FST US 11 by GDS International

COVER FST11 viz2_mar10 04/03/2010 10:42 Page 1

www.usfst.com • Q1 2010

PEOPLE POWER

Travelex CISO James Gay on security’s human factor

SURVIVAL OF THE FITTEST NASDAQ OMX and NYSE Euronext go head to head

HIGH NOON

Are regulators and the ﬁnancial industry set for a showdown?

FST US11 Ads.indd Sec2:1

3/3/10 13:04:53

FST US11 Ads.indd Sec1:1

3/3/10 13:04:58

FST US11 Ads.indd Sec1:2

3/3/10 13:04:59

FST US11 Ads.indd Sec1:3

3/3/10 13:05:01

FST US11 Ads.indd Sec1:4

3/3/10 14:28:52

FST US11 Ads.indd Sec1:5

3/3/10 14:28:53

ED NOTE_mar10 05/03/2010 11:05 Page 6

FROM THE EDITOR 6

Driving lesson Toyota’s response to crisis offers some pointers for the ﬁnancial industry

hen news of widespread faults with Toyota cars broke in February, it quickly traveled around the world. Here was a company that had been lauded for its products, its processes and its profitability suddenly demonstrating a potentially fatal weakness. Toyota’s shares plunged amid millions of recalls and clamor from customers understandably worried that the car they had bought for its safety and reliability might actually be a death trap. Toyota’s response was swift. Senior executives were dispatched all over the globe to make highprofile mea culpas to governments and consumers. The company’s President, plus its American COO and CEO, have all appeared in front of Congress to deliver apologies for the auto giant’s failings and pledge complete cooperation with investigations into exactly what went wrong. In addition, Toyota dealerships are making amends by offering incentives like cheap financing deals and free servicing to new and existing customers.

“If you are a commercial bank and

Toyota’s reaction stands in stark contrast to what happened in the wake of the banking crisis. When the wheels fell off the global financial system, its representatives were considerably less keen to account for their actions. Reluctantly hauled before congress, Wall Street titans like Lehman Brothers’ Dick Fuld, offered somewhat half-hearted apologies to the unlucky people who had lost their shirts, while defending his right to walk away with millions of dollars in compensation. Since then, financial institutions have done little to endear themselves to their customers. Government had to step in to prevent credit card providers from imposing interest hikes without warning, while it took another administration intervention to limit executive pay at companies that had received taxpayer-funded bailouts. In light of this kind of behavior it is little surprise that a recent survey revealed only 33 percent of Americans currently trust banks. Instead of appearing chastened by what everybody agrees were colossal mistakes, finan-

cial organizations have tried to pretty much carry on as before. The ongoing debate over financial regulation provides a good illustration. While it is clear that the administration’s proposals have a number of flaws, the apparent intractability of the industry does little to improve its image. Quite simply, consumers are not prepared to accept that the pre-crisis status quo can be allowed to persist. Changes need to happen and the industry has to have a clear voice in shaping what those changes will be, rather than just digging in its heels and hoping to halt the process outright. When it comes to rehabilitating the financial services industry, a little humility goes a long way. n

Huw Thomas, Editor

“Everybody in a company is part of

“I can understand the idea of putting

you wish the government to

the security and if they don’t

limits on banks' speculative activities,

guarantee your deposits and bail

understand that then we are

but at the same time, there are

you out if necessary, then you

heading for trouble” Travelex CISO

differences between individual

can’t be involved in speculative

James Gay (p32)

countries regarding how they have

activity” Former Treasury Secretary

dealt with this issue.” Japanese

Nicholas Brady (p26)

Finance Minister Naoto Kan (p140)

FST US11 Ads.indd Sec4:7

3/3/10 13:05:06

CONTENTS_mar10 04/03/2010 16:15 Page 8

CONTENTS 8

A new sheriff in town Can fresh regulations bring order to a lawless financial system?

The technology challenge Shalini Singhal explains the challenge of getting senior level executives to believe in the importance of IT

26 32

98 Trading places NASDAQ OMX and NYSE Euronext are battling for the business of the worldâ&#x20AC;&#x2122;s biggest companies. FST hears how technology is the main weapon in the fight for supremacy

The human factor James Gay explains his role as CISO of Travelex and details the main challenges he faces in protecting the company from unnecessary risk

FST US11 Ads.indd Sec5:9

3/3/10 13:05:07

CONTENTS_mar10 04/03/2010 16:15 Page 10

CONTENTS 10

124

Automatic pilot

FortiďŹ ed Citi

126

Optimization through virtualization

38 FortiďŹ ed Citi

66 Message rules

FST talks with Frank Wu about the challenges of global security management and how new technologies are impacting the space

Michael Osterman explains that, while social networks are on the rise, email remains king when it comes to security threats

54 Spinning the security web

72 Compliance on the cards

Etka Aggarwal of Frost & Sullivan on why the internet has ushered in a new era of security threats for business

FST speaks to Dan Schutzer of the FSTC to find out about plans to increase security surrounding our personal data

60 A virtual reality

76 Caller ID

86 Getting things moving

Jason Mills explains that virtualization is key to unlocking the potential of a mobile workforce

Speaker verification and voice biometrics present more user-friendly and secure methods of customer identification in telephone banking

Does the solution to unleashing the potential of mobile payments lie in developing a new infrastructure or in the integration of distributed components of the mobile ecosystem?

62 The 21st century Trojan War David Jevans details the growing challenge of protecting corporate online banking from next generation malware

ASK THE EXPERT 44 Paul Stokes, Methodware 58 Stephen Singh, Juniper Networks 74 Bill Morrow, CSIdentity 84 Dan Schatt, PayPal & Mark Moore, S1 104 Rodrigo Vaca, Zoho 118 Tom Crawford, Microgen

80 Managing money on the move Steve Townend, CEO of of MoBank, outlines the potential for mobile banking.

90 Out of touch? Are contactless payments really the Holy Grail that the banking industry believes?

CONTENTS_mar10 04/03/2010 16:39 Page 11

CONTENTS 11

NEXT BIG THING

124 Automatic pilot

42 Jodi Alperstein, Moody’s Analytics

Pavel Vaynshtok explains how the Workload Automation Advisory Committee is guiding the development of new solutions

EXECUTIVE INTERVIEW

126 Optimization through virtualization

56 Joerg Heistermann, IDS Scheer 68 Bill Conner, Entrust 70 Walt Thomasson, Rentsys Recovery Services, Inc. 78 Doug Kern, Inovis 108 Jim Callan, Econiq 116 Frank Rohde, Nomis Solutions

Saumya Upadhyaya of Frost & Sullivan explains how companies can get the best out of virtualization technology

128 The information Data, risk and innovation in a post-crisis world

132 Data center transformation Michelle Bailey explains what the data center of the future might look like

INDUSTRY INSIGHT 134 In the hot seat 50 Thomas Obermaier, RDC Corp 52 Dr. Tom Butler, Compliance & Risk 88 Andrew Dark, mBlox Inc. 122 Peter Ganza, Xenos

IN THE BACK

Chris Skinner explains the outlook for financial services institutions as we head towards economic recovery

St.Petersburg 138 Away on business 140 Quote/unquote 143 On the shelf 144 Photo ﬁnish

PROJECT FOCUS 92 Crisis and opportunity

112 Laurie Iseman, Infor

Citi’s Gary Greenwald on how the crisis provides an opportunity for technological innovation

96 Closing the gap Craig Vaream outlines electronic payment strategies to reduce days sales outstanding

106 A social approach Michael Thomas offers his opinion on using the recession to add social CRM practices to your CRM strategy

110 Taking care Dele Oladapo looks at the IT challenges facing Prudential Financial

114 Under offer Bobbi Britting explains that the underbanked represent a major potential market for financial insitutions

120 Weight loss program Financial institutions can learn to be Lean, says Jeanne Capachin

The information

128

FST US11 Ads.indd Sec6:12

3/3/10 13:05:09

The Ritz-Carlton, Amelia Island, Florida 17th-19th March 2010

Chairman/Publisher SPENCER GREEN Director of Projects ADAM BURNS Editorial Director HARLAN DAVIS Worldwide Sales Director OLIVER SMART

Editor HUW THOMAS Managing Editor BEN THOMPSON Associate Editor STACEY SHEPPARD Deputy Editors NATALIE BRANDWEINER, REBECCA GOOZEE, DIANA MILNE, JULIAN ROGERS, MARIE SHIELDS

Creative Director ANDREW HOBSON Design Directors ZÖE BRAZIL, SARAH WILMOTT Associate Design Directors MICHAEL HALL, CRYSTAL MATHER, CLIFF NEWMAN, CATHERINE WILSON Online Director JAMES WEST Online Editor JANA GRUNE

Sales Director ALEX SOBOL

FST Summit 2010 The Financial Services Technology Summit is a three-day critical information gathering of the most influential and important CIOs from the financial services industry.

A Controlled, Professional and Focused Environment The FST Summit is an opportunity to debate, benchmark and learn from other industry leaders. It is a C-level event reserved for 100 participants that includes expert workshops, facilitated roundtables, peer-to-peer networking, and coordinated technology meetings.

Project Director HEATHER C BRIDEN Senior Sales Executives LAUREN I MITTLEBERG, ANDREA M KLEIN, DANIEL MIKHAILOV, BRANDON S HARP

Finance Director JAMIE CANTILLON Production Coordinators LAUREN HEAL, RENATA OKRAJNI, AIMEE WHITEHEAD

A Proven Format This inspired and professional format has been used by over 100 executives as a rewarding platform for discussion and learning.

Director of Business Development RICHARD OWEN Operations Director JASON GREEN Operations Manager BEN KELLY

Subscription Enquiries +44 117 9214000. www.usfst.com General Enquiries info@gdsinternational.com (Please put the magazine name in the subject line) Letters to the Editor letters@gdspublishing.com

“What surprised me was the value that I got from the one on one meetings with vendors. I came to network with my peers but a few new relationships were surprising. I can be pretty tough to reach at the office and that can sometimes work against me…”

Gerard Muldoon, Credit Suisse First Boston Financial Services Technology Trump Building, 40 Wall Street, Floor 5, New York NY 10005, USA Tel: +1 212 920 8181. Fax: +1 212 796 7010. E-mail: newyork@gdsinternational.com

Legal Information The advertising and articles appearing within this publication reﬂect the opinions and attitudes of their respective authors and not necessarily those of the publisher or editors. We are not to be held accountable for unsolicited manuscripts, transparencies or photographs. All material within this magazine is ©2010 FST.

GDS International GDS Publishing, Queen Square House, 18-21 QueenSquare, Bristol BS1 4NH. +44 117 9214000. info@gdsinternational.com

CREDITS.indd 13

Find Out More Contact FST at (+1) 212 920 8181 www.fstsummit.com

4/3/10 16:16:47

BRIEF:oct09

4/3/10

16:24

Page 14

UPFRONT THE BRIEF

IMF RETHINKS ROLE The IMF recently announced that it is rethinking its role in the post-crisis world following calls from its 186 member countries to review its mandate. The membership wants to ensure that the Fund covers “the full range of macroeconomic and financial

sector policies that bear on global stability.” In response, the IMF has issued a paper detailing what must be done to promote global stability and how its members can help to achieve this. The ideas put forward in the paper, which is meant to stimulate debate, were discussed by the IMF’s Executive Board on 22 February 2010.

Before the Fund subes the key areas of finance, stamits its final report to bility and surveillance. The the International The paper issued by G-20has Monetary and the IMF outlines the Financial three main chalCommittee in lenges it is currentﬁrm political backing for the governance October of this ly facing. Firstly it reform year, it will be must improve its seeking feedback ability to assess systemic from academics, civil socirisks. Up until now the main ety and governments as it discussfocus of the Fund has been geared

provided

BRIEF:oct09

4/3/10

16:25

Page 15

UPFRONT

THE BRIEF

towards regulatory oversight of in20 has already provided firm podividual institutions at the country litical backing to the governance level as opposed to monitoring dereform efforts of the IMF. velopments relating to the global However, from past experience it economy as a whole. has become evident that translatIn a speech given at the Bretton ing such policy reform into reality Woods Committee Annual Meeting is not always easy and can take on February 26, Dominque Strausstime. “To achieve lasting goverKahn, Managing Director of the IMF, nance reform, the Fund needs the said: “I believe the world is ready for a active support of its entire memshift to this more ‘systemic’ vision of bership. We also need to go beIMF surveillance. A clear indication is yond the issue of quota and voice the G-20’s launch of the Mutual to include other important eleAssessment Process. The so-called ments such as the diversity of staff MAP aims to reduce risks to the sysand management of the Fund, an tem by making the world’s largest area where I have sought to make economies accountable – to each progress but where I fully recogother – for ensuring the global nize, we can and must do consistency of their ecomore,” said Straussnomic policies.” Kahn resolutely. An Secondly, the The paper isupdated IMF must expand sued by the IMF its lending capacity suggests that the is not a silver and offer more flexFund has an opbullet ible insurance faciliportunity to build ties. Finally, the Fund on the positive role it must concentrate its efforts on has played in the crisis, creating stability of reserves as the whilst also addressing those crisis highlighted the fact that shortcomings in its mandate that emerging economies tend to rely prevent it from achieving its full on just a few suppliers of global potential. liquidity. But an updated mandate is With those three challenges in not a silver bullet. A reviewed mind, the paper looks at what mandate does not mean that the changes may be needed to the IMF will necessarily be any better Fund’s policies. Governance in equipped to predict future ecoparticular is an area that will be exnomic crises. plored in detail. Strauss-Kahn exWrapping up his speech at plained: “Clearly, a renewed the Bretton Woods Committee mandate for the IMF will have litAnnual Meeting, Strauss-Kahn tle legitimacy unless we tackle said: “Let me conclude by stresslong-standing grievances with our ing that the debate over the governance. Our crisis prevention Fund’s mandate is not about ‘exefforts could be hampered by conpanding’ it in new directions. cerns about even-handedness. Our Rather, what we seek is a new crisis response efforts could lack focus and capacity to deal with credibility. And our commitment systemic risks. A renewed and to address longer-term issues afre-energized mandate can set the fecting international monetary foundations – and the expectastability may be questioned.” tions – for the Fund to adapt to But, according to Straussthe changing needs of its memKahn, the good news is that the Gbers in the post-crisis era.”

NEWS IN PICTURES

John Dugan, US comptroller of the currency, speaks about ﬁnancial regulatory reform in the US and internationally at the Institute of International Bankers Washington Conference on March 1, 2010.

mandate

A number of Wall Street banks are making large corporate donations to aid the victims of the earthquake in Haiti. Bank of America, JPMorgan Chase, Goldman Sachs and Morgan Stanley have all pledged $1 million. Citigroup has indicated that it will give $2 million whilst Wells Fargo will donate $100,000.

Lloyd Blankfein, CEO of Goldman Sachs Group, Inc.; James Dimon, CEO of JPMorgan Chase & Company; John Mack, chairman of the Board of Morgan Stanley; and Brian Moynihan, CEO and president of the Bank of America Corporation, get up from the witness table after participating in a Financial Crisis Inquiry Commission hearing on Capitol Hill on January 13, 2010 in Washington, DC.

UPFRONT

INTERNATIONAL NEWS

DUBAI’S DEBTS HSBC Middle East has announced that its profits slumped last year due to loan impairments in the United Arab Emirates. It has reported that regional loan impairments more than quintupled last year to $1.7bn, sending the bank’s pre-tax profits down 74 percent from 2008. In it’s full-year report, the bank said: “HSBC’s Middle East operations suffered from a combination of factors: a severe contraction in the economy of Dubai, a fall in oil revenues for much of the year and investment losses incurred by many regional investors.” As a consequence HSBC Middle East posted a loss in both personal and commercial banking in the UAE, where its total loan book contracted by more than 20 percent last year to $13.9bn. Experts are predicting a further increase in bad loan provisions this year as the $22 billion Dubai World restructuring looms over international and local banks.

upfront pg 16-17.indd 16

PASSWORD PROTECTION The internet banking customers of IndusInd Bank now benefit from increased security for their online transactions. The Indian bank is the first to implement Intellect Privacy, an online and internet banking security card that uses multi-factor authentication technology to authorize online banking transactions. The small plastic card, developed at the Indian Institute of Technology Madras, generates a one-time password for corporate clients to use and is issued in booklets by banks. The card is intended to protect customers and banks from phising attacks that come via deceptive emails, Trojans and key/screen loggers.

UNDER PRESSURE A major new study by IBM has revealed the majority of CFOs believe pressure to cut costs and make faster decisions will mount in the next three years. Over 1900 CFOs from 81 different countries were surveyed for the study, which also reveals that 60 percent of them are planning major changes to adapt to the new economic climate. They said they are already experiencing intense pressure on three fronts; reducing the enterprise cost base; making faster and more accurate decisions; and providing more transparency to external stakeholders. However, only 50 percent said they believed their finance organizations are currently effective enough in tackling these business priorities.

4/3/10 16:15:51

UPFRONT

INTERNATIONAL NEWS

MALPRACTICE ON THE MOVE Mobile workforces may increase flexibility for employees, but they are causing a major security headache for many companies. That is according to a study by Infosecurity Europe which found that significant numbers of employees are already misusing technology whilst on the move. The report found the greatest vulnerabilities were in the use of smartphones, which employees are increasingly using to access emails. “The problem here is that, while it’s relatively easy to defend a laptop against the vagaries of a mobile internet connection, securing a smartphone is a whole new ball game for IT managers,” said Claire Sellick, Event Director for Infosecurity. She went on to say that there are clear compliance and security risks inherent in the use of smartphones.

upfront pg 16-17.indd 17

SUCCESS STORY A tale of profit and gain has emerged from the economic downturn in the form of Standard Chartered bank’s latest financial results. The bank reported record profits for 2009 with pre-tax profits up 13 percent compared to 2008 at $5.15 billion. It used this success to justify the paying out of pay and bonuses worth $4.91 billion, criticizing proposals to regulate banks. A statement from the bank said it had concluded that it is in the interests of the business and our shareholders to reward the management team for yet another successful year and to retain top talent in these fiercely competitive markets. The bank is based in the UK but makes most of its profits in Asia.

A COMMON INTEREST Interest rates on credit cards are at their highest for 12 years in the UK, according to figures from the Bank of England. Research carried out by Moneyfacts reveals that the average rate rose steadily to 18.8 percent in February, despite the Bank of England’s main rate being just 0.5 percent. According to Moneyfacts the reason for the interest rate hikes is fear on the part of banks that borrowers will default on their debts. This is fueled by the fact that in the third quarter of 2009, write-offs doubled to $2.4 million. Increased risk continues to be passed on to both new and existing credit card customers through higher rates.

4/3/10 16:16:04

UPFRONT FSTUS11_oct09 04/03/2010 17:13 Page 18

UPFRONT MARKET UPDATE

ONE YEAR ON, HOW MUCH HAS CHANGED?

TOP 10

Worse

$11tr

$12tr

10%

-1.9%

0.1%

HOUSE PRICE INDEX

-7%

-3%

AVERAGE GAS PRICE

$1.90

$2.70

AVERAGE EARNINGS

$720

$738

BANKRUPTCIES

3,368,277

4,155,853

DOW JONES

9,500

10,600

Singapore

NASDAQ

1,500

2,280

Tokyo

USD CURRENCY (€)

0.68

0.71

USD CURRENCY (£)

0.62 89.8

0.61 91.2

EMERGING FINANCIAL CENTERS

2 3 4 5

7 8 9 10

NATIONAL DEBT UNEMPLOYMENT RATE

Toronto CONSUMER PRICE INDEX

Luxembourg

São Paulo

Zurich

Shanghai

Hong Kong

Johannesburg

Dubai

Source: www.businessinsider.com

USD CURRENCY (¥)

All figures rounded up or down using most available information relevant to the time period between the changing of presidents Bankruptcies include filings, terminations and pending | Average earning - weekly | Stock market and currency data rounded up or down 01.20.2010 Sources: www.bls.gov | money.cnn.com | www.oil-price.net | www.eia.doe.gov | www.fhfa.gov | www.uscourts.gov | www.federalbudget.com

Illustration by Robin Richards

Better

UPFRONT FSTUS11_oct09 04/03/2010 17:13 Page 19

UPFRONT

NATIONAL TRUST

MARKET UPDATE

Global PR firm Edelman US recently conducted its 2010 Trust Survey to determine the level of consumer trust in the financial services industry. Of the 500 US citizens aged 25 to 64 that were surveyed, 93 percent believe problems exist in the financial industry and 63 percent think financial institutions need more regulation. Trust in banks fell to 33 percent in the 2010 survey from 36 percent last year, although community and regional banks ranked as the most trusted financial institutions in the US. Brokers/advisors were ranked as the most trusted to provide information on investments or the markets. Despite the overall fall in trust, the survey showed that for collegeeducated 25-34 year olds trust levels have actually risen to 47 percent from last year’s 36 percent. Matthew Harrington, president and CEO, Edelman US, said: “In financial services specifically, companies must realize that transparency via frequent communication and high-quality customer products and services are as essential to creating and maintaining investor trust as superior returns and five-star ratings.”

FAST FACT

17% of all US adults use mobile banking Source: Mobile Marketing Association and Luth Research

BANKS PUSH OVERDRAFT FEES

With the government coming down hard on the way financial institutions charge fees, banks are looking at new ways to apply just enough pressure to ensure that fees keep rolling in. Now new concerns from consumers suggest that banks aren't playing fair, sparking a debate about how much customers can trust their bank. In a strategic marketing ploy, Wall Street behemoths are currently engaging in aggressive campaigns aimed at ensuring billions of dollars in penalty income continues to flow. One Bank of America customer, tomers” and was encouraging cusfor instance, recently told The tomers to sit down with a branch New York Times that he had manager to ensure they unbeen informed that, if he derstood the complexity of US overdraft fees rose tried to buy gas on his overdraft services. “We card, a gas station might want them to make an inplace a hold on his acformed decision before in two years count and he might not be they opt out,” he said. able to fill up at all – even if However, with such aghe had enough money in the gressive methods being deployed bank to cover a full tank: all because to get consumers into branches, the he had attempted to turn off the overdraft plans only stink of having ulterior motives. function on his debit card. Of course, in the banks’ defense, amid growIn response to this, a Bank of America ing public concern over overdraft fees, sevspokeswoman said that the bank's efforts – in- eral large banks announced changes to their cluding giving consumers a document called overdraft policies last year. Opting Out of Overdraft Coverage – had not Bank of America, for instance, said it been issued to encourage customers to remain would not charge a fee when customers exin overdraft services, but to make sure that ceeded their balance by $10 or less per day they understood the complexity of the over- and would limit overdraft fees to four per draft issue. day. And at the end of March this year, Meanwhile, a spokesman at JPMorgan Chase has said that it will be eliminating Chase, which has also come under scrutiny overdrafts for customers whose accounts are for taking up so-called dirty tactics, said that overdrawn by $5 or less and has already limthe firm had “begun to reach out to cus- ited overdrafts to three per day.

35%

UPFRONT FSTUS11_oct09 04/03/2010 17:13 Page 20

UPFRONT COMPANY NEWS

AIG MAKES MOVES ON REPAYMENT

BANKING SAFELY

Marking the struggling firm's most ambitious effort yet to repay its $182.3 billion bailout, AIG announced at the beginning of this month that it had agreed to sell its Asian life-insurance business to Prudential PLC. The deal is reportedly worth roughly $35.5 billion. According to reports, AIG has now received approval from its management board of the sale of American International Assurance Ltd (AIA). Federal Reserve and Treasury Department officials have also

Internet access is everywhere and more and more clients are making transactions online and via applications installed on smart phones. The advancement of this dynamic web has brought forth new business opportunities to better serve customers. But, it has undoubtedly increased the risks of data loss for banking institutions. Organizations must ensure that their customer’s information is protected and mitigate costly data breaches via web and email. To address this need, Websense has released TRITON, a security solution that is fully integrated into one single platform with a single management interface and unified content analysis across web, data and email. No other vendor in the security industry provides a truly unified web, data and email security solution that spans on-premise, SaaS and hybrid deployments with one unified architecture and management console. TRITON gives Websense customers the best security against today’s dynamic, blended threats and outbound data loss, all while easing administration and lowering the total cost of ownership for security solutions.

joined the move, signing off on the deal themselves. The Wall Street Journal reported that the sale of AIA could generate proceeds of about $50 billion, if it were to coincide with a separate sale for American Life Insurance Co. (Alico) that has been proposed to MetLife Inc. Half of that amount has already been earmarked for the Federal Reserve Bank of New York. AIA and Alico are by far the two biggest chunks of AIG that it previously committed to sell as part of its push to pay back US taxpayers, who now own nearly 80 percent of the company. Other sales over the past 14 months fetched a total of $5.6 billion.

Learn more at www.websense.com/besafe.

SWISS RE SELLS US ARM TO BUFFETT

FAST FACT

Card fraud costs the US card payments industry an estimated

$8.6 billion Source: Aite Group

a year

Global reinsurance giant Swiss Re sold a section of its US business last month to none other than billionaire investor Warren Buffett. The Swiss company, which closed the deal for SFr1.3 billion ($778 million), told reported that it hoped the sale would “free up” capital that it could invest more profitably elsewhere. Reports also confirmed that the deal with Buffett's company, which already had a stake in Swiss Re, actually takes retroactive effect from 1 October last year and frees up as much as SFr300 million ($293 million) for the Swiss firm. Despite the sale, however, reports also show that Swiss Re will continue to carry out the administration and reporting roles for the US business in question. That’s because this kind of deal, known as “retrocession”, means

that the Swiss-based company has merely transferred the business to another reinsurer: in this instance, Berkshire Hathaway. But while analysts mostly welcomed the deal, noting how the freed-up capital could be used for more profitable business, shares in the reinsurance giant nonetheless closed down 1.6 percent on the day of the announcement, according to the Zurich stock exchange.

FST US11 Ads.indd Sec3:21

3/3/10 13:05:13

UPFRONT FSTUS11_oct09 04/03/2010 17:13 Page 22

UPFRONT MARKET UPDATE

TOP 10

FINANCIAL IPHONE APPS WORTH USING

1 2 3 4 5

7 8 9 10

Bloomberg Mobile Great for getting real-time ďŹ nancial market data, place trades, news and price quotes

Mobile Banking Bank of America customers can check balances, pay bills and transfer funds on the go

PayPal Offers complete access to your PayPal account allowing you to check your balance and send money

Loan Shark

INVESTMENT BANKERS COME HOME Two investment bankers who left Merrill Lynch & Co. as part of a mass exodus at the height of the financial crisis are set to return to their old firm. Sam Chapin and Todd Kaplan, both veterans of the ailing financial services firm were let go when the securities firm was sold to Bank of America in an effort to save it from collapsing. But now, both Chapin and Kaplan, aged 52 and 45 respectively, are set to return. The move will see both men named as Executive Vice Chairman of Global Banking, with the two men reporting directly to none other than Global Banking and Markets President Tom Montag. Analysts believe the return of the two bankers marks a sign of growth for Merrill Lynch now that it is owned by the nation's largest bank. The Wall Street Journal reports that the return of both Chapin, who will be based in New York, and Kaplan, who will be based in Chicago, is of great significance to the firm. Both men were among a large group of veteran investment bankers and top executives who left the firm before and after the buyout by Bank of America was completed at the start of last year. Reports show that these exits watered

down Merrill's senior ranks and fed concerns about the ultimate success of the merger. However now that the firm is regaining ground, it is trying to recoup some of its lost talent. And according to the WSJ, as an incentive, the investment bank set aside more than $4 billion in compensation for investment bankers and traders in 2009, meaning the average worker is receiving pay similar to a peak compensation year of 2006.

Designed to calculate and compare loans from different vendors

Tipulator

ISSUE IN NUMBERS Email users spend only

Helps you calculate the tip

Security ďŹ rm Symantec detected over Tip Tap A very straight-forward tip calculator

70,000

Payware Mobile Allows you to accept card payments on your iPhone

different variants of the Zeus Trojan in 2009 (P62)

13% of their time on a typical day not working on a computing platform of some kind (P66)

SplashMoney A mobile checkbook that allows you to track different account types

Day Bank A pocket-sized check register great for tracking cash spending on the go

Pennies An expense tracker that allows you to set a monthly budget and track your daily expenses against it

Source: www.businessinsider.com

Mobile online shopping in the United States rose from

$396 million $1.2 billion in 2008 to

in 2009 (P80)

UPFRONT FSTUS11_oct09 05/03/2010 08:49 Page 23

UPFRONT MARKET UPDATE

GOLDMAN VS. NY TIMES: IT’S WAR! When The New York Times reported that They reported that the conference call came Goldman Sachs – one of the few banks on about as executives at the struggling insurer Wall Street to fare comparatively well despite looked to get some of its money back, with execs the economic crisis – may have played a part insisting that Goldman had “inflated potential in AIG's demise last month, Goldman didn’t losses”, adding that Goldman Sachs had insisttake it lying down. ed "that it was owed even more, while also reAccording to a New York Times article at sisting consulting with third parties to help the end of last month, a conference call had been estimate a value for the securities.” held between 21 executives at both finanBut Goldman fought back cial services firms on the January 28, against the allegations, saying in The NY Times 2008 to try to resolve a “rancorous a press statement that “The accused Goldman dispute that had been escalating for New York Times [had writof accepting months.” ten] another story about The article highlighted how certain aspects of the relafrom AIG AIG had long insured complex tionship between Goldman mortgage securities owned by Sachs and AIG titled 'Testy Goldman and other firms against possible Conflict With Goldman Helped Push defaults. But, according to authors Gretchen AIG to Edge.' " Morgenson and Louise Story, the deepening The statement goes on to list several erhousing crisis in 2007 meant that AIG, once rors in the assertions made by The New York the world's biggest insurer, had already paid Times, including the claim that Goldman Goldman $2 billion to cover losses the bank Sachs stood to gain from the housing market's said it might suffer. implosion because in late 2006 the firm had

$2 BILLION

SOCIAL SECURITY Which social network do you think poses the biggest risk to security?

&ACEBOOK

-Y3PACE

4WITTER

,INKEDLN

Over the last few years the nature of cybercrime has changed dramatically and social networks have become one of the most signiﬁcant vectors for data loss and identity theft. In its 2010 Security Threat Report Sophos surveyed a number of companies to ﬁnd out which social media sites pose the biggest perceived risk to security.

begun to make huge trades that would pay off if the mortgage market soured. “This statement is misleading and mischaracterizes how we positioned ourselves at the start of 2007,” read Goldman's amendment. “Goldman Sachs, like most other financial firms, was long out of the mortgage market at the end of 2006. In order to bring our exposure closer to flat, we began hedging our mortgage holdings in the first quarter of 2007. "Those hedges certainly limited our exposure to the declining housing market, but we also recorded substantial writedowns on our residential mortgage holdings. Moreover, in most of the trades with AIG described in the article, Goldman Sachs was hedged by an offsetting position and did not have a short directional bet on the mortgage market." The statement on Goldman's website seemed to declare all out war against the publication, cighting that this latest article marks the third theory the paper has put forward since September 2008. “The theories are contradictory and many of the supporting 'facts' don't stand up to serious scrutiny,” claimed Goldman. The battle, it seems, is ongoing.

