook of assets being traded in the market. However, markets are made rational behavior. The results are for everyone to see. Besides this, in up of small investors and some very large and influential investors.

credit default swap growing fast

www.usfst.com

CDS Ed P76-78.indd 77

77

28/1/09 16:38:36


Unfortunately, the system has allowed some investment banks to capital to businesses. This may adversely affect new investments and become too powerful. This in itself is a breach of the basic investgrowth. The slowdown resulting from the scarce availability of capital ment management principle which suggests that diversification is the for businesses may lead to higher future job losses. The scarcity of fikey to reducing risks. When some institutions and investment banks nance would lead to an increase in the cost of capital, which will mean become too influential, the systemic risk increases since they domithat businesses will have to tighten their operating costs or else they nate trading volumes and are able to manipulate the asset prices. will be reporting lower future profits. Prospects of lower corporate There would be widespread implications of the financial markets profits will adversely affect stock values. Thus the stock markets are meltdown in the US and the UK. One of unlikely to reach the heady levels that we the reasons for recent takeovers (Merrill have experienced in the last few years. Lynch by Bank of America in the US and Large falls in the equity markets are HBOS by Lloyds TSB in the UK) was that bad news for the average person on the both Merrill Lynch and HBOS would have street, even if he/she had nothing to do found it difficult to raise further capital with the subprime mortgages. Losses on their own. Both have perfectly viable on equity investments would reduce the and possibly profitable businesses but value of portfolio investments held by because of the credit crunch, they would pension funds and this is the next problem not have been able to borrow the rethe governments around the world will quired money from the market because have to deal with. If pension funds suffer of the lower capital base caused by the losses on their investments then those write-downs of bad assets in their balwho are dependent on the pension income ance sheets. Some European banks – for are likely to suffer too. Many others who example, Fortis in Europe, Bradford and may have bought additional residential Bingley in the UK, Wachovia in the US properties with an aim to use the sale (and the list is growing every day) – have proceeds in lieu of pension income in the found themselves in a similar predicanext five years or so will find that they may ment. It is worth noting that collectively, not be able to afford the luxurious holiEuropean banks together had €258bn days they had planned. Worst hit will be worth of maturing debt in 2008 alone. In those who cashed in by releasing equity Sunil Poshakwale is Professor of the case of HBOS, it needed to rollover from inflated house prices since they will International Finance at Cranfrield School of debt worth €1.6bn maturing in 2008. find themselves with an expensive loan Management. Thus one of the major consequences of that they will have to repay in case house the credit crunch is that the banks will have to de-leverage their prices do not regain the same levels which existed before the onset of balance sheets. De-leveraging would require infusion of additional the subprime crisis. Less credit availability will also mean a less luxuricapital so that maturing debts could be paid and debt to capital ratio ous lifestyle since people will find it difficult to borrow money to spend is lowered. on luxury goods. This may be good news since less demand will lead to Second, because of the high levels of debts on banks’ balance a fall in prices and those who have the cash will be able to get the best sheets, the shareholders will demand a higher risk premium on the bargains. After all ‘cash is king’ as they say. Alas, banks did not heed banking sector shares. It is not surprising therefore, that the banking this age-old advice or else we would not be in this financial mess. n stocks have been the loss leaders on Wall Street and London as well as in other markets. Third, though bonds are considered much safer compared to investing in equity shares because bondholders have the first claim on a company’s assets, currently high levels of defaults on bonds would make it very difficult for banks and corporations to raise capital by issuing bonds. As a consequence the bond yields will continue to rise and so will the cost of borrowing. Fourth, the whole finance industry will shrink in size because as the market values of overvalued assets fall, the value of capital required to finance the new levels of investments will also have to fall. There will be consolidation, as we are witnessing, and fewer big players in the banking industry in future. There are some serious implications of the credit crunch for the real economy. To start with, there will be reduced availability of

78

www.usfst.com

CDS Ed P76-78.indd 78

28/1/09 16:38:41


Xenos.indd 63

28/1/09 08:42:00


Juniper Networks:25JUNE

28/1/09

16:14

Page 80

EXECUTIVE INTERVIEW

ACCESS ALL AREAS With security becoming more and more important to financial institutions, the concept of Network Access Control (NAC) aims to do exactly what its name implies: control access to a network with policies, including security checks and post-admission controls, over where users can go and what they can do. Sanjay Beri explains more What can you tell us about the current drivers for NAC solutions? Sanjay Beri. New technologies are being utilized that enable businesses to operate differently than they have until now. Organizations want to take advantage of these changes to achieve a competitive advantage, but changes can also introduce risks and threats. For example, organizations want to move faster by enabling outsiders like partners, suppliers or customers to access the network directly. Or they may want to allow employees who work remotely to connect to the network after using their computers outside the perimeter. In both cases, an organization can’t predict how users will behave or know the state of their machines. You want to take advantage of the speed and flexibility technology offers, but you have to maintain control over your critical resources and prevent data loss. Access control lets you do this. This is especially important in financial services organizations, where companies need to fiercely protect their reputation, as well as comply with regulations and defend against cyber terrorism. So the drivers include guest access, insider threats, off shoring/outsourcing and compliance monitoring and enforcement.

“You want to take advantage of the speed and flexibility technology offers, but you have to maintain control over your critical resources and prevent data loss” How does network access control solve this problem? SB. Network access control solutions manage access to the network and its applications based on user and/or device compliance against a series of enterprise-defined network and security policies. Criteria for network and security policies include things like user identity, device identity, health, security state and network location.

80

www.usfst.com

Sanjay Beri is Vice President, Access Solutions Business Unit at Juniper Networks and has more than 10 years of experience in the hightech industry including key roles at such companies as Microsoft, Newbridge Networks (now Alcatel) and McAfee. Prior to Juniper, he was a co-founder of Ingrian Networks, a leader in providing solutions to secure data in transit and storage. Beri holds a Masters in Electrical Engineering from Stanford University, and an MBA from Berkeley.

Policies to be enforced may include users and their devices adhering to and maintaining a baseline of criteria defined by the enterprise and making sure only authorized users are accessing networks and applications. Furthermore, a NAC solution can ensure that access is allowed only to authorized corporate resources, and all corporate authentication and security policies are met before the network is accessed and during the duration of a session. Therefore you can make sure that the accounting department only accesses financial records and HR and the person the records belong to only access records. Do NAC solutions replace existing security solutions like firewalls, VPNs and antivirus? SB. A comprehensive access control solution actually leverages and extends existing security solutions like firewalls and VPNs. For example, Juniper’s Unified Access Control (UAC) solution uses Juniper’s firewalls as enforcement points to stop unauthorized traffic where the firewalls reside. Likewise, access control policies can be shared between UAC and Juniper’s Secure

Access SSL VPN appliances to centralize provisioning of access control and ensure consistent policies for both remote and local access. This simplifies policy development and management, which results in cost savings. What does Juniper’s NAC solution look like? SB. Juniper’s Unified Access Control is comprised of a number of components. All access policy is implemented by the Infranet Controller – UAC's hardened, centralized policy server; and user identity, device security state and network location are determined by the UAC Agent – which is available as a lightweight, dynamically downloadable agent with cross-platform support for Microsoft Windows, Apple Mac OS and Linux platforms, as well as an agent-less mode, for when installing a software client is not feasible. Juniper Networks Unified Access Control is based on open industry standards and fieldtested components that leverage existing enterprise network infrastructure, delivering solid investment protection. UAC reduces access control deployment complexity and cost, while increasing operational efficiencies.


Juniper.indd 1

28/1/09 08:19:12


CORE BANKING

core transformation – evolution, revolution, or die?

Nearly one quarter of all banks are considering replacement of core systems within the next three years according to a recent study by Financial Insights, an IDC company. The question is how (rip and replace, or gradual modernization?) and not why. You’re either rearchitecting today, or it may already be too late. By Adam Burns, Senior Editor

C

ore banking systems are key to banks flourishing in this intensely competitive banking landscape – come rain or (eventually!) shine. They can facilitate high growth business initiatives, providing agility and flexibility for tapping new opportunities, meet compliance and regulatory requirements, improve risk management effectiveness and bring about operational and process efficiencies. The problem is that most don’t. “When we talk about core banking systems, we are referring to those back-end systems that do the day-to-day transaction processing, statement generation and reporting for the bank,” says Bart Narter, a Senior Analyst at Celent. “These systems tend to be written in COBOL, perhaps with a bit of assembler thrown in to optimize batch runs. They run in batch mode, so that transactions are posted nightly. They have been running at the bank for 20 or 30 years – yet the fact that they have been running for so many years is both a blessing and a curse. The blessing is that they are scalable, reliable, stable systems, with some rare exceptions. Whatever else people might say about their core systems, they do the job day in and day out. The curse is that they are saddled with old

technology that make the systems very inflexible, hard to communicate with and difficult to maintain.” How important is good core banking technology? Santander’s José María Fuster was named CIO of the Year 2007 by The Banker. The year before, it had awarded Santander the Core Banking Systems Innovation award for its new core banking system. Coincidence? Fuster doesn’t think so. Though the group’s roots are in Spain, it has a strong presence across the world (it is Europe’s largest bank). This has been built through a number of acquisitions in the last few years, including Sovereign Bancorp in the US and Abbey in the UK. “Business and geographical diversification is an opportunity to improve our technology with functionalities from different markets,” Fuster states. “It has helped our core banking system to become one of the most technically and functionally advanced in the industry.” Fuster claims that technology is never a constraint in the decision making process. “On the contrary, we were very confident [during the Abbey acquisition] that our core banking system would accelerate Abbey’s integration in the group,” he says. “At the same time, it generated synergies by transferring our deep expertise in commercializing financial

“existing core systems often hamstring the operations of the bank and the business of the bank” Jeanne capachin

82

CA.indd 82

www.usfst.com

28/1/09 15:42:55


products and services. In essence, our core system allows us to export our way of doing banking.”

Why change now? Jeanne Capachin is Lead Analyst on core systems transformation for Financial Insights, an IDC company. According to a recent Financial Insights study, nearly one quarter of all banks are considering replacement of core systems within the next three years. This is not a decision to be taken lightly – the cost of transformation is high, as are the risks – especially in light of current economic conditions. So if core banking systems are what keeps the lights on, and the lights are on, why change things now? “Certainly the core bank systems that we have today are very efficient if we look strictly at transaction processing,” says Capachin. “But, as soon as we try to change those systems or get at the data that’s stored in the monolithic code, that’s when we start to run into problems. This isn’t the core system that’s going to form the basis of the bank in the future.” “It’s hard to serve your customers with the core banking systems that we have now. It’s also very difficult to make changes to those systems, to introduce new products. So, the core systems that we have often hamstring the operations of the bank and the business of the bank.”

“Just because the app was put in doesn’t mean the app is to blame” Dave DeCamp

“By investing in new core banking technology, they have more flexible organizations. They can serve their customers better and they can improve the processes of the bank – many of which are in as a result of the core technologies, not because that’s the way we serve our customers.” Dave DeCamp is a Vice President and the Chief Solution Architect for Worldwide Financial Services at CA. He agrees that the reasons for transformation extend way beyond cost. “Many banks recently have tried to look at this purely as an economic oriented decision – i.e. that we will be able to save X number of hundreds of millions of dollars over Y number of years if we implement a new integrated core,” he explains. “In many cases, it’s not the outright short-term economic benefits in ‘classic’ ROI. It’s the ability to improve competitive positioning, customer service and business process optimization that’s really driving their decision.”

For every bank ATB Financial is not Grupo Santander, but the largest Alberta-based financial institution does have a very enviable record – since 1997, it has reported a profit in every quarter. To continue in that successful vein, ATB is in the process of replacing its core banking application.

What is the role of an IT vendor such as CA? By Dave DeCamp, VP, Chief Solution Architect, Worldwide Financial Services, CA There are many very strong, healthy companies that really had minimal exposure to the particular financial instruments that caused so many balance sheets to implode and has resulted in this increased wave of mergers and rescues and bailouts. There are many regional banks who really had no exposure to that market, that have already been through an IT belt-tightening cycle. They’re looking at this as a golden opportunity to jump ahead of the pack. Although, we don’t yet have public references for how we’ve worked with these banks, there are a number of them that fall into a couple of categories. One notable example is a midsize bank, located in North America. They happened to be an established user of many of our EITM solutions, in particular our application performance management, IT governance, network management and service level management technologies. They already had a well-oiled EITM machine for managing their current legacy application environment, but they’d taken those apps as far as they could possibly go without doing something fundamental. They were in a position where they had those foundational IT capabilities in place and operating smoothly, enabled by good IT management solutions to allow them to more aggressively consider deploying a core banking replacement. There are other examples, where the banking vendor has gotten engaged with the customer and started the implementation. Suddenly, in the midst of the implementation, they find that they’re having performance related issues – or there is a perception on the client’s part that their application is causing degraded services levels or poor application or transaction performance. In many cases we know, it’s probably not the application. Just because a new application was put in to production doesn’t mean the new application is to blame. There’s countless other factors that could come into play. If the shop is immature from an enterprise IT management perspective, they simply may not have the tools in place to be able to conclusively isolate the problem to either the new application stack or something else in their infrastructure. In those cases, we’ve partnered with the application vendors who’ve asked us to come in and using tools like our application performance and transaction management, be able to watch that whole end-to-end transaction. And conclusively demonstrate much to the core banking vendor’s delight that it really isn’t their application in most cases and that we helped them find other ways where they can improve the integration to the legacy environment.

www.usfst.com

CA.indd 83

83

28/1/09 15:42:56


THE PANEL Mike Redeker, Vice President and CTO, ATB Financial

According to Mike Redeker, Vice President and CTO, this move is for the business, by the business. “We probably spent about eight to 12 months just doing planning, going through RFP processes and so forth,” he says. “In January 2008, we made the decision to proceed, and we expect to go live April 2010. “This is not an IT project. This is straight from our CEO down. This is a business transformation project – and core banking technology enables you to make the difference.” What about the risks in these famously risk-averse times? “We’re in the enviable position that we’re small enough in comparison to the big banks where we believe we can take out our old application and put in the new application,” explains Redeker. “Yes, there will be risks associated with data conversion, some of the business transformation and so forth, but we have a pretty large team in place, focused on the areas where we think we’re going to face risk, such as data conversion, business transformation and so forth.”

“We were very confident that our core banking system would accelerate Abbey’s integration in the group” José María Fuster

Evolution or revolution? In the last seven to eight years, many Chinese, Indian and European banks have affected a very revolutionary approach to their core banking transformation. In contrast, a lot of North American banks have not. So, beyond simple geographical separation and sovereign boundaries, what are the principle reasons for such a stark dichotomy? Dennis Roman is Chief Marketing Officer for TCS Financial Solutions, a transformation solution vendor. He believes that the different approaches are down to external forces and one key factor. “In India there were many private banks and government banks. And when India deregulated, there was a lot of pressure for innovation. The

84

CA.indd 84

Dave DeCamp, VP, Chief Solution Architect, Worldwide Financial Services, CA

private banks, who didn’t have quite the ‘footprint’ as a more traditional government bank, they took on transformation very quickly, leaving the government-sector banks behind,” explains Roman. “That became a catalytic event for the government banks to then take it on and do the same thing, which they have done and regained much of their market share. “In Europe they were converting to the Euro and incorporating the eastern block, and that kept them pretty busy. They took on transformation as a key enabler to get these things done.” In North America, however, banks – and the decision makers driving banks – have a very different profile. “Just as an example, the CIOs tend to be a little older here than maybe they are in some of the BRIC countries. And those countries tend to be a little bit more risk sympathetic than maybe we are here.” What is the key factor? “It’s also true in the United States that, while the technology tends to be quite old, it’s getting the job done.” Perhaps true, as the ‘job’ is currently defined, but the job description appears to be changing rapidly. Now that US institutions have their own ‘external force’ – and the financial crisis is a doozy – getting the job done is not enough. Transformation is vital. “I think the US market personifies best of breed much more than any other part of the world,” says Sanat Rao, Global Head of Finacle Sales for Infosys Technologies Limited. “Therefore, for a long time, I think banks in North America were really wondering, ‘do I need to change at all?’ It’s our belief that a lot more banks in this part of the world now are indeed conscious about the fact that they need to make a change – and they’re grappling with the issue of how.”