PROFILE:oct09

4/3/10

16:24

Page 24

UPFRONT 24 PAUL VOLCKER, CHAIRMAN OF THE ECONOMIC RECOVERY ADVISORY BOARD Currently an economic advisor to President Barack Obama, Paul Volker is heading the Economic Recovery Advisory Board. His career started back in 1952 when he joined the staff of the Federal Reserve Bank of New York as a full-time economist. In 1957 he left that position in order to work for Chase Manhattan Bank as a financial economist. In 1962 he became Director of Financial Analysis at the US Treasury Department and a year later he became Deputy Under-Secretary for monetary affairs. He returned to Chase Manhattan Bank as Vice President and director of planning in 1965. From 1969 to 1974 Volcker served as under-secretary of the Treasury for international monetary affairs. After leaving the US Treasury, he became president of the Federal Reserve Bank of New York from 1975 to 1979, leaving when appointed to become the chairman of the Federal Reserve by President Jimmy Carter in August 1979. He was then reappointed by President Ronald Reagan in 1983. Volcker's time at the Federal Reserve is widely credited with bringing an end to the US stagflation crisis of the 1970s. However during this time the Fed came under strong political attacks and widespread protests due to the effects of the high interest rates on the construction and farming sectors. Leaving the Federal Reserve in 1987, Volcker became chairman of J. Rothschild, Wolfensohn & Co. Since then he has worked at a number of investment banks, taught at New York University's business school, and worked on a report on the oil-for-food scandal for the UN. He also served as co-chair of the Bretton Woods committee from 1989 to 1999. In January 2008, he endorsed Democratic presidential candidate Barack Obama for President and following the election, there was speculation that he would be appointed Treasury Secretary, a job that eventually went to Timothy Geithner. During the financial crisis Volcker was extremely critical of banks, saying that their response to the financial crisis has been inadequate, and that more regulation of banks is called for. Specifically Volcker is a proponent of the idea that the nation's largest banks should be broken up, prohibiting deposit-taking institutions from engaging in riskier activities such as proprietary trading, private equity, and hedge fund investments. On 21 January 2010, President Barack Obama proposed new bank regulations which he dubbed "The Volcker Rule", in reference to Volcker's aggressive pursuit of these regulations.

PROFILE

UPFRONT FSTUS11_oct09 04/03/2010 17:13 Page 25

UPFRONT MARKET UPDATE

BIG BONUSES FOR SMALLER BOSSES Recent data looking into who earns what on Wall Street has revealed that some of finance's biggest earners are located miles from Wall Street, suggesting a significant shift in the paradigm of the Wall Street bonus. According to an analysis of 2009 compensation levels in the industry, John G. Stumpf, head of Wells Fargo (based in San Francisco) tops the list of big earners. In fact, evidence shows that Stumpf was paid a personal best of $18.7 million in cash and stock for 2009, up 64 percent from 2007, just before the financial crisis hit. It seems, then, that some of highest-paid banking execs now come from those institutions who largely avoided becoming embroiled in the compensation debate, essentially leaving Wall Street far behind them. The statistics for 2009 show that Stumpf, for instance, is actually now earning twice as much as Lloyd C. Blankfein, CEO at Goldman Sachs – and that in itself is an interesting figure, given that Blankfein has come to represent a “new period of Wall Street riches”, earning $9.7 million

DON’T MISS... for 2009 – a figure reportedly less than some analysts had anticipated. In fact the leaders in the pay sweepstakes now include the heads of the credit card giants Visa, Mastercard Worldwide, Capital One Financial and American Express, with CEOs earning between roughly $13 and $15.5 million respectively. Ultimately though, the big money does remain on Wall Street. “There are probably thousands of people that are in the Millionaire Club – or even the Ten Millionaire Club – that have gotten no heat [from the bonus scandal],” Alan Johnson, a longtime Wall Street compensation consultant explained to The New York Times.

54 Spinning the security web Etka Aggarwal of Frost & Sullivan on why the internet has ushered in a new era of security threats for business

COMPANY INDEX Q1 2010 Companies in this issue are indexed to the ﬁrst page of the article in which each is mentioned. Amazon 86 Anti-Phishing Working Group 62 Apple 86 AT&T 86 Bank of America 82,86 Celent 86 Celent 86 Citi 26 Commercial Savings Bank 46 Compliance & Risk 52,53 CSIdenity 74,75 Econiq 108,109 Entrust IBC, 68, 69 Facebook 66 First Data 95 Google 38 Harris Interactive 86 IBM 2 IDC Financial Insights 120 IDS Scheer 56,57 Infor 112,113 Inovis 78,79 IronKey 62 iStrategy 107

JPMorgan Chase 60,96 Juniper Networks IFC,58 Legg Mason 128 LexisNexis 31 LinkedIn 66 Mastercard 49 mBlox 88,89 Meet The Boss 123 Methodware 12,44,45 Microgen plc. 118,119 Microsoft 62 MoBank 82 Moody’s 41, 42 NASDAQ OMX 98 NCR 4 Nokia 86 Nomis 116 NYSE Euronext 98 Open Link 37,OBC Opus Research 76 Osterman Research 66 PayPal Mobile 86 Prudential Financial 110 RDC Corp. 50,51

Rentsys 9,70,71 RIM 86 S1 7,84,85 Symantec 121 The Financial Services Club 134 TowerGroup 26,38 Travelex 32 TRG Mobilearth 83 Verizon 38,98 Visa 86 websense 20,21, 65 Wells Fargo 82 Xenos 122 Zoho 104,105

62 21st Century Trojan War David Jevans details the growing challenge of protecting corporate onlinebanking from next generation malware

92 Crisis and opportunity Citi’s Gary Greenwald on how the crisis provides an opportunity for technological innovation

f i r e sh COVER STORY

A NEW

IN TOWN

26 www.usfst.com

NEW REGULATION ED P26-30.indd 26

4/3/10 16:26:02

ffT

Can fresh regulations bring order to a lawless ﬁnancial system? Huw Thomas investigates. he Glass-Steagall act of 1933 attempted to impose order on an industry that was widely perceived as dangerously lawless. Like some distant frontier town during the Gold Rush, Wall Street in the 1920s pursued an ‘anything goes’ ethos where the only end was striking it big. But while the pioneers of the Old West often gambled all they had in the pursuit of big rewards, their financial counterparts instead put the livelihoods of millions of ordinary Americans at risk. As a direct result of bank failures, America experienced a period of economic hardship that has yet to be surpassed. The banking crisis of recent years has dredged up uncomfortable memories of these earlier failings and given rise to the idea that a fi nancial system that has become a little too Wild West is in desperate need of much stronger regulation. Cast in the unlikely role of sheriff is 82-year-old former Federal Reserve Chairman Paul Volcker, whose plan to clean up the banking industry has been seized on by President Obama. At its heart, the proposal will limit the activities of banks and prevent them from becoming too ‘big to fail’, protecting American taxpayers from the need to prop up failing institutions that threaten to bring down the entire fi nancial system. In the eyes of many, it was the repeal of GlassSteagall in 1999 that set the scene for the economy’s recent travails. Allowing the merger of Citicorp and Traveler’s Group to create Paul Volcker a fi nancial supermarket involved in myriad types of business, the repeal opened the door for banks to get involved in ever more sophisticated investment activities. Th is was undoubtedly great news for banks and their shareholders, at least in the short term, as profits shot through the roof. However, involvement with ever more arcane fi nancial products such as credit default swaps and mortgage-backed securities exposed institutions to massively increased levels of risk. When the house of cards started to collapse in 2007, it was not only investors who stood to lose, but also bank customers who did nothing more than regular vanilla banking. A few years and billions of dollars in bailouts later, there is an understandable groundswell of public opinion that banks should be put

under stricter controls to ensure that such a colossal failure can never happen again. The key spoke of the plan proposed by Volcker concerns preventing banks from becoming too important to be allowed to collapse by limiting the ways in which they can expose regular bank customers to the risks inherent in the global fi nancial markets. “That proposal, if enacted, would restrict commercial banking organizations from certain proprietary and more speculative activities,” Volcker said in a statement to the Senate Committee on Banking, Housing and Urban Affairs in February. “In itself, that would be a significant measure to reduce risk. However, the first point I want to emphasize is that the proposed restrictions should be understood as a part of the broader effort for structural reform. It is particularly designed to help deal with the problem of ‘too big to fail’ and the related moral hazard that looms as an aftermath of the emergency rescues of fi nancial institutions, bank and non-bank, in the midst of crises.” So far, so populist. Current public anger at bankers is such that a proposal to tar and feather the entire industry would probably draw a reasonable amount of support. However, wiser heads have also spoken up in favor of Volcker’s idea. Some of Wall Street’s elder statesmen, people like billionaire investor George Soros, former Citigroup Chairman John Reed and former Treasury Secretary Nicholas Brady, have echoed the call for more restrictions on banking activities. “If you are a commercial bank,” Brady said, “and you wish the government to guarantee your deposits and bail you out if necessary, then you can’t be involved in speculative activity.” Reed has also voiced his support for a return to more exacting standards: “I can be convinced that we should move back in the direction of GlassSteagall,” he is on record as saying. But consensus remains some way off. Many in the business are concerned that excessive restrictions would have a major impact on profits. “The claim that Volcker makes is that it will only affect a limited number of global banks,” says TowerGroup analyst Rod Nelsestuen. “The challenge is that those banks do big business in this area. The question is how much of their bottom line will be affected? I’ve seen estimates that anywhere from five to 15 percent of the bottom line of these global banks

www.usfst.com 27

NEW REGULATION ED P26-30.indd 27

4/3/10 16:26:09

will be affected by the inability to trade for their own book and do their own proprietary investments.” The market seems similarly unenthusiastic, with bank shares tumbling around the world when the administration’s intent was announced in January. Such negative potential impacts on revenues are understandably hard to swallow for the industry, but were they to provide a more secure system that could never again plunge into the kind of chaos we have recently witnessed, then surely that would be a sacrifice worth making? Unfortunately, there is plenty of concern that Volcker’s prescription isn’t the best answer to the economy’s ills. “The Volcker rule and similar misguided legislation to reestablish the Glass-Steagall Act assume that a bank should be essentially a utility limited to taking in deposits and making certain types of safe loans,” says The Heritage Foundation’s David John. “They reason that if banks are protected from risky activities, other types of fi nancial services fi rms can be allowed to fail without causing problems to the overall fi nancial system. However, these proposals completely miss the point that as far back as the 1998 failure of the hedge fund Long-Term Capital Management, systemic risk to the fi nancial system is less likely to come from banks than from non-banks.” John argues that none of the financial fi rms that failed during the crisis did so because of their size or because banks engaged in proprietary trading. The failures of Bear Stearns and Lehman Brothers, two of the main harbingers of the crisis, were significant because of the interconnected nature of the modern fi nancial system. Neither was particularly big, and crucially, neither was actually a bank. “An additional level of instability was caused by many major fi nancial institutions having relatively small amounts of capital available to absorb losses,” he continues. “They also had

Fighting talk President Obama signals his intent to rein in the ﬁnancial system

A year in regulation

his economic crisis began as a financial crisis, when banks and financial institutions took huge, reckless risks in pursuit of quick profits and massive bonuses. When the dust settled, and this binge of irresponsibility was over, several of the world’s oldest and largest financial institutions had collapsed, or were on the verge of doing so. Markets plummeted, credit dried up, and jobs were vanishing by the hundreds of thousands each month. We were on the precipice of a second Great Depression. To avoid this calamity, the American people – who were already struggling in their own right – were forced to rescue financial firms facing crises largely of their own creation. And that rescue, undertaken by the previous administration, was deeply offensive but it was a necessary thing to do, and it succeeded in stabilizing the financial system and helping to avert that depression.

28 www.usfst.com

NEW REGULATION ED P26-30.indd 28

28 Jan 2009 President Obama meets members of his team to discuss ﬁnancial re-regulation

4/3/10 16:26:14

limited amounts of liquid assets to cover losses and repay the short-term loans that fi nanced many of their activities. Neither the Volcker rule nor restoring the Glass-Steagall Act would do anything to reduce that interconnectedness or to increase liquidity.” Others are a little less damning in their criticism of the plan, instead citing concerns about a lack of detail in the proposal. “They haven’t defi ned these rules closely enough,” says TowerGroup’s Rod Nelsestuen. “Some of the activities that these banks would be doing along these lines would be called risk management, diversification or offsetting other types of risk in different business lines. The idea that you can’t trade for your own book is an oversimplification. Diversification is in some cases a way of managing risk, so some institutions could use it as a risk management tool. Proponents are saying that the new rule doesn’t mean banks will be limited to the point where they can’t manage risk, but then what exactly do they mean? That’s unclear.” There are also concerns over exactly what is meant by the term ‘too big to fail’. Nelsestuen describes a trading company that was located in the Twin Towers of the World Trade Center when it was leveled on 9/11. Though this company had only around 700 employees, it did a huge amount of business in government bond trading and its loss was keenly felt by the market. “It’s interesting to try and defi ne too big to fail as asset size versus what their function is in the banking world,” Nelsestuen continues. Were the rule to be implemented, just enforcing it would be a major headache. Differentiating between proprietary trading and that done for clients will be incredibly difficult for regulators. In fact, the way that regulation is approached in the US might prove to be one of the most significant hurdles for any new regulatory regime. Compared to the system in place in the UK for example, which is largely principle-based, the US tends towards a more rule-based approach. Th is is especially true at the

17 Sep 2009 – SEC orders ﬂash order ban and approves new rules to govern rating agencies

17 Nov 2009 – Financial Fraud Enforcement Task force is established

21 Jan 2010 Obama threatens to ﬁght Wall Street banks with a new proposal to limit ﬁnancial risk taking. The proposal would prevent banks from investing in, owning or sponsoring hedge and private equity funds

11 Dec 2009 – House of

19 May 2009 – Senate

Representatives approves the biggest changes in ﬁnancial regulation since the 1930s. The bill aims to safeguard the ﬁnancial system and ward off future crises ses

approves a bill to curb sudden dden credit card interest rate increases and hidden fees

26 Aug 2009 – FDIC releases a ﬁnal policy on the qualiﬁcations to acquire e failed banks

NEW REGULATION ED P26-30.indd 29

www.usfst.com 29 Source: Reuters

4/3/10 16:26:22

We should no longer allow banks to stray too far from their central mission of serving their customers. In recent years, too many financial firms have put taxpayer money at risk by operating hedge funds and private equity funds and making riskier investments to reap a quick reward. And these firms have taken these risks while benefiting from special financial privileges that are reserved only for banks. Our government provides deposit insurance and other safeguards and guarantees to firms that operate banks. We do so because a stable and reliable banking system promotes sustained growth, and because we learned how dangerous the failure of that system can be during the Great Depression. But these privileges were not created to bestow banks operating hedge funds or private equity funds with an unfair advantage. When banks benefit from the safety net that taxpayers provide – which includes lower-cost capital – it is not appropriate for them to turn around and use that cheap money to trade for profit. And that is especially true when this kind of trading often puts banks in direct conflict with their customers’ interests. My message to members of Congress of both parties is that we have to get this done. And my message to leaders of the financial industry is to work with us, and not against us, on needed reforms. I welcome constructive input from folks in the financial sector. But what we’ve seen so far, in recent weeks, is an army of industry lobbyists from Wall Street descending on Capitol Hill to try and block basic and common-sense rules of the road that would protect our economy and the American people.

“When banks benefit from the safety net that taxpayers provide it is not appropriate for them to use that cheap money to trade for profit” So if these folks want a fight, it’s a fight I’m ready to have. And my resolve is only strengthened when I see a return to old practices at some of the very firms fighting reform; and when I see soaring profits and obscene bonuses at some of the very firms claiming that they can’t lend more to small business, they can’t keep credit card rates low, they can’t pay a fee to refund taxpayers for the bailout without passing on the cost to shareholders or customers – that’s the claims they’re making. It’s exactly this kind of irresponsibility that makes clear reform is necessary. We’ve come through a terrible crisis. The American people have paid a very high price. We simply cannot return to business as usual. That’s why we’re going to ensure that Wall Street pays back the American people for the bailout. That’s why we’re going to rein in the excess and abuse that nearly brought down our financial system. That’s why we’re going to pass these reforms into law.

moment, when attention is focused on very specific grievances. The problem here is that the more specific the rule is, the bigger the opportunity is to engineer around it. “Public outcry sometimes gets very specific when in reality what we need is to step back and think about what are the basic principles under which the fi nancial industry should operate, how do we articulate them and how do we hold institutions accountable for following them. That would be a better way but I don’t think we’ll be getting there in the short term,” Nelsestuen agrees. Given the current climate, it is perhaps understandable that the Volcker rule is not seen as going far enough by some who would prefer a full reinstatement of Glass-Steagall. That however, is highly unlikely even for a government enthusiastically riding a wave of anti-banker populism. “It’s just not realistic in today’s interwoven economy,” says Nelseusten. “The fi nancial system has to be able to operate within the economy and the economic structure of its service territory. To simply say that we’re going to go back and limit a type of activity without looking at the impact in the economy in general or whether it even fits the business model of the global economy today is very short-sighted.” For all the rhetoric, it seems unlikely that we are going to see any drastic changes in the regulatory system any time soon. Given the glacial pace at which legislation passes through government and the deep-rooted differences at the heart of the debate, anything that can be agreed on by everybody is likely to be far more nuanced in its language than Volcker’s initial suggestion. That is going to take time and a great deal of effort. The hope must be that all parties can work together to craft something that fulfi ls the need for greater control while not unduly hampering the fi nancial industry’s ability to profit and power the US economy. As a nation, America’s success has been built on a careful blend of pioneering risk-taking and the rule of law. If the fi nancial industry is to emerge from its 21st century troubles, it needs to heed the lessons of the past.

30 www.usfst.com

NEW REGULATION ED P26-30.indd 30

4/3/10 17:12:44

CHoicePoint2.indd 1

5/3/10 10:38:21

James Gay ED_FEB10 04/03/2010 16:11 Page 32

FEATURE

The

human factor

32 www.usfst.com

James Gay ED_FEB10 04/03/2010 16:11 Page 33

As CISO for Travelex, James Gay is accountable for security across the company. One of the main challenges he faces is not technological but rather ensuring that the staff adhere to the processes in place.

ince the financial crisis put the global economy in a stranglehold, the market for international payments services has rapidly expanded as businesses and consumers the world over place increased importance on cash management. Businesses in particular have sought to achieve integrated global payment platforms that are capable of meeting their international payment needs. Travelex, the world’s largest non-bank provider of international payments and foreign exchange solutions, is well placed to take advantage of this market expansion, and rivals even the largest global banks in its ability to deliver a truly global payment solution. In September of last year, consulting firm TowerGroup ranked Travelex Global Business Payments as the industry leader in global payment solutions for the Small-Medium Enterprise (SME) market and as number three globally for innovation in payments in the SME market. This is testament to the fact that Travelex continues to innovate in the payment industry. James Gay is the CISO at Travelex and despite the importance that many attach to the role of technology in innovation he tends to believe that when it comes to security, technology is important but it isn’t the most important part of the puzzle. “The security industry as a whole has realized that it is no longer a control and blocking industry. It is a business enabler. People expect security. You can see the challenges that people are facing with the loss of personal data, bank fraud and credit card fraud and the security industry is at the forefront of helping people resolve those challenges. So we have to be more of a people business than we’ve ever been,” says Gay. In his view, the technology is an enabler for what Travelex do, but without the proper concepts of how to deal with the people part of the puzzle the technology isn’t really much use. “The technology is always going to be there as we need the tools to implement things and we need to do things faster, cheaper and better,” says Gay, but he is quick to stress that the main areas of investment over the next 12 to 18 months will be in people. “Without the right people it doesn’t matter how good your technology is, you will not be able to implement it properly,” he explains. The importance of understanding business needs before investing in technology is vital since the market is awash with technology solutions – some better than others – and businesses need to have the correct person in place to make decisions regarding the viability of technology investments.

www.usfst.com 33

James Gay ED_FEB10 04/03/2010 16:11 Page 34

Money on the move The Travelex Cash Passport was launched on 1 May, 2008 and was the first prepaid foreign currency card in the United States. The card, which originally allowed travelers to load and lock-in their rate for American dollars, British pounds and Euros, exceeded all sales expectations and since June 2009 four additional currencies have been made available – Australian, New Zealand and Canadian dollars plus South African rand. Cash Passport, which offers travelers greater security than carrying large amounts of cash, can be used to withdraw money from ATMs or be used to purchase goods and services in any retailer that accepts Debit MasterCard. If the card is lost or stolen the balance is protected and can be replaced in as little as 20 minutes around the world. Two cards can be purchased with different account numbers that can access the same pool of money so travelers can share cards or have a back-up card should one be lost or stolen. Cash Passport comes with Global Emergency Assistance which offers customers a number to call for assistance 24hours a day for lost wallets or passports, medical assistance, legal problems and translation assistance. Combining the convenience of a bank card with the security of a traveler’s check, sales of the new currency Cash Passports are expected to out sell travelers checks by 10:1 during 2010. James Gay explains the development of the Cash Passport and how Travelex is dealing with the increased risk that this involves:

Travelex is an organization that has evolved from that first beginning, a fantastic beginning with Lloyd Dorfman, our chairman, to now actually doing international transfers of money at the click of a button, to selling people cards to go on holiday with rather than a wallet full of cash. On that card there’s nothing that identifies that person. It’s kept on a server in a very, very secure location. So there’s no risk to the people, but there is a risk to the organization. If your wallet gets stolen, with this new technology we’ve introduced nothing actually happens to your finances. By the time we’ve gone through your authentication on the phone we’ve got another card on its way to you, and the person that’s stolen the card can get nothing off it. Because there’s no identification they won’t know it’s you, so they won’t be going off to your house because they know you’re on holiday. Having the organization understand the benefits of all that, but also some of the risks that we introduce to ourselves by taking that risk from the consumer into our pocket effectively, it’s a difficult stretch for a lot of people the first time off. Does that mean we’ve got a bigger security risk? Well, probably not. It’s a different security risk. It’s that shift that’s my responsibility to help an organization understand. The first thing I did was went and got two cards and played with them, saw how they worked, saw how the customer interface worked, looked at the design of the architecture behind it. Then I sat down with a business and said, ‘If I was going This, Gay believes, is the most challenging aspect of to try to defraud you, this is what I would do. rolling out any type of information system, whether it is Cash Passports are Now where are the controls to stop me doing expected to out sell security related or not. Most of the challenges he faces in travelers checks that?’. And we went through them and his role are human as opposed to technological. “Security during 2010. they’re all there. We don’t just develop and information security is about people. It’s about getting software in isolation. The security team are people to understand that they are adding value somewhere involved in the design. It gives them the and that they are responsible for security. Everybody in a comconfidence to come back and say, ‘Well, I’ve been pany is part of the security and if they don’t understand that then we thinking about this. Couldn’t we do this with this card and are heading for trouble,” he warns . defraud it this way?’. And some of them have got really As CISO, Gay believes that he is not actually responsible for security at good ideas, and if they were on the dark side rather than Travelex, but rather he is accountable for it and those who deal directly with the the white side then we’d be worried. But we look at it and customers, those who do finance and those who work in the offices, are responwe say, ‘Okay, maybe as this evolves that may become a sible for security. “I simply make sure that they have the tools and the awareness possibility, so let’s talk about putting some controls in to get it done,” he says. “I’m accountable for the quality of that process.” there,’ but if we can’t put the controls in straightaway we And this is why processes are so important. It’s no good implementing at least get some more monitoring. It’s more about them if the staff cannot work with them or they slow the staff down and they helping the business understand what it is they can do end up circumnavigating them, says Gay. “The whole point of our security is rather than what they can’t do that makes them come to add a protective shell around our processes, but it shouldn’t get in the way back for more. of those processes. If there is a quicker cheaper way of doing things – as long as it doesn’t increase the risk to the company – then we have to find a way of enabling the security in a different manner.” processes to work. Based on these responses he then tries to find a comproThe way that Gay evaluates the effectiveness of the business processes is mise that lies somewhere between efficacy and security. quite hands on and involves him actively getting the opinions of those who There are obviously some processes that are unavoidable such as audit use them – his staff. Wandering around the office he inquires as to how and trails, which are required by legislation, but even in this case Gay says that this why staff do what they do and likewise how they would ideally like the

10:1

34 www.usfst.com

James Gay ED_FEB10 04/03/2010 16:11 Page 35

www.usfst.com 35

James Gay ED_FEB10 04/03/2010 16:11 Page 36

doesn’t necessarily have to be done the hard way. “In my experience there are easier ways to do things and still be as secure and have the same risk mitigations. You just have to think outside the box,” he says. But, he stresses, this can’t be done by just looking in from the outside, it requires that you work with your staff so that you can become an integral part of the solution rather than the problem. And this pretty much sums up Gay’s management style in general. “I think Tom Peters coined the term ‘management by wandering around’ some years ago. If you sit in your office you’re going to see symptoms. I’m naturally an inquisitive person, wherever I’m working a business I want to be part of it, part of the sales process and part of the delivery process,” he says. “As the CISO I have to be part of the security process, but this is just part of the quality delivery of the organization. So by being out there and by being an integral part of it and by knowing what people are doing, what they are trying to do and by knowing what is failing, I get to see the things that are actually going to happen to us. So although I get to see the symptoms, if I haven’t predicted something happening, then I haven’t done a very good job,” explains Gay. This wandering around is also something that he encourages his staff to do so that they too can understand how things can be done better. “Part of being a CISO is making sure that the next generation of CISOs understand the thought process, the risk management process and the risk assessment process,” says Gay. “ So quite often I won’t come up with a bright idea, in fact I try not to. I try and get my people to do the same sort of analysis that I do.” But as much a Gay likes to be in the thick of it, he admits that being on the frontline and seeing every problem that arises is not actually very realistic in his job. So he relies heavily on the feedback from his user base as to the problems and failures they experience. But despite the proactive and interactive approach of Gay and his staff, it is still necessary to implement some kind of measuring process in order to judge performance. This is an integral part of business intelligence. “I think there has finally been a realization that we can no longer have people wandering around in white lab coats, but if you can’t measure something, how can you see whether you are doing it well or badly?” asks Gay. “The only way to measure things is to have that intelligence behind it as an integral part of the quality delivery of a business. Your metrics are just as important as the financial performance of the company and the market impact that you have,” says Gay. Another aspect that he rates very highly is the need to look outside of Travelex at the whole security industry rather than just at the financial services industry, in order to learn what the tools of the future will be. Academia is an extremely important source of information for Gay and he monitors it to see what is occurring in encryption technology, banking and in the credit card arena, which is particularly pertinent since Travelex recently launched its own prepaid cards. “I’m halfway through a Ph.D. at the moment because I believe that by interfacing with academia, understanding what academia is thinking and helping it to understand the problems that we face, then we have a joint approach to solving some of those problems. You have to interface with everybody that has an opinion. You don’t necessarily have to take those opinions on board, but opinions will form the body of knowledge that you use to move forward,” says Gay. He is already doing this with the likes of web 2.0 and the cloud and plans to do so with regards to the newer mobile technologies. “I look at some of the industry forums, not necessarily the security industry, but wherever people are looking at new ways of doing things and at new ways of breaking things. If they’re

36 www.usfst.com

going to break, they’re going to break in an insecure manner, so I want to know their ideas are on how to stop them from breaking in the future.” Regarding mobile technology, this is something that Gay welcomes and he says it is something that Travelex will have to get involved in otherwise it risks not being in business at all. “Mobile is what people are saying is going to be the new contactless technology. We need to embrace the way that people are going to be using it but also understand that we then have a duty to educate our customer base, not just our employee base,” says Gay. He goes on to explain that there is an important distinction between those who have to learn to adapt to this new technology – digital immigrants – and those who have grown up with the technology and are comfortable using it – socalled digital natives. Digital natives, he says, are the people that he will be doing business with and they need to ensure that they are in a position to do that as seamlessly as possible.

“Without the right people it doesn’t matter how good your technology is, you will not be able to implement it properly ” “They don’t want to know about passwords and authentication and whether it's a BlackBerry or an iPod. They just want to know that they have communicated with you, that they have a request for service and whether we are fulfilling that service correctly or not, because if we don’t they are going to go somewhere else,” he says. “We’re not there today and I’m not going to pretend that today we are ready for iPods and BlackBerrys, but we are actively embracing where we need to be. “So my job as CISO and as part of the information technology team is to help the business embrace the new world willingly,” says Gay explaining that he has a fantastic group of executives behind him. “My boss has been made responsible for mobile technologies, which is great because I’ve got a really great relationship with my boss and I can try new stuff out there and I don’t have to explain to 100 people on a committee. I can just go to my boss and say ‘Let’s have a try at this’ or ‘Let’s have a look at that’,” he says. Having a supportive executive also makes it easier for Gay to sell information security. By all accounts this is no easy task as you are selling something for which effectively the very best outcome you can hope for is nothing. “In a lot of the financial services areas nothing is a pretty good result and by having a supportive executive it’s not that difficult to sell the need,” says Gay. “The quantity is always a difficult discussion in any business. I would like to have perfection. The executives would like to have perfection. We look at the cost and we balance the risk with what we are willing to pay. In an industry like ours where we are in the business of risk, we take a risk on a daily basis and that risk decision is made by the executive on an informed basis. It’s my task to make sure that they have all the information to make that decision. Sometimes its quantitative and sometimes its qualitative. “Sometimes its just a plain-old case of ‘I’ve been doing this for so long and I can tell you that there will be a problem if we don’t do this’ and luckily, with the respect I have from my boss and the executive, if I have to pull that one out of the bag they say ‘Well if you really believe that then we will go with you, but don’t play that card too often’”. n

FST US11 Ads.indd Sec7:35

3/3/10 13:05:17

FRANK WU_FEB10 04/03/2010 16:19 Page 38

SECURITY

Fortiﬁed Citi FST talks with Frank Wu about the challenges of global security management and how new technologies are impacting the space. What are some of the unique security challenges facing an organization of Citi’s size and global reach? Frank Wu. I believe the biggest challenge we have is because of the complexity and solutions that we have in Citi. We have somewhere around 10,000 different technologies currently deployed. In the past, we have tried to unify the solutions as a security policy across the board. It turned out that it just cannot be done in reality. We either applied it too hard or made it too loose. So right now, the biggest challenge is really how big the risk is for that particular implementation. From that perspective, we are converting into risk-based security. Everything is about looking at risk itself. If it’s a high risk, we have to address that with more cost, more capital investment. If it’s a lower risk with less potential impact, it really shouldn’t be addressed as much. That’s a good concept. The biggest challenge to us right now is that we are still in the evolving stage of determining the risk. Often you don’t know the risk until you know exactly how you want to manage it and deal with it. However, I believe we are headed in the right direction.

Then if those requirements are met, we move into the production. I take it as security architecture from the process perspective. We also look at it from the enterprise environmental perspective, the infrastructure component and the communication itself. We check to make sure these are all aligned. I think we can accept that everybody has security software now, but perhaps not the complete security solution. What do you think is missing?

“Right now, we are outsourcing mostly in basic functions. But on the architecture and assessment part, we don’t do it”

FW. Everybody has security software, but I don’t think there’s one cohesive soA strong security architecture is clearly important for a firm like Citi. How lution. Almost every company tends to have a lot of point solutions. You will are you garnering feedback on your architectures and your strategies to have a solution to protect the desktop. You will have another solution to proensure that development is made in the correct fashion? tect entry points at the network premises. Then you have another FW. In reality you never know. You only keep solution at the end point which is the server itself. These three sotrying to improve yourself, because security’s lutions may not come from the same vendor and may not address a never-ending challenge. One year, you think identical issues. So what that really means is that we have a lot of you’ve hit it, and then another threat comes the coverage overlapping, which can leave holes. in. The threats keep building in sophisticaIt takes a great deal of effort to know what is overlapping and tion, and every day brings something new. where the missing points are. It takes a great deal of analysis and So you don’t know you are good enough. a lot of time. I don’t think there is a single solution at this point. You only get to the point where you feel comI think the industry probably will not come to a very good fortable. In terms of security architecture, it solution until a lot of security companies are integrated under comes into multiple stages. That is a series of one umbrella. Right now, we have a lot of point solutions proevents that process along the entire deployvided by smaller vendors, which results in a lot of niche solutions. ment cycle and life cycle management. So You can stitch them together, but it doesn’t mean it’s a fabric. from the beginning, when we engage with a Frank Wu is VP of Security Architecture vendor at the feasibility study stage, we really at Citi Difficult times can lead to both customers and providers netake the time to look at the solution ourselves glecting innovation to an extent and just sticking with what to see how it complies with our needs. they know. Has the financial turmoil had any impact on Citi’s security Once we come into our lab environment, our engineers start to look at architecture? what we call Citi’s specific implementations. That’s a time where we actualFW. It definitely has an impact. At the very least, it will slow down deployment. ly looking closer at our compliance in item by item detail in terms of operSecurity really is a matter of you will never get 100 percent coverage. So you ations, in terms of the configurations, in terms of how it will be deployed, may reach 90 percent, but the last mile or 10 percent is very costly to do. and the internal administrative a counter administrative login support and Sometimes, we had to do a manual process to compensate for it. SS accountability.

38 www.usfst.com

FRANK WU_FEB10 04/03/2010 16:19 Page 39

As a result of the financial downturn, deployment of new technology tends to be slowed down. Also, a lot of vendors become very unstable. You can end up hesitating to work with a new vendor because you don’t know how long they are going to be around. It’s not all about cutting heads and cutting costs. Often, it’s about spending money in a wiser way. How are you looking to change Citi’s security in the next two to three years? How are you driving in that direction? FW. This is a big question. Three to five years is a very long time in the security space. But we are pretty much focusing on two domains. We look at it as infrastructure security and application security. So infrastructure security in terms of platform network, storage, those kind of things. Then security at the administrative level comes up, security administrative solutions, which are also considered infrastructure. Application tends to concern the user interface for dealing with customers. We are looking into this tool and then trying to converge it into our risk management solutions. We are not going to use it to unify the assessment or approach for everything. That alone will probably take us a few years to do.

New customer technologies, like web 2.0 clearly have quite a prominent role to play in the future of banking. What challenges do they raise from your perspective? FW. I am not so sure about web 2.0 yet. To me it is still too new to know a whole lot about it. I’m more concerned about the amount of information and the bandwidth of the consumption and it seems to me that the first thing that happens is that you need to handle more information. More information means more CPUs, more datacenters. People in the market, we always want something better, nicer, that’s what web 2.0 is all about. But from the data center perspective, you really want to have something that reduces the cycle, less CPU footprint, less heat. On the one hand, you want to give a very good service to the customer. On the other hand, you try to contain your resources because all of those come to cost. From the security perspective, I don’t have a lot to say about web 2.0 yet. It’s just too new to me. As things like BlackBerrys and iPhones continue to grow in popularity, expectations are continually being reset by people who demand more, perhaps at a pace that outstrips business. How should ﬁnancial services respond?

www.usfst.com 39

FRANK WU_FEB10 04/03/2010 16:19 Page 40

FW. In this case, I tend to believe we are kind of slow. In the sense that we do have BlackBerry. We widely spread BlackBerry nearly to the point that everybody I know has one. However, our BlackBerrys are centrally managed. You don’t have all the functions and fancy features on it. My BlackBerry is really only for email, it has limited browsing capability. That limits exposure to the risks. The BlackBerry to me is just an extension to my desktop. On the other hand, we lost a lot of fancy features on the device itself. You have to make compromises. Long-term, obviously, the next generation of employee is very much going to be coming in to work with his or her iPhone and perhaps expect be able to use it? FW. They would like to, but I don’t think that we will let them. Right now, for example, they don’t have any access to personal email. It has to be corporate email only. So you don’t have to worry about an em-

HEAD IN THE CLOUD What cloud computing means for security

t’s a good concept. Google and Verizon are both trying to go in that direction. However, I have a lot of concerns about it. If you outsource resources to a cloud computing vendor, you are talking about leaving your security and compliance to another person to handle. That doesn’t mean you are not obligated. You are still liable for your data. I tend to believe all the same industry will trust in the same vendor. That means our peak will happen at the same time. The idea of the cloud computer provider makes me think of something like a utility company. But even utility companies have outages where they aren’t able to meet demand. Cloud providers need to make sure that can’t happen and that they can cope with peak loads. However, are they really going to want to do that if 80 percent of the year there is really low usage? If they make it that way, it’s not going to reduce the cost. But if we do cloud computing within the enterprise, that could be a different picture because we should be able to time our different business segments. Each segment has a different peak time. Loans may have one peak cycle in the spring when everybody gets student loans. And then the credit card part may be more in the end of year when everybody is doing their holiday shopping. They won’t peak at the same time. If they share the same resources as a cloud computing perspective, then you build a peak to meet one. You don’t build a peak for two.

40 www.usfst.com

“Right now, we have a lot of point solutions provided by smaller vendors, which results in a lot of niche solutions. You can stitch them together, but it doesn’t mean it’s a fabric” ployee using a corporate computer connecting to Hotmail and then bringing something you don’t want into the organization. Many analysts of course are predicting increased IT outsourcing. Do you think this will ever impact on your function? FW. Outsourcing has been happening for a long time. But in Citi, mostly, we actually outsource to our overseas divisions. For example, we have maybe more than 20,000 people in India, but they are our subsidiaries. So it’s internal outsourcing. In terms of impacting my function, I don’t see it this way. Right now, we are outsourcing mostly in basic functions. But on the architecture and assessment part, we don’t do it. n

FST US11 Ads.indd Sec8:39

3/3/10 13:05:19

NEXT BIG THING

BALANCING ACT Jodi Alperstein outlines how best practices for improved enterprise risk management start at origination.

t is no secret that very few lending institutions have a comprehensive, accurate and timely view of their enterprise risk. The problem becomes more acute when exposures and portfolios are spread across divisions, geographies and asset classes, which they usually are. No matter how much regulatory pressure has been placed on risk management or how much business benefit can be derived from optimizing risk management processes, the end goal of having a comprehensive view of enterprise risk often remains elusive – in spite of spending a great deal of time and resources on the problem. One of the root causes of this problem has to do with the way lenders originate and monitor their commercial loans. Why is this? Historically, the commercial loan process has been very paper-intensive and subject to human errors. Most processes were developed within silos separate from the rest of an organization’s risk management solutions and lack sufficient controls. Understanding the true impact on the overall portfolio and to the top and bottom lines is done after the loan is issued, not before – and this remains the case today. With all of these manual and disconnected processes, it’s almost impossible for most fi rms to evaluate a single transaction while factoring in the impact to the overall portfolio and the business model of the fi rm. Managing the day to day risk decision process is also a problem. Firms are continually challenged to improve corporate governance and optimize the way credit committees manage portfolio risk. Yet, the processes surrounding loan origination, risk rating, underwriting, limit management and portfolio monitoring are complex and often inefficient.

Best practices Based on all of my travels and discussions with risk professionals at leading commercial banks, there are best practices around managing commercial loan origination and the monitoring process. Standardize the way data is collected – Commercial loan data is often captured in a variety of different formats, using a range of different technology tools across geographies. While this may work at a local level, spreading fi nancials and capturing other data in an inconsistent manner poses problems when it comes time to analyze the bank’s overall portfolio. Information needs to be captured and documented in accordance with a fi nancial institution’s origination policies – across geographies and departments. Consolidate your data – Once data has been captured in a consistent way, it needs to be archived in one central repository, which we like to call the “single source of truth”. By having access to data in one centralized location, banks will have one of the key building blocks in place to develop sound credit practices. Keep in mind, however, that we see firms spend a lot of money on the risk side of the equation by standardizing the way data is captured and stored. But they neglect to take the extra step and capture data about a deal – such as fees – that can help them better understand returns in their portfolio. The incremental effort to do this is relatively small, and the business benefit in terms of understanding risk and return can be enormous. Optimize probability of default (PD) and loss given default (LGD) measures for single obligors – The end goal is to get PD and LGD mea-

42 www.usfst.com

Moodys.indd 42

5/3/10 10:45:18

sures correct, without any mistakes, for every deal. Th is, however, is unrealistic. So, rather than have credit analysts in the same underwriting group use different models and approaches to calculating PDs, or leave it up to the underwriter to select and apply a range of PD models to each prospective loan, institutions need to apply frameworks and enforce bank policies to prevent user error. Lots of banks use standardized PD models and soft ware to predetermine which Internal Rating Model (IRM) gets assigned to evaluate a deal. The attributes considered are often industry, peer group, region etc. Also, don’t use static measures for probability of default – especially when looking at cyclical industries. Default rates can change quickly. For example, according to data from Moody’s Analytics Credit Research Database, the median probability of default in the retail sector went from 1.59 percent to 2.92 percent in one year, from June 2008 to June 2009. Furthermore, some banks – especially smaller banks – are still using static lookup tables to get LGD measures. These measures are often old and outdated. Banks need to use accurate LGD measures as part of their reserve capital calculations. An analysis is incomplete when this data point is based on old information. Even if you already developed your own PD or LGD models, it’s important to benchmark against an independent model.

7 Steps to better risk management Standardize data collection Consolidate your data Use dynamic and consistent PD and LGD measures Tie single-obligor risk into portfolio-level risk Use systematic and Continuous Centralized Limits Management Use a workﬂow solution that integrates with internal systems Incorporate scenario planning and stress-testing

front office systems – Th roughout the commercial lending and loan origination process, lots of hands touch lots of different processes. Th is process needs to be more automated to reduce errors and save valuable time. Identify who needs to be involved – and who can make what decisions, when. To do this effectively and efficiently, risk managers should identify workflow solutions that tie into their own internal loan systems. The workflow system needs to enforce consistent lending policies and ensure that the most accurate portfolio information is available in real-time. Scenario planning and stress testing – Firms need a way to model different scenarios and view the effect on single-obligors and the overall portfolio. Understanding economic or regulatory capital needs is only the beginning. Proper stress testing can be used as a competitive advantage. By understanding portfolio performance during different periods and market situations, lending decisions can be made to optimize the portfolio’s performance. Clients use our tools regularly to run what-if analyses and assess the impact of changes in their portfolio’s risk-return given a particular stressed scenario. Bringing all of these best practices together is no easy feat, but the business benefits – such as pricing risk and optimizing risk-return ratios – can be profound. In order to implement standardized loan processing, decision policies and demonstrate compliance to regulators, risk managers really need to adopt a common platform to standardize the commercial loan origination process – from initial assessment and underwriting through monitoring, servicing and reporting. Firms are starting to apply these best practices today, but many still have a long way to go.

“We have several clients who are computing the impact of a new loan or a deal that gets added to their portfolio in real time – and many more are planning to do this. Understanding the Return on Risk Adjusted Capital (RORAC) for any given deal is a huge competitive advantage.” Tie single-obligor risk into portfolio-level risk assessment – Banks need the ability to evaluate individual deals on a stand-alone basis and how the deal impacts the overall portfolio. Th is analysis needs to be done at origination, not after a deal is closed. Just because a loan doesn’t look good at the individual level doesn’t mean it isn’t a good deal for your organization when the loan is considered in the context of your overall portfolio. We have several clients who compute the impact of a new loan or a deal that gets added to their portfolio in real time – and many more are planning to do this. Understanding the Return on Risk Adjusted Capital (RORAC) for any prospective deal is a huge competitive advantage for them. Systematic and Continuous Centralized Limits Management – Lenders need a way to consolidate and view all their exposures worldwide, from subsidiaries, business units, banking books to trading books. Exposures should be compared with predefi ned limits for counterparties, economic sectors, countries or product types. When coupled with a workflow solution, the monitoring system should trigger alerts when limits are breached and when a ‘watchlist’ customer engages with your firm. Limits management should also be embedded into the origination and approval process. A workflow solution that integrates with internal loan systems and

Jodi Alperstein is a Managing Director at Moody’s Analytics, overseeing Product Management and Marketing for the software division. Alperstein has over 15 years’ experience developing innovative products and market strategies in the ﬁnancial technology sector. This article was co-authored by Arik Pelkey, Director of Product Marketing at Moody’s Analytics.

www.usfst.com 43

Moodys.indd 43

4/3/10 16:21:50

METHODWARE_FEB10 04/03/2010 16:24 Page 44

ASK THE EXPERT

Lean times ahead Adopting a Lean Six Sigma approach to operational risk management enables ﬁnancial institutions to realize improvements in cost, quality and speed, says Paul Stokes.

isk management for financial services firms continues to increase in complexity. Regulatory requirements evolve, data volumes grow exponentially and stakeholders demand more value from the organization’s risk program. As you review your risk management approach for ways to improve accuracy and timeliness, consider applying changes to your underlying methodology. By adopting a Lean Six Sigma approach to operational risk management, financial services firms can realize improvements in cost, quality and speed. You’re not throwing away the work you’ve done to date – rather, you’re taking those efforts to the next level. Both Lean and Six Sigma are performance management methodologies with their roots in manufacturing. Lean targets waste reduction in design, implementation and activity, while Six Sigma is a statistical approach to reducing variations in processes and quality. When taken together, Lean Six Sigma aligns well as a services improvement approach. Lean Six Sigma allows risk managers to perform value stream analyses on their assessment, analysis and reporting processes. Value stream analysis creates visual mapping of a service or product path from design through development to client delivery and support, and the maps identify risks, resources, activities and information. The activities are then defined according to whether they add value to the process or not. Ask a simple question – is the client willing and prepared to pay for an activity? If yes, it’s value-added, if Paul Stokes is the Managing Director of Methodware, a worldno, you need to look at ways to minileading developer of governance, risk and compliance management mize or remove that activity. By resoftware solutions with more ducing the duplication of effort and than 1800 clients in over 80 countries. other waste in your risk program, you

44 www.usfst.com

will identify opportunities to better integrate the diverse risk, compliance and audit functions. From a risk management perspective, the Lean Six Sigma philosophy builds upon some core elements of ERM. For example, the second pillar of the Basel II Accord requires a quantitative and qualitative review of not just the risks, but the risk monitoring processes themselves. Most organizations employ a control risk self-assessment approach for operational risk management, and link to historic loss data where necessary. Assessment results and losses then serve as the basis for scorecards and data modeling. A common refrain is that for risk programs to be successful there must be both top-down and bottom-up input. The end-to-end process mapping resulting from the Lean Six Sigma analysis incorporates both approaches and leads to an additional benefit of this methodology – the ability to more accurately allocate capital. Once your processes have been identified and mapped, the key risks within each process must be defined. In most circumstances, you will already have the risk information available, but it may require minor updates depending on how the process is defined. The next step is to establish the required scorecard. This will be an iterative process, requiring some calibration. Factors to consider upon the development of the scorecard include the size and frequency of a loss, benchmarks to external data, the timeliness of reporting and whether there were significant changes to the last reported position. With calibrated scorecards, you can then apply the appropriate distributions regarding severity and frequency. Once you’ve established which simulation technique you’ll be using, it becomes a matter of creating proper documentation and governance structures and implementing the Lean Six Sigma approach. The Lean Six Sigma methodology requires your organization to have an appetite for improving your processes and a culture that embraces risk management. The rewards – better understanding of your key risks and how they impact your processes, clear measurement toward your risk and business goals and the ability to take capital from the corporate level and allocate it to a specific branch or even officer – are well worth the effort. n

FST US11 Ads.indd Sec9:43

3/3/10 13:05:22

CIO INSIGHT

TECHNOLOGICALLY

MINDED

46 www.usfst.com

ShaliniSinghal2.indd 46

4/3/10 16:13:37

Shalini Singhal, CIO at Commercial Savings Bank, explains the challenges of getting senior level executives to believe in the importance of IT.

ver the last few years information technology has become increasingly important for all but a few industries and organizations. Correspondingly, the CIO is now seen as a key contributor in formulating strategic business goals. As the recession took hold, business goals became more important than ever as companies everywhere struggled to keep their heads above water and ride out the crisis. The role of CIO has become fundamental as businesses are seeking to improve operational efficiencies and cut costs where possible. The fi nance sector is no different and IT executives in this industry are now under increasing pressure to streamline operations whilst at the same time proving a return on investment. Shalini Singhal is CIO at Commercial Savings Bank and she believes that given the current economic climate, the relationship that businesses have with their technology vendors has never been so important. “Every business is cutting costs and this requires them to go back to the vendors. Not every CIO knows exactly what is out there in the technology world and whether what they are buying is correct. By going through the vendors, they can tell you what it is that you need to buy,” she says. However, Singhal stresses that it is worth being cautious all the same as, while technology vendors may be your product leaders or managers, at the end of the day they are still trying to make money themselves. One thing that Singhal loves about technology vendors is that they very rarely ever say no to her demands. “What I love about them is that they always have an answer,” she says detailing how they always endeavour to meet her needs. “But what I hate about them is false promises and all the hidden costs that emerge down the line, which were not discussed at the time of presenting the proposal.” One thing that Singhal believes would help to improve the relationship with technology vendors is if they understood that every business has a different need. “They need to listen to what a customer needs and then see how they can change the products to meet these business needs because a customer does not need a canned product,” she says. With this in mind, Singhal would like to see technology vendors taking a different approach and not overselling their products. One example that she cites is her efforts to build a disaster recovery site. “We have to buy a lot of products and we often have to go back to

the vendor. There is a limited budget and you can’t go over that, but you still want the best products.” Due to these limitations it has now become necessary for CIOs to look for products that can off er more as opposed to using more products. However, IT and operations are increasingly being seen as cost centers and Singhal explains that organizational restructuring is often undertaken as a way to cut operational costs, which is a major concern of many CEOs and CFOs. This cost cutting has taken pride of place on the priority list during the downturn. Consequently, innovation is often overlooked by both providers and customers who are erring on the side of caution and opting to stick with the tried and tested technology that they are used to. But this is not an approach that Singhal recommends.

“The biggest problem is therefore convincing the board and I now have to do a cost analysis on how much it is all going to cost and what the return on investment will be” “With the economy the way it is going, there are a lot more hits, a lot more exploits, more spyware and malware so you need to keep your technology intact and up to date. You can’t be stagnant in terms of technology,” she says. Especially as the economic situation is prompting growing numbers of security breaches. “I’ve seen a lot more in the last six months in terms of malware, spyware, ACH frauds and wire frauds. There has been an increase because some people who don’t have jobs are now looking at other ways to make money.” However, contrary to popular belief, the main challenge here does not actually come from the potential of hackers breaking their way into the machines of the banks but rather those of the customers. “The biggest challenge is that the users are not very technologically advanced. The users who are using our online banking are not the most technologically advanced people, but they still like the leisure of using online banking from their homes,” says Singhal. “So these days the hackers have found ways to get into our customer’s machines rather than directly through the bank and we don’t have any control over our customer’s machines. So the biggest challenge for us

www.usfst.com 47

ShaliniSinghal2.indd 47

4/3/10 16:13:40

is teaching our customers to use a computer and teaching them how to avoid phishing and other attacks.” The human challenge does not only affect customers though. There is also reluctance on the part of staff to adapt to new technology. “When you change the technology process, users are a lot less receptive to accepting these changes. It really depends how it affects their day to day job. You have to go through a lot of explaining and training to support the implementation of such changes. We struggle most with our people not adapting to technology changes fast enough,” says Singhal. Th is obviously requires extensive training and education, but surprisingly Singhal says that it is the board that actually needs this education. “The biggest thing that we struggle with is the fact that the board is not a very technologically advanced board. There are one or two people who are technologically minded, but the rest of them are fi nancial people or doctors. They don’t understand the requirements of technology so the education really is something that is needed from the top down,” she explains. Th is means that to implement new technology Singhal has to put together proposals for the board stating why the new technology is required, what benefits it brings, and how it will help to improve operational efficiency. Th is is something that has to be done for every single project that she wants to introduce. As an example of this, Singhal refers back to her attempts to implement a disaster recovery hot site and the board’s reaction to this. “Th e board was not very happy with the amount of money we were spending and they didn’t really see the benefit. They still think that tapes are good enough and didn’t see the benefit of spending that huge amount of money to build a disaster recovery hot site. The biggest problem is therefore convincing the board and I now have to do a cost analysis on how much it is all going to cost and what the return on investment will be,” she says with a sigh. This is obviously a major challenge for any CIO. In times of economic turmoil where costs are being cut, the last thing the board wants to do is spend money unnecessarily. CIOs find themselves having to sell a proposal for something that potentially may not be needed or used. “It is always hard to sell the risk because there is no risk attached to it. It could bring the entire bank down but it might not affect anything at all. With IT it is difficult to get funding unless the board can see the effects of the risk, but if they do see the effects there will inevitably be big consequences,” explains Singhal. However, with modern technology, banks and fi nancial institutions can learn lessons from the experiences of their peers. Th rough Google and the internet organizations are able to get hold of data regarding the risks that other banks have fallen foul of. “It might not have happened to our bank but it has happened to another bank and that is how we can sell the results. We can see how it affected them and how much it cost them and that’s the approach we take.” Obviously Singhal would like Commercial Savings Bank to be the key player in all the latest technology, but being such a small bank

tends to make this a little unrealistic. On the other hand it does also have its advantages. Small banks are oft en able to adapt to technology more easily and implement changes quicker due to the fact that there aren’t quite so many procedures to go through or approval committees that need consulting. Implementing new technology immediately is not always a possibility though and Singhal stresses that it is important for smaller banks to strike the right balance between being reactive and proactive. “We do not implement everything right away. We still look at the needs of the market. We do a a whole study, we do surveys at our organization and we see what is absolutely needed in terms of technology and then we go and implement that product,” she explains. Choosing the right time to adopt new technology can be tricky, but as a general rule Singhal likes to wait until it is absolutely necessary. The point where you can no longer function without a certain product, when all your competitors already have the new technology and when customers start complaining if you don’t have it, is the time that Singhal recommends implementing the new technology. On the whole, Commercial Savings Bank has been very good in keeping up to date with technological innovations. It is currently focusing on online banking, for example, as this is very customer-based and requirements have changed remarkably in recent times. Mobile banking is something that Commercial Savings Bank has yet to adopt, but probably will in the next year or so. Singhal believes that e-commerce, web 2.0 and wireless technologies are all on the agenda for next year at CBS and they are currently going through the budget process with a view to implementing these technologies.

Web 2.0 and wireless technology are growing priorities

“They don’t understand the requirements of technology so the education really is something that is needed from the top down” Clearly the role of CIO is fraught with difficult decisions regarding what technology to implement and when to adopt it, not to mention the frustrations of trying to convince the board of the need to invest in protection against risks that may not actually materialize. For Singhal, in order to perform well as CIO it is necessary to ensure that you have the support not only from the board but also from the community and from your executives. However, she also believes that her job would be slightly easier if those amongst the upper echelons of the organization in top management positions had a little more knowledge about technology. Conversely though, she also believes that it is important for the CIO not only to be an expert in technology, but to have some understanding of business in order to be able to anticipate its needs and provide that all important return on investment.

48 www.usfst.com

ShaliniSinghal2.indd 48

4/3/10 16:56:34

Mastercard.indd 102

4/3/10 15:01:13

INDUSTRY INSIGHT

TOWARDS RISK DILIGENCE CONVERGENCE Financial services ﬁrms must be ready to move beyond the component-based mentality of years past and look for comprehensive information processing solutions, says Thomas Obermaier.

he practice of regulatory, financial and reputational diligence has long suffered from a fragmented and costly ‘siloed’ approach. Traditionally, most fi rms have had too many systems and people performing the same functions across the credit, fraud, AML and transaction processing risk space. As each discipline expanded over time, sevenfigure budgets quickly became nine. Worse yet, much of the expense related to the processing of information leading to a risk decision point often revolved around similar, non-core processing functions. The practice begged for the efficiencies to be realized through convergence. The need was recognized, but progress was slow. Component providers quickly assembled vast arrays of applications designed to cover most conceivable uses. Other fi rms endeavored to build generic aggregation marketplaces, affording multiple sets of information to be assembled for single point distribution. These efforts, however, didn’t fully address industry pain. Something beyond common processing or reporting applications was needed. Key data integration and mash-up opportunities were missed. Few dared to consider all possible applications of singular data sources to assure that what worked in one area was exploited across the board. Also, while aggregated dashboards across the client universe were an improvement, nearly no one bothered to look beyond the trends to uniform risk categorization and predictive capabilities. Most striking, however, was the general unwillingness by vendors to share in the pain – to drive true efficiencies for their financial institution clients by outsourcing non-core processing. Over time, the game changed. Leading risk specialist information services firms became the more logical fit. Today, progressive risk and compliance information services providers are leading the move toward risk diligence convergence. Their risk-sensitive eye, multidisciplinary approach, and flexible technologies uniquely position these firms to readily identify common processing needs, data uses, and categorization opportunities across the credit, fraud, AML and transaction processing risk spectrums. By applying their risk management heritage, sharable infrastructure and a requisite degree of industry know-how and sensitivity, these service providers can tailor innovative solutions to drive efficient results across all risk disciplines for financial institutions. The benefits that specialist service providers can bring are manifold. Information and how it’s processed

is the core competency of risk diligence fi rms. They have built the united data-analytics-technology-resources ecosystems increasingly in demand today. With a trained risk management eye, they garner comprehensive, multidisciplinary relevant data and link its delivery, management and processing through flexible technological platforms. Additionally, many stand behind their work by providing expert processing systems and resources to assist fi rms in their risk diligence handling. Furthermore, information services fi rms are built for mashed-up analytics. Their multi-disciplinary domain expertise has catalogued different risk information in a similar manner, assuring that similar data be treated in a similar fashion. Th is treatment assures consistent mashup capability on day one – the cornerstone of any risk diligence convergence. Another key benefit is technological strength. Information services technology platforms are built around flexibility and configurability. Their DNA supports multiple information handling and analytical needs, all designed to assure easy integration and use. Information services firms also already have extensive information processing capabilities. Built through partnerships, these technological solutions are more cutting edge (and, certainly, more expensive) than most of the cafeteria-style component applications found today. Leveraging this strength clearly provides a stronger and more efficient solution than purchasing a generic, off-the-shelf processing capability. Finally, leading risk diligence fi rms have been providing outsourced solutions for years, usually through extensive portfolio monitoring. They have learned As CEO of RDC, Thomas Obermaier has to strike that delicate balance between developed comprehensive, decisionprocessing and risk decisions, and have ready intelligence solutions that drive signiﬁcant ROI for RDC’s clients. Prior perfected the art of customizable operato RDC, Obermaier was the Chief Risk Ofﬁcer for Citigroup’s Global Transaction tions to provide the decision-ready diliServices. He is an internationally gence their clients require. recognized expert on regulatory risk and Anti-Money Laundering. Convergence plays well in the hands of progressive risk diligence firms. Financial services firms must be ready to move beyond the component-based mentality of years past and look for comprehensive information processing solutions from vendors ready to share the expense and pain.

50 www.usfst.com

RDC_IndIns.indd 50

4/3/10 16:22:11

FST US11 Ads.indd Sec15:49

3/3/10 13:05:23

INDUSTRY INSIGHT

UNDERSTANDING REGULATORY COMPLIANCE Dr. Tom Butler explains the need for information systems that provide sophisticated support in managing compliance related issues.

he fi nancial services sector considers itself one of the most heavily regulated however, firms operating in the IT manufacturing sector would beg to differ. Nevertheless, understanding and complying with regulations such as Sarbanes-Oxley and the NAIC Model Audit Rule in the United States, Bill 198 in Canada, Basel II and Solvency II in Europe, is a daunting task for most fi nancial services organizations. But this is only the tip of the iceberg. In the US there is also the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA) and a wealth of state laws that regulate the privacy of personal information such as California’s SB1386, to say nothing of the myriad of other similar but radically different regulations globally. Th is web of complex, often confusing and ambiguous, global regulation poses significant challenges for the majority of fi nancial services operations, whatever their area of business. ITbased Governance, Risk and Compliance (GRC) solutions are posited as solutions for organizations that wish to coordinate their governance, risk and compliance processes, reduce the cost of audits, streamline compliance reporting, identify and reduce risks, and make better decisions. It is evident from my research, however, that the GRC solutions currently on offer do not help organizations understand and make sense of any of these regulations, as many are just sophisticated data and document management systems. Th is is significant as individual laws are typically codified in large documents using legal jargon that typically defies common sense interpretation. Even with sophisticated GRC systems, laws and regulations that possess high levels of complexity are prone to misinterpretation, whether legal terms are defi ned or undefi ned, all of which leads to a high probability that poor or incorrect decisions will be made in relation to due diligence and compliance. Furthermore, the informal and social character of much decisionmaking in organizations renders an audit of such decisions difficult, as the chains of evidence are buried in email threads. Drawing on five years of empirical research with a number of For-

tune 500 companies, it is clear that the missing piece of the GRC jigsaw is an information system that delivers structured data on the global regulatory environment to desktops in real-time. Such a system would deliver structured legal data in context, along with expert commentary, so that users could understand complex laws, regulations and other sources that impact on GRC activities. The system would also provide sophisticated support to manage compliance related issues and provide speedy responses to queries from competent legal experts. Compliance-to-Product (C2P) is, perhaps, the only information system that fulfi ls these criteria. Although designed to manage environmental (inter alia) compliance in the IT and related industries, C2P is being benchmarked by GRC executives in a range of organizations across other sectors because it helps them understand complex laws and delivers the agility and ability to make compliance-related decisions transparent. Hence, users can make auditable decisions and provide accurate information to regulators and stakeholders. Moreover, C2P not only enables understanding, it eliminates the need to use email to make decisions. Its integrated Issue Management capabilities permit all communication and knowledge sharing around GRC decisions to be made within the application – obviating the need for email. However, most importantly, it provides the organization with a corporate memory on how and why decisions were made, thus enabling the double-loop learning that underpins competitive advantage. Th is was the motivation for companies like Apple Inc. to adopt C2P as it enables them to stay years ahead of global regulation and to design products for future markets. It also allows them to recognize and understand the inherent complexity in global regulations and to manage compliance and risks, whilst also saving time and money – especially legal fees. It also enables them to deploy smaller and more efficient GRC teams and to be agile, make the right decisions, and to be able to quickly audit decisions and hit the ground running on complex regulatory issues at all times.