Good practice According to Jeanne Capachin, to succeed, core systems transformation must have agreement from the whole organization. “It’s not just the CIO’s decision. It’s not going to fly. Everyone needs to buy into this. We’ve seen projects fail here in the US for that very reason – what seemed like a good idea to a portion of the organization really wasn’t fully supported.” Capachin also believes in managing expectations – “What are the top three or even two things you expect to get from this? Make sure that’s what you scale the project to and focus on, so that you can realize whatever is most important to your organization” – and the importance of a

www.usfst.com

28/1/09 15:42:57


Jeanne Capachin, Lead Analyst on core systems transformation, Financial Insights, an IDC company

José María Fuster, CIO, Grupo Santander

“That demands the CIO have a solid IT governance and dashboard clear roadmap to make sure the project isn’t ‘going off course’ or extendtechnology in place that can give detailed, granular information about ing ‘what might be a 24-month project to a 36-month project’. the status of the project and all those ‘what if’ scenarios. For example: When all of this is in place, start thinking about the IT side and, what if we have to add a phase or an integration that we didn’t initially in particular, having a good enterprise IT management (or EITM) account for?” says DeCamp. “IT governance, framework. project portfolio management, and financial “Really, that’s where our focus has management are a core capability there.” been at CA, being an enterprise IT manage“Another risk is that involved in simply inment solution vendor,” says Dave DeCamp. troducing a brand new technology stack. I put in “Looking at the opportunities that we have the core banking system and suddenly nothing to partner with some of these core banking performs well anymore, so it must be the bankapplication providers, as well as the ultiing application that’s causing the problem.” mate customer who’s deploying that core “There are so many other things that an banking solution.” implementation could actually draw out in terms According to DeCamp, what CA have of transaction performance and efficiency,” exfound is a lot of “very siloed, very fragplains DeCamp. “Most banks lack the domain mented” application environments. “There management discipline to be able to look at are a lot of very deep, complex legacy dean entire transaction across an integrated core pendencies that contribute to that whole bad Mike Redeker banking platform and their legacy environment, economic model of spending 80¢ of every IT so there’s a constant battle back and forth, over dollar on keeping the lights on,” he explains. who’s at fault.” “And only 10 or 15 percent on investing for Good application performance management and transaction manstrategic growth and competitive advantage.” agement solutions, that are capable of following a transaction from endThen there are the additional headaches associated with integratto-end through the new core system will allow both the software vendor ing a core banking solution. “It brings a lot of additional overhead comand the client to agree where problems are, and whether they are in the plexity from a security perspective,” says DeCamp. “Who are the IDs core banking application at all. that are coming in and out of the application? How do they get passed

“This is not an IT project. This is straight from our CEO down. This is a business transformation project – and core banking technology enables you to make the difference”

down to the legacy applications in a seamless and integrated way, especially while a bank is in that ‘ugly in-between state’, where they have started to implement a new core system, but have to continue to integrate with legacy environments.” To help, CA have worked with the application vendors to identify the key IT capabilities that will support mitigating risks associated with core banking transformation.

Key IT capabilities The first capability relates to the sheer size and complexity of these long, multi-year projects with multiple phases, gates, deliverables and resources.

Because you’re worth it Changing out core systems is never going to be easy. Both evolutionary and revolutionary approaches have their share of risks – but neither is as risky as ignoring the problem. Jeanne Capachin explains: “In the year 2000, we had the Y2K bug, which financial institutions needed to address. There was no alternative. We had to make the necessary investments. “We like to think of this as a Legacy bug that we’re all suffering with, but we don’t have an end date in place that we need to get to. The question is: when is that Legacy bug going to explode for financial institutions?” The answer is simple – lose the rotten core. n

www.usfst.com

CA.indd 85

85

28/1/09 15:42:59


roUTe

CAUSES How do you navigate through the toughest six months the industry has faced in decades? For Huntington Bancshares CIO Zahid afzal, it’s all about knowing where you’re going

86

www.usfst.com

Zahid Afzal Ed P86-89.indd 86

28/1/09 16:26:50


ur first encounter with Zahid Afzal comes in August 2008. The credit crisis is gaining momentum daily and it is starting to become clear that this isn’t going to be a mere blip. Bear Stearns and IndyMac have already fallen while Lehman Brothers’ demise is just around the corner. Despite the hostile environment, the CIO is in a fairly buoyant mood. While he acknowledges the challenges that the industry is facing, he remains confident that his organization can keep its head above water, even continuing to innovate and grow. Six months later, we decided to follow up with Afzal and see if the intervening period had dented his optimism. The question of whether the gathering storm would lead to long-term plans being forsaken in favor of short-term gains is one that continues to be asked throughout the industry. Last year, we addressed the issue with Afzal, who acknowledged that there were certain concerns. “We took a look at our portfolio of strategic initiatives very carefully, and we cut back a little bit on certain strategies but not the ones that have the bigger impact for us over a long period of time,” he said. “To give you an idea, we went from about 30 initiatives down to 19 on the strategic side, but those 19 are the ones that we believe are the most critical for us, not only short-term but long-term.” During our more recent meeting, we ask if the worsening situation over the past half a year has forced any further sacrifices. “The process we used was to make sure we don’t walk away from any critical strategic investments,” he replies. “So, we did not put on hold or revise or cancel any of those. We went through the process of looking at things that we could defer or reduce the scope of. We were able to be free up the dollars we needed to meet our targets.” Inevitably, certain projects fell by the wayside, but some are already getting back on the agenda. “Probably the biggest one I could tell you about was our telephony initiative, moving our voice telecom over to voice over IP,” Afzal continues. “That’s something we did defer, but there were other reasons for it besides economic reasons.” Telephony is now firmly on the priority list for 2009 and significant advances have already been made (see Then and Now). One element that remains constant during both our meetings is the emphasis Afzal places on aligning IT with business. It’s always been a key challenge for technology professionals, but it takes on a particular significance when times are tough and budgets are stretched. Afzal tells us that he spends perhaps 50 to 55 percent of his time on these alignment efforts, working closely with the business leaders on strategic initiatives. “Last time we spoke, I alluded to some of the strategic planning sessions we were planning to kick off,” he says. “We started a series of efforts we call blueprinting, which is a technology grouping thing. We start out with the business planning

O

“My view of IT organization is that it is not a back office operation. It’s a very strategic element of the company’s success”

Then and now In August of 2008 Afzal identified talent management, telecommunications and virtualization as his key priorities. Six months later, we find out how these initiatives are progressing.

Talent management We have a talent management process rolled out. In fact, we’re going through our incentive payout right now and we’re using that talent management process to assign ratings and so forth. We did some restructuring and we used the talent management process to take our top talent and give them the opportunity. Now, we’ve created a function called ‘resource management,’ and we’re tying that to the talent management process to start to build career paths for our top talent. We make sure that we’re ‘growing’ them and they’re not just stagnating in their current positions. With our support and partnership with our HR organization, that has actually gone extremely well.

Telecoms We’ve made great progress there. We completed a full roll out of the MPLS network, which is the network that we are basically streamlining and standardizing across the enterprise. We’ve done the data side of the network. We made that voice and video enabled and rolled it out across the franchise. Hence, our voice over IP roll out is a much simpler and cost-effective plan that we’re now starting to execute. We’ve got about 1000 phones rolled out already. We’ve got a way to go, but we’re on our way.

Virtualization Last year we achieved about 25 percent reduction in our server environment. We had over 1000 servers and cut down by about 250 servers. We’ve made about $4 million in terms of net saves on an annual basis. That comes from not only the hardware and the software, but also the cooling, heating, electricity and space required. We have targets to reduce another 25 percent this year and that’s moving in a very good direction. It’s tied to our green IT initiative because as we start to cut back on these things, it’s also helping us to use less power and less cooling and, obviously, that helps the environment. There are a lot of benefits there.

www.usfst.com

Zahid Afzal Ed P86-89.indd 87

87

28/1/09 16:26:51


To promote this understanding, Afzal conducts quarterly reviews with all of Huntington’s management. “The primary reason for it is to make sure they understand the value not in words, but in reality,” he explains. “Translating those into a business value framework is critical.” Afzal is firm in his belief that it is the modern CIO’s duty to speak the language of business, something that technology pro-

“What I do on a day-to-day basis has less and less to do with technology, although that still needs to be part of the core responsibility” fessionals have not always excelled at. “I don’t believe that CIOs or IT managers do a very good job translating value,” he says. “So, we laid out a service delivery model where I meet with every senior leader, one-on-one on a quarterly basis, including our CEO. I also spend some time with the board members, presenting to them what is it that we’re doing, what our priorities are and what the value is.

POLITICALLY MOTIVATED

Afzal gives his thoughts on how the new administration is going to affect the financial services industry

Zahid Afzal aspects of it and then go back and assess the architecture. We now have six of those going on, where we’re spending a lot of time.” Obviously, quite a bit of that time gets spent looking at current market conditions, seeing where things can be made more efficient, where cost reductions or opportunities exist to enable growth. “We did several of those last year and that helped us in the deposit side in the landing area, as well as in the areas of credit risk and regulatory compliance risk,” Afzal continues. Key to Afzal’s approach to IT in the financial institution is the necessity that it is understood and supported by senior management. This doesn’t only apply to the nuts and bolts aspects of keeping the lights on, but also to the specific business benefits that it can bring. Communicating this is an ongoing process and while some are alive to technology’s possibilities, not everybody is on the same page. “I wouldn’t say that everyone is, because there are some that are further along than others,” he confesses. “Some have more engagement and more interest. Some looked at it and said, ‘Just go do what you need to do.’ As long as systems are stable and things are getting done, that’s all they care about. I operate very differently. My view of the IT organization is that it is not a back office operation. It’s a very strategic element of the company’s success.”

88

ne of the areas where I see that Mr Obama can help is obviously the economy itself. The second part of that would be that there will be a lot more regulatory controls. We anticipate that this will happen, as we look at some of the credit issues and what went on with the securities environment. Even though we as a company were not involved in any of those practices, we will be impacted by having to put additional controls in place. Obviously that puts a lot of burden on technology to automate those controls and those are resources that should be working on the growth of the company too. That’s an impact I see coming. The FDIC has things they want us to take care of right away, but it’s a pretty huge effort. It’s not a situation where we can just cut the programmers loose. We’ve got to work out analysis to make sure all the controls are in place correctly. On the positive side though, I do see President Obama as being a lot more technology savvy. I’m hopeful that he will stir the growth through some of the technology initiatives he talked about during his campaign. That would have a positive impact not only on the economy but on us as well.

O

www.usfst.com

Zahid Afzal Ed P86-89.indd 88

29/1/09 09:04:00


I translate it to corporate value, shareWhat is clear from both our conHuntington by numbers holder value, things of that nature. “ versations with Afzal is that he places These quarterly reviews are extremea great deal of value on consistency. ly helpful in generating valuable feedback While the current climate could lead A $54 billion regional bank holding from the business. They also enable Afzal some to make decisions focused only on company headquartered in Columbus, Ohio to educate the company’s leaders about the short-term, his IT governance model exactly why IT is so important. This eduprizes structure and stability, which It has 604 branches and 1384 ATMs cation is critical. Otherwise, technology seems to be enabling Huntington to will remain a back office function, rather negotiate some choppy waters. True, as Presence in 6 US states: Indiana, than taking its rightful place on the front a more regional institution, Huntington Kentucky, Michigan, Ohio, Pennsylvania, line of the enterprise. doesn’t face quite the same challenges and West Virginia An unexpected and atypically welcome as a Citi or a Bank of America, but it is side effect of the credit crunch has been to nonetheless operating in an extremely Founded as P. W. Huntington & make certain sectors of management more hostile environment and doing so with Company in 1866 receptive to some of IT’s potential benefits. some success. “I think it has helped,” says Afzal. “For exAsked to finally sum up the key Employs 12,000 associates ample, when I was with Bank of America qualities and responsibilities of the and trying to implement an IT governance modern CIO, Afzal is unhesitating in structure, there was a lot of resistance earlier on and it took a long time his response. “What I do on a day-to-day basis has less and less to for our business leaders to truly see the value in economic terms. When do with technology, although that still needs to be part of the core you translate those into dollars and cents it is just unbelievable. It just responsibility,” he says. “But do I need to be a technologist to be speaks for itself and it opens people’s eyes. The tough economic times successful? In my view, the answer is no. It’s all about the people do help with that, because when dollars are tight you have to tighten skills, processes skills and, most importantly, the business leaderyour belt and these types of processes do help a lot.” ship skills that are a must.” n

Zahid Afzal Ed P86-89.indd 89

28/1/09 16:26:57


E-DISCOVERY

E-discovery solutions offer better efficiency and can help reduce IT costs, say Jeffrey Hill and Andrew Stamer

W

ith the average legal discovery costing around $130,000, many companies seek a solution to reduce costs and extrapolate data that can be used as evidence in a criminal or civil legal case more efficiently. Companies implementing electronic discovery (e-discovery) solutions save an average of 29 percent in legal discovery costs, or more than $37,000 per discovery, according to recent Aberdeen Group research.

90

www.usfst.com

OnTheLookOut.indd 90

28/1/09 16:08:38


Figure 1: Comparison of archiving business pressures Recent market volatility and the well-publicized difficulties of companies in the financial services sector have led many to look at the industry under a microscope. And by the time all is said and done, few balance sheets will be left unturned in an attempt to explain to regulators, investors, and eventually the courts, what happened. It will be a testing ground to see which solutions work best, and if the benefits of e-discovery move beyond that of its traditional counterpart. As the downturn has worsened and layoffs have occurred throughout the financial industry, companies will be forced to maintain standards, regulations and regular business functions with fewer people. If there is an upside to the current economic situation, it is the opportunity for businesses to get back to basics and increase profitability through increased efficiency – or at least the ability to maintain status quo as companies restructure. In the realm of data archiving, one way to increase efficiency is to use a hosted archiving solution as opposed to an internally hosted solution. This is a tempting alternative because fewer IT resources are required to implement it, deployments are generally faster and it has the ability to support unique business processes. There are also any number of compliance-related issues surrounding the archiving and retrieval of data, from amendments to the Federal Rules for Civil Procedures (FRCP) in 2006, to Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) rules, as well as many others. Compliance issues increase the need for secure and effective archiving solutions, especially in the financial sector where the cost of non-compliance can far outweigh the cost of implementing an effective and secure archiving solution. The same research showed that achieving compliance with these regulations was a major driver for deploying governance software and solutions for 64 percent of respondents. Without a well-defined and executed strategy for archiving and managing electronic records (such as email messages) companies may be unable to quickly find, retrieve and protect related documents as part of a legal discovery or regulatory compliance review process. These companies then face significant litigation and regulatory compliance risks, which e-discovery can help complete in a more efficient and cost effective manner than what has been traditionally done.

Pressures facing business As IT struggles to deal with a seemingly unending flood of data, CIOs, CEOs and General Counsels increasingly recognize the potential risks to the corporation of not implementing a managed data archive that keeps valuable corporate information where it can be

Jeffrey Hill is Sr. Research Analyst, Data Management and Storage at Aberdeen Group. He focuses on technologies and market trends in the area of data management and storage.

Minimize risk of data loss 20% 63% Increase operational efficiency 34% 44% Minimize litigation risk 12% 42% Improve corporate governance 9% 33% Minimize ligation cost 1% 22% Source: Aberdeen Group, September 2008

Financial services All others

easily found and retrieved as needed. Organizations that are able to manage their archives with a consistent and well-defined set of policies are well-positioned to minimize litigation costs and to meet governmental regulations. The top three pressures (Figure 1) leading the finance sector to implement such archiving technology were to minimize risk of data loss (63 percent, compared to all others at 20 percent), improve operational efficiency (44 percent, compared to all others at 34 percent), and to minimize litigation risk (42 percent, compared to all others 12 percent), according to the Aberdeen Group study, Strategic Archiving Decisions: Retaining and Retrieving Company Information. Notably, the top 20 percent of aggregate performance scorers for the December 2007 Aberdeen Group report, e-Discovery and Message Archiving: Can Your Business Afford to be Served?, stated operational efficiency as the top pressure, which shows that this remains an important topic area when discussing solutions. While the third pressure addresses amendments to the FRCP rules, these rules only set penalties if a company fails to produce evidence for discovery in a timely fashion or is unable to produce required evidence, but does not set up a framework for compliance. E-discovery, in this case, is just one solution that helps form the basis of an archiving strategy that minimizes the risk of losing valuable data as well as making data easier to locate when needed. Because requests for data can come from just about anywhere, companies need to have the ability to respond to legal discovery requests within a specified timeframe. The top 20 percent of companies in the e-Discovery and Message Archiving study were able to recover archived data, records and messages on average within one hour 100 percent of the time. For large companies with over $1 billion in revenues, this amounted to an average savings of almost $1 million from e-discovery yearly. But a year after amendments to FRCP were made, 59 percent of survey respondents for e-Discovery and Message Archiving did not have an e-discovery and message archiving strategy in place.

www.usfst.com

OnTheLookOut.indd 91

91

28/1/09 16:08:40


Andrew Stamer is Aberdeen Group’s Research Associate, Technology Markets. He is responsible for research and analysis in the Technology Markets group. Topics he has covered include business intelligence, governance, risk management and compliance, and data management and storage.

Hosted solutions Financial services companies are using hosted solutions more often in backup, document and disaster recovery than others surveyed, the sector is using it less than all others with email and e-discovery (Figure 2).

Figure 2: Hosted solution landscape Not using hosted solution 52%

externally hosted solutions have the same capability. Because of lower costs through human capital, fewer resources spent on IT development and implementation, and the ability to support the uniqueness of each organization’s business processes, a hosted solution offers cash-strapped financial services companies a way to become more fiscally responsible at a time when it is severely needed. Even those companies that have put such solutions in place, only 1.4 percent were using a hosted e-discovery as part of a hosted solution, as reported in Strategic Archiving Decisions. Given the inevitability of IT cutbacks and cutbacks in general for researching and retrieving business and compliance critical data, this offers the opportunity for these solutions to expand into the financial services sector. Of course, before a company decides on any on solution, it should perform a complete cost-benefit analysis to see if a hosted, Softwareas-a-Service (SaaS) archiving solution, or internally hosted solution will work best for the company.