“This web of complex, often confusing and ambiguous, global regulation poses significant challenges for the majority of financial services operations, whatever their area of business”

Dr. Tom Butler is a Senior Lecturer at University College Cork, Ireland. Among his research interests are Environmental Compliance Management Systems and the evaluation of Governance, Risk and Compliance (GRC) applications. In 2009, he received a Research Fellowship from the Irish Government to conduct research on green IT.

52 www.usfst.com

ComplianceRisks.indd 52

4/3/10 16:17:30

FST US11 Ads.indd Sec14:51

3/3/10 13:05:25

FROST&SULLIVAN_FEB10 04/03/2010 16:20 Page 54

WEB SECURITY

Spinning the security web Ekta Aggarwal of Frost & Sullivan on why the internet has ushered in a new era of security threats for businesses.

he phenomenal rise of the internet means that it has become one of the most popular methods in the world for circulating information. Consequently, even traditional media such as TV, radio, etc, have undergone significant change. Therefore, today, for most enterprises, internetbased business models have become a communication enabler. The increasing dependency of organizations on information technology to manage inter-firm relationships is also a consequence of the way the business communication landscape has evolved. Users are embracing the social and collaborative dimension of the web, with the need to access information anywhere, anytime or on any device. Also with the need to network with peers, prospects and friends, collaboration has come to the forefront through the usage of blogs, IM and various other means.

Web 2.0

enterprises today are facing challenges from the ever increasing complexity of security threats. This has been a major driver for the adoption of web content security solutions. Enterprises are espousing web content security solutions to help them determine and limit the entry of the information that is harmful for their corporate networks.

Complex networks Besides the changing business communication landscape, the growing complexity of networks is compelling the need for web content filtering. The IT network infrastructure is no longer effortless with the large number of PCs, servers, routers and switches that need to be dealt with, increasingly by the system administrator. Moreover, the network architecture is also undergoing a lot of change due to changing business models. This compound network en-

â&#x20AC;&#x153;Conventional antivirus software is no longer sufficient when it comes to protecting against evolving web threats. Hence, both inbound and outbound protection has become necessaryâ&#x20AC;?

Within this increasingly digitized world, the concept of web 2.0 tools has emerged and its use is only growing. A large number of organizations are using collaborative technologies such as blogs, podcasts and wikis to communicate with internal employees and also customers. Because of this, we are witnessing a shift from traditional media to social media. Platforms such as Facebook, Twitter and YouTube, have transformed the way enterprises communicate today. With vanishing perimeters and the obvious advantages that these interactive technologies bring, the imperative to be informed of the sevironment is also bringing increasingly complex threats to the forefront. To curity challenges and threat vectors enterprises can be exposed to is also very tackle this increasing complexity of threats, web content filtering solutions high. Phishing, spyware and data leaks risking corporate data security are just provide an excellent match for the corporate need to prevent information and a few examples. The availability of stored indata leakage. However, the continuous evolution of security formation at just one click has created addithreats means that organizations need to keep upgrading their tional risks, leading to possible data loss. In security mechanisms to safeguard themselves. The current threat addition, the growing number of remote landscape and demands have also changed the role of IT securiworkers, either working from home or locaty. Historically, web security was more outward focused for extions away from the office can make corporate ample, URL filtering to prevent access to undesired sites. networks vulnerable to security breaches, However, today, the trend has extended towards inbound conhence making the security of intellectual proptent filtering as well. The integrity of data traveling within an enerty a prime concern. Companies need to look terprise that is exposed to inbound threats such as viruses, at ways to control the content that is being malware and spyware can no longer be ignored. posted on the web by employees, especially in Deployment of security merely at the perimeter level or pure the light of growing social networking sites web filters has failed to protect businesses from the fast evolving and the focus on the protection of intellectual web-based threats and therefore, is no longer regarded as suffiproperty. Industry reports also indicate an incient. Conventional antivirus software is no longer sufficient creasing number of security incidents reportwhen it comes to protecting against evolving web threats. Hence, Ekta Aggarwal is Senior Industry Analyst ed every year, emphasizing the need for both inbound and outbound protection has become necessary. for Information and Communication Technology at Frost & Sullivanâ&#x20AC;&#x2122;s South Asia enterprises to draw attention to web security. Moreover, a multi layered approach is required to address the and Middle East practice. For feedback/ With this increase in the adoption of web web threats. This encompasses deploying security at three layers: enquiries contact tanu.chopra@frost.com. 2.0 technology and escalating security issues, in the cloud, at the internet gateway and at the end point.

54 www.usfst.com

FROST&SULLIVAN_FEB10 04/03/2010 16:20 Page 55

Market growth

Conclusion

Due to increased awareness about the disruption that the web can cause to an organization, it is expected that the global web security market will register a double-digit growth rate in the next few years. With regards to the deployment of web security solutions by product type, the market for software products continues to maintain its dominant position. Under the growing pressure to reduce costs and maximize resources, organizations are choosing to transition to SaaS web security solutions and leave the management of the complex networks to service providers where external expertise can be leveraged. With this, the market is likely to see an increase in traction in OPEX-based solution models. Hence, an increasing number of vendors in the web security landscape, are offering SaaS-based solution models today.

It is evident that the web is fast becoming a tool through which threats can permeate and pose danger to confidential data. And the emergence of web 2.0 technology with its open content sharing environment, besides altering the business communications scene, has undoubtedly changed the threat landscape. While the greater interactivity offered by web 2.0 has resulted in positive benefits for enterprises, it has also led to the exposure of more security loopholes. Not only do organisations need to fight the threats but also to grapple with the changing threat landscape. New and sophisticated forms of attack targeting new technologies such as VoIP, online social networks, etc are continuously changing the face of the threat landscape. Proactive and not reactive web filtering measures can only help enterprises keep up with the changing content. Hence, there exists a greater need than ever before for enterprises to view and practice security more as a continuous process than a one time investment. n

www.usfst.com 55

IDS SCHEER_FEB10 04/03/2010 16:23 Page 56

EXECUTIVE INTERVIEW

A changing process Joerg Heistermann explains the importance of adapting to market changes and establishing a process-driven culture in order to stay ahead of the competition. The financial services sector has been through major upheaval in recent years. How can FS companies use technology to manage through such challenging periods? Joerg Heistermann. Those organizations that have solutions in place to constantly measure, analyze and adapt their business processes are the ones that will emerge from a crisis in a better position than their competitors. They can be first in identifying emerging risks and they can react at a stage early enough to survive or to stay ahead of the competition. Now, in the aftermath, financial services companies need to focus on their core business processes in order to provide fast, high-quality and cost efficient services to their customers. If they haven’t already done so, financial services organizations need to establish a process-centric business, which will help them put better controls in place for managing risk, increasing efficiency and preparing for the next market trend or even the next crisis. What are the specific challenges faced by financial services organizations seeking to implement change? JH. The financial services industry is characterized by highly specialized and detailed workflows. But too often these workflows are not yet fully digitized or are not managed at a crossenterprise level by dedicated end-to-end process owners. To establish a process-driven culture that can manage change efficiently, organizations need full support from senior management and efficient process management solutions. One of the best ways to initiate change is the rotation of employees. In addition, financial services companies need to make sure that all the process knowledge within the company is stored digitally in a central repository so that the employees can access, understand and adopt it. The more an organization can make their business processes transparent, the easier it is to measure how they are performing as well as identify the potential risks. How important is it that FS companies are able to respond quickly to shifting market and operational conditions? How can this be achieved without compromising organizational efficiency? JH. In today's competitive business landscape, efficiency is the precondition while flexibility is the critical success factor. Thus, it’s not flexibility or efficiency – rather flexibility and efficiency. The better a company understands and manages its core

56 www.usfst.com

Joerg Heistermann was appointed to CEO of the Americas for IDS Scheer on March 1, 2009. He started his career as a project manager at GMD, Germany’s national research center for computer science. He later held progressive management and board positions at Deutsche Bank (Frankfurt & New York), Mannesmann, KarstadtQuelle New Media and Neckermann.

“Business process management is a critical success factor in today’s ever changing environment” processes the more competitive a company is. With a central repository and an efficient process management solution, one can adjust the company’s processes easily to new regulations and optimize them by defining a better way to do things. In the wake of the ﬁnancial crisis, there may be a temptation to play it safe and not seek continual improvement in processes. Would you agree that this attitude is misguided? JH. In the world of global competition, there is no room to stand still for financial services organizations. Either companies understand and control their core processes or they don’t. If they don’t, they will not adapt to market changes quickly enough and will eventually be out of business regardless of an economic crisis. Business process management is a critical success factor in today’s ever changing environment. n

FST US11 Ads.indd Sec10:55

3/3/10 13:05:27

ASK THE EXPERT

THE COST OF COMPLEXITY Stephen Singh explains how utilizing emerging Enterprise IT Architectures can help to balance cost and complexity.

oday, the fi nancial services industry runs on the global economy time clock. Stock markets, banking and investing are open for business 24/7/365. In order to remain relevant in this highly competitive and dynamic field, our individual businesses must follow this schedule. Th is can certainly yield great opportunities, but also substantial hurdles we must consider that werenâ&#x20AC;&#x2122;t even an issue a decade ago.

The race to zero latency Financial institutions are entering an unprecedented era of growth, where billions of messages per day are crossing the global markets and are critical to the core business. The increased volume and timeliness of this traffic is being driven by incremental trading venues, automated electronic trading and an expanding list of equities, options and commodities being traded. In addition to the challenges derived from exponential growth in bandwidth and message volume, competitive advantages for fi nancial institutions engaged in trading environments are being measured by their ability to execute with the lowest possible latency. Single digit microsecond measurements for ultra low latency environments are the starting

58 www.usfst.com

Juniper.indd 58

4/3/10 16:20:46

point for those capitalizing upon direct market access, outsourced ticker plants and collocation architectures. To address these needs, fi nancial service firms are taking an holistic approach towards cost and complexity by utilizing it as an inflection point to assess their Enterprise Architecture and surgically reduce latency, while systematically removing cost, complexity and overall risk to the business.

Cost, complexity and latency The impact of cost and complexity on a fi nancial institution can be seen purely by looking at the IT ratio between sustainment and innovation, which today is heavily weighted towards sustainment activities. When targeted innovation is efficiently applied, sustainment funds, allocated for supporting legacy environments, are reinvested in the business enabling new initiatives that can directly contribute to a company’s bottom line. Driven by the most recent global economic conditions, many corporations have adopted a different approach such as elongating the life cycle of their environments (sweating the assets). Th is approach utilized costly best practices from the past 10 years to address capacity and growth; but at the same time, the undesirable side effect resulted in increasing complexity by developing isolated pockets of technology to address special business requirements such as low latency communications. To handle this exponential growth in message traffic and bandwidth, additional tiers of computing, networking and storage technologies are deployed in multi-slice architectures to handle capacity and availability requirements. Th is self-fulfi lling prophecy leads to incremental technology deployments, unprecedented growth in operational costs to manage the new assets, all the while feeding the consumption of valuable resources (power, space, cooling requirements), and shortening the life span of data center facilities. Additionally, with these unprecedented growth rates, technology that was once a multi-year investment from a depreciation schedule now has been reduced to multiple quarters. As is it pertains to the race to zero, low latency environments will eventually become commoditized, leading fi nancial fi rms to fi nd innovative means to stay ahead of the competition, such as service diversity, enhanced availability and data quality. The continued use of outdated best practices, legacy technology and isolation techniques have created a generation of incremental cost and complexity that will need to be released from the IT system in the next few years. The impact will be felt as the stability of IT environments begin to buckle as they strain to handle business growth, emerging virtualization requirements and the need for incremental functionality that delivers competitive advantage to lines of business.

The path to success in developing and operationalizing a strategy includes a stepped program that delivers a comprehensive IT architecture strategy that is aligned with business needs and growth for the next five to 10 years. The IT environmental frameworks should be formatted into a template and be repeatable across multiple environments whether they’re deployed within your enterprise facility or not. Part of developing a repeatable process is being sure to capture architectural best practices that eliminate complexity, cost and latency through tier reduction. Part of reducing the complexity is virtualizing services fabric, consolidating fabric to optimally utilize resources. The benefits of virtualization span compute, storage, network, security and services tiers. However in developing a plan for service optimization, it is essential to take into account the annual doubling of capacity requirements and build an environment which can grow as needed versus requiring forklift upgrades every two to three years. The linchpin of this approach means taking back control of vendor management by expecting open solutions, which adhere to industry standards. Furthermore it means centralizing management to allow resources to be re-allocated and seamlessly activated to address your most challenging situations. As part of business planning, expect to hear lines of business requiring near zero down time through the delivery of highly resilient and available services. Th is includes the entire data environment, which will span dedicated, shared and cloud environments. Be prepared to reduce the time to revenue, by incorporating end to end virtualization as part of the framework to address rapid provisioning, shared resource allocation, service segmentation and meet emerging regulatory requirements. Where needed, pay for performance, by designing an environment that provides a competitive advantage through the use of innovative technology that delivers unprecedented performance, ultra low latency and the highest level of resiliency. Expect your infrastructure footprint to only grow, but advocate for smart growth. IT executives will realize that their measurement of success in the future won’t be the size of their data centers, but how many off premise services they’re able to integrate into their Enterprise data center fabric. IT roadmaps will be annually refreshed with innovative offerings derived from external service providers: Cloud, SaaS, IaaS, PaaS, CoLocation, etc. By rigorously assessing current Enterprise IT Architectures, organizations will become more adept at preparing for rapid growth, improved performance, simplified frameworks, new business requirements and balancing cost and complexity derived from the burden of operational sustainment. Th is in turn will allow IT organizations to strategically position themselves as industry leaders, with greater agility to better compete in the future.

Successful

financial institutions have taken a step back to re-think their strategy

The path to success Successful fi nancial institutions have taken a step back to re-think their strategy and ensure it encompasses a multi-generational best practices roadmap supporting all five phases of an environment’s life cycle (plan, build, run, secure, measure).

Stephen Singh, Vice President of Segment Marketing at Juniper Networks, is responsible for developing the go-to-market strategy and initiatives for enterprise segments. Prior to Juniper, he was Vice President of Enterprise Architecture and Chief Architect for Fidelity Investments. His previous experience also includes senior management positions at CoSine Communications and SBC Communications.

www.usfst.com 59

Juniper.indd 59

4/3/10 16:20:50

JASON MILLS_FEB10 04/03/2010 16:23 Page 60

VIRTUALIZATION

A virtual

reality

As more and more businesses seek to adapt to the beneﬁts offered by a mobile workforce, Jason Mills tells FST that virtualization is presenting itself as a way to create efﬁciencies, economies of scale and to reduce costs.

ason Mills is VP of Technology Infrastructure at JPMorgan Chase. During his time in the industry he has seen the role of IT professional change dramatically as greater involvement in the business is now expected from information technologists. “Coming in as a technologist, but also as a business person, spending time with our clients is probably pretty much a 50/50 game. At this point we have to know our business just as well as our clients know their business, or at least come close, and then develop and design innovative technology solutions that suit their needs,” says Mills. “We have to have the same attitude as internal service providers and we have to spend time with our clients, not just fixing technical problems, but understanding what they do and how they do it on a day-to-day basis.” Mills explains that at JPMorgan Chase he has introduced techniques and ways that his technologists can stay abreast of business related matters. Some of the initiatives he has introduced include email updates about the business performance, attending town halls or trade shows and basically finding ways to engage with the user. The important question to ask clients, according to Mills is: “How do you do what you do? Walk me through your process.” By asking such questions Mills is able to capture information to use as a knowledge base that he can then share with the rest of the team. This kind of information helps Mills and his team to understand issues that a technologist may not consider to be a priority but that might be for a banker. Closing that gap is something they are working on at JPMorgan Chase. Security is one area that is considered a priority for everyone and as the advent of a mobile workforce starts to raise questions regarding IT security, Mills believes it is important to make sure that the distinction between corporate hardware and personal hardware must remain clear. “We’re fairly strict on corporate hardware being used for corporate purposes, and personal hard-

60 www.usfst.com

ware being used for personal purposes. We’re limited in the sense that we have pretty serious responsibility to our clients to maintain confidentiality and protection of data. We’re a regulated business and industry, so we have to be very careful about the leakage of information,” says Mills. “But we have been flexible when we can lockdown an environment, allowing users to use their home PCs at home. So in those instances, and only those instances, users can actually use their own personal environment be-

“Across the organization we’re really looking to virtualize as much as possible” cause there’s no data transfer between the virtualized locked environment and the user’s personal home computer. We have a completely locked down environment where we forbid data transfer, whether it’s via a USB stick or through data transfer online, we don’t permit data to leave our environment unless it’s encrypted and has the proper security protocols,” explains Mills. Despite the enhanced measures that Mills needs to put in place to ensure the security of a mobile workforce, enabling workers to use devices and get access to information as and when they need it helps to unlock the capability within an organization. Mills explains the benefits: “Virtualization gives us the ability to continue to keep our environment secure and efficient without damaging the user’s experience. Currently, we have a lot of challenges around

JASON MILLS_FEB10 04/03/2010 16:23 Page 61

the numerous amounts of security patches and security releases that come out, not just from the host of operating system environments, but also the products that we use on a daily basis. “Add all of those to an already cumbersome environment and you get poor computer experience because the users ultimately are bottlenecked by a tremendous amount of upgrade patches and their information being restricted,” says Mills. He wants to limit the exposure that users get to these inconveniences by pulling some of the computing experience off of the user’s desktop and into a data center where upgrades can be done faster and more efficiently. For Mills, this is the key part of virtualization and he believes that it is paramount to any success with the desktop environment. Virtualization is a major technology priority for Mills and one of the key cornerstones of the innovation platform at JPMorgan Chase. The company is looking to virtualize both desktop and server environments in order to reduce costs and expand mobile capabilities. “Having the user be able to work remotely or in the office is hugely important for all our lines of business as well as our corporate partners,” says Mills. “Across the organization we’re really looking to virtualize as much as possible. It just creates economies of scale and also efficiencies and redundancy. Initial steps are small. So a small percentage of our desktop environment virtualizes first and then as we get better, we move into more mature models of virtualization that include different technologies that expand the capabilities of a true virtualized environment. The commitment is there from both the executive senior management and the folks on the ground, to ensure that this is going to be the future. Virtualized environments provide us the best in both reliability, speed, efficiency and contingency,” asserts Mills. But bringing virtualization to a company as large as JPMorgan Chase is no easy task and Mills certainly has his work cut out. “Scale and size are obviously the first challenge. So careful planning, project management and listen-

ing to the users I think is probably the biggest piece. We’ve got to listen to their concerns and their needs, and we’re getting better at that,” he says. Profiling is one of the top areas that Mills is looking at right now: “That is understanding a user’s computing needs from not only the technology that they have today or they’ve been given and that they use, but also their job profile and what kind of work do they do on a daily basis. So that means sitting down with users watching the kind of work that they do literally with them, over their shoulder, and then making certain general assumptions based on people who do similar types of work and saying, ‘You know what? This type of technology suits this kind of user’.” Personalizing the technology experience for users is something that Mills believes can only be achieved through the introduction of agile systems and agile technologies such as virtualization.n

“

JP Morgan Chase and the cloud We’re taking a very careful approach and looking at the policies, issues, challenges and benefits around the public cloud. As far as a private cloud is concerned, I think we want to move faster in the direction of having environments that are fully redundant, with high availability rates and high efficiencies within our control, within our firewalls, framework and borders. So I think that the conversation around a private cloud and what that means for our organization is really just a misnomer into saying that we’re reengineering how we use our distributed technology for our end users. Once we get into the public cloud, there’s a whole other conversation that we have to have about data security, redundancy and privacy of our information. But I think we’re still a little way off from that kind of conversation. We are engaging in very nonprivate type of information – very broad use chatter that we can put out in the public. But other than that, I think we’re taking a careful look at what the options are in the public cloud, but we’re not jumping in with both feet yet.

” www.usfst.com 61

SECURITY

David Jevans explains the growing challenge of protecting corporate online banking from next generation malware.

n 2009, organized cyber crime rings began to shift away from massive phishing attacks against consumer banking users, and instead target bigger fi sh – corporate banking users. The cybercriminals use advanced malicious soft ware (malware) to attack the computers of fi nance professionals in companies and government agencies. A computer that is used to access a commercial online banking service becomes infected, the attackers can effectively take over the corporate fi nancial accounts in real time by hijacking active banking sessions and issue commands for funds transfers. Documented losses to corporate banking customers from fraudulent wire transfers initiated in the USA by next-generation malware on corporate computers have ranged from $10,000 to over $1million per incident. Much of this money was successfully transferred to ‘money mule’ accounts overseas and was never recovered. It is far more lucrative for cyber criminals to make numerous $9000 transfers from a single corporate bank account, than to try to hijack thousands of consumerbased accounts and make small money transfers. It is also reasonable to expect that online corporate banking fraud will track historical online consumer banking fraud patterns and will grow dramatically over the next several years. Commercial online banking malware comprises a number of new families of malicious Trojans such as URLzone, Zeus, Zbot, Silent-

Banker, Bugat and Clampi. These Trojans target users who log into commercial online banking systems. Not only do they steal authentication credentials, but they defeat authentication processes by waiting until after a victim has logged into their account successfully and then hijacking the live session. These ‘man-in-the-browser’ Trojans also will rewrite the web browser pages that a victim sees and will often request secondary authentication credentials such as secret questions and answers that can be later used to change the login credentials. By performing fraudulent transactions from a victim’s own computer and using live authenticated sessions, this next generation of corporate banking Trojan is able to defeat the security defenses that banks have employed to protect consumers against phishing fraud. Those consumer protection measures include device ID, computer fi ngerprinting, geo-location, challenge questions and lightweight multifactor authentication. In August 2009, members of the Financial Services Information Sharing and Analysis and Sharing Center (FS-ISAC) received a notification from NACHA (the Electronic Payments Association representing nearly 11,000 fi nancial institutions) and the Federal Bureau of Investigation (FBI) warning: “In the past six months, fi nancial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small- and medium-sized businesses.” Malicious Trojans exploit in-depth capabilities of the Windows operating system to perform their exploits. They monitor process tables for Internet Explorer and Firefox running processes and use Windows operating system hooks to detect when the victim is visiting the website

THE 21ST CENTURY TROJAN WAR

62 www.usfst.com

Dave Jevans.indd 62

4/3/10 16:18:53

What can be done? A series of recommendations were issued by NACHA in December 2009 on ways that ﬁnancial institutions can prevent corporate bank account fraud over the internet. Those recommendations include: 1. Carrying out all online banking activity from a standalone hardened, and locked- down computer from which e-mail and web browsing is not possible. 2. Deploying multi-factor authentication for business accounts that are permitted to initiate funds transfers. For example: Something the person knows (user ID, PIN, password) or something the person has (passwordgenerating token, USB token) 3. Ensuring that all anti-virus and security software and mechanisms for all computer workstations and laptops that are used for online banking and payments are robust and up-to-date. 4. Requiring two users to initiate a transaction. 5. Companies reviewing transaction reports on a daily basis to detect fraud.

of a targeted fi nancial institution. Man-in-the-browser injection is used to rewrite the web pages of the bank in order to trick users into divulging challenge questions and answers, and even one-time-passwords. The malware on the users’ computer rewrites the web page following the successful login, to request further information. That information is sent directly to the fraudster and is not submitted to the banks’ web banking system.

Routes of infection

link and installing the malware. Another email scheme to get people to install malicious soft ware is the use of fake news alerts. For example, when famous pop star Michael Jackson passed away in 2009, scammers sent billions of email messages about the event. If a fi nance professional received one of those emails, and clicked on the links inside the message to read about Jackson’s death, they were taken to websites that downloaded and installed malware onto their computer.

Symantec detected over

Security fi rm Symantec detected over 70,000 What are the risks? different variants of the Zeus Trojan in 2009. Th is Because the actual losses for breaches of cormakes it extremely difficult for anti-virus products porate online banking security are large, it is easy variants of the to accurately detect the malware, as there are thouto focus on those as the tangible risk to fi nancial sands of new variants released by cyber criminals institutions. But the reality is that there are larger Zeus Trojan every month. risks and costs to fi nancial institutions. If a corporate in 2009 There are many vectors for finance professionals customer experiences a loss due to malware, they are to get their computers infected with a corporate banking likely to blame their bank, claiming that the bank does Trojan. The most common way is to receive email messages not have adequate security protections. In fact, recent months that appear to be legitimate, but that actually take a user to a website have seen numerous lawsuits being fi led by companies that have suffered that installs the malicious soft ware onto their computer. One example of losses. Some of these lawsuits have been publicized in the media and are such an email that was used to distribute the Zeus banking Trojan, was drawing attention to the problem. an email that looked like it came from Microsoft , urging recipients to If a bank loses the business of a corporate customer to a competitor, click on a link to install a Microsoft Windows security update. Because either due to a fraudulent transaction against the customer, or due to the email looked similar to how Microsoft actually does report security fear that they may be defrauded if banking online, the losses to the bank updates on their website, many users were tricked into clicking on the in fee income from that corporate customer can far outweigh any fraud

70,000

www.usfst.com 63

Dave Jevans.indd 63

4/3/10 16:18:58

Security breach A recent survey reveals the many online threats ranged against organizations Source: Osterman Research

55% /trojan has A virus/worm ﬁltrated successfully in rough th k our networ eb w e th

18%

ion f o r ma t Data/in rganization ur o from yo identally or c a w as c ked usly lea io c li a m

Infiltration and problems that have occurred between 2008 and 2009

34%

A n e ma il datab a becam e co rru s e ped

39%

A virus/worm /trojan has successful ly inﬁltrated ou r network through emai l

losses. Furthermore, the reputational loss to the bank can have dramatic repercussions in lost customers and a decrease in new business. The NACHA guidance (see What can be done) provides sound recommendations for how to protect users of corporate online banking systems. However, it is unrealistic to think that all banking transactions in a company will be performed by a ‘standalone, hardened and locked-down computer,’ even if a company had the security expertise to configure such a computer. Corporate controllers need the ability to read spreadsheets and payment requests on their computer when entering transaction information. Solutions are needed that isolate the corporate banking environment from the host PC, but allow controllers and fi nance professionals to still access their ERP and accounting systems on the host. One potential solution may be the use of desktop virtualization. Inside a virtualized environment, a second operating system could be

% 5 1

an Troj r m / ll y o W ssfu o rk rus / e A v i s su cc r n e t w a u h ed o M t rat o u g h I l ﬁ n i thr

run that could be hardened against malware threats. Th is could allow fi nance professionals to avoid altering their daily workflow, yet could provide a secure separated environment for accessing commercial banking sites. Combining virtualization with strong authentication and active antimalware technologies may be a way to not only defeat current corporate banking malware, but could also provide a new platform for defending against future malware threats. What is certain is that cyber criminals are continuing to advance their technological capabilities and their social engineering techniques to raise Internet fraud to new levels. The computer security and operating system industries need to take a fundamentally new approach to jumping ahead of the criminal underground, instead of continually playing catch-up. David Jevans is Chairman of the Anti-Phishing Working Group (www.antiphishing.org) and CEO of IronKey (www.ironkey.com ).

64 www.usfst.com

Dave Jevans.indd 64

4/3/10 16:19:01

FST US11 Ads.indd Sec3:21

3/3/10 13:05:13

EMAIL SECURITY

MESSAGE RULES Michael Osterman explains that, while social networks are on the rise, email remains king when it comes to security threats.

witter is growing by leaps and bounds among business users. Tens of millions of them communicate on Facebook. LinkedIn users number in the multiple millions. Instant messaging clients – both consumer and enterprise-grade – are used widely. Text messaging/SMS has become the default mode for personal communications for many younger workers. That said, email continues to be the dominant communications and fi le transport mechanism used in business today. The results of a recent Osterman Research study confi rm this reality. For example, email users spend an average of 152 minutes on a typical day working in their email client, or 28 percent of their nine-hour, nine-minute workday. Compare this with their use of the web at 138 minutes per day (23 percent), attending in-person meetings (13 percent) and talking on the phone (12 percent). Further, email users spend only 13 percent of their time on a typical day not working on a computing platform of some kind, whether it’s a desktop computer, laptop computer or smartphone. Slightly more than one-half of email users report that more than a quarter of the information they need to do their work can be found somewhere in their email system.

Spam under attack It is important to note that the situation on the spam front is getting better in several ways. The takedown of McColo in November 2008 significantly reduced spam, albeit temporarily. Better spam-fi ltering tools are fi nding wider use. Reputation analysis systems are blocking spam more effectively than traditional capabilities have in the past. On the downside, however, a large number of organizations report to us that spam is getting worse, both in volume and sophistication. Spammers continue to get more clever in the ways that they deliver their content. A difficult economy is driving spammers to develop newer, better and more ingenious ways of getting their content through spam fi lters. Timely subject lines focused on natural disasters or pandemics or financial problems continue to attract many. Further, malware continues to be delivered via email, although much of the focus for malware developers has shifted to the web.

example, many spam messages contain a link (sometimes a shortened URL) to one of the millions of unique URLs on hundreds of thousands of websites that automatically install malware on visitors’ machines. Spam often is used to drive traffic to these sites simply for the purpose of installing malware for later use, such as building botnets that can deliver more spam, or phishing attempts. Outbound email also represents a security threat. Sending an email without encryption is akin to writing and mailing a postcard with the content exposed to everyone handling the card during its journey to the recipient. Hackers and others with malicious intent can intercept email messages and read them simply by placing packet sniffers on the network. In spite of the risk, the vast majority of email messages are sent in clear text without any sort of encryption applied to protect the content of the message itself or the attachments they include. Th is, despite the fact that a large proportion of email messages contain some sort of sensitive, confidential or regulated content that should be protected from access by unauthorized parties. As businesses use email as a standard form of communication, clear text email messages can often contain information that businesses would not like to become public or fall into the wrong hands. But all too often this is exactly what happens. It is easy to rely on the auto-fi ll feature of many email clients that completes a recipient’s name when the sender types the first few letters, but this could result in the email being sent to the wrong person. Also, it is easy to email attachments and other fi les that contain sensitive information to the wrong individual, or for other users to mistakenly forward such attachments to unauthorized recipients. Further, an email can be forwarded that might contain sensitive information far down in a discussion thread, often unbeknownst to the sender who might not have read the entire message.

Integrated threats Email threats are by no means a security problem unto themselves. We are seeing substantial growth in blended threats that use email as an invitation to web-based content. For

66 www.usfst.com

Michael Osterman.indd 66

4/3/10 16:21:15

Despite competition from other quarters, email remains the biggest part of the working day

Talking on the phone: Attending meetings in-person:

12%

13% Searching the web:

23% % Working in email:

28% The key then is to protect this information using some sort of data leakage protection, encryption or content fi ltering technology that will monitor outbound communications and maintain the security of sensitive information.

The future What are the best practices that organizations should follow to maintain robust email security, as well as the security of their data and networks in general? There are a few key guidelines to consider. It is vital to maintain very robust security defenses to protect against inbound threats sent via email. Th is includes not only appropriate defenses against the rising volumes of spam, but also capabilities that are updated continually to protect against malicious payloads in email, phishing attempts and the like.

All other activities:

Traveling to/from appointments, a other ofﬁces in the company, etc.:

17%

Defenses should be integrated so that web threats can be managed as part of the entire security infrastructure. For example, a spam message that contains a link to a malicious website – one that might download a keystroke logger, for example – should be quarantined because of the nature of the website to which the spam message points. An important consideration in any security infrastructure is protection against the growing number of threats that can be delivered through web 2.0 applications. For example, tools like Twitter and Facebook are fi nding use in a growing number of organizations. While many organizations simply block (or try to block) these tools, they do offer business value and should fi nd use, where appropriate. Part of any organization’s security infrastructure must be to manage use of web 2.0 applications in a way that is consistent with corporate policies, regulatory requirements and other obligations. Outbound content must be managed as vigorously as inbound content. Th is will allow emails and other information transmitted beyond the fi rewall to be sent securely and in a way that will minimize the risk inherent in sending sensitive content to those on the outside. Many organizations overlook mobile devices as an ingress point for malware. For example, few users have any sort of anti-malware soft ware installed on their smartphones. However, given that many users employ smartphones as their primary or secondary email client and surf the web from these devices, they can represent an entry point for malware. As a result, smartphones must be part of the overall security plan for protecting against malicious content. Michael Osterman is President and founder of Osterman Research.

www.usfst.com 67

Michael Osterman.indd 67

4/3/10 16:21:17

EXECUTIVE INTERVIEW

ONLINE FRAUD GROWS UP Financial institutions worldwide are subjected on a daily basis to identity theft attacks, which have become the fastest growing white-collar crime’s in America. Bill Conner explains how ﬁnancial institutions must take a more comprehensive approach to protecting against new and innovative attacks by sophisticated criminal organizations. What are the top two challenges currently facing ﬁnancial institutions in dealing with fraud? Bill Conner. The internet offers financial institutions the promise of delivering new services at a fraction of the cost of traditional channels. This helps reduce their operating costs and significantly grow their customer base, as consumers want to go online and take advantage of them. But the challenge lies in being able to offer these services across new and sophisticated channels – for example the mobile channel – while not sacrificing security or usability. Fraud is becoming pervasive and much more sophisticated, translating into growing real dollar losses. Financial institutions are being hit non-stop with innovative attacks, such as the latest man-inthe-browser (MITB) attacks initiated via phishing attacks. Th is is leading to higher losses than ever before, for individuals and for businesses; a recent FBI study highlighted that potential losses from BILL CONNER attempted MITB and other attacks could have exceeded $100 million (October 2009). In addition to the loss of consumer confidence, brand erosion and the direct costs of online fraud, the banks are now being sued by businesses for not providing stronger protection. What are institutions doing today to combat online fraud? BC. Every fi nancial services organization that is concerned about fraud is doing something. The question of how it’s working is really found in how comprehensive the approach is and at what cost. The base level of SSL security – the padlock in the browser – is in place today protecting sensitive transactions. Most organizations also have some form of fraud

detection in place. The challenge is that it is typically a post-transaction approach, looking at things after-the-fact. Th is leaves the organization vulnerable to the latest generation of malware attacks. Given the current situation, what should organizations do to protect their users? BC. Financial institutions need to understand the complexity of today’s attacks. Organizations should look beyond solutions that address fraud on a per application basis. A more comprehensive approach is required. The modern version of fraud detection solutions offer organizations the ability to detect and defend against fraud in real time, a critical capability given how fast criminals move. Because of the new attacks, like MITB attacks, it’s critical that a fraud detection solution be able to capture and analyze all of the data, not just select points in a web site. The solution also needs to be able to rapidly adapt with the business, enabling new services, while detecting new forms of fraud – all without changing the applications. Finally, fraud detection should be implemented in combination with an integrated authentication platform – one that supports multiple authentication capabilities, providing flexibility to address a range of needs and user types. What can Entrust provide organizations? BC. Entrust delivers a complete solution for detecting, defending and adapting to online fraud. As one of the pioneers of Extended Validation (EV) Certificates, Entrust provides organizations with the ability to deploy the latest in web browser security with industry leading capabilities that make management of large scale deployments seamless. Our zero touch fraud detection solution delivers next generation capabilities for detecting and defending against the latest identity theft ploys, including MITB attacks that many of our competitors simply cannot catch without cost-prohibitive application changes or by forcing client soft ware onto the user. Rated a leader by Gartner, our fraud detection solution fits seamlessly with our proven versatile authentication platform, offering organizations one of the widest ranges of authentication capabilities on the market. In combination, Entrust provides fi nancial institutions with a complete solution to address online fraud today and adapt in the future. Bill Conner is President and Chief Executive Ofﬁcer of Entrust. With a career that spans more than 25 years across numerous high-tech industries, he is a highly experienced security and infrastructure executive. He engineered the acquisition of Entrust by private equity ﬁrm Thoma Bravo in July 2009 and immediately before joining Entrust he held various senior executive positions at Nortel Networks.

68 www.usfst.com

Entrust.indd 68

4/3/10 16:20:00

FST US11 Ads.indd Sec11:65

3/3/10 13:05:29

EXECUTIVE INTERVIEW

Data dilemma Walt Thomasson details recent changes in the options available for data backup and recovery.

As we advance technologically and things become more streamlined, how important is it to have a backup plan when it comes to a company’s data? Walt Thomasson. A backup plan is an absolute must. In fact, some industries, such as financial, healthcare and banking, are required to have a data backup plan. Companies must have a good plan to not only back up, but also restore their data. Many companies rely on tape to restore their critical data during a disaster or significant business disruption. What factors should be taken into consideration when trying to decide how you should back up your data? WT. The budget size and the amount of data to be backed up are primary concerns. For companies that need real-time access to backup data there is the option to mirror the data to an off site location. Th is is a very expensive method. Many companies rely on tape because it is inexpensive, but tape does not allow them to restore their data as quickly as needed. Some companies have turned to data vaulting services, but when you go from gigabytes to terabytes, data vaulting is not cost effective. Companies must find ways to meet budget constraints but also have a realistic approach to restoring data – many are fi nding that tape is not the answer. Companies can also identify which data is critical, necessary but not critical (near line), and what data is rarely accessed and needed for archive (off line) purposes. Th is measure can

help to reduce the amount of time and money spent on data backup and restoration. So what options do companies have to back up and restore their data, other than tape? WT. Take mirrored data off the table due to the sheer expense, and also assume that you have several terabytes of data to back up, store and restore in the event of a disaster. More and more companies are looking at Virtual Tape Library (VTL) solutions to deduplicate and then back up data. Th is provides not only a quick way to back up data but also

Previously, they could not meet their stated RTOs due to slow restoration times with tape. There are also inherent production benefits to using a VTL solution, such as local caching of data, allowing for quick retrieval of backup data fi les. What should companies consider when they look to outsource a VTL backup and recovery method? WT. Many companies look to outside vendors to handle data backup and recovery. Companies must do their homework and really look into those vendors to make sure that they not only save them money, but also minimize their risks. When choosing a vendor, companies must make sure the vendor provides an adequate facility to house the data, the ability to monitor the data, support staff services and fi nally the logistics to deliver the data when needed. Many vendors give little attention to logistics but this is the most critical. Look for a vendor who has built an in-house production, support and delivery infrastructure. These vendors do not need to rely on outside

“Researching your options will allow your company to have the benefits of a sound data backup and recovery plan” reduces the amount of bandwidth and storage space needed to transmit and keep the data. The real benefit is in the restoration of data. Since the VTL sends the data to an off site VTL, the critical data is kept in the same format, allowing for a disk-to-disk restore. Th is method has allowed companies the opportunity to not only have an efficient and cost-effective way to back up their data, it has also allowed them the ability to meet their Recovery Time Objective (RTO) as stated in their disaster recovery plan.

technicians or third party carriers to deliver your critical data. Vendors who provide other recovery services, such as workspace, typically provide the most value of services. Researching your options will allow your company to have the benefits of a sound data backup and recovery plan. Walt Thomasson serves as Managing Director for Rentsys Recovery Services, Inc. With over a decade of experience in the BCP/DR industry, he is a leading expert on mobile communications and temporary facilities for regional recovery strategies.

70 www.usfst.com

RENTSYS ED P70.indd 70

4/3/10 16:31:47

FST US11 Ads.indd Sec12:69

3/3/10 13:05:31

DAN SCHUTZER_FEB10 04/03/2010 16:18 Page 72

PCI COMPLIANCE

Compliance on the cards As PCI compliance climbs up the agenda of ﬁnancial institutions and businesses across the US, FST speaks to Dan Schutzer of the FSTC to ﬁnd out how they plan to increase security surrounding our personal data.

s various accounts of data breaches across the US become highly publicized news stories, the importance of compliance in the Payment Card Industry (PCI) has never been greater. It is however a complex subject that is forever in a state of evolution and which affects millions of businesses across the country regardless of their size or the number of transactions they carry out. From Independent Sales Organizations (ISO), retailers and banks to processors, e-commerce merchants and hosts, rarely is a business unaffected by PCI compliance. Consumers are becoming increasingly aware of the dangers associated with card payments, so it is imperative that all companies who are involved with processing, storing and transmitting personal data are able to do so in a safe and secure environment. The Financial Services Technology Consortium (FSTC) was created in 1993 by leading financial services organiza-

“There are many points along the encryption line where the data can be accessed and this leaves you vulnerable to attacks” Dan Schutzer tions with a view to helping its member to collaborate on technical and business aspects of technologies promoting rapid progress in innovations that can benefit both the marketplace and customers. Dan Schutzer is President of the FSTC and compliance is a subject that features highly on his agenda for 2010. “We’ve been working on a program for a number of years now and this is the maturity/resiliency model,” says Schutzer. This project aims to create benchmarks for continuity planning across all areas of a financial enterprise. It enables them to plan and measure their resiliency activities against a set of industry standards and establish a roadmap to improve processes. Schutzer explains that the FSTC has been looking at the different rules governing compliance and how they can be changed, but it has also been examining the PCI specs themselves. “It’s not just a matter of assessing somebody by some audit standards and performing that audit every now and then. In fact, that is indicative as to why some firms have passed, even though they have leakages,” he explains.

72 www.usfst.com

Many companies comply with the PCI Data Security Standard (DSS) and can check all the boxes. They even have the correct technology and processes in place to meet the standards, but in reality this is insufficient to provide real security for their organizations. “We’ve stressed the idea of a maturity model, which we’ve been developing with Carnegie Mellon, and the idea that a firm has to be continually vigilant and mature about how they do it. They need to measure themselves against certain goals in order to continuously improve,” says Schutzer. “And then it would be less likely that something like this would happen, because they are effectively and continuously practising it in their culture and not just at a one-time audit.” For Schutzer, merely fulfilling the standards and focusing on the bare minimum is simply not sufficient. Firms need to go above and beyond the requirements in order to achieve better protection. This is why the FSTC is also looking into other areas. “We’ve been looking at other solutions, like fundamental changes to the way data is stored and handled, and also at the payments,” says Schutzer. “We are looking at the existing solutions both here and elsewhere. So among other things we’re looking at chip and pin. We’re trying to show the pros and cons of that versus end-to-end encryption technology”. This is a particular 2010 focus for the FSTC and Schutzer is hoping that they will be able to resolve the different approaches to stemming this kind of fraud, thereby making payments in the US more secure. Another area of focus for the FSTC is biometrics, which they have been investigating with some diligence, and it looks like biometrics can not only help to reduce fraud and identity theft, but can also help provide some operational benefits. This investigation into the benefits of biometrics is something that will continue well into 2010. PCI compliance may well be vital to the security of our personal information, but it is not something that comes without difficulties for financial institutions. One reason why it represents such a challenge, according to Schutzer, is because the payment system is so wide open. “The payments industry is so fragmented amongst merchants and third-party processors and it touches many hands, so that’s another part of the problem,” he explains. And for many institutions, security often takes a back seat. Many are tempted to approach it as a checklist and ignore the fact that it should be an

DAN SCHUTZER_FEB10 04/03/2010 16:18 Page 73

The solution provider At over $4 billion in revenues, CA is the world’s largest independent IT management ongoing process. For the FSTC it is a particularly software provider. CA has worked on finance industry issues with the FSTC as an difficult issue to address due to the nature of the affiliate member for nearly four years. In particular, CA has supported the FSTC matter. “It’s never perfect because we are dealing standing committees focused on Security, Banking Technology & Operations, and with an adversarial relationship in security. It’s a Enterprise Architecture. The company also worked on numerous projects including game back and forth between the criminal eleSoftware Security/Assurance and Records Management and Compliance. ment and the payment processing establishment. Dave DeCamp, Chief Solution Architect for Global Financial Services at CA, says There’s a lot of money involved and so it’s some“The myriad of rapidly evolving security threats for financial firms, coupled with thing one has to treat more like a process,” says tight deadlines for implementation of standards such as PCI, are forcing many Schutzer. firms to rethink their overall security strategy from the bottom up, to focus on an As the PCI compliance deadline of 1 July, integrated approach to Identity/Role Mgt, Access Management, and Data Loss 2010 looms, all organizations that transmit, Prevention. By working closely with collaborative bodies such as the FSTC, CA gains process or store payment card data about indideeper insights into specific industry challenges and the impact these have on the viduals must prepare themselves. As of this date member financial institutions. It has become apparent, in light of significant they will be legally obliged to comply with PCI breaches such as Heartland (which was already PCI compliant at the time of their standards. But are these standards really suffibreach), that simply complying with existing regulations such as PCI is not enough cient? to guarantee the security of customer financial data in all scenarios. CA is working “We could always improve the standards,” closely with the member FSTC firms on integrated security solutions that will help says Schutzer. “But whether I made the standards meet compliance needs today, but provide a security platform that will also stronger or not, even if I insist that everybody enaddress future requirements, such as adoption of virtualization and cloud services”. crypt their data, it doesn’t mean that we’re still A number of FSTC tactical initiatives have been focused around pressing not vulnerable. There are many points along that regulatory compliance issues, such as financial transactions subject to PCI encryption line where the data can be accessed compliance in many of the FSTC’s member firms. and this leaves you vulnerable to attacks.” According to David Liff, VP of Marketing for CA’s Mainframe Business Unit, But as Schutzer explains, every time the bar many “large financial services companies are relying on CA Compliance Manager is raised on those specifications, the cost and for z/OS to help address escalating audit requirements like PCI DSS (Payment Card complexity is also increased, which is why people Industry Data Security Standards), which is particularly urgent for companies that are sometimes reluctant to go above and beyond conduct as much as 90 percent of their business via credit cards. In addition to the minimum requirements. providing the necessary reports for audits, the real-time monitoring capabilities of “It is expensive. That’s why you’re hearing CA Compliance Manager for z/OS help ensure a secure, reliable system with 24x7 the merchants and third-party processors crying availability.” about it all the time. And of course once you start encrypting things, it’s not going to get any less expensive. It also affects some of their processes,” explains Schutzer. the download? Most people, in Schutzer’s opinion, would download the docIn most cases, exceeding the requirement can in fact add a lot of value to ument despite the risk. the company and is not as expensive as may be perceived. Biometrics is one “That’s the kind of decision that security is up against many times. And example given by Schutzer. “In the biometrics project, what we’ve also asked that’s why we’re working hard on our projects to turn that around.” So as long is can we turn this around so that security is not just a necessary cost of doing as attitudes towards compliance and security can be changed many of the obbusiness? Can security to be viewed as a business enabler, a source of new revstacles will be removed. After all the technology already exists and it is not so enue and a way of streamlining operations?” much a question of further innovation being required. In effect, the decision that businesses have to make is whether to invest “I think the technology is out there that can improve things significantly in measures that would ensure avoidance right now, or whether to take a from where we are today,” says Schutzer. “But even if I put all that technololonger-term view and invest that money into something that would not only gy in, it might stop all fraud for a brief period of time, but there will be new reduce costs but would gain customers and revenue. threats that will emerge. So it’s a continuous process and we have to contin“That is the issue that security has. In the psychology of security we might ue to invest more. It is also important to think about how we can design sesay that one is always attempting to convince decision makers of spending curity into our processes to accomplish multiple objectives such as operational money that has a probability of loss, as opposed to spending money that has savings, increased efficiency and better user satisfaction as well as just stemsure savings right now, today,” says Schutzer. ming the security risks.” The analogy he gives at this point is one that is perhaps familiar to us all. For Schutzer the main challenge he now faces is how to measure secuWhen surfing the net, trying to get a job done, you see a document that you rity and how to discern which methods are more secure than others. A key want to download in order to complete the job. However it comes back sayconsideration is balancing the cost of new security measures against the ing that the document’s certificate has expired. The dilemma that you face at penalties that will be paid in the event of potentially avoidable breaches. It this moment is whether to download the document regardless of the securiis a fine line to walk and one that will occupy security for plenty of time to ty risk so you can finish the job or take the advice of a security risk and cancel come. n

www.usfst.com 73

ASK THE EXPERT

IDENTITY CRISIS As data breaches and cases of identity theft become increasingly prevalent, the business sector needs improved practises and technological tools to stay ahead of the threat.

BILL MORROW

he Federal Trade Commission lists identity theft as the fastest growing crime in the nation. Approximately 10 million Americans were victims of identity theft in 2008. Both consumers and businesses alike are targeted for and victims of these crimes. On the business front, one of the top security trends over the next 10 years is the prevalence of data breaches. Data breaches have now become unfortunate, daily occurrences and the numbers are staggering. Since 2005, Privacyrights.org reports 343,485,708 records containing sensitive personal information were exposed in security breaches. According to the ID Theft Resource Center (ITRC), there were 498 data security breaches reported in 2009 resulting in 222,477,043 records exposed. Considering not all breaches are reported, it’s estimated that these numbers are much greater. In 2009, the total number of records exposed was the highest of all time. ITRC’s study of 2009 breaches concludes that the largest percentage of breaches were the result of lost laptops, accidental exposure and paper breaches accounting for nearly 26 percent (an increase of 46 percent over 2008). Out of the 498 breaches, only six reported that they had either encryption or other strong security measures in place to protect exposed data. The business sector increased to 41 percent of all the publicly reported breaches and has continuously increased over the past five years. Financial and medical industries maintain the lowest percentage of breaches perhaps due to stringent regulations, although they are still at risk, as they are the biggest targets.

The cost of data breaches has increased significantly year on year, costing businesses billions in losses; they suffer legal liabilities, loss of market share, brand equity and customers with increased churn. The average cost per breach in 2008 was $6.6 million, up from $4.8 million in 2006. With 85 percent of businesses having experienced a breach – although most are not aware of it – it’s a matter of when, not if an organization will be breached. No companies are immune and many are unprepared and unaware of their existing, dormant data security risk gaps. In an effort to protect consumers and provide deterrents and consequences for businesses responsible for handling sensitive personal information, Red Flag regulations were issued by a number of federal agencies. The Red Flag rules require a fi nancial institution or creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts. Businesses that extend, renew or continue credit to consumers with ‘covered accounts’ must also comply. Covered accounts are those used for mostly personal, family or household purposes to make multiple payments or conduct transactions. The Identity Theft Prevention Program must be appropriate to the size and complexity of the business and the nature and scope of its activities, and be updated periodically to reflect changes in risks to customers and the business. The program must be able to detect, prevent and mitigate identity theft and enable a business to identify and respond to patterns, practices and activities that are red flags signalling possible identity theft . Finance and mortgage companies, banks and credit unions are among the businesses required to comply by June 1, 2010. Compliance with data privacy and security legislation appears to have a positive impact on organizations as those achieving a higher level of compliance reap a fi nancial gain as measured by the reduction in costs associated with a data breach, according to the Ponemon Institute 2009 study Cost of a Data Breach. Businesses will continue to need improved practices and technological tools to detect fraud and decrease these losses – and stay ahead of the ever-evolving threat of identity theft .

Bill Morrow, a 20-year business innovator, is the Chairman and CEO of CSIdentity, the leader in Identity Theft Protection, Voice Biometrics, ID Veriﬁcation, and Data Breach Management. He was appointed by the Governor of Texas to serve as Chairman and Board Member of the $220M Texas Emerging Technology Fund.

74 www.usfst.com

CSIdentity.indd 74

4/3/10 16:17:55

FST US11 Ads.indd Sec13:73

3/3/10 13:05:33

IDENTITY PROTECTION

YOUR IDENTITY IS IMPORTANT TO US Speaker veriﬁcation and voice biometrics present more user-friendly and secure methods of customer identiﬁcation in telephone banking. By Dan Miller

ne of the banes of phone-based commerce is the phrase, “Your call is important to us.” When calling a bank, it tends to be the last thing a customer hears from an interactive voice response system before being put on interminable hold. It would be much more reassuring – and accurate – if the bank’s phone system said, “your identity is very important to us” and then, rather than indiscriminately placing each call on hold, to treat each caller according to his or her expressed preferences, status, or other known attributes. When it comes to customer support, both businesses and technology providers repeatedly affi rm that caller experience is of paramount importance. Yet, that does not mean that they place risk management or security in a lesser role. It is important to recognize that speaker verification and voice biometrics provide a mechanism to serve these seemingly contradictory goals – highly usable, highly secure interactions. For too long a bank’s most common practice for handling inbound calls was to put even their best customers through onerous questionand-answer routines to validate their identity based on “knowledge-

based authentication.” While deemed “good enough,” it is neither customer-friendly (because it takes so long), nor particularly secure (because the information is often available through a number of physical or online sources). Instead of making the spurious claim that “your call is important to us,” leading-edge service providers, like Bell Canada, TD Waterhouse, and the National Australia Bank are showing customers in practice that identity is indeed important. These companies utilize voice biometrics and speaker verification to address both the user experience and security concerns, providing a “win-win” for customer and company alike. Both recognize that quick, accurate authentication is beneficial to the customers as well as to the business enterprise.

Strong authentication raises conﬁdence As the number of customer-facing voice verification implementations grows, enterprises and their technology providers have already learned the value of strong caller authentication. They’ve also learned that voice biometric authentication never exists in a vacuum. Low levels of confidence in a voice biometric match seldom leads to outright rejec-

76 www.usfst.com

Dan Miller.indd 76

4/3/10 16:18:18

tion of a call. Instead, they trigger routines to obtain other information based identity proofi ng can make such authentication simpler, faster that can include Caller ID or ANI (automated number identification) as and more pleasant. well as “risk profi les” based on customer records, transaction history, “last known location” and the like. Banking and insurance applications taking shape Voice biometric-based authentication can replace or augment the Identity theft – both real and imagined – has spawned a ubiquitous entry of the caller’s account number. When the captured utterance stream of marketing pitches from banks on the technology solutions that matches a stored voiceprint, the authentication serve as protection. Voice biometrics technolengine returns a high-confidence indicator ogy is among those solutions. Therefore, it was (“green light”). If there are no other concerns, expected that banks and fi nancial institutions the caller can proceed toward accomplishing the would be firstmovers in widespread deploypurpose of the call. ments of phone-based customer authentication The biggest challenge is developing expedistrategies. (Additionally, an FFIEC guideline in tious call flows for handling calls which, for any 2006 to require “multi-factor authentication” for number of reasons, might fall into one or more electronic banking figured into driving the mogray areas in user authentication. Perhaps the mentum for voice biometric installations.) risk profi le is high and the call originates from But while a great number of banks and a noisy environment. Automated, phone-based financial services organizations have privately authentication could be difficult. Businesses, and launched pilot projects, very few have matured their technology providers, must also build the into full-blown deployments. To be sure, for now business logic to govern situations where there it is still a world of isolated deployments. Still, is a strong match to the voice biometric, but the just in the last few months – and especially in risk management system calls for additional auAustralia – some financial services and insurance thentication based on other metadata (such as a organizations have finally gone public with voice Dan Miller is Senior Analyst at Opus Research. report of a lost payment card). biometric-based authentication services. He has over 25 years experience in marketing, business development and corporate strategy for Solution providers offer a considerable Additionally, as the inevitable growth of telecom service providers, computer makers and application software developers. Miller founded number of options to deal with the instances mobile banking relies on improved security Opus Research in 1985 and helped deﬁne the where other resources (such as the risk manageof mobile transactions, the market for mobile Recombinant Communications marketplace by authoring scores of reports, advisories and ment system) yield a “yellow,” or worse “red” authentication is ripe. Voice biometrics has the newsletters addressing business opportunities that reside where automated speech leverages light. Calls may originate from unknown depotential to provide inexpensive, accurate user web services, mobility and enterprise software vices, in unexpected geographic locations. The authentication. Overcoming the challenges of infrastructure. He also directed advisory services at IDC/Link, The Kelsey Group and Zelos Group. voice biometric may indicate strong confidence deploying across multiple mobile platforms, Miller received his BA from Hampshire College and an MBA from Columbia University. in the caller’s identity, but he or she may not there will be a surge of mobile applications to remember a pass-phrase or know the actual support payment authorizations and protect response to a wallet-based query. (How many of information access. us can accurately answer, “What was the exact These achievements have spurred by this amount of your last purchase at a bar or eating establishment?”) Comoften-heard phrase regarding voice biometric deployments for many panies have considerable leeway in designing call flows and agent scripts banks and financial institutions for North America: “It’s on our roadmap for these instances. for 2010.” Both for “internal” and customer-facing applications, executives A well-designed authentication routine will minimize the instances have told us that they are investigating and implementing voice biometricthat require lengthy, agent-based authentication. Experience in the based solutions not just for fraud-loss reduction, but also to improve the field is helping to establish best practices for dealing with those “caucustomer experience and raise confidence that a company is taking every tion light” situations when a caller cannot be totally rejected, nor can measure to protect the public from identity theft. “Support for voice bioa company readily allow them access them to sensitive information or metric authentication” is a standard line item on RFPs for enterprise IT, personal funds. Agents have important roles to play in establishing caller customer care and mobile communications infrastructure procurements. expectation and, in essence, training them to use the system. They may With voice biometrics quickly morphing from competitive differend up resorting to KBA (knowledge-based authentication) but they will entiator to competitive necessity, Opus Research is hosting the Voice be able to explain to the customer why they are being subjected to further Biometrics Conference 2010 (May 4-5, www.voicebiocon.com). Corpoquestioning. rate decision-makers join technology providers and integrators to hash The customer care pendulum is swinging away from a short list out the realities of today’s voice biometrics solutions both in the lab and of company-driven choices toward a widerange of customer-defi ned in the real world. Panel discussions include opportunities in customer interactions and transactions. Rapid recognition and protection of a care, mobile payments, data security, and multi-factor authentication, caller’s identity and associated information is the basis of higher qualand presentations from the banking and healthcare sector on launching ity customer care. Over the phone, deployment of voice biometriccustomer-facing deployments.

www.usfst.com 77

Dan Miller.indd 77

4/3/10 16:18:20

INDUSTRY INSIGHT

B2Bank bullishness How to compete in the new decade by streamlining connections outside your four walls.

DOUG KERN

hile the new decade’s outlook is still fuzzy and gloomy, one thing is crystal clear: the basis for banking competition has changed and the status quo won’t work. So how do banks succeed in this new environment? For many, the answer is in improving their B2Bank supply chain and simplifying the framework for electronic connections outside their four walls with customers and partners. While many industries around the globe were hit hard in 2009, the impact is much deeper for banks. Sure, banking’s basic purpose has remained the same – to provide a safe haven for investing, lending and credit. But banks face a trio of issues – company consolidation, rising compliance mandates and degraded customer trust – that require new strategies.

Consolidation Since 2007, consolidation has swept across fi nancial service providers. Many standalone banks have disappeared, some have reassembled under new names and some remain afloat. Six of the top 20 global banks are new since 2007. And the shift to Asia power-players is significant: three of the top four global banks are now Chinese and nine of the top 20 banks are in Asia-Pacific. In the US JPMorgan Chase took over Washington Mutual (WaMu) and in the UK Lloyds acquired HBOS. While these scenarios often create fiscally stronger entities, they also place a significant burden at the feet of technology teams who must weave together the new data connections. And since data and transactions are a

bank’s supply chain, these underlying B2Bank networks are key to a bank’s service delivery, cost structure and competitiveness.

Compliance As the policy pendulum continues its swing from a laissez-faire approach to more government control, many banks are feeling the impact of new compliance rules. For IT teams, these compliance mandates translate into the need for more data transparency, governance over fi le transfers and automated audit trails. Broader compliance requirements are likely to continue, with many forecasting more of a transparent, utility-style relationship between fi nancial providers and governments, similar to water and electricity utilities.

Crisis of conﬁdence Most banks will likely feel a one-two punch relating to growth, forcing them to reinvent how they deliver and differentiate services. The fi rst punch was the fundamental

drop in demand and liquidity during 20082009. The second hit to growth, and perhaps longer lasting, resulted from the decline in public trust in fi nancial institutions due to the magnitude of the fi nancial meltdown and aggravated by the perception of extravagant executive bonuses. Th is notion of ‘animal

“Broader compliance requirements are likely to continue, with many forecasting more of a transparent, utility-style relationship between financial providers and governments”

spirits’, a name given by John Maynard Keynes in the 1930s, is back in vogue today, reflecting the sense of trust and confidence we have in the economic system, and our willingness to invest, hire and spend. Doug Kern is Director of Marketing at Inovis, a provider of B2B integration software and services for banks, manufacturers and retailers.

Three imperatives for B2Bank connectivity On the bright side, consolidation, compliance mandates and declining public trust create enormous opportunities for banks. 1) Accelerate partner provisioning: Become experts at quickly setting up, changing and certifying the electronic connections with customers, partners and divisions. Shortening onboarding times from months to weeks to days saves staff time and accelerates revenue for fee-based services since data gets ﬂowing faster. 2) Automate data transparency: Providing clear, audit-friendly visibility into ﬁle transfers as they move inside and outside the organization are must-have capabilities to meet compliance mandates. But this transparency is also a strategic weapon for delivering compelling customer services and improving customer loyalty when combined with dashboards, portals and reports. 3) Turn to cloud-based cost savings: The ‘do-more-with-less’ mantra will persist well into the new decade. Many IT groups are taking advantage of cloud integration platforms as a low cost way to quickly integrate legacy systems and deal with the challenges of bank consolidation and compliance mandates.