67% Back up 17% 33% Document 14% 33% Offsite storage 25% 22% Disaster recovery 14% 22% Email 18% 11%

Recommendations

Records management 11% 11% site replication 9% 11% E-Discovery 2% 0%

Financial services

Source: Aberdeen Group, September 2008

All others

Because most of the information needed for litigation can be found within email, it is important for it to be searchable. More emphasis should be placed on a solution that would turn around the best results, such as inputting and saving search terms into a data archive that pulls the most relevant and useful data in a much timelier manner – reducing discovery time-to-data to hours instead of days or longer. A hosted archiving and compliance solution also has the benefit of requiring fewer IT resources, which has appeal to both large and small companies alike. Hosted solutions also duplicate, and in some instances can exceed, the capabilities offered by in-house archiving solutions. A hosted solution costs less than organizational IT resources, and because the framework for such solutions already exists, implementations are quicker. Internal IT solutions’ saving grace is their ability to support the unique business processes of their organization, though

92

Without a well-defined and executed strategy for identification, protection, archiving and management of electronic records such as email messages, documents and transactional data, companies expose themselves to unnecessary risk. In this instance, the financial services sector should increase or maintain operational efficiency through employing a hosted archiving system to do the work staff were previously responsible for. They should also maintain compliance with federal and industry standards for litigation by using hosted solution for discovery. From the end user’s perspective, the key benefits to initiating a strategy of data archiving include: • Formalizing data storage, archiving and retention policies • Minimizing the risk of loss for all types of data archives • Increasing the manageability of data archives • Reducing the amount of time required to access archived data • Increasing the efficiency and manageability of the storage infrastructure, by moving persistent data to less costly storage systems While the economic downturn has its unfortunate side-effects, it offers financial services companies the opportunity to look into technology solutions that offer increased efficiency in an area where this sector feels increasing pressure. Hosted solutions offer improved operational efficiency with less staff and all the functionality of internal solutions and can offer a more efficient and effective way to remain compliant. n

www.usfst.com

OnTheLookOut.indd 92

28/1/09 16:08:42


AppliedDiscovery.indd 1

30/1/09 09:10:58


EED:25JUNE 28/01/2009 14:49 Page 94

INDUSTRY INSIGHT

A hybrid approach to eDiscovery A look at how combining in-sourced software and out-sourced services can lead to lower cost and less risk

STEVE STEIN

G

iven the current state of the economy, the risks and costs for financial services providers faced with requests for electronic discovery have never been higher. These realities are forcing most corporate counsel to look for alternatives to the model of outsourcing the management and execution of eDiscovery to outside counsel and third party service providers. Due to the complexity, however, insourcing the entire process isn’t a realistic or effective option for most organizations. For the majority of cases, corporations can in-source early-stage components of discovery. Once litigation has begun (or is reasonably likely to begin), corporate counsel must first identify and notify all potential corporate witnesses and/or systems administrators to preserve evidence. This custodian notification process must be auditable so that it can be defended if challenged in court. Once custodians have been no-

Steve Stein is Vice President of eDiscovery Consulting, Electronic Evidence Discovery (EED), Inc. Stein leads EED’s national eDiscovery consulting practice, having worked with corporations and law firms on eDiscovery issues since 2000. As an eDiscovery consultant, he works with many clients to scope and implement work flow solutions for the retention, collection, review and production of electronic data. Stein brings to this practice the perspective of extensive hands-on trial experience, having firstchaired 10 jury trials and second-chaired some 20 more.

94

www.usfst.com

tified, corporate counsel must implement the legal hold process in order to preserve all potentially responsive paper and electronically stored information. By deploying an in-house application that is either built on an existing enterprise content management (ECM) platform or a stand-alone system, corporate counsel can efficiently and effectively in-source custodian hold notification, identification of data sources, automated hold and preservation notices, with a process that is auditable. The strategic alignment of eDiscovery software on existing ECM investments enables corporate legal

though the Coleman case was later reversed for reasons unrelated to the eDiscovery issues). For matters that represent significant financial exposure or involve an allegation of fraud among key employees, it is recommended to hire an outside data expert – with experience in testifying – to oversee and/or execute data collection. Corporations can cut costs by minimizing the number of documents reviewed. Outsourcing the legal document review process to outside counsel is, on average, 70 percent of the cost of the total eDiscovery process. Many top-tier eDiscovery vendors offer consulting services and

“Failing to collect potentially responsive content or accidentally destroying content has resulted in major sanctions and fines in recent cases” departments to effectively preserve electronic content for compliance, investigation and potential litigation needs, while saving IT from having to support additional applications. The next step is to collect the information. In general, for small cases and minor litigation, in-house technology is effective for the document collection process, and some of the more advanced ECM systems offer this capability. The scope and subject matter in larger cases, however, brings greater risk of challenge and error, and therefore corporations will most likely continue to rely on third-party consultants who specialize in the collection and management of large amounts of data. Failing to collect potentially responsive content or accidentally destroying content has resulted in major sanctions and fines in recent cases and can adversely affect the defense of the merits. For example, judgments handed down against corporate defendants in highly publicized cases – $29 million against UBS in the Zubalake case and $1.45 billion in Ronald Perelman’s lawsuit against Morgan Stanley in the Coleman case – were largely driven by eDiscovery missteps (al-

strategies to help corporate counsel reduce the data set before review. These strategies may include maximizing the use of in-sourced culling technology or the initial culling of data by the eDiscovery provider using sophisticated search technology. The best way to minimize the costs and risks of litigation for the corporation is to create a well-documented, enforceable eDiscovery strategy and response plan that incorporates: (1) an early assessment of the severity and exposure in the case, (2) a process for effecting custodian notification of a litigation hold for those cases that require such action, (3) a plan for whether to collect data internally or whether to contact outside experts and (4) a consistent plan to cull data to limit the amount that requires review. Having these best practices in place, combined with the appropriate balance of in-sourcing and outsourcing, will advance your efforts to create and maintain the most effective and efficient eDiscovery process for your organization. n For more information, please visit www.eedinc.com.


EED.indd 1

28/1/09 08:18:46


E-DISCOVERY

THE LAW OF THE LAND

96

In a global economy, e-discovery is far from a purely technical issue. Alison Brecher untangles the legal complexities

A

n email can travel just as quickly from New York to Miami as it can from New York to Paris. Yet, these communication technologies that have fostered our global economy can wreak havoc when it comes to litigation. That’s because data protection laws in some countries prohibit the transfer of certain data to the United States. Take the following not-so-hypothetical situation and it is easy to understand why companies that have not yet encountered the issue will likely do so soon. An employee of Megacorp, a financial services company based in Germany, relocates to Megacorp’s New York office. He then sues Megacorp in the Southern District of New York alleging that he was discriminated against on the basis of his country of origin. Megacorp, in order to defend the action, wants to obtain emails from the plaintiff’s supervisor and co-workers who are based in Germany and other EU member states and the plaintiff’s performance reviews which are stored on servers located outside of London. The Federal Rules of Civil Procedure clearly requires parties to preserve the performance reviews, email and compensation, but the law in some other countries is equally clear that preserving or collecting that data and transferring it to the United States – even

www.usfst.com

Alison Breecher.indd 96

28/1/09 15:39:54


FAst.indd 1

28/1/09 08:18:58


if used solely to defend the litigation – may violate international data protection laws. These laws impose financial and, in some instances, criminal sanctions for transporting certain data to the United States. Unfortunately, the relatively few published opinions are of little assistance in navigating between this rock and a hard place. Some courts found that data must be produced in the litigation notwithstanding the international laws (in one reported decision, the court ordered the production even though the French statute at issue allowed for the imposition of criminal sanctions) and other courts ruling that the conflicting international law presents an undue burden so as to relieve the party of having to produce the data. Generally, courts invoke a balancing test to determine the reasonableness of compelling foreign discovery by considering several factors such as the importance of the data to the litigation, whether alternative means exist to obtain the information, and the hardship of compliance. Rather than risk being compelled to produce foreign data in the US in violation of international law, counsel has a few options. If the organization is regulated by the United States Department of Commerce it can get certified pursuant to the Department’s Safe Harbor program which examines whether the organization has adequate safeguards to transport foreign data securely to the United States. Financial services companies are generally not regulated by the Department of Commerce, but other alternatives are available. Data protection laws in some countries allow data to be processed and transported to the United States when consent has been obtained from the individual whose data is sought. Obtaining the consent can be tricky. Each country usually has slightly different laws or interpretations of them, so consider retaining local counsel for advice on how to draft a proper consent form. Local law may also require notice to the individual and regulatory authority about the data collection. In some countries there is considerable debate about whether consent can ever be freely given when the request is made by the individual’s employer. As a practical matter, it is usually best to involve the individuals whose data could be subject to production in the United States as early in the litigation as possible to allow them time to consider how to respond to the request for consent. Also, consider contacting the international regulator. The European Commission recently developed a series of model contracts that allow for the transport of data to the United States for use in litigation. Even after figuring out a way to navigate the legal conflict between international privacy laws and document preservations obligations, there are additional logistical issues. First, since the documents may be in one or more languages, your selection of an e-discovery vendor could be affected. Many software tools and vendors only support documents

using ASCII, which does not recognize special characters of some languages. Instead, look for a vendor or software that supports Unicode. Unicode recognizes more than one million possible characters and easily accommodates symbol-based languages like Hebrew and Japanese. Also, some languages like Japanese and Thai do not have spaces between words. The vendor should be capable of reading not just the characters, but also the context of foreign languages. Then there is the logistical issue of translating the documents into English and converting them into a standard format that can searched using the attorney’s preferred review tool. In general, translating documents is expensive and the strategy is usually to limit the number of documents that has to be manually translated. To that end, counsel can use software to automate the translation of documents during the first pass review stage; the software will produce a far less than perfect translation, but one that is adequate enough to identify which documents are privileged or relevant so as to be reviewed further. Keeping track of relevant metadata is especially important in international data collections. Certain characters in other languages may not function properly on a US-based operating system. For instance, emails in HTML cannot always be viewed accurately. Consider sending your e-discovery vendor a sample set of data in multiple languages so that any glitches can be identified and resolved as soon as possible. The time lost will be more than made up for in speedier review. International e-discovery presents a host of issues. It is best to raise all of them during the Rule 16 conference. Even the smallest detail can cause major (and expensive) disputes later on in the litigation. 

“Communication technologies that have fostered our global economy can wreak havoc when it comes to litigation”

98

Alison Brecher is experienced commercial litigation attorney, having served as lead counsel in over 35 bench and jury trials and taken/defended hundreds of fact and expert witness depositions. She joined Marsh & McLennan, a Fortune 200 financial services company, in 2002. Brecher was one of the first in-house counsels in the country promoted to manage electronic discovery activities. Since 2006, she has managed all aspects of MMC’s e-discovery for litigation and investigations involving more than 50,000 employees in over 100 countries. In partnership with IT and other business functions she has developed and implemented global corporate policies and procedures around new technologies, including voicemail, instant messaging, VOIP, unified messaging, email retention, data privacy, and related compliance issues.

www.usfst.com

Alison Breecher.indd 98

28/1/09 15:39:54


Adobe.indd 12

28/1/09 08:38:07


Zantaz:25JUNE

28/1/09

16:21

Page 100

ASK THE EXPERT

A WORLD OF DISCOVERY While the increased use of email, IM, audio, video, blogs and wikis can provide richness to organizations and offer leverage for business success, this unstructured information introduces a host of new challenges and risks regarding operations, regulations and litigation. FST speaks with Jack Halprin about reducing risk, complying with regulations and controlling costs through a defensible eDiscovery process What are the challenges and risks in monitoring, managing and storing unstructured data? Jack Halprin. More information is now being created in more file formats and languages than ever before. This enormous growth in unstructured information – the information explosion – has resulted in a number of issues: rising infrastructure costs; increased risk of failure in the identification, preservation, collection and disposition of information which could lead to evidentiary sanctions or large fines in litigation; and managing this data effectively across borders and jurisdictions to comply with differing rules and regulations regarding electronically stored information (ESI). Though most institutions have systems for compliance, supervision and eDiscovery in place, they are typically point solutions lacking integration. Additionally, many of these systems rely on manual efforts that cannot scale and simply cannot handle the volume of information that’s being produced today. This lack of unification is particularly troubling when conducting pan-enterprise business processes such as eDiscovery, information governance and regulatory audits. A more holistic, unified approach is needed. The global financial crisis has triggered unparalleled mergers and acquisitions and unfortunately massive litigation. What can financial institutions and their counsel do to meet compliance requirements and manage high-stakes litigation? JH. It is true that litigation and investigation are exploding as a result of recent turmoil in the financial markets, but more troubling is that these cases are complex and involve tremendous amounts of unstructured and structured data. This data must be quickly identified and analyzed to meet FRCP and regulatory deadlines, and

100

www.usfst.com

Jack Halprin is Vice President of eDiscovery and Compliance at Autonomy. Widely considered a subject matter expert, Halprin assists clients with building best practices and defensible processes. He works with the EDRM standards body and previously held eDiscovery positions at Guidance Software, LexisNexis and was a litigation associate at Haight, Brown & Bonesteel.

recent events have highlighted the fact that regulators and the companies themselves often don’t know what’s happening in their environments until it’s too late. A holistic, proactive strategy would address issues before failures occur. The right solution enables legal and compliance to know what an email says – when it is sent – and determine whether it presents a legal or regulatory issue. What is a defensible eDiscovery process? JH. In the US and the UK, the legal bar has been raised substantially by amendments to the FRCP and the CPR in order to streamline the management of ESI and encourage compliance. A defensible process requires a systemized and repeatable approach toward eDiscovery. Preservation requirements demand that all data sources be searched, including voice and video, and courts are beginning to recognize the usefulness of advanced search technology to overcome the deficiencies with keyword and Boolean search techniques. This same process will prepare your organization for future regulatory changes. How can technology create a defensible process and avoid repercussions that include sanctions, fines and jail sentences?

JH. Technology must provide uniform coverage across all sources, formats and languages. Using sophisticated analytics to quickly cull, prioritize and understand the meaning of content provides a defensible process for compliance, litigation and investigations while helping avoid unnecessary repercussions from process failures. What does Autonomy offer that is unique? JH. Autonomy is the only vendor to offer a comprehensive end-to-end platform for Enterprise Search, Information Governance, Compliance and eDiscovery. The FRCP-compliant platform is based on our IDOL engine, which is used by more than 17,000 customers worldwide. IDOL is language independent, can read and analyze more than 1000 file types and connect to 400 repositories, including laptops and desktops. Our solutions are available as either a licensed or hosted offering and our five world-class data centers host over 7.1 petabytes of data, process more than one billion documents a month, and provide industry-leading solutions for the largest and most complex legal and regulatory matters to nine of the top 10 banks and 10 of the top 10 law firms.


Zantaz2.indd 1

28/1/09 08:23:24


WHAT’S THE

COLOR OF MONEY?