78 www.usfst.com

INOVIS ED P78.indd 78

5/3/10 11:04:12

FST US11 Ads.indd Sec16:75

3/3/10 13:05:34

MOBILE BANKING

In light of the recent global recession, consumers have sought to take far greater control over the way they manage their money. FST spoke to Steve Townend, CEO of of MoBank, a new fully mobile ﬁnancial services company in the UK, about the potential for mobile banking.

t has been two-and-a-half years since Wells Fargo and Bank of America triggered the mobile banking movement in the US and according to research conducted by market intelligence company ABI Research, mobile fi nancial services are very likely to become the ‘next big thing’ that will attract many millions of consumers. The global number of subscribers more than doubled between 2008 and 2009, and is expected to almost double again in 2010. The latest forecasts from ABI Research indicate that in 2015 about 407 million people worldwide will carry out fi nancial transactions with their banks using their mobile phones. Of those, some 66 million will be in North America. When it comes to mobile banking, Bank of America has certainly been a leader. Back in May 2007 it launched its mobile banking services and by June 2008 it had already gained over a million mobile banking customers. But Wells Fargo recently became the first major financial services company in the United States to offer text banking to all its customers.

Ma n mo agin ney g the on m

ove

Banking by cell phone is certainly growing in popularity but banks will need to further develop their mobile applications in order to engage and retain customers that are part of the so-called ‘Generation Y’ or the ‘Millennial Generation’ – young adults, 18- to 25-year-olds who grew up with computers and do everything from their phones. However, the next innovation in mobile banking technology may be just around the corner, or just across the pond. MoBank, a UK-based company, has just launched the fi rst fully mobile fi nancial services company in Europe. The comprehensive mobile banking service combines the functions of bill payment services, mobile banking applications and account aggregators, all into a one-stop-shop that is currently available on the iPhone, iPod touch or Palm Pre. The reason MoBank has created such a furore is because it is the fi rst payment servicing company that has been created specifically for mobile devices. And because of this it is able to offer a much broader range of services, not all of which are directly related to banking. For example, users of MoBank can buy tickets for the cinema or their favorite gigs using their cell phone; they can also order fast food; or order, pay for and send gifts; or even book travel tickets or buy travel insurance. Steve Townend is MoBank’s CEO and he has some loft y aspirations for his latest venture including bringing it stateside. “We’re already incorporated in the States and although we haven’t invested there yet, there is a pull for us to go there,” says Townend. “We want to get it right in the UK fi rst, but actually it’s very transportable, particularly with the iPhone. You could use it in the States now if we allowed it.” This is the plan eventually, and not just in the States. Townend admits that he has plans to roll MoBank out on a larger scale, although he says that his initial intention was to only expand to English-speaking countries. This is something that he has since reconsidered however, after having received calls from as far afield as Hong Kong, asking if it can be licensed in China. Townend originally declined such offers but when inquirers pointed out to him that in the near future there could potentially be more English speakers in China than in the States he wisely decided that China may be a market that MoBank will consider exploring. One of the main advantages of MoBank that will help to facilitate its global expansion is the fact that it is relatively universal. “I think one of our greatest assets, in terms of competitive edge, is the ubiquity. We’re not tied to anybody so whether you bank with Lloyd’s or HSBC it doesn’t matter to us,” explains Townend. “We don’t mind what mobile telephone company you’re with. We don’t care what bank you’re with. And in some respects, we don’t mind what platform you’re on,” he says nonchalantly. In fact, MoBank only operates on the iPhone, iPod touch andPalm Pre platforms at the moment, but Townend stresses that if he had the funding required – an amount he puts at about £15 million – MoBank would be available on all platforms. However, developing the technology

80 www.usfst.com

SteveTownend.indd Sec1:80

4/3/10 16:21:02

to make this a reality is not cheap. Townend estimates that it costs about £30,000 and takes about six weeks to put MoBank on a new platform. Despite ed was introduc this, he does have plans to go for Android – Google’s mobile banking e nc si s y ar ud ye st rtook a 2009, two mobile operating system – as many of the new smart es earch unde R I In S eptember AB at ts iness States, analys phones are using this platform now. e us er-friendl in the United a focus on th h it w , ing ss nk re prog But one thing Townend is adamant about is the a mobile ba to assess it s rm published ﬁ he T and r. fe ty fact that MoBank will only ever be available on smart s on of scoverabili of the service nks on the di ba 29 ed ss phones. “To be frank, it doesn’t look good on anywhich asse s. report card, nking service thing that’s not a smart phone,” he says. After all the their mobile ba of ty ili ib ss acce effort that MoBank has invested in the interface, this iss s: not surprising. “Our expertise has always been on thee ere as follow ird Bank, The result s w customer interface. We make the experience as good as k, Fifth Th n a B n r te : BB&T, Eas any experience you would get on the internet.” Exceptional ells Fargo k, USAA , W n a B Th is interface obviously helps to differentiate te st ea North MoBank from other forms of mobile banking, many of a, C h as e which are still using SMS as the main form of transacack of A meric Good: Ban y er V his. tion. But Townend always aimed to go beyond this. ng, “What we want to be known for is integrating, deploying, ton Bank Bank, Hunting US , ne O making relevant and designing technology for our cusal it Good: Cap C, ause tomer base,” he says. “We’ve had to invent things because itibank, PN rp South, C co n a B they didn’t exist, but generally it’s about integration and , st erica Fir Average: A m y.” that’s where we concentrate our effort and technology.” Wachovia ticed Whilst integration is something that may go unnoticed C Bank, 1st Bank, IB , st ir F gn of by all but the most trained eyes, relevance and the design a in e: Carol t, Synovus Below Averag us, as technology for the customer base is blindingly obvious, ns, SunTrus io eg R k, n a B Mercantile re relMoBank leads the way in mobile applications that are is was evant to Generation Y. “One of the reasons we did this t Bank T, Providen n after because we thought that the youngsters – anyone born Failing: M& ank d come 1980 – are profoundly different to any group that had HSBC, KeyB k, Comerica, an B s en ith one before them, especially in the way that they interact with iz it ng: C nking offeri own up another and the way that they use media. They’ve grown No mobile ba

R EPORT C A

A B+ B C D F

with the technology and they are confident with it. also use Google AdWords. We do as many viral things as “Another thing is, they actually adopt before they research so they give you a chance, whereas some of the older we possibly can.” generation probably wouldn’t do that,” explains Townend. He believes One thing that proved a big success was when MoBank was on that iPhone defi nes this segment quite well, as most of the iPhone as a featured app. It was downloaded 20,000 times and those who have adopted it are 20-35 year olds. MoBank didn’t pay a penny for that. But Townend realizes that But he points out that their research has using viral as a sole means of promotion can only go so far also shown that there is another segment that before it reaches saturation point and he will have to start In 2015 about 407 has become part of their target market. He spending money on branding and advertising to raise million people calls this segment “BlackBerry Dads” and both awareness of and the profi le of MoBank. worldwide will defi nes them as users who like to get evTownend himself admits that awareness is one of carry out financial erything done on the train or on the go as the main challenges that MoBank faces at the moment. transactions with they resent going home and having to log With no links to major UK or international banks, their banks using on to a computer to get their internet bankMoBank doesn’t have an already established reputation their mobile phones ing done. and will need to work hard to gain people’s confidence, With this target market in mind, Townend especially with regard to security. But Townend is adamant has also adopted a relevant way of marketing that MoBank is totally secure as no important information is MoBank, which has involved very little, if any, spendheld on the phone itself and everything is encrypted. ing on branding and advertising. “Viral is a new marketing Another challenge that Townend expects to come up against in the tool so we are experimenting with that,” he says. “We use Twitter, Facenear future is compliance. Currently, as a small business, MoBank is book, YouTube, and all those sorts of things that are cheap and free. We able to self-regulate, but as it continues to grow it will have to be PCI

www.usfst.com 81

SteveTownend.indd Sec1:81

4/3/10 16:21:04

compliant and Townend assures us that this is something he takes very seriously. And there is no reason why MoBank shouldn’t continue to gain in popularity, especially if the trend toward mobile banking in general is anything to go by. Even the recession hasn’t managed to dampen its popularity. In fact, the opposite may be true. As people are feeling the pinch of the economic downturn they are increasingly looking to micro-manage their money and MoBank provides the perfect means to enable this. “People are wanting to control their money more now than they ever have. And the way we see it is that MoBank is almost like a digital checkbook, only much more clever,” says Townend. “You can fi nd out what your balance is, what you spent and what you’ve got left , but you can also buy stuff with the phone. But in addition to doing that we allow you to transfer money dynamically between accounts and pay bills. You’ll eventually be able to pay person-to-person. What we want to do is enable you to manage your money like a balance sheet,” he explains. Mobile banking is therefore more about managing money than actually spending it although as the technology develops further, shopping is something that will be made infi nitely more simple. Townend is al-

ready planning to integrate Near Field Communication chips into smart phones turning them into virtual payment cards so that shoppers will merely have to wave their cell phones over a reader to make payment. According to figures released by ABI Research, mobile online shopping in the United States rose from $396 million in 2008 to $1.2 billion in 2009. Furthermore, in 2015, shoppers around the world are expected to spend about $119 billion on goods and services purchased via mobile phones. That number represents about 8% of the total ecommerce market. So there is obviously huge potential for mobile banking in the future and Townend is hoping to cash in on this with MoBank. “The opportunity is massive, but there are risks as well. Nobody is really transacting on the phone yet. It’s all new. It’s all invention. But the intellectual capital we’re building up because we are new into this is massive. It’s all about risks and rewards,” he says. The biggest reward for Townend on a personal level though will be if he manages to disrupt the market with MoBank. “I want to change the way people think about banks and what banks can do. It’s not about retiring with millions in the bank, it’s more about leaving a mark. And I want to leave a legacy,” he says. “So I’ve got a fair few aspirations and then I’d like to move on and maybe start again on something else.”

“We’ve had to invent things because they didn’t exist, but generally it’s about integration and that’s where we concentrate our effort and technology”

82 www.usfst.com

SteveTownend.indd Sec1:82

4/3/10 16:21:04

FST US11 Ads.indd Sec17:79

3/3/10 13:05:36

ASK THE EXPERT

Opportunity knocks Dan Schatt and Mark Moore explain how the emergence of mobile personal payments offers a great opportunity for ﬁnancial institutions to increase customer retention, generate new revenue streams and increase the visibility of their brand.

he popularity of smart phones has helped usher in the mobile personal payments era, creating a compelling market for financial institutions. Research and advisory services fi rm TowerGroup forecasts the mobile personal payments opportunity to be $137 billion, or 2.4 percent of the $5.6 trillion in annual U.S. consumer spending. Included in this projection are opportunities for banks to capture unbanked consumers, who represent 11 percent of the US population, global remittances and casual sales from both banked consumers and businesses, including casual cash spending by banked individuals, representing 12 percent of all consumer spending today. There are numerous practical uses for mobile personal payments services in everyday life, including purchases at garage sales or on the internet, charitable donations, spending on food or splitting the tab at a restaurant, sending money to children in college, and settling personal loans, as well as paying for personal services such as school dues, child care, babysitting, lawn care, home repairs, household cleaning or personal training. Today, cash and checks are the dominant payment mechanisms for these types of casual purchases but the door is wide open for fi nancial institutions to deliver the right mobile personal payments service to make strong inroads. While several models are emerging, one approach quickly gaining interest among banks is aimed at simplifying the sender and receiver sides of the equation. In the past, complex enrollment processes and difficulties accessing funds undermined the promise of mobile personal payments. A new service launched in November 2009 by S1 and PayPal provides easy, fast and secure payments sent directly from a bank account to PayPal users around the world using any

mobile device – and requires no enrollment by the sender, who merely has to type in the recipient’s email address or mobile number before funds are transferred in real-time to the receiver’s PayPal account. PayPal has the largest personal payments community in the world, with more than 81 million active regis-

Financial institutions can also use robust entitlements capabilities to tailor services and pricing of both their online and mobile offerings down to the per item level. As a result, fi nancial institutions have the flexibility to decide how they want to deliver the mobile service – as part of a value-added service bun-

“Research and advisory services firm TowerGroup forecasts the mobile personal payments opportunity to be $137 billion, or 2.4 percent of the $5.6 trillion in annual US consumer spending” tered accounts in 190 countries and markets. However, if the receiver does not have a PayPal account, he can set one up in a few easy steps – upon which the payment is immediately released. The sender has full insight into the payment’s status, including whether or not the money was claimed by the receiver. The new service, which is expected to be available in the fi rst half of 2010, combines the S1 Mobile solution and Realtime Framework with PayPal’s Adaptive Payments API. Mercantile Bank of Michigan, an S1 Online Banking and Mobile customer as well as a PayPal customer, will be the fi rst fi nancial institution to go live with the service later this year. For Mercantile, the mobile channel is increasingly important to the bank’s focus on increasing customer retention. “We see tremendous value for our customers in expanding our mobile banking functionality to include person-to-person payments,” affi rmed Mercantile CIO and Senior Vice President John Schulte.

dled with online banking, as part of a hybrid offering that blends a monthly subscription fee with per transaction pricing, or in a purely à la carte fashion. Th is level of flexibility opens up the potential for institutions to cultivate revenue opportunities from the emerging mobile channel. Finally, mobile personal payments services can also open up branding opportunities for fi nancial institutions who can leverage text messages by embedding web links to bank-branded HTML payment confi rmation messages that cross-sell other banking products. In addition, banks have an opportunity to become visible to the millions of PayPal consumers who check-out using PayPal with a bank payment instrument. Dan Schatt heads Financial Innovations for PayPal and is responsible for deﬁning the business and product strategy for PayPal’s initiatives with ﬁnancial partners. Prior to PayPal, Dan was an industry analyst with Celent, served as GM of Yodlee’s data services group and worked as an investment banker for Salomon Smith Barney. For more information, see www.S1.com/mobilepayments or call us at 866-355-6695

84 www.usfst.com

S1 ATE.indd 84

4/3/10 16:20:08

FST US11 Ads.indd Sec18:81

3/3/10 13:05:38

MOBILE PAYMENTS

Does the solution to unleashing the potential of mobile payments lie in developing a new infrastructure or in the integration of distributed components of the mobile ecosystem? By Ilieva Ageenko

he four billion mobile handsets in use around the world represent not only a technological change, but also a social revolution in the way they are changing how billions of people communicate and interact. In several areas of the world, the mobile device has become not just the preferred method of communication, but also a major medium for conducting commerce and making payments for goods and services. To this point, however, mobile innovation has largely been driven by countries like Japan and India, and the US consumer market has not yet embraced this new model beyond the ‘test-and-trial’ stage. One reason why America has been lagging is that, unlike many other markets where mobile payment deployments led the way to the widespread adoption of the mobile fi nancial channel, in the US the introduction of mobile fi nancial services started with banks focusing their mobile banking efforts on their existing online customers. While the idea is to tap into the already savvy internet customer base as the initial adopters of mobile services, hinging the adoption of mobile fi nancial services to internet banking penetration has become one of the limiting factors for a widespread adoption of mobile banking and could influence the way mobile payment services will be developed and deployed in the market. A second, and perhaps more significant, reason for the delay has been the complexity of the overall mobile payments landscape. No other country in the world has as many telecommunications companies, banks/payments processors, and other players (like PayPal Mobile, which mitigates some of the demand for such services) as the United States. The sheer number of entities involved makes it difficult to develop the same sort of concerted effort as has happened in some other countries where the ‘mobile ecosystem’ is less chaotic. Moreover, the lack of uniformity across the different carriers, platforms, and devices makes a standard solution exceedingly difficult to create. Not only does the solution have to work on the numerous different makes and models of cellular devices, it also has to be supported by the various telecommunication networks. A solution that works on a Nokia might not work on a BlackBerry, and a payment system supported by AT&T might

not be supported by Verizon. The difficulty of developing a standardized payment solution has played a large part in why many of the mobile banking attempts have failed to make it out of the trial stages. However, recent technological advancements have nullified many of the previous stumbling blocks for mobile payments. The emergence of the smartphone into the mainstream has revitalized the prospect of mobile payments. Apple’s immensely popular iPhone, for example, offers an easy-to-use payment mechanism by allowing users to purchase songs, applications (apps), and other media directly from iTunes with the click of a button. The formula seems to work, as sales from the iTunes store are already nearing $1 billion per quarter, and are expected to continue to rise significantly.

86 www.usfst.com

LiveaAgeenko.indd 86

4/3/10 16:33:11

Apple has managed to succeed where others have failed by offering relatively low-cost products via a channel that many users are familiar and comfortable with (iTunes). The broader effect of the success of Apple’s mobile efforts has been a shift in the way customers view mobile payments. According to a recent survey done by Harris Interactive, more than 45 percent of respondents were ‘very comfortable’ with mobile transactions – a dramatic change from 2007, when 65 percent of users reported being ‘very concerned’ with the safety and security of the platform. Google’s Android mobile operating system is another substantial development in mobile technology. As the number of Android handsets continues to grow exponentially, it promises to provide much-needed standardization to the numerous mobile manufacturers. Instead of creating a new infrastructure and hence another silo in the payment industry, Google’s Android (along with Apple and the iPhone/iTunes) is tapping into the existing payment distribution models and targeting the customer base of Google Checkout. Amazon and Paypal are also offering solutions designed around leveraging their significant online payment presence. In addition to its current iPhone application, Amazon announced an expansion of its mobile payments offering with new applications as well as mobile compatibility for a broader array of supported websites. Paypal is offering its own mobile application, called PayPalX, which is compatible with the companies’ 45,000 online merchants. Both e-retailers are focused on allowing users to purchase goods through their existing memberships with a few very simple steps, similar to Apple’s process with iTunes. In addition to the tech giants, e-retailers and swarms of mobile payment startups, we’re also beginning to see big players from other

industries stepping into the ring and developing partnerships. Visa has teamed up with Google and Nokia to allow Android users as well as those with a Nokia 6112 handset to access funds and transfer them to a recipients account. T-Mobile worked hard to integrate Android into customers billing before the holidays, allowing purchases made through the phone to be added to the carrier’s monthly statement. There has also been activity from American companies in other countries, representing at least a greater attentiveness to the emerging mobile payments industry by domestic players. Mastercard just announced a partnership with RIM and the Bank of Montreal to allow contactless point-of-sale payments from chips stored on the back of certain Blackberry devices. American Express also recently unveiled a partnership with the Chinese bank ICBC and leading mobile payments provider for the region, UMPay. According to the press release, the deal would allow cardholders to link their accounts to their telephone number, select merchants accepting mobile payments from their mobile phone, and authorize their payments on the spot. In the same way that Paypal and Amazon are leveraging their online presence with regard to mobile payments, Mastercard and Visa seem to be capitalizing on their broad credit card infrastructure to allow mobile payments at traditional ‘bricks and mortar’ merchants. For the most part, major US banks remain on the outside looking in. One might wonder how long this will be the case, however, considering the expected growth and revenue opportunities within the channel. Apple, Amazon, and Paypal’s mobile payment services all come with fees ranging from 30 percent (for Apple) to 0.75 percent (for the least expensive of PayPal’s services). Celent predicts that the mobile payments market could reach up to $5 billion in revenue in the States alone. Banks not only have a pure fi nancial incentive to get involved, but a demographic one as well. The emergence of Generation Y into the workforce is likely to also substantially impact banks mobile strategy, particularly since recent surveys have suggested that as much as 40 percent of this demographic will choose their bank based upon the mobile fi nancial services offered. Th is is the generation that grew up with mobile devices, and the bank that offers cutting edge services and convenience will likely reap the benefits of attracting this age group. As traditionally happens with new technologies, there are still plenty of questions left unanswered. Will the key to mobile payments be streamlining the online experience, or enabling convenient point-of-sale purchases? Will banks’ vision for a mobile wallet remain a distant vision, or an approaching reality? Will third parties fi nd a way to replace the traditional payment model, or will it simply be a matter of streamlining what currently exists? The answers to these and many other questions will shape the way mobile payments impacts the status quo in the coming months and years, but one thing remains certain: when it comes to the convergence of trends and technology, it pays to think ahead.

“In several areas of the world, the mobile device has become not just the preferred method of communication, but also a major medium for conducting commerce and making payments for goods and services”

Going mobile Key trends impacting mobile payments include: Alternative Payment Models Mobile Apps with mash-ups that integrate payment capabilities with location-based advertising and customer analytics Mobilizing Payments • Bill Pay & Invoicing • P2P Money Movement • POS payments with contactless technology • Micropayments

Ilieva Ageenko is SVP, eCommerce Channel Executive at Bank of America.

www.usfst.com 87

LiveaAgeenko.indd 87

4/3/10 16:17:40

INDUSTRY INSIGHT

Banking on SMS Andrew Dark, CEO of mBlox, looks at how the ﬁnancial sector can leverage a tried and tested technology for improved customer services.

he fi nancial sector is usually cautious about the technologies they offer, historically preferring tried and tested solutions over leading edge services. However, when it comes to the area of mobile services, financial institutions are moving ahead with innovations at a fast rate. Banks in particular have realized the massive potential provided by mobile phones for reaching their customers and they are looking to exploit it. Not surprisingly, fi nancial institutions are increasingly looking to the iPhone and other touch-screen-based handsets in order to deliver mobile services to their customers. Drawn by the success of online banking, fi nancial institutions want to replicate the approach on the touch-screen format. However, they are often doing this at the cost of an equally important mobile application – SMS.

is expected to have risen to 1.3 trillion messages by the close of 2009. The success of this technology is down to its simplicity, ubiquity and usability – three reasons why the banking sector should be looking to utilize the technology for fi nancial services. Mobile is the communications channel of choice in the US, where penetration stands at 87 percent compared to only 31 percent for broadband computer connections. It is clear that banks should be looking to exploit this technology as a key component of their mobile strategy – they can connect with a much wider audience than the iPhone and all the other smart phones combined. Moreover, the introduction of mobile banking and SMS alerts has also been shown to increase the ‘stickiness’ of customers to banks, with one fi nancial sector client reporting a five percent increase in retention.

“SMS is the driver for interactivity in mobile banking and it can engage customers with online tools and a host of other self-service options and new products. SMS is the foundation stone for all forms of mobile banking” SMS is one of the oldest mobile applications on the market – second only to voice. And according to Nielson Mobile, SMS is now more popular than voice, with Americans sending and receiving more text messages than phone calls. In the US, one of the slower global regions to catch the SMS messaging bug, 1 trillion messages were sent in 2008 and this

Beyond the reach advantage, another benefit of SMS over iPhone or other smart phone applications is that the flow of information operates on a two-way basis more easily. Applications are very adept at specific tasks and users can do a multitude of things – but the user often has to proactively log on to the application for the service they require.

Fraud prevention is one application of text messaging that illustrates the interactivity and simplicity of a mobile alert. If a bank suspects a fraudulent transaction, a real-time message can be sent to the card-holder’s phone to validate the transaction, allowing the customer to respond only moments after the transaction has occurred, if there is an issue. The interactive element of SMS communication also helps fi nancial institutions improve their payments and collections processes. Customers can instantly authorize payment with a few simple keystrokes on the phone, whenever and wherever they receive the text message. Analysis from one mBlox client found that 26 percent of customers paid their bill within 30 minutes and only 12 percent took longer than one week to pay. SMS has also become similarly effective as a collections tool. New Free To End User (FTEU) services have recently been launched in the US that allow the cost of the text message to be assumed by the fi nancial institution or the debt collection agency, so that the mobile operator charges do not fall on the consumer. SMS is the driver for interactivity in mobile banking and it can engage customers with online tools and a host of other selfservice options and new products. SMS is the foundation stone for all forms of mobile banking. Reaching a far greater audience than other technologies, SMS is often easier to use and easier to deploy than other systems and it enables other banking services. As banks clamour to rollout iPhone-style applications, they must take great care not to overlook this technology and the benefits it will provide them and their customers. Andrew Dark is currently the Chief Executive Ofﬁcer at mBlox Inc., the world’s largest mobile transaction network. Dark has been supplying solutions to the retail and payments industries for over 20 years.

88 www.usfst.com

mBlox_indins.indd 88

4/3/10 16:17:57

FST US11 Ads.indd Sec19:85

3/3/10 13:05:39

MOBILE PAYMENTS

Out of touch? Are contactless payments really the Holy Grail that the banking industry believes? By Red Gillen

or years, the use of mobile NFC (near field communication) contactless payments has been touted as one of the most promising mobile technologies for the banking industry. In fact, many banks have built their entire mobile banking strategies on the assumption that mobile NFC would fi nally lead to the ‘monetization’ of mobile banking. Th is assumption has been shaped by the view that mobile NFC technology contains the ability to allow ‘virtual’ payment cards within mobile handsets to be used for payments at ‘brick-and-mortar’ merchants. As a result, banks would gain incremental interchange revenue through such mobile NFC-enabled virtual cards. Unfortunately, a number of business model issues have prevented industry players (mobile carriers, banks, payment brands, merchants, handset and chip manufacturers) from achieving mobile NFC critical mass. Many of these issues are tied to these players’ hesitancies about the uncertainties of mobile NFC adoption rates. Mobile carriers and merchants do not want to make infrastructure investments until there is proven demand. Banks do not want to issue virtual cards until the infrastructure is in place. In other words, a classic payments chicken and egg scenario has stagnated mobile NFC rollout. Much has been written about the tension among these mobile NFC ecosystem players, especially their inability to come up with a cost-sharing model to cover the incremental expenses (e.g., NFC chips, secure data storage, over-the-air downloads of virtual payment cards). This in turn has led to anemic growth of mobile NFC payments. In fact, despite the number of mobile NFC payment initiatives around the world, no ‘open-loop’ (i.e., Amex, Discover, MasterCard, Visa-branded) solution has made it from pilot stage to full rollout. Not that the various mobile NFC ecosystem players aren’t doing their best to promote this technology. In doing so, they make the following arguments: Mobile NFC payments are fast and convenient. Compared to the status quo (plastic cards), this is absolutely true. However, this begs the question; is the status quo all that bad? Because of this speed and convenience, mobile NFC enables ‘top of wallet’ positioning for a participating bank’s card. A card’s ‘wallet position’ is less fluid than one would think – debit, credit or prepaid cards reflect the fact that checking accounts are for monthly budget purposes, savings accounts are for larger, infrequent purchases, a line of credit is for large-ticket, emergency transactions and business checking accounts are for business payments. A mobile NFC form factor would not disrupt this logic.

Consumers carry their mobile phones more than their wallets, thus mobile NFC virtual cards are more useful than plastic cards. The fact that consumers always have mobile phones nearby may be true, but consumers aren’t going to give up their wallets anytime soon. Wallets contain important contents other than payment cards; for example drivers’ licenses/IDs, healthcare cards, membership cards, loyalty cards. Mobile informational services (balance look-up, mobile promotions, transaction history, alerts) will increase mobile NFC payment volume and reduce fraud. Mobile informational services are indeed very useful. However, there is no need to tie them to a mobile NFC-enabled ‘soft card’. These same services work quite nicely with plastic cards too, and already do – Visa itself demonstrated this in trials with Chase in the greater Phoenix area. If financial institutions don’t offer mobile NFC, somebody else will. This argument is actually rather valid. As has been seen in Japan (with the Suica payment system) and in Hong Kong (with the Octopus payment system), NFC technology has enabled public transit operators to expand their proprietary payment systems into the non-transit sectors. Mobile NFC will reduce fraud. This is a valid argument, but technically not directly due to NFC. This is because fraud reduction is not gained from NFC per se, but from the security measures established for EMVcompliant chips (EMV chips store virtual payment card data, NFC chips share card data between the EMV chip and contactless readers).

90 www.usfst.com

RedGillen.indd 90

4/3/10 16:19:30

US$ billions

Incremental debit card spend

Cash Displacement Rate

The above arguments pale in comFigure 1 $800 $624 parison to the most significant point in $700 favor of mobile NFC – it has the ability to $600 displace cash. Simply put, the use of a NFC payment-enabled mobile phone makes the $500 most sense for high-frequency, low-value $400 transactions – the kind of transactions $300 where cash is used today. Research points $120 $200 to the attractiveness of mobile NFC payments at very specific, cash-heavy merchant $100 $120 $9 $1 $11 $7 $88 segments, consistently identified as public $ $8 $1 $7 $2 transit, quick service restaurants (QSRs), Public Transit QSR Convenience Parking Newslands Vending Macchines convenience stores, newsstands and kiosks, Cash spend Total spend vending machines and parking garages. For banks, the natural subject of interest is the amount of incremental payment volume that is “in play” should the banks Figure 2 $600.00 120% offer mobile NFC. In other words, what $502.22 $500.00 100% is the merchant segments’ (cash) payment volume that has not yet been captured $400.00 80% by plastic cards? In fact, for nearly every $251.11 $300.00 60% player in the mobile NFC payment space, this remains one of the largest unanswered $200.00 40% $100.44 questions. $50.22 $100.00 20% $25.11 Although these target segments are laden with cash payments, a number of con$ 0% siderations pare down the cash displacement potential of mobile NFC. Public transit will Target industry cash displacement rate incremental spend per debit take an exceptionally long time to materialize (due to the role of government), and many transit systems have already implemented ment brand switch fee, a $5 average transaction size and 30 transactions proprietary NFC solutions. About 70 percent of convenience stores’ sales per year, this lift equates to $3.29 in incremental revenue per debit card in the US come from fuel purchases, which are already marked by heavy account. card usage. At least half of the parking market comes from monthly perNaturally, there are NFC-related costs to consider. Assuming that mits, which aren’t typically paid via cash. Newsstands/kiosks and vending banks won’t underwrite the cost of NFC chips – a safe assumption – these machines are not really major markets. additional costs mainly include fees charged by technology vendors to So where does this leave us in terms of mobile NFC’s ability to displace download virtual payment cards onto customers’ mobile phones, as well cash in these target segments? Celent estimates that in the US, the potenas customer service costs. Together, these amount to about $1.43. Subtract tial is about $225 billion. this from the incremental revenue number and voilà, the bank makes an In other words, $225 billion is mobile NFC’s cash 100 percent disadditional income of $1.86. placement ‘universe’. Surely, 100 percent is an unreasonable expectation, Of course, this $1.86 figure will differ by bank. However, it is direcbut what displacement rate would be considered realistic? 50 percent? tionally meaningful, especially in guiding financial institutions’ decisions 25 percent? 10 percent? The figure above shows what cash displacement vis-à-vis mobile NFC. It simply means that on average, banks stand to would look like from a US perspective, expressed in sales lift per debit card make little incremental income above and beyond that of plastic cards. account. For example, a 50 percent cash displacement rate would translate This is due to the fact that payment brands and banks have done an excelto roughly $251 in lift per debit card account, per year. lent job of growing plastic card usage, and there is increasingly less cash to No one knows what the true cash displacement rate will be, and likely be realistically displaced. There is no doubt that mobile NFC represents it will take years to find out. Based on anecdotal data and for the pura fascinating technology that will enthrall consumers and make money poses of this article, Celent is assuming a 30 percent cash displacement rate for industry vendors. As such, banks would be advised to adjust their would be reasonable within a few years of mobile NFC reaching critical expectations of mobile NFC – it may largely end up being a technological mass. Put another way, this would be a $151 in sales lift per debit card. enhancement for customer retention, not a long-sought pot of gold at the Realistically $151 certainly isn’t a lot of money to a bank. Assuming end of the mobile rainbow. Visa’s small-ticket interchange rate (1.55 percent plus $0.04) less the payRed Gillen is a Senior Analyst at Celent

www.usfst.com 91

RedGillen.indd 91

4/3/10 16:19:31

INNOVATION

The ﬁnancial crisis has forced international banks to learn some painful lessons and re-evaluate the way they operate, but it has also presented an invaluable opportunity to introduce a new era of technological innovation, says Citigroup’s Chief Innovation Ofﬁcer Gary Greenwald.