Bank of America’s Robert Kee explains that going green makes sense for the business as well as the environment

reen IT has to be more than just green wash. Under our Electronification of Paper program, we look at paper in large concentrations along with other kinds of commodity spend as indicators of non-lean process. We then use that data to identify and prioritize processes that we want to digitize, and use best-in-class technologies and applications to try and replicate those and ultimately build a complete enterprise content management architecture. Leaning process is enormously effective from a cost reduction standpoint but it also has all kinds of productivity gains that are really hard to predict in a business case prior to going in and actually doing it. The collapsing of cycle times, the efficiency and the effectiveness of the use of information, all those things are really hard to foresee in a model. But pursuing this is very lucrative in the short run in terms of the elimination of commodity expends and it also has multipliers of productivity that are hard to visualize before you go into leaning the process. Ever increasing volumes of data and stringent compliance rules all have big implications for my function. Having information indexed, classified and categorized for reasons of compliance retention, those are all things that help us build our cases to go in and digitize, making the information that much more agile. If you don’t make the information accessible, then the abundance of it just

G

102

makes it paralyzing. These are all opportunities for us, and we’re actually excited about those environments. These growing reserves of data also have an impact from an environmental perspective. When you take a look at being green, it always parallels just being economic in your consumption of any kind of commodity. The nice thing is that if you pursue a logical business path related to expense reduction and you understand all the externalities of that, it’s going to be green. Also, if you properly classify and categorize data, then you’re going to destroy it and eliminate it at the appropriate retention cycle, which is going to reduce your storage, your need for space, and consumption of energy and hardware. There are literally hundreds of bottom-line benefits from more sustainable practices. Our online banking is a great example of this. This is a scenario where you provide customers with very robust, agile information 24 hours a day, seven days a week, from any place in the world where they can get internet connectivity. Why is there a need to have a physical statement sent to those people? For some it might have value, but for a large population of online banking customers, it’s almost an irritant. The elimination of all that paper has a huge environmental benefit. So that efficiency that we provided them also creates efficiency for us and an environmental benefit.

www.usfst.com

Robert Kee Ed P102-103.indd 102

28/1/09 16:14:25


In any case, Bank of America's involvement in the environment goes way back. It’s one of the things that I've always admired about the corporation, that they’ve always really had an environmental principle that underlay all of their practices. A couple of years ago, our CEO Ken Lewis committed $20 billion to environmental pursuits. Monies were set aside so that over the next 10 years, we would be sure that we made investments in green technologies, green industries, both from the small business standpoint and from a large business standpoint. We put caps on the amount of CO2 emissions that we would generate from our utilities portfolio. We’ve given ourselves percentages in terms of how we were going reduce our energy consumption across the whole portfolio. So those were all things that the bank had gone our and created well before kind of green became a popular sort of scenario. So the Carbon Principles we signed up to recently are just a rational way for us to continue that support of environmental sustainability. To guarantee that the money we spend is used properly we have the Global Reporting Initiative, which we’ve been a member of for a number of years. We already have an ethic in our work to be able to assess the sustainability initiatives and roll them up into this one big picture. The criteria within our commitment on the $20 billion is tailored for each one of our business lines. So there is a methodology that’s inherent in each one of those processes to be sure that we in fact do that. We also created what we call our Environmental Council, which is made up of high-ranking executives within the bank and reports ultimately to Ken Lewis. It makes sure that our policy is consistent, that it’s accurate across the whole global corporation. We've been involved in environmental initiatives for over two decades, so we

make immense efforts to be absolutely sure that what we do is properly vetted. My particular group does a lot of reporting related to CO2 reduction and to the removal of paper from processes, so we use the EPA methodologies for calculating that. We have third-party entities that come in and vet our calculations and our statements so that we know that they’re accurate and will be interpreted properly. and then ultimately we abide by all the rules and regulations and interpretations of the GRI report. The other thing that is really fundamental here is that if a business goes in and makes their processes more sustainable, it’s more efficient, which makes them a better risk to the bank. Quite frankly, we find businesses that are green generally tend to be more efficient and therefore less risky. One of the most important things to remember that there are so many opportunities to do things that are both green and rational from a business standpoint. It’s even true of our commitment to convert our builds to LEED certified buildings. It certainly creates a larger investment for us on the front end, but the payback on that in energy consumption, in the health of our employees, our associates and our customers pays that investment back with a healthy ROI in a very, very quick fashion. Green is just intelligent. Another factor is to understand that through your lending portfolio, that there is some responsibility to direct that to investments that are more sustainable versus those that are not. Again, that’s not just a green thing. That is an intelligent thing, because sustainable businesses will survive and thrive more than those that are not sustainable. 

A couple of years ago we committed

$20 BILLION to environmental pursuits

Robert Kee is SVP Process Change Executive within Global Operations at Bank of America

www.usfst.com

Robert Kee Ed P102-103.indd 103

103

28/1/09 16:14:29


asK the eXpert

Getting personal Looking to better engage customers? Start with getting more personal in how you communicate. Increase the relevance of your communications, while embracing new media channels.

Christopher McLaughlin

W

e are in a time of unprecedented change for the financial service industry, where consumer confidence is at an all-time low. One of the realities of today’s financial services industry is that it is very difficult to actually ‘get to know’ customers. For years now, banks have invested untold millions in technology to help gather, analyze and segment customer data. Simply put, engagement is about putting all of this customer knowledge to work. Every customer touch point, interaction or communication, should be infused with this knowledge. By improving engagement, banks can provide superior service, enhance loyalty and better deliver new products and services to their customers. Customers will be less likely to change providers and more likely to purchase additional products. What’s more, every customer touch point or interaction is an opportunity to demonstrate knowledge of this customer. To this end, many financial services companies have focused a tremendous amount of time and effort on improving the customer experience in their branch and call center operations. However, many of these same companies have largely ignored one of their most important customer touch points, the documents

104

and correspondence that they routinely send. For many customers, their single most consistent point of interaction with their bank is written communication. Therefore, it is critical that financial services companies begin to look at their written communications as ideal opportunities for enhancing customer engagement. Every item of correspondence should incorporate customer knowledge to ensure that its content is highly personalized and relevant to that customer.

“For many customers, their single most consistent point of interaction with their bank is written communication” Of course, we can clearly see a trend away from paper-based communications. Studies show that younger consumers tend to prefer receiving information electronically, and this goes beyond email and a bank’s website. Witness the rise of channels such as mobile phones and social media sites like Facebook. Consumers today are interacting online with their brands more than ever, and banks that rely on paper are quickly becoming dinosaurs.

Beyond customer engagement, it is important to note that financial services firms should aggressively embrace electronic communications because of enormous opportunities for cost savings. One of our clients mails two billion pieces of print communications, and the cost of printing, postage and fulfillment is astronomical. By simply transitioning a small percentage of these to electronic channels, this client hopes to save tens of millions annually. Modern document composition solutions such as Thunderhead NOW are designed to help banks and other financial services firms to produce highly personalized, multichannel customer communications, not just for batch but also real-time needs. Thunderhead NOW is a rules-based solution that leverages web services to easily integrate with existing sources of customer information, like CRM systems. As a result, every communication the bank produces can incorporate comprehensive historical knowledge and information. Thunderhead’s XML design also means a bank can simplify delivery of communications across virtually any channel, paper or electronic. This can be traditional email or PDF documents, as well as text messages, RSS feeds or even automated voice mail output. And, regardless of whether you are producing routine communications, like statements and notices, or one-off customer correspondence, Thunderhead can help you do it more easily and efficiently. Believe it or not, you can get more personal with your customers and save money at the same time. n

Christopher McLaughlin is the SVP of Marketing and Business Development at Thunderhead, a leading enterprise customer communications software vendor. He has 15 years of experience in the ECM market as both a systems consultant and software marketing executive at FileNet. He can be reached at cmclaughlin@ thunderhead.com

www.usfst.com

thunderhead.indd 104

29/1/09 09:03:25


Thunderhead.indd 1

28/1/09 08:22:11


INFORMATION MANAGEMENT

After 25 years of ECM experience Doug Miles knows a thing or two about how our industry is changing. Here, he tells FST why ECM solutions are so important to today’s economic climate

O

rganizations, both public and private, are operating in an era where they are called upon to no longer simply be ICT enabled, but ‘information management compliant’ as well. The emphasis in these times is about being able to handle the proliferation of information born as a result of the increasing number of channels by which individuals and businesses are able to communicate with each other. At AIIM, we represent the information management community as the global association for both users and suppliers of enterprise content management (ECM) solutions. These are the strategies,

services and technologies that enable organizations to capture, manage, store, preserve and deliver information to support business processes, and are the key to successful performance. By staying in control, organizations are able to maximise efficiency, productivity and business continuity. This isn’t easy – which is why AIIM exists.

The here and now In today’s markets, everybody in every office, at every desk, is using computer tools to complete their daily work. Employees often need two or three different packages in the

IT’S NOT ENOUGH TO MANAGE CONTENT

106

www.usfst.com

doug miles.indd 106

28/1/09 15:44:31


workplace, and when you occasionally come across terms like ‘typing pools’ you realize that in the past people didn’t generate their own documentation at all, but had secretaries to do it. The changes in this process run parallel to ECM development. What used to be people with filing cabinets along the walls and secretarial assistants to run those filing systems, is now people generating their own documents and filing them away in non-offi cial systems and against non-offi cial schemes. When I started on computers, for example, you could only use an eight-character uppercase file name to define a file or a document. That’s now moved on to long file names with folders and sub-folders, but we still have this crazy concept of ‘My Documents’ which has no place in the business world. Ultimately, whether a business goal is to meet increasingly complex regulatory requirements or to gain faster access to information, planning is the key to any successful implementation. At AIIM we have highlighted four cornerstones of ECM benefi ts – Compliance, Continuity, Collaboration and Cost Reduction – and we understand that, as a business makes progress through the project, the ECM investment should build rewards for the organization, reduce dayto-day costs, improve customer service and lower the all-too-real risks of compliance infringement. While many of the larger financial organizations already understand this and have been dealing with these issues for many years, once you get down to the mid-market area you see that people actually look at these compliances as something they do in response to a particular directive and not as something they should look at on a day-to-day basis. That’s something that has to change. What’s more, even the most tech-savvy company has to realize that, at the end of the day, it’s still the people behind the technology that really matter. And while CRM processes cover most of those issues, banks and insurance companies need to understand the importance of this and many are subsequently connecting their CRM systems with their help desks and are now moving toward connecting the document management side of the bank as well. Undeniably, and especially in today’s unruly markets, organizations are having to dramatically change their business models in very short periods

Doug Miles is UK Managing Director, AIIM Europe, and has over 25 years’ experience of working with users and vendors across a broad spectrum of IT applications. He was an early pioneer of document management systems for business and engineering applications and has been involved in their evolution from technical solution through business process optimisation to the current corporate-level concerns of compliance, continuity, collaboration and cost reduction. Doug has also worked closely with other enterprise-level IT systems such as ERP and CRM. He has an MSc in Communications Engineering and is an MIET.

CORNERSTONES Doug Miles explains the four cornerstones of ECM. Compliance This has been very much to the fore and very much a strong driver in the financial sector. With companies being absorbed into other companies or having to do joint mergers, you reach a point where the value of a company is down to its information governance as much as it is about financial governance and customer relationships. Continuity Being able to store things electronically provides you with continuity and also helps with continuity planning so that you can improve access. That offers its own scenarios in terms of the fact that you can also outsource offshore processes without needing to set up physical transference. Collaboration This covers everything from shared project sites through to Web 2.0 and enterprise 2.0, wikis and blogs and so on. There is an issue there, and the collaborations going on at the moment aren’t being handed too well. There are repositories of documents sitting around in sites that should be made available. Cost reduction This covers the obvious productivity benefit of being able to move documents through the business process in a way that allows companies to monitor, measure and improve the way the process is done.

of time. For example, if you’re merging the headquarters of two different financial institutions, you have to make sure that all the procedures, processes, documentation, human resources and quality schemes are made available to everybody involved in that merger. You then have to quickly roll all of that out across the other businesses that you’ve acquired or that you’ve merged with, and that’s a massive challenge.

Key features In terms of financial services environments, records management is key for most organizations. They may be storing information for the short-term or for the very long-term, but either way, what has changed over the last few year is the fact that there is now a need for a dialogue between records managers and IT managers. As it stands, nobody is sure how you store away an electronic record and make

www.usfst.com

doug miles.indd 107

107

28/1/09 15:44:32


sure it’s accessible in 15 or 20 years’ time, but what is clear is that if you are required to pull some of that material back, or if a customer demands to know what information you hold on them, then trying to pull that out of a paper system is always going to be horrendously expensive and very, very slow. In fact, it has almost becoming mandatory these days for anybody in those regulatory environments to provide solutions that give organizations the ability to designate records, store records and pull records back in a fairly adept way at any point where they might need to be audited. Furthermore, anybody who currently uses X-drives or file-shares to store their documents rather than keeping them in a proper ECM system, or anybody who is not taking measures to store their emails in a reasonably controlled repository are putting themselves at big risk. As people start to look at the collaboration benefits and extend search portals to do things in their business, then the reuse of knowledge and the speed at which people can find information and respond to data is going be so much better.

doug miles.indd 108

Doug Miles

“As it stands, nobody is sure how you store away an electronic record and make sure it’s accessible in 15 or 20 years’ time”

Of course, it could be considered that these functions will become part of the operating system and I think we’re moving to a scenario where content management services will become more and more part of the underlying infrastructure. Microsoft knows that this is what people need to have and that’s what the company’s Share Point solution is aspiring towards. But I think there will be a blurring of the dividing line between what is an ECM overlay and what is actually provided as a service within the operating system. Similarly, on a higher level, companies are looking to just have one business process management tool across all departments. They’re looking to standardize their business around a set of tools and then merge their processes on to that system. So further down the market, the sort of exposure that people will get to these tools will decrease their cost and it will become the role of ECM to ensure that every person at every desk has a way of knowing where to put their documents – somewhere safe and somewhere accessible in a controlled way. n

28/1/09 15:44:33


Metatomix.indd 1

28/1/09 08:19:45


The end is nigh The writing is on the wall for static displays. James Bickers and David Drain explain that digital is future for financial institutions

T

he bank branch, much like any other place of business, has undergone a radical shift in the past two decades. For financial institutions, this shift comes at a pivotal time. Many of the transactions that once required a trip to the branch are now done from the home computer, and online financial services providers are snapping at the heels of large banks, offering attractive rates and terms. As it has done with retail, digital signage allows banks and financial institutions to hone the in-store experience with a level of precision and visual appeal that has never before been possible. It is an evolution that is in process, and one that will result in the total reinvention of the bank branch. One of the immediate benefits a digital signage network brings to a business is the delivery of on-time content. Mike Abbott, vice president of ADFLOW Networks, says the typical compliance rate for the timely updating of in-branch POP materials is less than 50 percent. With digital in-branch media, that instantly becomes 100 percent. That compliance matters more than ever, as financial institutions add more and more products and services to their menus. Plus, the intangible nature of financial products means customers will benefit from seeing their real-world value.

110

www.usfst.com

Digital Signage Ed P.indd 110

28/1/09 15:51:36


“The financial products provided by banks offer intangible benefits that many times are better illustrated with dynamic pictures and images than static numbers,” says David Little, director of marketing for Keywest Technology. “Digital signage can provide meaningful illustrations showing the results of intangible benefits, like the CD that was cashed in paying off a daughter’s wedding, or the second mortgage that just put the children through college. Digital signage can target rich media at the point patrons are thinking about financial decisions, and that may be just the ticket to arouse need recognition.” Consumers evidently need all the prodding they can get – in 2005, the rate of personal savings in the United States was negative 0.5 percent. That’s only the second time in history that the savings rate was a red number. The other time? The Great Depression. Clearly, consumers aren’t thinking enough about their financial futures. Banks have an opportunity to change this, to the benefit of both parties, but first they have to get their attention. “Despite the advances in internet and phone banking, the branch remains the No. 1 channel for building sales,” says Brian Douglas, director of business development and marketing for ScreenRed. “And banks are far from fully exploiting the value of the physical channel. Today, only two of 100 branch visitors make a purchase. The remaining 98 percent represents an enormous prospect base that can be targeted through POS marketing.”

“Today, only two of 100 branch visitors make a purchase” If all of this sounds a lot like the reasoning behind digital signage at retail, there’s good reason. Today’s financial institutions are becoming more and more like retail establishments with every progressive branch re-design and every new flight of product brochures. “When it comes to in-branch POP, make no mistake – bankers are indeed retailers,” Abbott confirms. “Many of the same retail objectives exist for today’s bankers: basket size, conversion rate, cross-selling and up-selling.”

Building a positive in-branch experience One of the major changes brought about by the growth of the internet in modern culture has been the shift in the nature of business value; specifically, there are many businesses that once differentiated themselves based on service or availability, and now do so chiefly on price instead. Before the dawn of Amazon.com, a reader who wanted a specific book was likely to visit his local bookstore. If it wasn’t on the shelf, the bookseller would place a special order. The result was a full-price sale, and at least two separate visits to the store. But now that the shopper has literally thousands of different options for buying any given book, he can look strictly at hard numbers such as price and shipping date.

Financial institutions face the same dilemma. A passbook savings account used to be the only real place to stash some money that needed to stay liquid. But now, a few clicks of the mouse brings up an unlimited number of options, from hundreds of different providers. The only thing left to count on as a point of differentiation is the emotional and physical experience the customer has with his bank. “The banking industry, like many others, is changing to adapt to customers who are more fickle, smarter about what they want and may not be as loyal,” says Abbott. “Banks have needed to respond by creating in-branch environments that attract customers and create a positive retail experience.” A big part of that change is the physical environment. Douglas calls it a ‘period of metamorphosis,’ as FIs move away from the

Why go digital? Brian Nutt, president of Captive Indoor Media, points to four specific reasons why FIs should consider using digital signage to communicate with both customers and employees. 1. TRAINING “This is a critical component for banks and credit unions. Most have several branches and many have dozens or even hundreds spread across large geographic areas. Banking is also one of the most heavily regulated industries and many of these complex regulations flow down to the teller level, where turnover can be as high as 50 percent per year.” 2. CROSS-SELLING “The cross-sell is at the core of a financial institution’s success story. There is substantial research that shows the more products a person purchases from a financial institution, the less likely that person will leave for another bank. This is a critical issue, because the ability for a bank or credit union to effectively execute the cross-sell often falls on the tellers. Yet the tellers are usually underpaid, understaffed and have not received an adequate amount of training.” 3. EXPERIENCE “Banking is a commoditized industry which has very few differentiators outside of the brand experience. That experience starts when the customer walks through the door and hopefully carries forward with that person even after they leave the branch. It involves interaction with the employees of the bank, traditional advertising outlets, the internet and the interior and exterior of the branch. Digital signage offers the opportunity to enhance the brand experience that customers receive each time they enter the branch.” 4. DRIVE-THRU “The drive-thru is often the most overlooked part of the digital signage equation in a branch. Yet the statistics prove that it should be one of the most carefully planned and executed. Our customers tell me that between 40 and 60 percent of their customers use the drive-thru on a regular basis. That’s a staggering number, when you again consider the importance of the cross-sell.”

www.usfst.com

Digital Signage Ed P.indd 111

111

28/1/09 15:51:43


The Checklist traditional layout that employed a clear separation of staff and customer. “The present and certainly the future have more open environments where clients are made to feel more comfortable in pleasant surroundings with soft colors, no barriers or partition walls and an environment conducive to encouraging a good relationship,” he said. “Technology is also a much more integrated part of a bank today, with ATMs, telephone banking, internet and even teller positions offering a more convenient multichannel experience.” Even so, he said FIs still struggle with stimulating discussions with customers during their routine, errand-oriented visits. Digital signage breaks through that struggle by delivering the desired message in a very convenient, easy-to remember fashion. ‘Effective digital signage is not CNN and a stock ticker running on a plasma TV,’ says Brian Ardinger, senior vice president and chief marketing officer of Nanonation. “Unfortunately, that’s what most banks are currently doing. Banks that are taking advantage of the technology are using it to change the customer experience – targeting information based on time of day, location and demographics. Utilizing multimedia to tell more effective stories, changing content more frequently with greater consistency of service.”

Entertainment and ‘wait-warping’

What to consider when implementing a digital signage solution • Talk to the providers of your existing software. For every bit of mission-critical software in your organization, get somebody on the phone and ask them about whether it plays nice with digital signage. You may find that you’ve already got unused functionality that can power screens; you may find that code will have to be custom-written to make the connection. Create a list of all of these people and companies, and make it available to everyone on the digital signage team. • Find a digital signage provider you trust and want to work with. Ask to see the provider’s existing work. Fly out to see what it has done for other banks. Talk to its existing customers. Ask questions, kick tires. • Get the creative team up to speed. Whether they are employees of the FI or an outside agency, let the people responsible for your brand assets know about the upcoming digital screen rollout. Ask them what concerns and needs they have. Express to them two points that are paramount above all else: The digital signage content must look great, as it is going to be shown in hi-def. Also, the content must be 100 percent consistent with all other brand materials while not directly copying them. Digital signage needs its own content – under no circumstances can your creative team repurpose television ads. • Schedule a meeting with four parties present: your team, your IT people, your creative people and your chosen digital signage provider. Rent a conference room for a day and have lunch delivered. Give everybody a turn, expressing what they need from everybody else to make this work. Consider what resources in-house can be used and what is best outsourced to industry leaders. Be realistic about your deployment plan. Consider a “walk-before-you-run” strategy.

Fewer things are more frustrating than waiting in line – which is precisely why retailers have long stocked queuing areas with magazines and quick-read books. And if you take a moment to study the types of magazines placed there, you’ll see that the titles aren’t chosen at random; not only are they the most attractive titles visually, but they also cut across all demographics (men, • Start picking out displays and wall mounts and other needed technology. women, children, etc.). It’s a simple fact of human nature that unPlease note that this is the last step in the process – not the first. pleasant tasks appear to go by more quickly when we are mentally engaged. This perceived decrease in the amount of time spent waiting, or “wait-warping,” can be exploited in the financial institution Just how much of an impact digital signage makes on perceived with the judicious use of digital signage content. wait times is up for debate, and so far the numbers are anecdotal – but all have been positive. Douglas explains that ScreenRed’s research shows perceived wait time is reduced by half when the digital signs are on. Steve Harris of The Full Picture says that, in his experience, wait-warping is “the primary reason banks and credit unions are interested” in digital signage. “Digital signage can have a big impact on reducing perceived wait times, but what is most important is that the content has to be effective,” says Michael Quartarone, director of business development for ADFLOW Networks. “If the content is repetitive and boring, “Americans are big media consumers,” says Bill Collins of Decithen the customer will lose interest and may have a negative experisionPoint Media. “One of the reasons that they pay attention to media ence. Making sure the content loops are scheduled to play at the is that it passes the time. Radio passes the time during a long automobusy times with content tailored to the right audience demographic bile commute. Newspapers and books pass the time in airports and will not only reduce perceived wait times, it will have a positive on airplanes, and chatting on a mobile phone passes the time when impact on customer satisfaction.” n students walk across a campus. So, in a bank, viewing screen media James Bickers is Editor of Retail Customer Experience Magazine and David Drain is Executive passes the time as people stand in line.” Director of the Digital Signage Association.

“Effective digital signage is not CNN and a stock ticker running on a plasma TV”

112

www.usfst.com

Digital Signage Ed P.indd 112

28/1/09 15:51:43


Signera.indd 89

28/1/09 08:41:44


DATA MANAGEMENT

stoRage issues Maxim Samo details the challenges of overseeing two major data center projects for a prominent European bank during an economic downturn

114

www.usfst.com

SAMO ED P114-116.indd 114

28/1/09 16:24:53


T

he data center build project kicked off back in 2005, when business was good and the economy was great. Everybody was looking to expand data center capacity and space was at a premium. So back at that time we decided to build a new facility in the United States, a project build in two phases. The first phase is 4.5 megawatts of capacity and the second phase is another 4.5 for a site that would be able to finally have nine megawatts of capacity. July 2008 was our live date and we went live with about 2.2 megawatts of capacity. That was always the level we planned to start at, but now we’ll wait a little longer before ramping up to full phase one capacity. We didn’t put in the full mechanical and electrical, just because with the downturn in the economy the demand for all that capacity is no longer as high as we originally thought it would be. That actually was one of the big challenges, the complete turn in the economy. These data center projects are like huge ships, like the Titanic. You can’t just turn them around from one second to the other. So we basically had to go through the project and look at where we could defer as much cost as possible given the new circumstances. Not fully build out the site, but just kind of put things in where it makes sense. Despite the circumstances, the project has been successful. It was on time and on budget and the businesses are happy. Since we have brought that site online we do have people using it, especially in migrations from rented colocation sites that we had. We had to go into colocation rentals back in 2005 because of the capacity constraints. Now we have migrations out of those very expensive rental sites. If we bring them onto our site now it’s a lot cheaper for us in the long-term. While a lot of companies are looking to outsource things like data storage as a way of cutting costs, we look at things case-by-case. We’re actually working on a study looking at when we should we go into colocations and when we should build our own data center? We’re building this for our own company at the lowest cost possible. If you need a huge chunk of capacity and you know you’re going fill that site, it actually makes sense for you to build it. However, things are different if you just need a tactical space – for example, at the time we went into the colocation agreement, we knew that this was going to be temporary. We knew that once we had the new site we could actually move out of it. Of course, if the business situation improves, we can quickly scale up the center’s capacity. The way it is now we can easily scale it up to the full phase one capacity of 4.5 megawatts. Once we see that we need to activate phase two, that would obviously be another major undertaking. Any project like this now has to take environmental concerns into account. We have something called the platform design committee. In there, we look at energy efficiency for our servers and other technologies. However, we also looked at efficiency in our plant. We are using state of the art units with variable speed fans and other features like that so you don’t have a data center that uses a lot of energy for those servers in there. Even in the process of construction, together with the general contractor we looked

“these data center projects are like huge ships, like the titanic. You can’t just totally turn them around from one second to the other”

www.usfst.com

SAMO ED P114-116.indd 115

115

28/1/09 16:25:02


Powering data: big numbers Between 2000 and 2006 global data center power consumption doubled Consumption is expected to rise by a further 40 percent by 2010 Data centers account for around 0.5 percent of global electricity production The average data center consumes as much power as 25,000 households It costs $5.6 million annually to power a 10,000m2 data center

at ensuring that resources were as local as possible. We tried to favor regional traders for all the contracts so that people didn’t have to drive across the country just to get to the job site. Obviously we implemented heat exchanges that allow us to do free cooling during winter. We have carpets made from recycled materials. We even used recycled steel. Also we’re utilizing company credits from the utility providers that we get for energy efficient design. Alongside the environmental benefits we also have to ensure that these kind of efforts are financially viable. Sometimes it’s hard to quantify. In addition to program managing these big constructions projects, I’m also the global head of the data center design team. Something we’re looking at is going into existing data centers and making the mechanical electrical plant more efficient and trying to come up with energy savings in our existing facilities. The difficulty there is first of all you need a baseline, so you need to know exactly how much power you’re already drawing. Especially in buildings that you share with office areas, there’s quite an effort involved in just getting that baseline right. But we are actually running a pilot in Chicago where we have created our baseline. And what we did then is we started to go into the raised floor and started to do all the best practices for energy efficiency. So we started to plug up all the holes we had in our raised floor and made Maxim Samo is sure we had blanket panels everyDirector of Information where we could in the cabinets. We Technology at a major also looked at the CRAC units, their international bank. fan speeds, their humidification, He has more than a the sub-points and all that kind of decade’s experience in stuff. We essentially began to optithe financial IT space. mize the whole system. We actually managed to create a business case and this is an initiative that we are looking into rolling out globally. It’s very hard and you need to put a lot of effort into it. But if you can correctly set a baseline, you can actually show that there is a business case there. The trouble is that savings are hard to quantify. They’re actually very difficult to see. For example, you might start saving money on your utility bill, but at the same time you still have

116

people installing new equipment. So maybe even in your existing data center you will use more energy because you have growing amounts of equipment. So all your savings are basically gone because somebody installed a new piece of equipment, and it’s using all that energy that you just saved. That’s the difficulty. That’s the challenge here. But there is a business case, even if in trying environments.

Room for improvement After the work over in the US I’m now back in Europe working on the renovation of an existing data center. I believe the building is somewhere between 15 and 20 years old, so it’s got into its old age. It’s a shared office and data center. We decided to renovate it because otherwise we’d have to spend a lot of money getting out of it and relocating elsewhere. The project is probably an even bigger challenge than the new data center because this is open-heart surgery. We have to replace the electrical system in an existing data center and be very careful while we do it. You really don’t want to bring the center down while you do that. Fortunately we do have some extra space in the building available. So what we’re doing is building the new electrical plant within the building while the old plant is running, and then there’s going to be a switchover phase. That’s going to be the critical moment when we switch over to the new electrical plant. Once we’ve done that we can rip out the old electrical plant. What I learned on the building operation in the US has been very helpful in this new project. I’m originally a system administrator, and

“We’re looking at is going into existing data centers and making the mechanical electrical plant more efficient and trying to come up with energy savings in our existing facilities” then I started to work in the applications space so it was my first real building project. First of all, it was a different culture, working with different types people. But I did learn a lot. I learned a great deal about how construction projects work, what the difficulties are, how the accounting works, how project management works and what general contractors do. All of that will be of use for me in the renovation project. We are still at a very early stage on this project and we’re planning to have it completed by 2012. This will be happening despite the ongoing economic crisis, though there will likely be some implications. It’s not as if I have a top-down mandate where I’m told that I need to cut 10 percent of the budget. However, we are revisiting what we are doing. We’re making sure that we’re not gold plating anything that doesn’t need to be gold plated. There probably will be some sacrifices once we actually get into the work. However, even in the difficult times, now more than ever, stability is absolutely the key to the endeavor. We cannot make any sacrifices where you would create a risk to the company. We can’t do that. So operational stability is our number one priority during this project. n

www.usfst.com

SAMO ED P114-116.indd 116

29/1/09 09:02:18


CGITech.indd 1

28/1/09 08:17:56


YOUNG:25JUNE

28/1/09

16:20

Page 118

IT INNOVATION

IN THE HOT SEAT FST sits down with Liberty Mutual CIO Joanna Young to discuss the issues that are cooking up a storm in both the technology and insurance space

118

www.usfst.com


YOUNG:25JUNE

28/1/09

S

16:20

Page 119

ince 1912, Massachusetts has been the home to insurance giant Liberty Mutual. Today, Liberty is a Fortune 500 Company and America’s sixth largest P&C insurance company. The firm prides itself on its commitment to provide a broad portfolio of insurance products and services that meet the ever-changing demands of today’s modern consumer. As the nation’s eighth-largest provider of auto and home insurance, the most recent entries into Liberty Mutual’s award cabinet include being recognized for call center operation customer service excellence and a jump of 12 places in Business Week’s ‘50 Best Places to Launch a Career’ list. As Vice President and CIO for Corporate Information Systems and Enterprise Services at Liberty Mutual, Joanna Young is responsible for all corporate systems at the firm. Her goal is to provide best value in this area, as well as best value shared services. “We’re very focused on flexibility and

affordability, together with high quality,” she explains. “We’re also very focused on some acquisition activity that we have going on at the moment, as well as a number of consolidation activities to get more efficiency out of our application portfolio.” Of course, Liberty Mutual is well known for being something of a conservative outfit, where there obviously has to be an enormous degree of care taken in the things that are being implemented. This is especially interesting given today’s unpredictable and erratic markets. “The thing is, we don’t do technology for technology’s sake,” notes Young, “we do it for the business’ sake.” Nonetheless, Liberty has proven that it is a combination of this conservative approach and the leadership of innovative thinkers such as Young herself that has resulted in Liberty’s success. Here she provides insight into why Liberty Mutual is right at the top of its game.

ON THE TEAMWORK NEEDED BETWEEN IT INNOVATION AND ITS BUSINESS PARTNERS

I

T can’t be successful unless it has that incredibly strong relationship with its business partners, whether it’s sales, service or, in my example, the corporate functions within Liberty Mutual, and there’s a number of ways in which a really strong partnership is manifested at Liberty. First and foremost, each business unit has a dedicated chief information officer, and he or she is the primary steward and advocate for their business unit, all the way from the application layer, all the way through to the infrastructure. Second, I have directors that are even aligned into specific business units. For example, I have a director that aligns with human resources, a director that aligns with our legal department, and so that strong alignment filters all the way through the organization. In IT, we have four cornerstones, and one of them is insurance knowledge. That’s equivalent to technical skill, so we deliberately align top-down very closely with our business partners, and then, when you get down to the actual program level on individual projects, we start our projects with the business and the IT teams working together. I recently had one of my customers come to me and say, ‘I think we’d like to do something with document management’. Well, how we started that was not by implementing a group of document management technologies but by doing a business process modelling exercise, whereby the business team, using its Six Sigma methodology, went through and understood the as-is business process and then the target business process.

ON THE CONCERNS SURROUNDING SPIRALLING IT COSTS don’t think that costs have to spiral. The way I approach it is this: First of all, what are the right controlsforyourbusiness?That thengets youbacktohaving tounderstandyourbusiness,understand the government regulations or other controls that apply to the business, and then, from an IT perspective, the CIO needs to establish the right framework. For example, COBiTis now a framework that many people are accustomed to and it can work very well. What we have done is taken the approach that controls should not be additive, but they have to be in line with current processes. We do dozens and dozens of changes in our IT organization every week, every month, and what we did with the controls around change is figure out how to integrate the control into the change process. We then applied some automation so that when a technician or analyst is making a change, the control aspect is in line with the process. If a CIO takes the perspective of making sure that the control activity is in line with the normal IT activity then you’re going to find you’re able to control those costs better than you otherwise would.

I

ON THE GROWING PREVALENCE OF SOFTWARE AS A SERVICE

S

aaSisrelativelyearly in the hype cycle. If you look at it there are certainly places that are emerging, for example sales compensation and project and program management, where you’re seeing software as a service at differing levels of maturity. I go back to my experience with ASPs and what we went through there to make sure that those were positive, productive partnerships, and how we really had to focus on some very basic things. First of all, what is the service or the process that you’re putting into that model, whether it’s ASP or a SaaS? You need to have the right contract and the right partner, but even more than that, you have to have the right IT management structure to manage the service. We’ve all heard horror stories where people have gotten themselves into arrangements where the contract hasn’t been right or the service level agreements haven’t been right, and what we’ve seen is that these people didn’t think carefully enough about the internal structure that they would need to support that model. SaaS will only become something to actively pursue when the business case is right. We don’t do technology for technology’s sake; we do it for the business’ sake. It’s not that we’ll never implement SaaS it or that we’ll never look at other SaaS opportunities, but right now the business case isn’t right.

www.usfst.com

119


YOUNG:25JUNE

28/1/09

16:20

Page 120

ON THE RELATIONSHIP BETWEEN LIBERTY MUTUAL AND ITS BELFAST-BASED DEVELOPMENT CENTER, LIBERTY IT

L

iberty IT was first started in response to the IT resource constraints in the dotcom era. We thought we we’re going to have trouble getting the ITskill sets that we need and the numbers that we needed so we looked around the world to see where would be a good place for us to have our own offshore development center. Northern Ireland was chosen because they had an excellent education system that was putting out some top-quality graduates.We started small — about a dozen or so — and have now grown to close to 250 people to become a flexible, affordable, high-quality source of IT resources for us.

All of our business units use the center and we have some incredible strengths there. Almost all of my new projects use the LIT folks to do the testing and it’s been very valuable to us because of the quality and the cycle time that they’ve been able to offer. But how this has really made a difference to us is in a particularly key way is that LIT has provided flexible, affordable, business knowledgeable, IT employees across a multitude of projects in the business units. I think what this has really proven to us is that employee-based services of this nature are very effective and in fact incredibly advantageous.