92 www.usfst.com

Gary Greenwald.indd 92

4/3/10 16:16:15

enturies of economic turbulence show that avoiding financial crises altogether is not possible. Given that economic downturns are a reality that we have to face up to, the important question would appear to be not so much how we avoid them but how we can minimize the impact and use them as a catalyst for change. Citigroup was the hardest hit of the big US banks during the credit crisis and recession and reported a $7.77 billion fourth-quarter loss due to failed loans and the costs of repaying $20 billion in government bailout money. There was a time when Citigroup was the most successful financial institution in America, but as they say, the bigger they are the harder they fall. And after such a spectacular tumble it’s hard to imagine Citigroup being able to view the situation with any amount of optimism. But for Gary Greenwald, Citigroup’s Chief Innovation Officer, the challenges that the crisis brought with it have provided an opportunity for the company to concentrate on improving its practices through technological innovation. For one thing, the crisis has certainly changed the way that banks use technology to drive business. “I think last year and the crisis we’ve faced has brought to the surface some inherent challenges around how technology is impacting or has impacted our ability to respond to crisis,” says Greenwald. “If you look at how banks are organized, particularly global banks like Citi, disparate systems and platforms in many countries have to come together to make the payments and transaction banking system work. When you have an event like the Lehman bankruptcy, being able to show where the exposure is and where the unsettled trades are ends up being very complex.” The crisis did however help to highlight the most important technology requirements in banking. The ability to track the flow of data was one of the technology imperatives that emerged and Greenwald compared this to the ability that Fedex has to track the delivery of a parcel. The need for standardized data is the second imperative: “If someone asks ‘What is my exposure to Counterparty X?’ we have to have common identifiers and data nomenclature so that we can put that information together. Without that you’re flying blind and you can’t react to those events or really understand the risks you face,” says Greenwald. But technological shortfalls were not the only deficiencies that the crisis unearthed. The need for increasingly stringent levels of scrutiny and regulatory compliance was also brought to the fore. However, as banks struggle to repay the money they owe following the bailout, spending has become quite a contentious issue and one that requires careful consideration. But spending on regulatory compliance is one area that Greenwald believes cannot be avoided but can be done more effectively. “I think there are opportunities to do regulatory spending in a smarter way. Perhaps banks could share the cost with other like-minded institutions. Maybe banks could do it once and then share the investment because my view of regulatory spend is that it is not a competitive differentiator,” says Greenwald. “The goal should be to do it to meet whatever requirement is on the table, but to do it cost effectively and hence free up capex and investment bandwidth for things that do drive businesses such as new markets and differentiation with clients. We’ve been lucky at Citi to have an investment budget that has obviously accommodated the regulatory requirements. But given the importance of transaction banking, people are innovating and getting to spend on building things over and above the just the regulatory aspects. So I think this has been a good year and a surprising year for innovation.”

www.usfst.com 93

Gary Greenwald.indd 93

4/3/10 16:16:19

Banks are now facing up to the mammoth challenge of overhauling their practices and innovation has inevitably risen up the list of priorities as financial institutions look for ways to fi x the problems that caused their downfall. “It was a Stanford professor who coined the phrase a ‘crisis is a terrible thing to waste’. I don’t think we wasted this year, in terms of innovation. I think we’ve actually found the real pain points of clients, corporates and counterparties and have worked with them to find solutions, many based on technology innovations,” explains Greenwald. But as Greenwald says, the need for innovation was there before the crisis, which merely provided the ideal opportunity to set the wheels in motion. The crisis also affected the way that banks do business both on a global and a local scale. “In terms of the global versus local markets, it’s always a balance of how you run a global market and respond to local nuances market by market, yet get scale. I think what the crisis may have forced is a little more discipline. I see these discussions going on within Citi and also in other banks about how to innovate with scale, allowing last mile customization input from people on the ground. But doing it with a common infrastructure because otherwise you have a thousand flowers blooming. That’s a very expensive non-scalable way to do innovation,” Greenwald says. At Citi the transaction banking business invests quite heavily in innovation and yearon-year spending on new technology is actually up significantly. One of the main areas that Citi is exploring at the moment in terms of innovation is a new online banking platform for corporates called CitiDirect BE for Banking Evolution, which brings together input from clients on the pain points they have in running their treasuries. “It uses visibility, control, working capital efficiency, process simplification and new technologies to create a next generation online experience that really tackles the next set of problems in an open architecture way,” explains Greenwald. “It operates with an open portal connected to SWIFT, messaging and mobiles. We see this as a core to Citi’s continued innovation in transaction banking.” The fi nancial crisis affected the various areas of banking in different ways and to varying degrees. Transaction banking was one area that escaped relatively unscathed proving itself to be the most resilient area during the crisis. The reason for this, according to Greenwald, is in part down to innovation. “Clearly innovation has been very much part of transaction banking over the years as technology has allowed things to be done that couldn’t be done in the past, as regulations have changed to allow for globalization,” he says. But he also believes that it is in part down to the business model of transaction banking as a collector of liabilities. “As a collector of fees in a very predictable way, this is in contrast to other businesses that have a little more volatility. Having a transaction and services business at the core of a bank is a very important thing. Citi, with its renewed focus, understands that. One of our aspirations is to build up payments and transaction banking to be an even more important core of the company.”

When asked about how the globalization of financial services will evolve over the next decade Greenwald is not particularly forthcoming. “As an innovation guy with a technology and analytical bent, the last thing I want to do is be the crystal ball predictor of what governments will do,” he says. But he is willing to divulge what he hopes to see in the future. “Clearly the crisis pointed out the interdependency across financial markets and the need for transparency and the importance of governments allowing trade to flow. If I were a wishful thinker, I would say that I would like to see that continue. The cost of doing business where there are hundreds of disparate regulations as opposed to fewer that are homogenized, clearly makes sense for many parties, like banks.” One of the main concerns for the banking industry however is the risk of over-regulation and hence risk aversion, but this is not something that worries Greenwald with regard to transaction banking. He believes that in the transaction banking industry the risks are both well understood and reasonably well managed and he says, the crisis was not in transaction banking. “I spend a lot of time with our regulators and they like that we are innovating, because where we’re innovating is tied to the re-engineering of processes that results in control and efficiency in the whole financial supply chain. The regulators are supportive of innovation and they understand that it’s critical to the business model of transaction banking,” says Greenwald. And as far as Greenwald is concerned, Citi will continue to innovate. One of the areas he believes will be very important in the near future is that of mobile payments and e-payments. “I think it’s very important. It’s at the stage where there have been lots of controlled experiments, pilots and discussions with partners. I think the relationship between mobile technologies, mobile capabilities and banking is here to stay. “What needs to change are the use cases, value propositions and business models around those. That’s going to take a little time as banks, mobile network operators, handset manufacturers and other players in the ecosystem get together to work out how we can deliver value to the different constituencies. As a bank we need to be very much involved in and at the forefront of a critical reinvention of core aspects of banking, both on the consumer and the institutional side,” says Greenwald. But as the technology develops and banks begin to move forward with mobile banking there is always the risk that they will be rivalled by other non-banking companies offering new payment services. Greenwald himself admits that this is something banks will have to be wary of. “Banks have to be paranoid in thinking through these threats to business models. We need to be forward thinking, forward looking and at the same time work backwards from where value can be created and turn that into a business model,” he says. “So I think mobile and other technology is bringing in a broader set of players to the payments industry but that does not mean that there is no role for banks. What it means is that we have to be very creative and innovative in terms of technology but also business models.”

“I think last year and the crisis we’ve faced has brought to the surface some inherent challenges around how technology is impacting or has impacted our ability to respond to crisis”

94 www.usfst.com

Gary Greenwald.indd 94

4/3/10 16:16:19

FST US11 Ads.indd Sec20:91

3/3/10 13:05:41

CLOSING THE GAP Craig Vaream outlines electronic payment strategies to reduce Days Sales Outstanding.

s tough economic times continue, a growing number of business leaders and municipal officials are seeing their aging receivables extend further outward - increasing their Days Sales Outstanding.(DSO) While company inventories gather dust, cashstrapped customers deliver the double whammy of cutting back on orders and taking longer to pay – conserving cash at the expense of their creditors. In the absence of steady cash flow, more organizations, by necessity, are going out-of-pocket for operating capital. Furthermore, dependence on paper documents and manual processes is exacerbating delays in collecting their receivables and converting them into working capital. Certainly, advances in automated receivables processing have improved funds availability and cut processing costs. However, the beneficiaries have largely been forward-thinking entities who were early adopters of lockbox, e-Commerce, ACH and other integrated solutions. Despite the breadth of available technology, many organizations still have not taken advantage of it, leaving them dependent on their manual payment processing models.

Performance metrics How can you tell if the economy is truly in a tough place? Leading economists, ratings agencies, investment firms and others who track our nation’s financial health rely on a number of key performance metrics – including DSO. DSO is used to determine the effectiveness of receivables management as it represents the average number of days it takes your organization to collect revenue and turn it into cash after a sale has been made. The lower the DSO number, the less time it takes to collect receivables. Keeping DSO at a consistently low level ensures your organization is capturing its receivables quickly and efficiently to meet your short- and long-term needs. Most organizations review their DSO every quarter (91 days), every six months (182 days) and at fiscal year-end. While the formula can vary by industry, DSO is generally calculated as: Accounts Receivable/Total Credit Sales × Number of Days Assuming an organization has $700,000 in receivables, $1.5 million in total sales and is conducting its review at the end of a given quarter, DSO for that period would project out to 42 days. Putting your DSO numbers into formal context with your company’s trading terms or other financial guidelines will make them more meaningful. For example, if your terms are net 30 days, an acceptable DSO time frame might fall between 40 and 45 days. In addition to revealing the level of customer compliance with your credit terms, DSO provides insight into fluctuations that take place within your company’s receivables balance by indicating whether changes occurred because of positive or negative shift s in sales during that period. DSO also offers information on the impact of seasonality, selling terms and promotional discounts on your receivables balance in addition to sales. Finally, it gives visibility of lost opportunity costs – lost use of funds for capital improvements, new hires, inventory purchases – resulting from the non-collection of receivables.

Growing receivables migration Today’s robust electronic payment systems present business leaders and municipal officials with attractive cost and efficiency incentives to move beyond the lockbox, ACH and credit cards to upgrade their payment acceptance and remittance processing operations. Many are consulting and partnering with industryleading technology providers to guide their conversion to automated processes that are scaled to their needs. Th is will allow their accounts payable, payment processing, collections and reporting functions to be managed, monitored and controlled more cost-effectively from a single, secure platform. Migrating to an automated technology platform will also enable them to integrate e-commerce transaction capabilities and use this expansion of their payment acceptance methods as a strategy to attract and retain customers.

96 www.usfst.com

Craig Veranm.indd 96

4/3/10 16:15:34

Through the ability to centralize all remittance data and images in a single repository hub, credit, accounts receivable and customer service managers get a head start on forecasting cash flow, cash allocation and exception management and resolution. The features and functionality of a customized electronic payment solution will help them accelerate collections and lower DSO numbers, receive electronic alerts on check returns and important payments, archive and retrieve images and indexed data online, capture and upload data throughout the day, including check payments sent to a lockbox, ACH payments and wire transfers, and ensure data security and disaster recovery

• Analyze the cost and benefits of remote deposit capture for your receivables management strategy. This web-based solution makes it possible to capture and scan checks and full-page documents sent from multiple locations and process payments the same day. If you can capitalize cost effectively, your entire enterprise will benefit from an expedited, streamlined receivables process. Craig Vaream is a Managing Director and Product Executive in J.P. Morgan Treasury Services

Case study

“Putting your DSO numbers into formal context with your company’s trading terms or other financial guidelines will make them more meaningful” Best practices There are numerous steps you can take to close the invoice-to-collection gap and reduce your DSO time frame. Here are some ideas for you to discuss with your finance team: • Consult with experts with a proven track record working with companies in your industry. They’ll provide you with the best insight, industry perspective and the greatest return on your investment. • Choose a payment services provider that thoroughly understands the changing landscape of electronic payment alternatives and who will help implement scalable solutions to allow your receivables management capabilities to grow in sync with your business. • Focus on leading-edge technologies and make developing a robust receivables and collections processing infrastructure a priority. This will create synchronicity of all components, including state-of-the-art reporting, data security and fraud management. • Educate stakeholders about the myriad of benefits that come with migrating to electronic solutions. For instance, removing paper from your back-end processes not only helps achieve better business continuity, but will also position your company as an eco-friendly corporate citizen. • Market the benefits of electronic payment to your customers by offering communication and guidance to ensure all involved in the A/P and A/R functions view the shift as simple and seamless. • Conduct remittance payment trend analyses on a regular basis to identify where your invoices and payments are concentrated. For internet-based payment systems, use data mining and other analytics to identify the volume of payments coming from web-initiated channels. • Allow customer purchase habits to influence your payment acceptance methods and alternatives. In the retail space, the growing demand and use of PIN less debit transactions is lowering cost and giving customers a fast and secure way to pay. A similar trend is developing in the businessto-business arena as well.

In an effort to further collapse their cash-collection cycle and visibly improve their bottom line, organizations from both business and public sectors are taking a variety of actions, such as the ad agency that went paperless to achieve greater operating efficiency and improve service to clients. Challenge: A large, national advertising firm with offices in 20 states processed their receivables from paper invoices and check copies that they received daily by overnight courier from their lockbox. Once they had manually entered remittance data into their A/R system, all paper documents were boxed for offsite storage. For internal audit purposes as well as answering client inquiries, excessive time and money was spent locating, verifying and shipping materials. The end result: a costly and laborious paper-intensive headache. Solution: To meet their goals of lowering operating cost, reducing reliance on paper, improving workflow efficiencies and expediting funds availability, the agency selected a paperless payment processing strategy that combined their lockbox with an Internet-based electronic solution. The features and functionality that attracted the agency included same-day decisioning and account reconciliation, advanced image and data capture technology and the ability to consolidate accounts receivables transactions. Results: DSO was improved. Shipping, handling and paper document storage costs were eliminated. Incidence of fraud risk and errors were reduced through increased control. Investment in major equipment avoided; all data is securely accessible online. Improved ability to receive electronic alerts on check returns and important payments, forecast cash flow, manage credit exposure, expedite exception resolution and access images and data archived online for up to 10 years.

www.usfst.com 97

Craig Veranm.indd 97

4/3/10 16:15:38

FEATURE

TRADING PLACES

NASDAQ OMX and NYSE Euronext are battling for the business of the world’s biggest companies. FST hears how technology is the main weapon in the ﬁght for supremacy.

98 www.usfst.com

NYSE_NASDA ED P98-103.indd 98

4/3/10 17:18:16

eparated by just a couple of city blocks in downtown Manhattan lie the headquarters of two major business rivals. As the leading listing and trade companies in the world, the venerable NYSE Euronext and upstart NASDAQ OMX, have been engaged in a turf war for years. The recent news that Charles Schwab Corp is moving its listing from the NASDAQ to the NYSE, reversing the move it made back in 2005, is just the latest development in an ongoing confl ict. Brian Clark is VP and Chief Architect at NYSE. He acknowledges that the rivalry between his organization and its near neighbor is a driving factor in technology development. “In our business in the trading complex where we compete with the NASDAQ and Direct Edge, it continues to be about extreme performance,” he says. “It’s about being able to attract order flow by having turnarounds of under a millisecond to

five seconds these days and also being able to stabilize it so it’s predictive, there’s no outliers. We’re always going to try to engineer that and eliminate any points of failure or points of degradation of performance.” NASDAQ OMX Head of Globalized Services Carl Magnus Hallberg agrees that operating in the US’ fi nancial capital is a challenging proposition. “New York is probably the area where we have the toughest and meanest market in terms of ourselves engaged there versus the open competition from the major exchanges in the New York area,” he says. Just as at NYSE, technology is the driving factor in the battle for supremacy. “For us the key thing has and will continue to be to ensure that we drive our technology innovation so that we can provide the market with the best execution in terms of pricing and performance requirements when it comes to latency and throughput of our systems,” he continues. The figures behind this performance are striking. Hallberg

www.usfst.com 99

NYSE_NASDA ED P98-103.indd 99

4/3/10 17:18:27

estimates that NASDAQ handles around one million messages a second with an average latency of just 250 microseconds, a speed that marks out NASDAQ as the fastest rating system in the world.

High-speed data The information-intensive nature of both NYSE and NASDAQ’s business means that the way data is handled is of paramount importance. However, each organization approaches the issue in slightly different ways. “We do not own our own data centers,” Hallberg explains. “We work with partners to provide us with those services where we base our operations. Verizon provides us with a primary data center in New York. They also provide us with the primary data center capability in northern Europe.” By contrast NYSE are currently building two new data centers, one in the north east of the US and one in Europe. “It allows us to optimize

In touch Carl Magnus Hallberg on the importance of a close relationship with tech providers

e work extremely closely with our technology partners. We literally sleep in their R&D lab, so we work with companies like Intel, like Cisco, and a few others to ensure we have the latest technology. When we look upon the networking side we bring in companies like Verizon to ensure that the volume growth can be transported out through our global community. The trading trafﬁc is only one thing. We also have all the information distribution that has to go out to all the millions of users around the globe that consumes real time trading information, but by sitting in the R&D labs literally day by day with our architects and being able to decide very quickly when we have new technologies that we can use, and we can make that decision to quickly bring it in without any disruptions in the market. Even though you never see or very seldom see outages in exchanges, there is quite a lot of technology exchanged underneath all the time, and if you look in Europe right now Verizon is undertaking a huge shift in our old network without affecting anyone or anything in the trading trafﬁc. We’re doing that to prepare for the volume growth we also have in Europe, so you need to have a very close cooperation with your partners. It’s not the kind of cycle where you can spend six months just evaluating technology. Working out what we need for our next trading systems has to be a part of our ongoing, everyday work.

100 www.usfst.com

NYSE_NASDA ED P98-103.indd 100

4/3/10 17:18:39

NYSE EURONEXT – QUICK FACTS

Key clients: Microsoft, Cisco, Intel Employees: 3760 Founded: 2007 Listed companies: Over 8000 Net income: $738 million

some of our server farms and bring in a leading edge network,” says Clark. “We joined with Juniper and kind of positioned ourselves for data center fabric. Also, half of our data centers will be occupied by our customers who want to co-locate with us so they’re close to our trading platforms and they get the high speed out of it. That’s pretty mission critical for us, and we have hard end dates to make that happen.” Such is the demand for lightning fast response times from the exchanges that this tendency for client companies to get up close and personal is mirrored at NASDAQ. “The introduction of high frequency algorithmic trading that requires very low latency, high throughput requirements, we can’t have their trading systems connected to us via a network,” says Hallberg. “They have to be co-located within our data centers. So really the cooperation with Verizon around data center and data center growth provides us with the data centers and also the capability to grow in those. Our co-location business in the United States where member firms come in and place their equipment in our data centers has grown tremendously during the last year, so we have actually had to continuously build out that capacity that we have required.” The aforementioned data center development at NYSE is of central importance to the company’s operations. In addition to handling the exchange’s trading environment, it also comes into play post-trade in the integration and aggregation of data along with inventory and billing functions. “Because of our global network, we’re also looking to potentially hang services off of that,” says Clark. “Th at would reside in the network. We could say it’s a cloud, but it’s like soft ware is a service or infrastructure as a service where we’re able to provide managed services for small hedge funds, small broker dealers and private equity fi rms that don’t want to have to manage that environment themselves.”

www.usfst.com 101

NYSE_NASDA ED P98-103.indd 101

4/3/10 17:18:42

Mapped out Brian Clark outlines the importance of having a clear idea where you’re going

bout two years ago we launched our global architecture council. It’s a virtual organization and it includes people globally from different disciplines, whether it’s security data, communications infrastructure or application architecture. Together as a team we engage with vendors. We’re always looking out 18 to 24 months at what new technology can we adopt, what kind of roadmaps do we have? We have regularly scheduled meetings with all the businesses we have across the globe and talk about what technologies we’re looking at and what the priorities are for the business. That kind of dialogue has really just started over the last year. We were very focused on getting some technology deployed over the ﬁrst year, but this is a form and a mechanism to make sure we have the alignment we need with the business. If you look at our business lines, we have our listings business, we have our trading business, but we have multiple trading venues. We have them in Europe with equities. We have US equities and derivatives, and each one has their own priorities and their own demands for their client. What we’ve been trying to do is get them to prioritize what we should be looking at in terms of business functionality but also bringing technology to the table where we can collapse the typical silos we see. We’ve had some experience with that in the post trade area where we deal with a lot of data management. We’re a little bit ahead of the business in terms of collapsing these silos and operating as one team.

Crisis lessons The recent fi nancial crisis illustrated provided a powerful object lesson of the need for processing speed and power in the exchange space. The turmoil that the market was thrown into resulted in vastly inflated volumes of trade. Ensuring that the technology is in place to cope with spikes like this is absolutely critical. Latency needs to be trimmed to the bone, so that as volumes swell, speed is not negatively affected. “When the fi nancial crisis started to hit what happened in the actual trading industry was that the velocity really went through the roof,” says Hallberg. “That meant that trading volumes increased tremendously over a very, very short period of time. From an IT perspective it has been a continuous race to ensure that we can live up to the volume requirements put on to us, and remembering now that we are kind of fighting in real time for business. If we cannot cope with the requirements, the order flow will go to another trading venue.” The challenge around preparing for such events is precisely their rarity. Until a fi nancial tsunami strikes, it is incredibly difficult to predict its severity. More recently, traders had to cope with the collapse of the Dubai property market in late 2009, which once again sent shockwaves through the market. Lessons learned from earlier problems came in useful in this situation. “The trick has really been to ensure that it is possible to trade even during quite extraordinary situations in terms of volume growth,” says Hallberg. “It should always be possible to trade, even during turmoil situations that hit us with higher trading volumes and we need to ensure that we can live up to expectations.”

102 www.usfst.com

NYSE_NASDA ED P98-103.indd 102

4/3/10 17:18:46

The trading requirements of an overloaded market are daunting, even by the standards of an industry that has been getting progressively faster throughout the digital age. During a period of particularly high traffic, huge spikes can come at one to two millisecond intervals, rendering them virtually continuous. Unfortunately, there is no way to slow the system down, so it is simply a case of fly or die. Despite the challenges that it has faced, Hallberg is bullish that NASDAQ possesses the capability to cope with just about anything the market throws at it. “Honestly we haven’t found a faster computer system than we have in any industry in the world right now,” he says. “That maybe says something about the extreme performance requirements we have. We have to work with the absolute latest technology in our systems to ensure we live up to the requirements and I guess what can be difficult is to ensure that you’re always pushing that new technology.” The emphasis placed on speed and bleeding edge technology is not the only consideration however. The way in which organizations interact with their customers also has a major impact. Getting a clear view of this interaction can pose problems for an entity like NYSE. “One of the challenges with the exchange is knowing exactly who our customer is,” says Clark. “We have listings companies, people we want to service on the market and issuing front; we have our members and people that trade with us, and you can even argue that some of our customers are the regulatory agencies, the FCC. There’s a lot of demands from each one of these constituents. We have adopted salesforce.com; we have another product, but I believe we’re going to be merging to one. Th at’s kind of how we can get a holistic view. It’s those kinds of more relationship management things we have to get better at.” To this end, NYSE have been engaged in leadership forums, centered around the theme of managing relationships with clients.

A changing world If the events of recent years have taught us anything, it is that the business environment can alter very quickly. The ability to cope with change at a global level is therefore of paramount importance going forward for both NYSE and NASDAQ. “For us moving forward the priority is to continue to build the global footprint with new exchanges and new offerings in the various regions we are already in and where we will become active,” says Hallberg. “We also have quite interesting new business we have started to develop in terms of new services that we provide to public listed companies. We have a means there to ease the public company’s life basically in the public world to be able to ensure that they can do their board work sufficiently, that they can distribute press lists of information and be in contact with the investor community. In addition to developing trading venues and making them more attractive and to build our global footprint we also have better services that we can provide to these companies.” For Clark the process of change is something that has to be approached with a great deal of deliberation. New decisions about

NASDAQ OMX – QUICK FACTS

Key clients: Coca-Cola, Wal-Mart, General Electric Employees: 2500 Founded: 1971 Net income: 319 million Listed companies: Over 3700

major transformation or technology change start with small proof of concepts. “For example, we’ve adopted a framework for our post trade which is completely different from the technologies that people use today,” he explains. “We brought it in and started to train people up on it. Frankly, some people adopt it right away, and they’re ready to go, and some people don’t. The people that adopt it tend to stay and the ones that don’t oft en end up leaving. There’s a saying if you’re making a major change like that, 20 percent of the people get behind you right away, 60 percent wait and see what happens and 20 percent would rather go to hell than follow you. That’s kind of been the model we see.” In order to get around resistance to change, the process has to be managed carefully. “We typically have a number of people that want to adopt it,” Clark continues. “We do have to do kind of a marketing and sales campaign to the business when we make these changes because sometimes they don’t understand the value in IT-driven developments. We also need to do sales and marketing when we’re changing the underlying processes that we use today.” What is clear from both Clark and Hallberg is that the pursuit of faster and more refi ned technology will remain the battleground between NASDAQ OMX and NYSE Euronext as they vie for position in an ever more competitive business environment. The ability to serve clients with the speed and accuracy that they require will continue to be the key differentiator as we go forward. It doesn’t look as if either organization will be landing a knockout blow anytime soon, but the contest for domination should prove fascinating.

“The informationintensive nature of both NYSE and NASDAQ’s business means that the way data is handled is of paramount importance”

www.usfst.com 103

NYSE_NASDA ED P98-103.indd 103

4/3/10 17:18:52

ZOHO_FEB10 04/03/2010 16:52 Page 104

ASK THE EXPERT

Reality check Technology implications of the new ﬁnancial landscape. By Rodrigo Vaca.

ith a true sustained financial recovery nowhere in sight, many analysts in the industry concede that this is beyond a regular downturn. We are now living in a new financial reality. Just as most consumers have been forced to rethink their spending habits, firms are forced to once again re-evaluate how they invest their limited resources. As we are all aware, this could not be more critical than in the hard-hit financial world, from large multinational institutions to small independent investment firms. Cash-intensive IT departments are typically among the first to feel the heat. If recent earnings calls from major technology vendors are any indication, firms have been inclined to slash their investment in IT. Take this from an IT vendor: they might be doing the right thing. In every company there are two kinds of IT systems and spend: those that enhance the firm’s competitive position and those systems that are more horizontal, and – while critical to everyday operations – provide less differentiation. For financial companies, examples of the former are its trading platform, systems that run financial models and those that calculate risk. Investment on these systems is, evidently, critical. That’s not to say companies should stop investing in their more generic systems such as CRM, email, document management, HR/Payroll systems and so on. But they should do a better job at managing those investments. They need to stop spending unnecessary amounts of resources in them and instead get more value while spending less money through the use of Software as a Service (SaaS). Cost is, certainly, only part of the story. But hoopla aside, companies need to recognize that not all SaaS services are created equal.

Three incarnations of SaaS SaaS is hardly a new concept. In its first incarnation, circa 1997, SaaS was commonly known as ASP. ASPs offered some advantages, but it was primarily a financial engineering transaction: swapping CAPEX for OPEX. In its second version, SaaS added on a key factor: multitenancy, which enables a vendor to deliver application updates much faster and provide more reliable services. But while the second version of SaaS brought technology benefits, it remains anchored in the past practices of the enterprise software scene of the last century: bloated prices required long-term contracts and other practices.

104 www.usfst.com

But in its third incarnation, SaaS delivers true value for customers. Beyond the technology itself, it is the business model revolution that brings value to customers: purchasing flexibility, lack of long-term contracts and of course the lowest possible TCO. Zoho is not alone in this space. Other major players include Amazon.com, Rackspace, Freshbooks and other players who target large and small companies alike.

Beyond TCO A lower TCO and increased flexibility is not the only thing that SaaS delivers. One of our favourite topics at Zoho is the value of Contextual Information Integration. The web’s unique architecture and distributed nature mean that information can flow to the user’s screen whenever it is needed, regardless of what particular system originated it.

“Cash-intensive IT departments are typically among the first to feel the heat” For example, users of our CRM system can easily go back and forth between their email and their CRM records – or see documents that are attached to a contact right there on their web browser. The line between all those applications is starting to get thinner and blurrier. At the end of the day, what matters is not the application, but the data the user is working with. When we look into what’s coming in the next few years for the financial industry in horizontal technology such as CRM, mail and others, we see three trends. First, a drive towards a significantly lower TCO through the use of advanced SaaS solutions. Second, increased flexibility in licensing terms and contracts from SaaS vendors. Finally, users will benefit from richer applications that will increasingly provide a higher degree of contextual access to their information, regardless of the application they happen to be using at the time. n Rodrigo Vaca is the Director of Marketing for Zoho, the online provider of productivity, collaboration and business applications. Prior to Zoho, Vaca led several initiatives for Google Enterprise. He has also held several roles at Microsoft Corporation and SAP.

FST US11 Ads.indd Sec21:101

4/3/10 13:16:00

MICHAEL THOMAS_mar10 04/03/2010 16:25 Page 106

CUSTOMER FOCUS

A social approach The recession provides the perfect opportunity to adapt to your customers and to add social CRM practices to your CRM strategy. MICHAEL THOMAS

ne of the most common questions that I am asked is how can companies leverage and improve their CRM practices during the recession. How can they weather the storm and keep their most valuable asset – the customer – during this time and continue to add new business to their customer base? I start off answering the question by using the analogy of the yellow caution flag in a Formula 1 race where the flag signifies a hazard and all cars must slow down and hold their position until it is safe to resume the race. Holding the position is one thing but there is a lot to be gained during that time, especially during a pit stop. My point is that what you do during this slow down will affect how you will proceed when the green flag signifies the end of the slowdown. Companies need to take a look at their CRM strategies during the pit stops of this slow down and make adjustments that will allow prospects and customers to engage with you more efficiently and effectively. I have heard that 80 percent of your business revenue is from the top 20 percent of your customer base. If this is true then reaching out to the top 20 percent is where you should focus your time. Take the time to pull them in and get their input and feedback. They too are struggling during this time, and acknowledging this by discussing ways your company and solution can help them weather the storm will earn their loyalty and advocacy. This open collaboration and conversation will set the stage for future trusted communications. There are two major areas to address that will position your company in a positive light during this recession: focusing on the social customer, and understanding that the social customer is a mobile customer.