ON THE POSSIBILITIES AND ADVANTAGES OF OUTSOURCING

W

hile LIT could, in some ways, be perceived as outsourcing, there’s more of a patronage there, and a feeling that the Liberty Mutual is taking ownership and growing that component.That certainly is a better approach for us. I think we have seen with our quality IT pool that we get resources faster by conducting our operations in that way. For example, if I’m starting on a project and I see that it needs more Java developers but I don’t have enough on my aligned staff, I can call on the develop-

120

www.usfst.com

ment centers, LIT and or the similar development center that we have in Wisconsin, and I can get people within hours onto that project. We find that the ramp-up time is significantly less because chances are we’re getting someone who has already worked on a project associated with that business unit, already understands the application portfolio that we’re dealing with, already understands our infrastructure, already has the relationships with management and senior technologists and are already on our net-

works, part of our human resource systems, and it is incredibly simple and easy to get those people integrated into the project. That’s certainly not to knock our outsource partners, who we also value very highly. But there are places where you want that Liberty Mutual expertise, that Liberty Mutual passion, that known affordability, flexibility and quality applied to projects — usually projects that are near and dear us and critical to us whereas we will use our outsource partners in different ways, maybe more on legacy or commoditized items, and we tend to see more value there. My answer is always that a CIO needs to focus on rightsourcing, okay? If you look at any organization there is always a blend of issues that are dealt with in-house or through outsourcing partnerships or offshore centers. What’s very important for a CIO to understand is that spectrum across the board. Each one of my directors has both their directly aligned staff and a variety of outside relationships — ASPs, offshore developments, various expert relationships with top consulting firms— and they need to understand how to manage that across the spectrum. This is the key skill that any senior IT manager or executive needs to have these days: First of all, determining what needs to be in and what needs to be out, and then making sure you have the right operational management structure to ensure that setup is a positive one.


Pivotal.indd 117

28/1/09 08:41:28


TOM SCHWARTZ:25JUNE 28/01/2009 15:47 Page 122

PRICING OPTIMIZATION

The

bigger picture

It’s not just pricing optimization, it’s business optimization, says Tom Schwartz

W

hile we were attending a conference on pricing optimization in financial services last fall, a colleague of mine made an interesting observation. We had spent a day and a half listening to presentations by industry observers and pricing practitioners focused on improving business profitability through the use of scientific pricing. Each presenter had described the methods and processes involved, the obstacles overcome, and to some degree the benefits of adopting this approach, which is relatively new to the financial services industry. My colleague’s observation was essentially, “what we are talking about here is not just pricing optimization; it’s about opti-

“If we took the same approach to all aspects of our business that we used to improve our pricing, we would be using analytics to drive business performance and improve profitability” mizing the entire business.” In other words, if we took the same approach to all aspects of our business (for example, originations processing or collections strategy) that we used to improve our pricing, we would be using analytics to drive business performance and improve profitability. I’d like to take a few moments to expand on this idea, not to take away from the validity of pricing optimization as a means to increase profitability, but to discuss how the best practices used to deploy pricing optimization can improve business operations in a wider sense. It should be no surprise that executive sponsorship is one of the leading factors in a successful pricing initiative. In fact, savvy solutions providers will not proceed on a project that they perceive to have weak or non-existent executive sponsorship. Executive sponsorship requires an executive decision-maker capable of shepherd-

122

www.usfst.com

ing the initiative from conception, through the internal approval process, marshalling internal resources needed for the project, and ensuring adoption of the solution as a standard business practice. The executive sponsor can assist in identifying and addressing change management concerns by ensuring that the business sponsor has included all relevant stakeholders in the process. In the context of a business optimization

initiative, the role of the executive remains the same – to facilitate acceptance and marshal the resources needed to accomplish the task. The risks of pushing forward without strong sponsorship include making the business process worse rather than better, dissatisfaction among key team members, and unused solutions, sometimes known as ‘shelf ware’. The identification and control of pricing exceptions is where much of the benefit of pricing improvement initiatives is achieved. Most firms in the early stages of pricing improvement do not have the routine ability to define, identify and take action on pricing exceptions, for example, rate or fee discounts greater than established thresholds. The first step is to put the analytics in place to measure pricing compliance. The next


TOM SCHWARTZ:25JUNE 28/01/2009 15:47 Page 123

step is to quantify the impact of these exceptions on business profitability – this will often eliminate much of the resistance to change once the size of the problem is quantified. The ability to measure pricing compliance and measure its impact on profitability will lead to data-driven decisions about pricing strategy and policy. By extension, the application of exception management to other business processes—for example payment deferment processing, credit limit authorization, credit scoring exceptions, and the quantification of the profit impact on each is the next logical step in business optimization. By identifying the key metrics, understanding the drivers and changes over time, and displaying them in an easy-to-understand form on a daily basis, we give ourselves the ability to change business performance for the better. In many cases, the solution will not require a new business application or initiative, but the fuller utilization of existing data warehouses and business intelligence applications. Once you obtain visibility on pricing compliance and its impact on profitability, the next area for improvement may be the alignment of incentives with performance objectives. One classic example of misalignment of incentives is the compensation of a sales force on revenue targets at the expense of business unit profitability. As you well know, our teams do what we incent them to do, and in order to drive business performance incentive programs must be aligned with the company and business unit performance objectives. This alignment process may include the redesign of the incentive metrics themselves. For example, our improved measure of pricing compliance might be used in conjunction with a revenue target to drive both revenue and profitability. Designing some flexibility in the program, for instance, quarterly readjustment of the incentive matrix, will allow the accommodation of changing business conditions while preserving the effectiveness of the program. The key to selling this type of change to both executive management and the team members affected by it is the ability to quantify the impact on profitability and make the plan and metrics understandable to the users. Segmentation of the business is one of the approaches to pricing improvement where significant initial gains are often made, often without the benefit of a pricing solution. This is, of course, due to the fact that more appropriate seg-

mentation causes delivery of more specific and appropriate pricing to the customer. This segmentation might occur along product lines, geography, channels or customer lifestyle segments. We can readily extend the concept of segmentation to other areas of the business, for instance, dealer management or collections strategy. By segmenting our approach to dealers (key dealer programs, sales territory alignments) or collections strategy (identifying accounts or geographies more likely to be delinquent) we further

Five key components of successful optimization • Executive sponsorship • Ability to identify and control exceptions • Alignment of incentives with performance goals • Appropriate segmentation • Deliberately managing change

optimize our approach to the business and our expected returns. Developing and testing of improved segmentation often involves changing processes or infrastructure that had been designed as ‘one size fits all.’ The data upon which the segmentation is developed will also be useful in estimating the effectiveness and profitability of the proposed segmentation approach – pilot testing or champion/challenger testing of the segmentation will further improve your estimates and will help speed adoption. Pilot testing also provides the opportunity to identify and resolve

unforeseen systems limitations or process issues before a wider rollout. Regionalizing your originations or collections strategy not only allows you to customize your approach to the business as conditions worsen, but also when conditions improve you will be able to capitalize on them on a regional basis earlier than competitors operating with broader or national segmentation. As mentioned before, the importance of managing change in any pricing or business optimization effort cannot be understated. Deliberate planning of change management efforts, to include assignment of responsibilities and a stakeholder analysis, will help ensure understanding and adoption of the desired business process change. The stakeholder analysis facilitates the identification and inclusion of all relevant stakeholders at the outset, preventing the development of objections and obstacles late in the process. Another key component of the change management process is the development of the communication plan, which includes consistent and continuous messaging that is targeted to specific audiences, as well as communications of early successes and lessons learned. Whether you have already completed a pricing optimization initiative or are in the process of considering one, your experience with this process improvement effort can be the prototype for a series of business improvement initiatives. The principles of executive sponsorship, controlling exceptions, aligning incentives, applying improved segmentation, and deliberately managing change will allow you to use analytics to drive business performance and improve profitability. n

Tom Schwartz is an operations and analytics executive with experience as a leader and consultant across financial services, retail, manufacturing and distribution. His specialty is the use of analytics to drive business performance and increase profitability. Schwartz was most recently SVP of Operations Analytics at AmeriCredit where he championed a comprehensive pricing improvement program. He holds a M.S. in Operations Research from the Naval Postgraduate School and is a graduate of Wharton’s Advanced Risk Management Program. You can contact him at tomschwartz@uwmail.com.

www.usfst.com

123


Lee ED:25JUNE

28/1/09

16:15

Page 124

INSURANCE

TAKE ONE FOR THE TEAM John Lee talks exclusively to FST about the challenges inherent in IT today and the real importance of cross-functional teamwork

I

n the markets we are currently operating in, there are a lot of negaLee explains that the key thing at Aviva is to make sure the organizative forces hitting banks’ IT organizations and businesses in genertion truly understands IT spend. Achieving that lies in ensuring the IT al. Consequently, there is a lot of concern that IT function is communicating back to the business. “At the departments show they are providing real business end of the day, IT can’t function by itself,” Lee explains. value. For John Lee, Senior Vice President of IT at “It has to function to meet the needs of the business and AVIVA CANADA HAS Aviva Canada, one of Canada’s leading property to make sure we are driving forward with shareholders and and casualty insurance groups and a wholly owned subpolicyholders.” sidiary of Aviva PLC, the world’s fifth largest insurer, this In the past, in many insurance companies, the IT deis his number one concern. “Even though you have all the partment has been seen to work at quite a distance from economic issues and the challenges in the credit markets, sales. Things are very different in telecoms and software, for the ultimate aim for IT is to provide business value,” example, where rapid innovation is critical; but what has beCUSTOMERS notes Lee. “At Aviva, business value is such an important come crucial for insurance companies is the idea of building thing because IT spends, for all these organizations, have on a sense of teamwork between product development, IT gone up considerably, and the executives are increasingly asking, ‘How and sales. At Aviva there are several tactics in place to fully achieve this crossdo I know that I spent well in IT?’” functionality: “One tactic we use is to encourage our IT people to understand

3

MILLION

124

www.usfst.com


Lee ED:25JUNE

28/1/09

16:16

Page 125

John Lee, Senior Vice President of Information Technology at Aviva Canada, has over 25 years of experience working in the information services area, managing the IT operations of leading Canadian organizations, primarily in the financial sector. He is responsible for the IT group of Aviva Canada that supports all of the businesses of the Canadian operation. Prior to his current role, he was the Vice President and CIO of Pitney Bowes Canada. Previously he held the position of Vice President, eBusiness Division, at Fidelity Investments Canada and CIO, and previously was Vice President, Information Technology, at Scotia McLeod Inc.

Cost controls While all this may indeed be a very powerful tool for Aviva, recent events across the market have meant that challenges in governance, risk and compliance have multiplied. This is synonymous with a spiralling of costs for the IT function and a change in its role. “Yes, there is the increased cost associated with that, but you’ve got to focus on the fact that the cost increase IT brings leads to a better environment,” comments Lee. “For example, the controls being mandated by FSA and the regulatory bodies all over the world actually produce a better product.” Lee backs this up by not-

“At the end of the day, IT can’t function by itself”

where their paycheck comes from,” says Lee. “IT groups can at times lose track of why they’re here, so one of the things we do with the executives and the management of our IT function is make them listen to our call centers and, by developing that line of sight, they understand the implication of why these processes are important to service our clients.” The other factor in place at Aviva Canada is the degree of IT participation within key areas of the business. For example, IT plays a major role in the product development group (PDG), the idea being that when the PDG are in the process of rolling out new products they have IT situated at the forefront, as a partner. This double-governance then allows for further alignment throughout the infrastructure of Aviva. Interestingly, the firm finds that this training and understanding actually helps with other business challenges such as retention rates. “It gives our people the feeling that they make a difference,” says Lee. “The other benefit is that they can then see how IT is participating with the business functions and helping to craft things for the business. This consultative role we’re engaging in ultimately improves customer satisfaction for both the business and for IT.”

ing that further regulations enforce discipline and tend to make things more measurable and more documented and ultimately help the business and the IT group. While Lee does acknowledge the downside of additional costs, he maintains the belief that building a better IT management structure and framework needs to stay the top priority. “Ultimately we are trying to produce systems that tend to be more stable and tend to be governed better and better documented. That is always going to be more powerful for IT and the business in general.” With the crunch in credit markets, there is increasingly a restricted appetite for investment in infrastructure. Because of this there is a growing prevalence of outsourcing and the priorities of a CIO subsequently are changing. But as Lee notes, “I think a lot of people are worried about outsourcing because of issues related to the lack of control and the flight of talent and competency; but like any tool, you have to manage it and you

www.usfst.com

125


Lee ED:25JUNE

28/1/09

16:16

Page 126

RUNNING COSTS have to understand what the implications are. If you outsource for the sake of outsourcing, then you’re in the wrong game. You have to outsource to drive business value.” For example, Aviva just completed a massive outsourcing deal. The deal drove around $1.5 million a year in savings, but what it also did for the group was give a competency that they had previously been unable to get. For example, one of the businesses wanted this capability, and for five years, the internal group could not provide it, yet through outsourcing, Aviva was able to get innovation through the vendors. Lee explains further: “In this environment you have to leverage your business, leverage your vendors and leverage other industries to get these innovations and then use them to get more value for your dollar spend. “These are some of the tactics you have to use in light of the climate we are in. You have to understand where you’re going, and you have to manage the portfolio very carefully, because you’re not going have a lot of money to do a lot of projects. People are conservative, and there’s also a lot of risk that you have to mitigate.”

Beating the competition Today, some industry insiders are arguing that we have reached a point where IT is in fact a competitive differentiator within financial services, but this is something that Lee says he has always believed in. “I’ve been in IT close to 28 years, and the places that excite me the most in terms of innovation are where they use innovation to truly drive business value and I’ve seen many cases where that has driven additional sales and cost.” Lee goes on to reference having once worked for a company that was among the first in the world to use 1-800 phone numbers for servicing

126

www.usfst.com

If a business is like a car, then IT is its engine. We ask John Lee about the mechanics of technology and if it’s best to do running repairs or an extensive overhaul when you’re planning changes. “You have to do both. It depends on the business and the type of technology. For a very large, high-risk infrastructure, you have to do the dual cost strategy, but there are times where you can tweak the car in progress. In this climate of conservative investment, we have to be very creative in using innovation in smaller packages of deliveries to modify the car while it’s going, and that can be done. It’s a little bit more challenging; it requires creativity, but in a climate where you’re not going to be able to get major investments, you have to develop this with a degree of nimbleness and an ability to think outside of the box. Don’t always go for the big project; go for a smaller tune-up and do this constant reengineering, and that can work. You have to have both because an IT group that does only major projects won’t be successful, and an IT group that does no major projects but tweaks, can’t succeed. As with everything, it’s about having balance in that portfolio.”

clients and he notes how that triggered massive growth. Reflecting on that, he concludes by saying, “I clearly believe that if you do IT right, it will help you to better service your clients, be more efficient and offer a competitive difference. You can then grow from there. I truly believe that.”


PilotFish.indd 1

28/1/09 08:20:29


KeithDarcy HRM RPT:feb08

28/1/09

FEATURE

16:35

Page 128


KeithDarcy HRM RPT:feb08

28/1/09

16:36

Page 129

DO THE RIGHT THING? Keith Darcy tells FST editor Huw Thomas that the state of business ethics is inextricably linked to the current financial meltdown

Y

ou can find inspiration in the most unlikely places. For Keith Darcy, Executive Director of the Ethics and Compliance Officers Association, it came during the darkest experience of his life as the horror of 11 September 2001 unfolded around him. Then working in New York’s Financial District, he had a front row seat for one of most terrible events in American history, even losing his brother in the collapse of the north tower. He tells us of the normally bustling Manhattan streets becoming like a war zone, how the fires burned for four months and the stench of death hung in the air. But amid the devastation, the fear and the panic, Darcy perceived something else. As he drove a carload of stranded employees north out of the city he saw things that spoke to the essential goodness to be found in humanity. “We listened on the radio to the reports over and over again, watched the fires burn behind us in silence,” he recounts. “But as we were stuck in traffic people would walk over to us, and without saying a word, they would hand us wet towels so we could wash all the soot and debris off our faces. Others came over, and again, without comment, just handed us bottles of water so we could clear our throats. At one corner, we were stuck for 20 minutes and I watched a shoe store owner give away his entire stock of flats and sneakers to women who would have to walk tens of miles to get home that evening.” The following weeks saw similar scenarios being played out across the city. People just pulled together and helped share each other’s burdens. Darcy himself did emotional triage in the lobby of his building, helping those employees who had lost loved ones into one-on-one or group counseling. It was during this time that his essentially optimistic attitude to human nature was confirmed. “I saw something that I’ve never seen before,

a coming together of people helping other people,” he says. “I realized after a while, that nobody had to pass a company policy, or a regulation, or a new law to tell us what we knew was the right thing to do.” It’s fair to say that this optimism has had to endure a few knocks of late. The financial crisis rumbles on, gathering momentum and threatening to spill out into the wider market. Though its causes are far too complex to attribute to a single source, it is clear that a relentless pursuit of profit, coupled with a stark disregard for long-term consequences played a major role. Self-interest trumped responsibility and we could all be paying the price for years to come. Darcy is adamant that ethics, or more accurately an absence of them, are at least partly to blame for our current woes. It all comes down to trust. Take Bear Stearns, one of the credit crunch’s earliest victims. “The government had to step in and force a merger with JPMorgan Chase,” says Darcy. “That took place not because there was a lack of capital at Bear Stearns. There was a lack of confidence, a lack of trust.” According to Darcy, the inability of investors, depositors and regulators to believe in the good intentions of these financial institutions has had just as damaging an effect as the well publicized levels of toxic debt. In a climate where consumers are unusually attentive to any wrongdoing or uncertainty, the issue of trust takes on particular significance. “Any hint or rumor of an impropriety at your firm and your market capitalization goes down,” Darcy continues. “If there’s any substance to it, it goes down even further. At a time like this where there is such a crisis, I can assure you there will be an intolerance of those people who breach the public trust. It is an environment now that is filled with fear. And people who breach the public trust are going to be punished swiftly, both by the market as well as by public servants.”

www.usfst.com

129


KeithDarcy HRM RPT:feb08

28/1/09

16:36

Page 130

Keith Darcy is Executive Director of the Ethics and Compliance Officer Association, the largest association of ethics and compliance professionals in the world with over 1400 members across six continents. Darcy spent over 30 years in the financial services industry, is a director of E*Trade Bank, and teaches ethics and leadership at the Wharton School, University of Pennsylvania.

At the root of the problem is the approach many organizations take to ethics training, particularly in the financial sector. “When you look at the financial sector as a whole, it is a heavily regulated one. Therefore, the training and the monitoring that tends to take place is very regulatory and compliance focused,” Darcy continues. “What I think we’ve been missing in the financial sector is attention to ethics.” But this doesn’t only apply to the financial space. “It is incredibly important, not just to that sector, but to all companies. There is such a profound lack of trust in our institutions and in their leaders that we need to do much more to try and reassure all stakeholders, employees, customers, investors, suppliers and even regulators that we are going beyond just mere compliance.” A common complaint of those resistant to ethics training and legislation is that an increased focus on doing the right thing could have a negative impact on profits. With more than three decades of experience in the financial industry, it’s an attitude that Darcy is extremely familiar with. “When I would talk about ethics, especially to people directly in the Wall Street community, I would typically get a response, ‘What do you want, Darcy? Do you want ethics or profits?’” he says. “I would always say, ‘I want both. This is not an either/or proposition. I want the highest possible financial outcomes for our organizations at the highest possible standards.’ They’re not mutually exclusive.” On the contrary, there is strong evidence that a good company culture is a key differentiator for long-term success. Darcy references a 1994 book, Built To Last by Jim Collins and Jerry Porras, to illustrate the point. “They studied 18 different sectors over a period from 1926 to 1991,” he explains.

130

www.usfst.com

“If you had invested one dollar in the stock market in 1926 in a bread basket of stocks you would have gotten 415 times your money back by 1991.” On the other hand, had you invested your money in the second best performing companies in each sector, you would have made 973 times your initial investment. That might seem like a good return but, had you invested in the top performing companies, you would have made a staggering 6300 times your stake. The factor that ties these industry leaders together? “At the core, in every example, was a values-based culture embedded in those organizations,” Darcy continues. “Clearly, ethics, values and principles aligned to a culture are what builds and sustains great organizations.” This focus on culture continues to lead to success. Darcy points to a couple of organizations that embody this fact, Southwest Airlines and the retailer Nordstrom. “At Southwest Airlines, they know exactly the kind of person that they want to take into the organization,” he explains. “In fact, they have a provisional training program only at the end of which do you find out if you’re a permanent hire.” The results of this attention to detail are striking. The airline has a staff turnover of just eight percent compared to a 22 percent industry average and is virtually the only carrier that has consistently posted profits, year on year, for decades. For Nordstrom everything is constructed around customer service. “You go into Nordstrom’s and everybody wants to help you,” says Darcy. “If one of the salespeople is not as helpful as the rest think they should be, they’ll speak to that person. Strong cultures self-regulate.” The idea of self-regulation should not be underestimated, particularly in our current climate. “What emerges in strong cultures is, rather than trying to create a compliance based top model program which tells people what they can and can’t do, people self-regulate the organization,” he con-

HOLLYWOOD ENDING Lessons in ethics from the silver screen Darcy: Watch the Tom Hanks movie Castaway. It’s a twohour FedEx commercial. The plane is flying over the Pacific. The plane goes down in a storm. Tom Hanks grows a beard and long hair. Five years later, somebody finds him. He gets a shave and a haircut and what does he do at the end of the movie? He delivers the package. I always ask the question, who does he deliver it to? Well, in fact, the person wasn’t home, so he left the note with the package, and the note said simply, “Thank you. This package saved my life.” Metaphorically, work gave him meaning. It kept him alive. He even took a volleyball, called him Wilson and drew a face on it because he needed to personify something. He understood that we do not exist alone. We exist in relationship to other people. I realize it’s fiction, but the implications are huge. Everything we do is done with, by, for and through people, and so ethics has to relate to that.


KeithDarcy HRM RPT:feb08

28/1/09

16:36

Page 131

tinues. “When you think about it in the larger context, there’s only one alternative to self-regulation, and that’s more regulation.” It now seems clear that, particularly for the financial industry, more regulations are an inevitability. Darcy sees the roots of our current malaise in the deregulation-fuelled boom of the nineties when the NASDAQ jumped from 453 in 1991 to a high of 5132 in 2000. “Unfortunately, not only did we get the growth that came from that, but the energy deregulation also gave us Enron. The telecom deregulation gave us WorldCom, and we are today paying the price for banking deregulation,” he says. “I’m a free market economist by training, I would prefer to see the markets work in a free system. The argument is between idealogues who believe totally in the free market system and those who have seen the failings of it. We need an effective balance between the two.” But it won’t be easy. Despite Darcy’s professed faith in human nature, nearly two decades of erosion in ethical standards will take some time to repair. It seems the problem is at risk of moving outside the office and affecting other areas of life. “I like to be an optimist about the future,” he confirms. “My concern is data that says 54 percent of MBA students cheat their way through their degree, that 52 percent of engineering and masters students do the same, where 48 percent of law students cheat their way through their degree and 55 percent of high school students admit to cheating so they can get ahead. I am concerned that somewhere over time we began to feel like people who were entitled to something, that we wouldn’t have to sacrifice for getting ahead, that somehow life was there to pick from. With that kind of attitude comes a certain arrogance. I really do think that we need to make sure we understand the difference between acceptable profits and greed, that we understand that there’s no substitute for hard work and rolling up your sleeves to reach the next level.” Asked for a prescription to reverse our ethical decline, Darcy can provide no quick fixes. He talks about the need to remember what people are capable of achieving and how the positive human spirit must be given the opportunity to grow and express itself. On a more conventionally businessfocused level he outlines a requirement to get back to the basic fundamentals: positive cash flow, quality products, good customer service, being respectful of all stakeholders and rebuilding the trust that has been broken. “There is a mandate today,” he explains. “Companies have to understand the meaning of trust and the importance of ethical awareness in their organizations is a differentiator in the marketplace. It is a differentiator for building enduring great companies. None of this is a six-month rollout. All of this is a permanent commitment to the future. It’s ethics training. It’s ethics awareness. It’s raising the consciousness of people on understanding what’s the right thing to do and building cultures therefore that will self-regulate over time.” But even if all this hard work is successful, it will require constant vigilance for it to be maintained. Thinking back to the collective spirit that he witnessed following the attacks on New York, Darcy is clear that such a feeling can evaporate as quickly as it appeared. “I remember remarking about six weeks after 9/11 to a group that I was speaking to,” he recalls. “I said, ‘My biggest fear is that someday we will take this moment, leave it behind and go back to business as usual.’ And we did.”

FOLLOW THE LEADER Looking up to a more ethical future Darcy: We need moral leadership, people who will stand up and bring voice and action to setting standards of behavior and conduct. Where are the great moral leaders today? I can think of two in my lifetime that stand out. I’m sure there are many more examples, but Dr. Martin Luther King Jr. was somebody who believed in something and gave his life for it. And another one that’s the most extraordinary example of leadership in my lifetime is Nelson Mandela. He was willing to be put to death and assumed he would be because the pain of apartheid was greater than the pain of death. In fact, he spends 27 years on Robben Island and somehow emerges from that not only as a free man but becomes president of the free republic of South Africa. He then has the audacity to create a truth and reconciliation commission saying, “We need to be able to tell the truth in South Africa and forgive ourselves because unless and until we do, we cannot take our seat at the table of nations. So we’ve got to get to the truth of what’s going on here.” It’s long been said that we’re only as well as our deepest secrets. That is true of families, it’s true of corporations and it’s true of society. So we need to address the truth of what ails us. And I do think at some level that we have to speak to the moral fiber of this country and get us back to the basics and the fundamentals that our founding fathers lived by. When they signed the Declaration of Independence, they said that they mutually pledged to each other their lives, their fortunes and their sacred honor. They were doing something enormously bold at the risk of failure. They had no real sense that they could succeed, but they did. But it was built on a foundation of values. We need to get back to that. We’ve got to get away from self-interest and promote the common interest and the common good.

www.usfst.com

131


NCR_DPS.indd 2

28/1/09 08:41:05


NCR_DPS.indd 3

28/1/09 08:41:10


134

Away On Business Rising sun One of the key global centers of financial services, Tokyo is also a dazzling, neon-soaked city of the future. FST checks out what’s on offer once work is over

About Along with New York City and London, Tokyo is one of three ‘command centers’ for the world economy. Tokyo has the largest metropolitan economy in the world and houses several headquarters of some of the world’s largest investment banks and insurance companies. It is also the main hub for Japan’s transportation, publishing and broadcasting industries. 50 companies listed on the Global 500 are based in Tokyo, almost twice that of the second-placed city.

Fast facts

• Tokyo Disneyland was the first Disney Park to be built outside of the US and celebrated its 25th Anniversary in April of 2008. Special celebratory events will continue into this year. • As one of the most overcrowded cities in the world, men known as ‘pushers’ are recruited to pack people onto the city’s trains. • In the 1920s the University of Tokyo became one of the first Imperial universities and houses institutes for earthquake research, cosmic ray research, nuclear study, solid-state physics, applied microbiology, ocean research and Asian culture.

134

Getting around A network of trains and subways dominate the public transport system in Tokyo, with buses, monorails and trams playing a secondary feeder role to the most extensive urban rail network in the world. The Yamanote Loop, which circles the center of downtown Tokyo, carries an estimated 3.5 million passengers between its 29 stations every day. By comparison, the New York City Subway only carries 5.8 million passengers per day across its entire 26 lines.

From the airport Narita International Airport handles the majority of international passenger traffic to and from Japan, and is also a major connecting point for air traffic between Asia and the Americas. Located just 60 kilometers from downtown Tokyo, access to the city center is recommended via rail service. While taxis and buses are available, the trains provide a cheaper and quicker option. The airport currently has two rail connections, but a third line is scheduled for 2010.

www.usfst.com

AwayOnBusiness.indd 134

28/1/09 15:40:55


Where to make the $ The Tokyo Stock Exchange is the second largest in the world, outstripped only by New York. At present, it lists 2271 domestic companies and 31 foreign companies, with a total market capitalization of over $5 trillion. Situated between Tokyo Station and the Tokyo Imperial Palace is Japan’s business district, Marunouchi. Along with neighbouring Otemachi, this is home to many of Japan’s largest companies, particularly those from the financial sector. Other business areas include West Shinjuku, which houses the Metropolitan Government offices. With recent deregulation easing market entry for foreign companies, Makuhari Messe, halfway between the city center and Narita Airport, and the new Tokyo Big Sight complex in Tokyo Bay have also made the city Japan’s major trade fair venue.

Where to spend the $ Shibuya – a major shopping area in Tokyo – is a definite place to visit for anyone interest in Japanese fashion, while Omotesando – a broad, tree-lined avenue leading downhill from the southern end of the JR Harajuku station – shows the other side to Harajuku fashion and is not only full of cafés and international brand clothing boutiques, but also includes the up market Omotesando Hills. This stylish center is full of the who’s who of world fashion brands including Yves Saint Laurent, Dolce & Gabbana, Porsche Design, Dunhill, Jimmy Choo and Adore. The center covers six floors and has a very fashionable interior design. While Paris and Milan may be the center of world fashion design, Omotesando is the center of world fashion consumption.

Eat Casita Carving its own niche by creating a tropical atmosphere and a year-round outdoor deck. Set dinners: $108 Higashiyama Gantan An industrial-minimalist bar, with private dining rooms. Popular with fashionistas. Dinner for two: $90

Sleep Four Seasons Hotel Tokyo Located in the Marunouchi central business district, The Four Seasons offers a striking, contemporary setting, luxurious rooms, privacy and exclusivity. 57 rooms available Double rooms from $752 Keio Plaza Tokyo Five blocks from Shinjuku Station and across the street from the Tokyo Metropolitan Government Building, this hotel is located in the heart of the city’s business and political center. Over 1440 rooms Japanese Tatami Suite from $1024

www.usfst.com

AwayOnBusiness.indd 135

135

28/1/09 15:41:00


136

Quote/unquote Looking back

Hindsight is a wonderful thing. While the credit crunch has proven itself to be erratic and unforgiving in its victims, these people really should’ve known better. Here are some of the worst predictions made since the crunch began

“I did express, at some point, my concern about the use of leverage and was politely told to mind my own business.” Former fund manager James O’Shaughnessy at Bear Stearns of his warning to bosses back in 2007.

“Freddie Mac and Fannie Mae are fundamentally sound. I think they are in good shape going forward.” House Financial Services Committee Chairman Barney Frank made this prediction in July 2008. Two months later the government forced the mortgage giants into conservatorships.

“I expect there will be some failures but I don’t anticipate any serious problems of that sort among the large internationally active banks.” Nine months after this comment by Federal Reserve Chairman Ben Bernanke and Citigroup became the largest financial institution in US history to fail.

“AIG could have huge gains in the second quarter of this year.” Analyst Bijan Moazani’s may 2008 prediction was sadly proven very wrong indeed when AIG wound up losing $5 billion in that quarter and $25 billiom in the next. It has since been taken over by the US Government.

136

www.usfst.com

Quotes.indd 136

28/1/09 16:11:25


And now?

So have we learnt anything from another 12 months of business in the shadow of the crunch? Or are the same outlandish predictions being made for 2009? FST rounds up some of the best of this New Year’s opening gambits

“The financial and economic firestorm we face today poses a serious risk of an extended period of stagnation – a very grim outlook. Even with vigorous Fed action to restore credit flows, an extended period of economic weakness is likely.” Janet Yellen, president of San Francisco Federal Reserve Bank shows her concern.

“Clearly the situation is dire. It is deteriorating and it demands urgent and immediate action.” It’s a grim outlook as far as European Central Bank President Jean-Claude Trichet is concerned, here speaking at the Bank for International Settlements talks in January.

“It took more than three years for the economy to recover from both the dot.com bust of 2000 and the stock market crash of 1929. So, in our view, hopes that the economy is going to recover as soon as mid-year are likely to be dashed in the coming months.” Merrill Lynch’s US economist David Rosenberg illustrates just how little faith is left.

“Already the former heads of the Federal Reserve and the Bank of England, have held up their hands to admit they didn’t understand the risk building up in the financial system. If those in the private sector are to defuse public anger, they will have to do the same.” The Wall Street Journal think its about time the world’s bankers learn to say sorry. www.usfst.com

Quotes.indd 137

137

28/1/09 16:11:28


FACE OFF

138

Changing lanes With the inauguration of the 44th American President now complete, many economists are hoping that Obama will bring change to the financial markets. Here, FST looks at what two key players are saying about Obama’s new policies

Timothy Geithner

Nancy Pelosi

arlier this month, at a senate confirmation hearing, Geithner said that the Obama administration would unveil a threepronged strategy to aid financial firms, struggling homeowners and the consumer credit markets by using the remaining $350 billion of the government’s financial rescue program. “The ultimate costs of this crisis will be greater if we do not act with sufficient strength now,” Geithner told the Senate Finance Committee. “In a crisis of this magnitude, the most prudent course is the most forceful.” He promised that the Obama administration would offer a “clear plan” but provided few specifics. In his previous job as president of the New York Federal Reserve Bank, Geithner had been a key participant in efforts to prop up financial markets. He added: “We’ve seen the costs, in terms of uncertainty created by tentative signals not followed up by clear actions.” He went on to say that the new administration was reviewing a “broad range of proposals,” including the option of setting up a government-run “bad bank” to take toxic assets off banks’ books. Geithner also faced tough questions about his role in devising federal bailouts for Wall Street’s biggest firms and his failure to pay all of his taxes on time between 2001 and 2004. Geithner, who settled his outstanding taxes only after he was nominated to the Treasury post, said he signed his tax forms without reading them carefully. “These were careless mistakes,” he admitted, “they were avoidable mistakes, but they were unintentional.” He concluded by apologizing to committee members for making them spend time on his personal history when the nation faced more pressing issues. 

n a post-inauguration interview, Pelosi revealed that she opposes – at least for now – the idea of Congress approving another costly bailout for troubled banks. While she has spent recent days lavishing praise on the new president – she called his inaugural speech “wonderful” – she’s also said that she won’t always defer to Obama on key policies. In the interview, the San Francisco Democrat, who is arguably the second most powerful person in Washington, sought to quell expectations about how quickly Congress and President Obama will address current problems, from a weak economy to an ailing health care system. “We can’t fi x it all overnight,” she said, “but we have to start to begin.” Furthermore, Pelosi looked to downplay the policy rift, suggesting that she and the President may end up on the same page. “I don’t know that he’s made that decision,” she said, ”but it’s my view that tax cuts for the wealthy are big contributors to the national debt.” As doubts continue to grow about the stability of US markets and foreign banks in general – the United Kingdom have just approved a new rescue plan for British banks, for example – the House is already planning to vote on whether to approve the second $350 billion. In addition there’s already talk that the Obama administration may need to ask for even more money from Congress to assure the stability of major banks. However, Pelosi said she won’t talk about another bailout package until the new administration shows it will make good use of the second half of the current $700 billion financial rescue fund. “How this next money is spent will determine if more money will be spent down the road,” she said. 

Secretary of the Treasury

E

138

Speaker of the United States House of Representatives

I

www.usfst.com

FaceOff.indd 138

28/1/09 16:04:49


MTB MAG AD:Layout 1 28/01/2009 15:59 Page 139

Dedicated To Finance

20,000 Challenges. One Industry. 20,000 Executives. One Community. MeettheBoss.com membership reads like a financial services industry who’s who. CEOs, CIOs and other senior executives from the leading institutions are just two clicks away. But there’s more. Weekly interviews with industry leaders are webcast on the site’s dedicated channel. These are combined with live, moderated discussion groups, video conferencing, IM and secure e-mail in one easy-to-use app that’s dedicated to financial services.

New York 8:50 a.m.

London 1:50 p.m.

Dubai 4:50 p.m.

Tokyo 9:50 p.m.

John is upgrading some core banking functions. He wants to know how to ensure a smooth transition, so he calls…

Paul, who has seen the benefits of an upgrade and is now sharing project management tips with…

Georgina, the turnaround expert who’s moving on to a new project in Japan, where…

Ringo has the local knowledge. But he’s also planning for tomorrow, and that’s all about core banking…

If your network isn’t focused on your business, change it. Join now: www.meettheboss.com MeettheBoss.com is simple, intuitive, unintrusive and secure. It’s also free to use. Membership restrictions apply.


IN REVIEW

140

Hot off the press FST rounds up on some of this quarter’s best business books

Everything I Know About Business I Learned At McDonald’s By Paul Facella and Adina Genn

McDonald’s might not be the first place financial services would think to look for inspiration, but in this insightful new book, Facella, a former senior McDonald’s executive, explains how this monumental organization has one of the highest employee retention rates of any company, managing to motivate staff in a fast-paced and potentially stressful environment, in which pay increases and perks are not readily available as incentives. FST says: Each chapter of Everything I Know About Business I Learned At McDonald’s features one of seven leadership principles that drive business success, based on McDonald’s one-of-a-kind leadership culture.

Schneier On Security By Bruce Schneier

Today, people are doing more in the name of personal security than at any other time in history. But, is it really making a difference? Are people really safer? In this challenging book, Schneier unveils the reality behind current security practice in a collection of his most recent and important writings. The collection features some of the most informative security issues and looks at the price people pay when security fails. FST says: Schneier on Security not only explores the digital aspects of this important issue, but the behavioral side too. Topics include everything from identity theft, to the threat of unchecked presidential power, to why some risks are overestimated and others underestimated. This is a book for all IT and corporate professionals and those individuals with security concerns.

Warren Buffett And The Interpretation Of Financial Statements By Mary Buffett and David Clark This simple guide clearly outlines Warren Buffett’s strategies in a way that will appeal to newcomers and seasoned professionals alike. Inspired by the seminal work of Buffett’s mentor, Benjamin Graham, this book presents Buffett’s interpretation of financial statements with anecdotes and quotes from the man himself. FST says: Written both for the laymen and the serious investor, chapters begin with clear definitions and explanations of what the master investor is looking for when he sits down to explore a company’s financial statement. This book is the perfect companion to other titles in the already acclaimed Buffett series and is likely to become a classic in the world of investment books.

140

www.usfst.com

BookReview.indd 140

28/1/09 15:42:01


SORENSEN:dec08 28/01/2009 16:23 Page 141

OPINION Leading by example

141 I

Perhaps we shouldn’t be so quick to judge employees who break the rules By Marianne Sorensen

f you knew you were about to lose your job, what would you do? It seems that many would make the pre-emptive move of grabbing all the company data they can get their hands on so that it won’t just be the severance package they walk out with. A new survey called The Global Recession and its Effect on Work Ethics by IT Security firm CyberArk suggests that a surprisingly large number of employees are prepared to break the rules in times of crisis. The figures are striking, more than half of the respondents, drawn from workers in London, Amsterdam and New York, admitted that they had already downloaded sensitive data that they planned to use as a bargaining tool in their search for a new job. Slightly surprisingly given their reputation for being laid back, the Dutch were the worst offenders. A staggering 71 percent of respondents in the Netherlands admitted that they would do this if their job was hanging in the balance.

But this willingness to bend the rules also has some more positive impacts, at least from a business perspective. About one third of those polled said they would accept 80-hour work weeks, if that was the only way to keep their jobs. Around a quarter would accept pay cuts rather than face redundancy in such a harsh climate. All this serves to demonstrate exactly how uneasy workers feel about their current prospects. Predictably though, it is the stats about staff stealing data that will draw the strongest reactions. But perhaps we shouldn’t be so shocked by these revelations. Desperate times call for desperate measures and there is very little a human being won’t do if it feels threatened. There’s also the uncomfortable feeling that business has to bear some responsibility for this. The reason so many workers are currently living in fear of losing their jobs is because of a crisis brought on in large part by irresponsible business practices. While few are suggesting that anything outright ille-

gal went on, it’s generally accepted that many of our current problems spring from certain companies and individuals operating at the very limits of acceptability. Huge levels of toxic debt were racked up, while essentially worthless financial products were traded with wild abandon. Since everything started falling apart, the standard statement has been that no one could have seen this coming. As explanations go, it’s pretty weak. The average worker in the financial industry is no idiot, so the idea that the credit crisis is one massive surprise is pretty hard to swallow. If that’s the case, then you have to accept that these business strategies were pursued even though the risks involved were understood by those who were meant to be in charge. Now put yourself in the position of an employee who is facing the sack. Chances are it’s not your fault that your company is cutting back. The decisions that led to this predicament were likely taken way over your head. As the prospect of walking out of the front door with your possessions in a cardboard box becomes ever more likely, why wouldn’t you seek to give yourself every possible advantage? After all, many of the top people in the industry have managed to hold onto their jobs during this crisis. Even those that have walked the plank have often done so with a chunky payoff in their pockets. It hardly seems fair. Culture is something that has recently taken on increasing importance in the business world. A company’s culture is often held up as a key differentiator in a competitive market. But culture comes from the top. If leaders bend the rules for their own short-term gain, we shouldn’t be too shocked when employees do so as well. n

www.usfst.com

141


142

OPINION The onus on bonus As we waved goodbye to one of the toughest calendar years our global economy has ever faced, many executives learnt that keeping their job was the only bonus they were going to get. FST’s Matt Buttell investigates why

n 2007, end of year payouts on Wall Street were up 14 percent compared to what they had been in 2006. Goldman Sachs, Morgan Stanley, Lehman Brothers and Bear Stearns – then the four largest investment firms on Wall Street – handed out nearly $30 billion in bonuses. To put these kinds of earnings into perspective, the entire budget for the city of New York, employing a quarter of a million people, was only $59 billion for fiscal year 2008. In other words, around Christmas time 2007, Wall Street bonuses alone far surpassed the combined funds available for the city’s fire and sanitation departments, education, health, hospital, welfare, homeless, children’s and social services for the whole of 2008.

I

What a difference 12 months makes Governments across the globe have already injected billions in an effort to bankroll our financial institutions and there is now a renewed focus on how these organizations are spending their money – especially in relation to executive pay. After all, it would surely have taken a lot of gall to have openly accepted massive injections of public funds with one hand only to dole out billions in executive bonuses with the other. Because of this, many executives at top firms across the globe were either

choosing to (or being forced to) forgo their bonuses. Take Goldman Sachs for example: despite being only one of two US investments banks left standing through the crunch, Goldman announced last December that its seven top executives had refused year-end bonuses. According to the firm, the seven executives made this decision themselves because they felt it was the right thing to do. Those involved, who, along with CEO Lloyd Blankfein, included Presidents and Co-Chief Operating Officers Jon Winkelried and Gary Cohn, Vice Chairmen John Weinberg, J. Michael Evans and Michael Sherwood and Chief Financial Officer David Viniar, all decided to receive no cash bonuses, no stock and no options for 2008 – just their salaries. As well as this, Goldman also announced that it would impose a major bonus pay cut to about 400 of the bank’s partners after the company recorded its first quarterly loss in the space of 10 years. In fact in 2007, Goldman’s partners received a staggering amount from between $5 million to $29 million in bonus pay outs marking them as both Wall Street and London’s highest paid partner executives. Meanwhile, the CEO of Citigroup, Vikram Pandit, also agreed not to receive his bonus as the company struggled to

Close up: A look at how two of America’s biggest banks are handling the bonus-crisis, as their CEOs join the ranks of leaders forgoing their year-end bonus. n a memo to employees on Tuesday January 7 2009, CEO Ken Lewis recommended the board not award 2008 bonuses to himself and other senior executives. “This was a difficult decision because we have worked hard and made progress on many projects that will create value for our company in future years,” the memo, later obtained by Bloomberg News, read. “Nonetheless, we are a pay-for-performance company.” Other senior executives are likely to receive lower bonuses and Bank of America is expected to report disappointing quarterly earnings later this month as the recession deepened late in 2008.

I

T

he firm did not pay 2008 bonuses to CEO John Mack – he also gave up his bonus in 2007 – and his two top deputies. It also awarded restricted stock bonuses worth less than $1 million to four other executives. The company’s board also approved a change to Morgan Stanley’s pay system, which will let management recoup payments if employees later turn out to have damaged or discredited the firm.

142

www.usfst.com

MattsColumn.indd 142

28/1/09 15:50:12


cope with the financial downturn, and Jamie Dimon, chief executive of JPMorgan Chase & Co, reportedly declined his share of 2008 bonuses which would have amounted to a few million dollars. Then John Thain at Merrill Lynch followed suit, citing the acquisition of Merrill by Bank of America last September 15 – the same day Lehman Brothers went bankrupt – as his main reason for forgoing his bonus. Elsewhere, on the other side of the Atlantic, Swiss banking group UBS was the first to announce that top executives would forgo their year-end bonuses. The bank’s Chairman and Chief Executive, as well as other members of the board, are now set to only receive their fixed salaries this year. After UBS shares slumped to a new all-time low last month, and with the Swiss government stepping in to assist the ailing bank, it is not overly surprising that such a decision has been made. What is surprising though is UBS’s announcement that in 2009 they will introduce a new compensation model that is set to bring about a huge cultural shift within the company. In this new model, while top management will still be eligible to receive both variable cash compensation and variable equity compensation, a large portion of this will be held in escrow and will only be paid out if the results of UBS warrant it. In other words, those who are rewarded will only be those who deliver good results over several years, without assuming unnecessary high risk. From my seat, it seems that the greed of our financial institutions is finally catching up with them. Nine of the largest financial institutions on Wall Street – Bank of America, Citigroup, Bank of New York Mellon, JP Morgan, Merrill, Goldman, Morgan Stanley, State Street and Wells Fargo – were also the first nine to receive a combined $125 billion in capital from the US Treasury Department.

Historically speaking, banks and financial related companies are usually a generous lot when it comes to bonus give-out. True enough, many of the bank staff will find themselves working long and stressful hours: but more often than not, there will be happy faces as the fiscal year edges to an end. When it comes to earnings and profits, banks make most money. And this means a super high yearend bonus. Bonus payment can be as much as 10 times that of a banker’s basic salary, or even more. Just clearly not this year. In honesty, it’s beginning to feel a little like we’re in a Hollywood movie. In Oliver Stone’s 1987 smash Wall Street, Michael Douglas’s character Gordon Gekko tells us ‘Greed is good’. While on some level this still may be true, it seems greed also has a tendency to come full circle on us – with grossly negative implications. Perhaps this point can be best illustrated by looking at a speech recently made by Australian Prime Minister Kevin Rudd. The speech, looking into the state of the global financial crisis, was entitled ‘The Children of Gordon Gekko’, and in it, Rudd stated, “It is perhaps time now to admit that we did not learn the full lessons of the greed-is-good ideology. Today we continue to clean up the mess of the 21st-century children of Gordon Gekko.” Rudd makes an illustrative point – albeit a melodramatic one. Just mentioning the words ‘banker’ and ‘bonus’ in the same sentence seems to trigger a political furor these days. But he is right – no one can deny that we face a global financial mess. And 2008, at least, showed that executive bonuses were the first spillage of that mess to be cleaned up. And as the clean up continues, many of us, I imagine, will be happy to help scrub the floors. n

www.usfst.com

MattsColumn.indd 143

143

28/1/09 15:50:14


Final Word

144 W

Endpoint virtualization Symantec’s David Krauss offers a case for real ROI

ith non-discretionary spending at financial institutions already representing a small percentage of overall IT budgets, CIOs are under increased pressure to deliver improved efficiencies with existing assets. Consolidation efforts and M&A activity that continue to reshape the financial landscape combined with never before seen transaction volumes are challenging organizations to centrally manage resources and reduce costs without compromising the quality and speed of the services that IT delivers. Endpoint virtualization has gained a lot of attention within the financial services community because of its promise to reduce the total cost of ownership (TCO) for enterprise endpoints and improve employee productivity and endpoint control. IT departments are faced with the challenge of greater complexity and exponential growth in the number of enterprise endpoints that must be supported. The mobility of the workforce, outsourcing initiatives, new delivery channels and an increase in shared services are fueling the rising costs associated with this vast ocean of PCs, laptops and PDAs. Endpoint virtualization de-couples the information that matters from the underlying systems and software that deliver it. This makes computing for endusers extremely portable and flexible, helping IT to reduce costs and respond to rapidly changing business needs while centrally managing the endpoints for improved control and security. Symantec recently sponsored a survey, conducted by Applied ResearchWest, to gain insight into the uptake of endpoint virtualization. Some of the key findings include:

144

• 76 percent of respondents have implemented some form of endpoint virtualization technology; • 31 percent said their organizations spend at least 21 percent of IT resources managing incompatibilities between applications on endpoint devices; • 36 percent said at least a quarter of their entire 2009 IT budget is earmarked for endpoint virtualization initiatives.

David Krauss is Senior Manager of Financial Services at Symantec, where he assesses business challenges in the financial services industry and develops technology strategies or solutions that enable financial institutions to secure and manage their informationdriven enterprise against more risks at more points, with greater efficiency, cost savings and confidence

The information from the survey validates that endpoint virtualization will play an important role in how IT departments look to increase user productivity while lowering IT costs. In addition to reducing cost and complexity, security, availability of information and compliance with industry regulations are among the top reasons institutions consider endpoint virtualization. Preventing the loss of sensitive corporate and customer data is critical for any organization – and even more so for financial institutions. Compliance with regulations such as ID Theft Red Flags, GLBA and PCI demands that today’s financial institutions make investments and put processes in place to keep customer data safe. A recent study found that the average cost of a data breech for financial institutions is $239 per compromised record. This is 21 percent higher than in other industries. With

almost half of data breaches in 2007 due to lost or stolen laptops or other mobile devices, preventing data leakage at the endpoint is a big challenge. Endpoint virtualization can help solve the problem by moving stored sensitive data off the endpoint device and into the data center where it can be more easily controlled and effectively protected. The Teachers Credit Union (TCU) in South Bend, Indiana is great example of how a financial institution can implement an endpoint virtualization strategy to more effectively manage its software applications and empower its employees to be more productive. Looking to eliminate application conflicts, automate application deployments and improve support, TCU turned to Altiris Client Management Suite and Software Virtualization Solution (SVS). Using SVS, The Credit Union is able to run multiple versions of the same application, saving hundreds of hours in implementation time. It was also able to complete its migration to Windows XP under time and budget. Worker productivity at TCU has improved and support costs are lower as the volume of IT help desk calls has decreased. As a result, TCU’s IT organization is able to do a lot more in a lot less time. With many IT projects being put on hold or re-evaluated during this time of economic downturn, endpoint virtualization appears to be an area where IT departments are still looking to invest. The strong and immediate ROI is escalating endpoint virtualization as a priority. It can be argued that endpoint virtualization, if it hasn’t already, will soon change the way software is delivered and consumed. n For more information please visit www.symantec.com

www.usfst.com

Symantec_FinalWord.indd 144

28/1/09 16:26:10


SymantecFULL.indd 1

28/1/09 08:21:55


OpenLink.indd 1

28/1/09 08:20:15


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.