106 www.usfst.com

The social customer Companies that have been speeding along at a steady pace will slow down to find that a lot has changed. The need for foundational CRM strategies will always be there, but customers and prospects are now in the driver’s seat in their interactions with you. Companies will now have to engage with them on their terms. The customers are now in control and are known as social customers. A new strategy called social CRM will need to be in place to meet them on their terms. Paul Greenberg, bestselling author of CRM at the Speed of Light, defines the social CRM customer this way: “CRM is a philosophy and a business strategy, supported by a technology platform, business rules, workflow, processes and social characteristics, designed to engage the customer in a collaborative conversation in order to provide mutually beneficial value in a trusted and transparent business environment. It’s the company’s response to the customer’s ownership of the conversation.” The “ownership of the conversation” gives the power to the customer because they have the tools to express themselves in ways that can hurt as well as help your company’s image. Another component focuses on the way prospects find out about you. It usually begins with a search and the ability to show up in a favorable way in the search results will set the pace of how and if they will engage with you. Social tools such as blogs, social networking sites and Twitter are some of the tools of choice for customers to spread the good, bad or indifferent about your company. These same tools can be used by companies to open up new lines of communication with the audience. I will use the three components of CRM to address some social CRM practices companies should implement to engage their audience: Marketing: SEO (Search Engine Optimization) plays a major role here. Adding a social channel to your marketing efforts may be as easy as setting up a Twitter account or Facebook group to start out with, but the key is to have activity

around your company and brand that people can find. In addition to adding this channel is the ability to monitor what is being said about your brand, utilizing something as simple as Google Alerts as well as other listening platforms such as Radian6 to monitor those conversations in order to engage or diffuse effectively and quickly. Do you have a ‘follow me’ tab for social media avenues in place? Sales: Once your company and products are found, how are you engaging with the prospect to make sure lead scoring strategies are in place to route to the proper sales person or to make sure they go to the shopping cart? Do you know the right behavior, web clicks and actions to keep their interests to entice them to buy? This could be as simple as tracking what they are looking at and if there is an area on your site where people can comment and rate your product. Taking the time to monitor this behavior will assist in integrating the action into your lead generation processes. Is your sales team on board and interacting with their prospects with social media tools? Service: This is one of the key areas to address with social media because customers are known for expressing their opinions and frustrations over the web. Having a method to address their concerns early will prevent bad information from spreading quickly. Monitoring Twitter and engaging with customers on updates, solutions, new features and other pertinent information will keep them in the loop and give them the confidence that you are aware of what is being discussed.

The mobile customer While addressing the social media component of CRM, it is equally important to understand that the social customer is also a mobile customer. The understanding that their searching, interacting and doing business with you most likely will be from a mobile phone or smartphone. Your company’s communications will need to be flexible in order to reach their desktop or mobile device. Giving them practical options of engagement will make it easy to communicate and do business with you. Now is the time to embrace this new median and put social CRM practices into play. You will have to adapt to your customer or face losing them. n Michael Thomas is National President and National Board Member of the CRM Association.

FST US11 Ads.indd Sec22:103

3/3/10 13:05:44

EXECUTIVE INTERVIEW

On the frontline Jim Callan outlines how technology and a consolidated approach to staff training can help improve frontline performance in ﬁnancial institutions. According to your customers, what are the primary challenges they face in managing frontline operations? Jim Callan. In today’s environment, fi nancial institutions realize they need to raise the performance bar in all areas of the business with particular emphasis on those areas directly touching the customer – branch centers, contact centers, web, mobile devices and so on. There has never been more focus on improving the quality of customer engagement at the frontline to gain better understanding of their lifestyle and fi nancial requirements and ultimately to impact the cross sell rate, which is becoming a key metric in retail banking. The big challenge for the industry has been providing managers with better reporting and visibility of frontline day-to-day activity. It has been extremely difficult, if not impossible, for organizations to gain real insight into frontline performance and to measure how effective they are at identifying sales opportunities, engaging with customers and generating cross sales or sales referrals. As we all know, what cannot be measured cannot be managed and this is a real issue. What other factors, in your opinion impede frontline performance for ﬁnancial institutions? JC. There are two key elements that stand in the way for most fi nancial institutions.

embedding good selling techniques. This is a huge obstacle for the industry today. The second relates to the skill set of frontline staff. Despite the dollars that are spent each year on training, BAI and other research consistently shows that over 70 percent of frontline staff still struggle to identify sales opportunities and fewer still are equipped to handle such opportunities due to a lack of experience or real-time system support, coaching prompts, etc. These two factors combined explain why we, as an industry, are poor at engaging effectively with customers and fail to become the trusted advisors that banks and credit unions aspire to be. Do staff training programs help to deliver frontline sales effectiveness? JC. Training clearly has an important role to play but will not deliver the required results on its own. Take the typical sales training programs for staff in the branch network and contact centers for example. While the course material might be very good and staff will return to the field feeling motivated, such activity rarely has long term, sustainable impact on cross sales or the generation of quality sales referrals. Why? Because it is impossible to track, measure and report accurately on staff behavior. Consequently, it cannot be managed

“The principles and good practices outlined in training programs need to become embedded in the operation on a day-to-day basis” The fi rst relates to the capability of existing frontline systems. They have served well at performing core banking functions; however, they are inflexible, generate poor management information and provide almost no support to frontline staff in executing a sales process or

or coached effectively by frontline managers. After a short period, staff retreat to their comfort zone, old behaviors return and the investment is lost. The principles and good practices outlined in training programs need to become embed-

Jim Callan is CEO of Econiq and combines deep business experience and market understanding with the technical knowledge that comes from years of successful project implementations. He is recognized as an entrepreneur and innovator in the ﬁnancial services software sector and was the founder and CEO of Eontec, which was acquired by Siebel Systems in 2004.

ded in the operation on a day-to-day basis. Th is requires targeted on the job coaching by managers backed up with comprehensive reports, scorecards and performance management programs. What is needed to bring frontline sales performance up to the required standard? JC. A consolidated approach is required that brings together the good work that has been done on sales process and training to embed these within the DNA of the frontline operation. Technology clearly has a role to play in bringing all of this together to present a seamless and consistent frontline experience across all channels. I believe there is little appetite for long and expensive system replacement projects so our approach is one whereby we leverage the existing legacy technologies and place a thin layer on top that fi lls in the gaps. The result is a real time frontline automated sales process, comprehensive management reporting and best practice performance optimization to instill the type of culture that is required.

108 www.usfst.com

ECONIC ED P108.indd 108

4/3/10 17:03:56

FST US11 Ads.indd Sec23:105

3/3/10 13:05:48

BUSINESS TECHNOLOGY

TAKING

CARE FST talks to Dele Oladapo about the IT challenges facing Prudential Financial. What are your current IT priorities and what are you focusing on right now? Dele Oladapo. We recently in-sourced data center infrastructure services in Japan, and we want to take a look at our global data center footprint and at opportunities to leverage that and trade up on some of our VC capabilities. If we have an opportunity to be more efficient with our actual data center footprint, we certainly want to take the opportunity to do that. So we’re going through due diligence on that, and we need to make sure we understand what the options are and lay out a strategy. It will probably be a multi-year strategy to get to a place where we feel comfortable with our data center footprint, and where we also feel comfortable with the VC capabilities that we have both domestically as well as internationally. We had two major business units in Tokyo, and now we’re providing data center infrastructure services to those two business units. So we’ve

got two data centers in the United States, and then we also have two data centers in Japan. That total of four data centers is something we want to look at. Can we go down to two? Should we have three? You’ve been with the company for 13 years. What have been the major changes you’ve seen during that period? DO. One of the most significant changes was going public. When I started at Prudential it was a mutually owned company. When you go public, you’ve got to answer to Wall Street, so the pressure to drive revenues and compress costs so you can hit the bottom line and hit numbers on a quarterly basis becomes intense. That as the overlay on the IT side shifted some of our priorities around. We had to look at time to market, at our overall architecture and flexibility within that architecture, at our ability to leverage virtualization, our ability to look at a workforce optimization strategy where we can

110 www.usfst.com

Dele Oladapo.indd 110

5/3/10 10:42:11

get the right resources in different parts of the globe so that we can lower our overall costs in terms of headcount, but not at the impact of the quality of the service we provide. Has the emphasis placed on elements of the CIO role changed? DO. Certainly alignment to the business has become extremely important. At the end of the day, if we don’t deliver to the business needs, and if we deliver in a vacuum, we may deliver great technology, but the question is, are we really delivering value? So alignment to the business is extremely important. We have a number of different touch-points with the business to make sure that we’re getting their requirements and that our strategies are aligned with the direction they’re trying to go in. At the high level, ‘Faster, better, cheaper!’ is always the mantra. How that correlates into the specific strategies that we have to execute is where the rubber hits the road as far as the alignment goes.

fi nd interesting is that they have systems management capabilities and provisioning capabilities, but it’s still very much platform-focused. Our applications are interdependent across all three platforms, so, when we talk about being able to consume a cloud offering, it has to be able to work within our actual architecture, and our architecture is a combination of all three platforms. What are the current main challenges within the mainframe environment? DO. I wouldn’t say we have challenges, per se. When we talk about cloud computing services, we’re going to have multiple platforms and if there’s a component of the environment that we want to put out into the cloud, we need to be confident that it will be able to integrate well into the environment we have. Our integration across the three platforms is very robust, but that’s important to the team that we have that manages that environment. So when we talk about maybe moving a component, that knowledge of how that integration works is one of the prerequisites that we’d have to understand.

What about the allegation made in some quarters that the people within IT are not as focused on implementing the technology as they should be? What are the key technologies in terms of impleDele Oladapo is VP of Information Systems for Prudential Financial. DO. From a technology perspective, there are menting innovation in the architecture space? concerns around security and compliance; those DO. We have a very robust systems management things obviously have to be vetted. And as the capability so that we can see proactively the availtechnology capability ramps up to the point where bandwidth and ability of our hardware as well as the performance. So we’ve already got storage become such commodities in terms of price, then the question a lot of the right focus, and we’re going in the right direction. I think the starts to become if the price point is attractive, and if the compliance question starts to become understanding what are the criteria in terms and the regulatory concerns are being addressed because the offering is of cost and capability that would make a public offering on the cloud, for becoming more mature, what are the adjustments that have to be made instance, more appealing? with the corporate IT shops to be able to take advantage and consume those adjustments? If we’re able to achieve the economies of scale that a vendor would If you look at the client/server paradigm, there was a shift from the offer, then, if all things were the same, of course we would rather mainframe paradigm where you wanted to be able to give each of the control it. So what are those price points that vendors on the outside application owners more decision-making power over what they want would have to get to for us to have the incentive to make a change? to do. If you look at virtualization and cloud, it’s more going back to the DO. Quite frankly, that gives us some guidance on the negotiations we mainframe paradigm where you have resources that you carve up within do internally. Because with the volume that we have, I’m not seeing a virtual images, and you’re just offering that back up to the end-users material difference in the cost that they would offer for the service versus so they can be abstracted from the decision around infrastructure and what we already do internally. Now, if you’re a smaller shop of 50 to 100 focus on their business objectives. servers, then those kind of offers make a lot more sense. Which model are you taking at the moment? Are using mainframes, or concentrating on distributed? DO. We’ve got all the main platforms: we’ve got mainframe, we’ve got distributed. In Fortune 500 companies, I don’t think you will fi nd one flavor versus another. With startups, you’re seeing more of an opensource architecture and a distributed architecture. But for the large fi rms that have been around for decades, you’ll typically see all three of the platforms, and interoperability of all of the platforms is where the challenge comes from. In talking to some of the cloud computing vendors, the thing that I

It’s been a tough couple of years for the ﬁnancial services industry in general. Has that had an impact on IT spend or on the type of projects that you’re rolling out? DO.Being productive and being able to execute and implement, particularly in hard times, is the differentiating factor with the companies that not only survive but flourish and thrive. So for example, our ability to in-source infrastructure services in Japan, you know, was a material save for the corporation. So that ability to save turned into a major initiative on the IT side. We’ve been extremely busy from a market perspective, thanks to the

www.usfst.com 111

Dele Oladapo.indd 111

5/3/10 10:42:26

lower our overall costs in terms of headcount, but not at the impact of the quality of the service we provide. Has the emphasis placed on elements of the CIO role changed? DO. Certainly alignment to the business has become extremely important. At the end of the day, if we don’t deliver to the business needs, and if we deliver in a vacuum, we may deliver great technology, but the question is, are we really delivering value? So alignment to the business is extremely important. We have a number of different touch-points with the business to make sure that we’re getting their requirements and that our strategies are aligned with the direction they’re trying to go in. At the high level, ‘Faster, better, cheaper!’ is always the mantra. How that correlates into the specific strategies that we have to execute is where the rubber hits the road as far as the alignment goes.

applications are interdependent across all three platforms, so, when we talk about being able to consume a cloud offering, it has to be able to work within our actual architecture, and our architecture is a combination of all three platforms. What are the current main challenges within the mainframe environment? DO. I wouldn’t say we have challenges, per se. When we talk about cloud computing services, we’re going to have multiple platforms and if there’s a component of the environment that we want to put out into the cloud, we need to be confident that it will be able to integrate well into the environment we have. Our integration across the three platforms is very robust, but that’s important to the team that we have that manages that environment. So when we talk about maybe moving a component, that knowledge of how that integration works is one of the prerequisites that we’d have to understand.

What about the allegation made in some quarters that the people within IT are not as focused on implementing the technology as they should be? What are the key technologies in terms of impleDO. From a technology perspective, there are menting innovation in the architecture space? concerns around security and compliance; those DO. We have a very robust systems management caDele Oladapo is VP of Information Systems for Prudential Financial. things obviously have to be vetted. And as the pability so that we can see proactively the availabiltechnology capability ramps up to the point where ity of our hardware as well as the performance. So bandwidth and storage become such commodities we’ve already got a lot of the right focus, and we’re in terms of price, then the question starts to become if the price point is going in the right direction. I think the question starts to become underattractive, and if the compliance and the regulatory concerns are being standing what are the criteria in terms of cost and capability that would addressed because the offering is becoming more mature, what are the make a public offering on the cloud, for instance, more appealing? adjustments that have to be made with the corporate IT shops to be able to take advantage and consume those adjustments? If we’re able to achieve the economies of scale that a vendor would If you look at the client/server paradigm, there was a shift from the offer, then, if all things were the same, of course we would rather mainframe paradigm where you wanted to be able to give each of the control it. So what are those price points that vendors on the outside application owners more decision-making power over what they want would have to get to for us to have the incentive to make a change? to do. If you look at virtualization and cloud, it’s more going back to the DO. Quite frankly, that gives us some guidance on the negotiations we mainframe paradigm where you have resources that you carve up within do internally. Because with the volume that we have, I’m not seeing a virtual images, and you’re just offering that back up to the end-users material difference in the cost that they would offer for the service versus so they can be abstracted from the decision around infrastructure and what we already do internally. Now, if you’re a smaller shop of 50 to 100 focus on their business objectives. servers, then those kind of offers make a lot more sense. Which model are you taking at the moment? Are using mainframes, or concentrating on distributed? DO. We’ve got all the main platforms: we’ve got mainframe, we’ve got distributed. In Fortune 500 companies, I don’t think you will fi nd one flavor versus another. With startups, you’re seeing more of an opensource architecture and a distributed architecture. But for the large fi rms that have been around for decades, you’ll typically see all three of the platforms, and interoperability of all of the platforms is where the challenge comes from. In talking to some of the cloud computing vendors, the thing that I fi nd interesting is that they have systems management capabilities and provisioning capabilities, but it’s still very much platform-focused. Our

www.usfst.com 111

Dele Oladapo.indd 111

4/3/10 16:19:38

PROJECT FOCUS

Come together How St Paul at Lloyd’s beneﬁted from consolidating their IT systems. By Laurie Iseman

t Paul at Lloyd’s chose Infor FMS SunSystems as Lloyd’s fi nancial management solution. As one of the largest managing agents at Lloyd’s of London, they offer specialist underwriting in aviation, global property, marine and personal lines insurance. Their parent company, The St Paul Companies Inc. founded in 1853 in Saint Paul, MN, has assets in excess of US$38 billion, and is rated ‘AA’ by Standard & Poor’s. St Paul at Lloyd’s was created through the merger of three agencies; Cassidy Davis, Ashley Palmer and Gravett & Tilling. Their fragmented fi nancial systems were in need of consolidation. It involved the merging of all the fi nancial soft ware and data onto one central server running MS SQL Server on a Windows NT operating system. All three agencies were using Infor FMS SunSystems fi nancial soft ware, so the choice of SunSystems as the central fi nancial management solution was a simple one. Nigel Youngman, Agency Accountant and Purchase Ledger Manager of St Paul at Lloyd’s, noted: “SunSystems is widely accepted as the industry standard in the insurance sector. That, coupled with the fact that three of our managing agents were very successfully working with the soft ware, made the decision for us.” The Group’s fi nancial system needed to retain a separate database for the corporate and syndicated constituents. The differences in each company’s coding would make comparisons of data difficult; therefore a common chart of accounts was devised. The central service company’s database would handle all supplier invoices and the processing and payment of employee expenses. These expenses would then be reclaimed from the syndicate and corporate entities’ databases. St Paul at Lloyd’s were able to use SunSystems powerful transaction code architecture to ensure the same analysis could be conducted on any one of the databases. The process was simplified by enabling a macro to add these new and amended codes to the individual databases, so each syndicate and corporate entity could analyze the expenses allocated via the central service company individually. The central service company could analyze the expenses in total or on a company-by-company basis. Youngman says of the merger: “Using macros and the expertise of our consultant, Martin Royle, the process was fairly painless. SunSystems is strong at handling multiple company databases.”

Statutory reporting is a key requirement and reports must be produced on an annual and three-yearly basis. St Paul at Lloyd’ implemented the Vision XL tool to report on the various syndicates and corporate. Youngman states: “Easy access to the information held within the syndicate and corporate databases enabled us to quickly produce statutory reports such as the SQR Underwriting accounts and balance sheets. Vision XL can be used easily and quickly to extract this data, and allow Microsoft Excel functionality to manipulate and design the format of this information.”

“Statutory reporting is a key requirement and reports must be produced on an annual and threeyearly basis” Another key function of the system was its ability to link into a range of additional applications. Youngman comments: “In addition to SunSystems, the finance department is regularly using Earnie Payroll Manager, an employee expense allocation system, and a budgeting model, the latter developed in Microsoft Access. SunSystems central database integrates seamlessly with these modules ensuring 100 percent accuracy of data, and saving time on rekeying data into each system.” The increasing complexity of the expense allocation model, and the need for a more sophisticated group expense reporting pack, prompted the addition of the Corporate Allocations module in 2001. This involved a two tier allocation process within the central service company, followed by transfer of relevant charges to target databases, while maintaining full intercompany accounting. Using the Corporate Allocations module St Paul at Lloyd’s was able to produce a full expense reporting pack at group, department and individual entity level which was fully automated using a SunSystems macro. Youngman adds: “The addition of this module has given the finance department the functionality to create a full set of control reports at each milestone in the process to confirm accurate allocation of the required expenses”. Laurie Iseman is Director of Marketing, Americas at Infor.

112 www.usfst.com

Infor.indd 112

4/3/10 16:17:12

FST US11 Ads.indd Sec24:111

3/3/10 13:05:51

Briting ed_FEB10 04/03/2010 16:10 Page 114

ANALYSIS

Under offer

Bobbi Britting explains that the underbanked represent a major potential market for ﬁnancial insitutions.

ore than 100 million individuals in the United States today are considered unbanked, underbanked or credit underserved. These people have no bank accounts or far fewer accounts than the average American. While the US economy is caught up in the current worldwide credit crisis and recession, some important questions arise: Are bankers even thinking about the underbanked? And why should they? Underbanked consumers have traditionally relied heavily on a cashbased economy or alternative, nonbank providers of financial services to conduct their financial transactions, which are profiting nicely from these relationships. Traditional financial services institutions (FSIs) could be on the profit side of the equation, but to emerge from the current credit crisis, they will need to create the right products and tools for financially underserved consumers. For the most part, existing bank products, including loan underwriting processes, do not meet the needs of underbanked consumers and were not built with them in mind.

114 www.usfst.com

This population typically falls into one of three categories related to credit: • No hits. These individuals have no record at traditional credit reporting agencies such as Equifax, Experian and TransUnion. Approximately 20 million people in the US are in this group. Without a record at a credit reporting agency, they will nearly always be declined credit by a bank, thrift or credit union and often will be unable to open a demand deposit account (DDA) or savings account. • Unscorable. The unscorable population includes people with ‘thin’ credit files containing little or no credit history or payment data. Again, lenders won’t have enough data to score their credit worthiness and/or make a lending decision. Consumers with thin credit files include young people who have not had time to build a credit history, recent immigrants who have been in the US only a short time, and others who are undergoing a life change, such as losing a spouse whose credit history was tied to theirs. • Subprime. For each type of loan product, the exact definition of subprime

Briting ed_FEB10 04/03/2010 16:10 Page 115

will vary. In general, the subprime category includes consumers with unfavorable credit history based on credit bureau reports. More Americans are falling into this category because of their delinquent or unpaid credit balances, overextension of credit, and extreme factors such as defaulted loan accounts and loan foreclosures, and because bankruptcy is becoming more prevalent.

The regulators and the underbanked In 1977, the US Congress enacted the Community Reinvestment Act (CRA) to ensure that banks serve a greater portion of the population. The intent of the act is to encourage depository institutions to help meet the credit needs of the communities in which they operate, including low- and moderate-income neighborhoods. CRA does not require institutions to make highrisk loans that will jeopardize their safety. Today, some would argue that subprime borrowers who benefited by receiving mortgages from lenders struggling to meet CRA objectives contributed to the mortgage crisis. However, a study released by the University of North Carolina at Chapel Hill’s Center for Community Capital on default rates among low-income and minority homebuyers notes, “Risky mortgage products, not risky borrowers, are the root cause of the mortgage default crisis.” The study shows that mortgage borrowers with similar risk characteristics defaulted at much higher rates if they took subprime mortgages than if they took loans made under the auspices of CRA. Although not all consumers can afford a home, the actual mortgage product, features and underwriting guidelines are more the cause of the default than the risk profile of the borrower. Banks may be missing an opportunity to serve and profit from the underbanked markets, but consumers are not going completely without financial services. Nonbank financial service centers (FSCs) and community financial centers (CFCs) operate nationwide in around 20,000 physical locations today. Financial Service Centers of America (FiSCA), a trade association of nonbank FSCs, estimates that 30 million customers are being served annually through 350 million transactions representing more than $106 billion in various products and services. According to a 2007 FiSCA key member survey, some notable volume estimates for products and services purchased at the association’s member organizations included 137 million checks cashed, for $56 billion; 86 million money orders sold, with a value of $17.6 billion; 2.8 million prepaid value cards sold and $5.4 billion transferred to the cards; 32 million payday advances for a total of $13.2 billion; and 21 million wire remittances, with a value of $8.3 billion. Check-cashing services and payday loans for small dollar amounts may represent the most abusive services to the unbanked and are the ones banking institutions have the greatest opportunity to disrupt. Numerous sources estimate total payday lending loans at approximately $40 billion annually. Although loan amounts range from $100 to $1500, the average is just over $400 for the 100 million loans made annually.

tions. Accessing current practices and realigning their offerings with the needs and desires of the underbanked and credit underserved markets will be critical to garnering profitable market share. To aid in reaching the underbanked, traditional credit reporting agencies are now providing a variety of risk models using nontraditional data to score no hits and previously unscorable files. New products typically try to emulate the efforts of traditional scoring models by rank ordering risk of an applicant, thus offering the ability to evaluate additional credit applications and increase the lendable population as well as support lenders’ CRA initiatives and efforts to serve underbanked consumers. To compete with nonbanks, traditional FSIs will need to expand their products’ features and offer attractive intangible benefits to underbanked consumers. This population needs products and services tailored to their unique needs, preferences and economic circumstances rather than ‘stripped-down’ versions of those designed for more affluent consumers. The volume of services being provided to underbanked consumers proves the market need, but some important features are typically missing from traditional FSI product offerings. Underbanked consumers need product features at no or low costs that help them avoid heavy expenses involved with financial transactions. These include access to small-dollar, short-term, unsecured credit; ability to build or rehabilitate credit histories; ability to transact in the internet (noncash) economy; immediate liquidity for paper checks, including shortening or eliminating hold periods; ability to pay bills at the last minute to avoid late fees and overdraft fees; wire transfer services; and lowbalance checking and savings accounts with no or very low fees. Another feature not offered by or thought about at most mainstream FSIs is the ability to accept alternate forms of identification that are compliant with the USA PATRIOT Act, such as the Mexican Matricula Consular Card or the Guatemalan Consular ID card. As important as responding to unique product needs of the vast array of underbanked consumers is understanding other intangible characteristics of the market and meeting those needs as well. Factors include trust, which requires banks to show respect for the customer while offering acceptance and understanding of customs and culture. Many underbanked consumers consider confidentiality extremely important, possibly because of a previous negative experience with a bank. Easy access to FSIs’ locations in neighborhoods where consumers live and work and offices that are open at times allowing for nontraditional work schedules are also vital. To succeed in reaching underbanked consumers, FSIs need to provide services in the languages they speak as well as in English.

“Underbanked and credit underserved consumers form a large portion of the US population”

How banks can compete for the underserved market Traditional FSIs need to rethink strategies for attracting underbanked and credit underserved populations to compete with these other organiza-

Conclusion Underbanked and credit underserved consumers form a large portion of the US population, and although the world focuses on FSIs struggling through the credit crisis, innovative institutions will likely be positioning themselves to create new products and serve a greater portion of the population. They will make a fullscale evaluation of the market and address its unique needs where they operate. For lending transactions, a number of risk tools using alternative data elements not previously available for credit evaluation purposes can help FSIs ascertain the credit worthiness of credit underserved consumers. n

www.usfst.com 115

EXECUTIVE INTERVIEW

A step beyond risk scoring As banks attempt to better manage price setting for their customers Frank Rohde explains where they are deploying price sensitivity scores. What is a price sensitivity score? Frank Rohde. The Nomis Price Sensitivity Score is a relative measure of price sensitivity for individual consumers. It ranges from 200 to 800 and a lower score indicates that a customer is relatively less price sensitive than someone with a higher score. Price sensitivity is an important concept that banks haven’t yet understood very well. So we developed the Nomis Score to allow banks to accurately and quickly assess the price sensitivity of customers and prospects in addition to their risk score. Aren’t price sensitivity and risk correlated? FR. There is some correlation between a borrower’s price sensitivity and his or her credit risk but it is far from perfect. Banks have always assumed that individuals with very good credit are also very price sensitive and individuals with poor credit are less price sensitive. This is not necessarily true. In fact, in our work with lenders we have found that more than 25 percent of the population has good credit but is not very price sensitive. Alternatively, over 10 percent of the population with poor credit is very price sensitive. We have found four core segments in the market: First, there is high risk and high price sensitivity: these are consumers who have below average credit scores (less than 700) but Nomis Scores above 500, which indicates that they show above average sensitivity to price. The opportunity for lenders in this segment is to create offers that are attractive in price but limit downside risk through underwriting and product features.

Second, there is low risk and high price sensitivity: these are consumers with credit scores above 700 and Nomis Scores above 500. The majority of the prime market falls into this segment and consumers are conditioned to look for attractive prices. A savvy lender will use price to attract consumers in this segment but limit product feature or functionality to preserve profitability. Th ird, there is high risk and low price sensitivity: these are consumers with credit scores below 700 and Nomis Scores below 500. Consumers in this segment care about access to credit more than about price and risk-based pricing is the right strategy in this segment.

“Marketers often make the mistake of thinking that response and price sensitivity are the same thing” Finally, there is low risk and low price sensitivity: this is the most interesting segment with credit scores above 700 but Nomis Scores below 500. About 25 percent of the population falls into this segment. These consumers value brand, product features, and service more than price and smart banks create offers that emphasize those value propositions rather than compete on price.

116 www.usfst.com

NOMIS ED P116-117.indd 116

4/3/10 16:27:56

RISK SCORE VS NOMIS SCORE

How is the price sensitivity score different from response scores? FR. Marketers often make the mistake of thinking that response and price sensitivity are the same thing. Th is is not true. Consumers can have high response to offers that aren’t attractively priced and low response to aggressively priced offers. Price certainly plays a part in driving response but savvy marketers understand that disentangling the two effects provides much better overall campaign profitability.

800 700

1. High risk, high price sensitivity Stretched but savvy)

2. Low risk, high price sensitivity (Prime - price matters)

3. High risk, low price sensitivity (Stretched, not choosy)

4. Low risk, low pirce sensitivity (Prime convenience matters)

600 Nomis Score

Of course all of this is not terribly surprising and banks have long known that these segments exist. The innovation that price sensitivity scoring brings to the table is that lenders are now able to quickly and accurately segment consumers at the point of sale or for direct marketing purposes. Th is has become even more important during the recession as consumers’ perceptions of banks, their use of fi nancial services, and their price sensitivity has changed significantly.

500 400 300 200 400

500

600

700

800

900

Risk Score

How are banks using the price sensitivity score? Are there uses for price sensitivity scoring in existing portfolios? FR. We are still at the early stages of adoption. In 2009, we scored about FR. Absolutely. Lenders are using the Nomis Score to batch-score existing six million consumers mostly for direct marketing purposes. Currently, we are working with several lenders on different applications. One of the loan customers across the portfolio to understand the relative likelihood opportunities we see is in direct marketing, for example batch-scoring of customers prepaying in case of a rate change as well as the relative of prospects and customers for better targeting of credit offers, such as price sensitivity to refi nance offers. In this case, the price sensitivity credit card solicitations, balance transfer offers, loan consolidation, refiscore is pulled by the portfolio lender alongside a periodic credit score nance offers. In this case, the price sensitivity score is used in addition to refresh or as part of the behavior scoring process. a risk score and a response score. Note that response and price sensitivity are not the same. Where do banks obtain price sensitivity scores? Another opportunity is to FR. We are working on developing the right distribution partdeploy the Nomis Score in realnerships with credit bureaus, direct marketing fi rms and applitime pricing, where loan application processing vendors. Our current customers receive the cants are scored at the point of score directly from Nomis Solutions but our goal is to make the sale to determine the optimal Nomis Score as easily available as credit risk scores. price based on the risk score and the price sensitivity score. Can banks develop their own price sensitivity scores? Furthermore, credit pricing is FR. No. The key to developing an accurate price sensitivity often negotiated at the point score is access to a vast array of varying price points offered of sale, for example with the fito consumers across multiple products and multiple brands. nance and insurance manager We have been fortunate in leveraging our own large research in a car dealership in the case database of pricing data as well as credit bureau attributes, apof an auto loan, with a branch plication, and other data to develop the Nomis Score. employee in the case of a personal loan, or with a broker in How do you ensure that price sensitivity scoring doesn’t the case of a mortgage. In these break fair lending laws? cases, the Nomis Score proFR. Of course the price sensitivity score does not consider or vides the seller with the abiluse any prohibited bases in its calculation. As importantly, Frank Rohde is President and CEO, Nomis Solutions. He leads the the concept of price sensitivity scoring should not be used to ity to quickly assess the price company's vision to materially just increase prices for customers who are less price sensitive. sensitivity of the customer and improve the financial and operational Instead, we work with our banking customers to design offers determine what the appropriperformance of companies through that emphasize the features those customers care about more ate discount should be. In this the use of best-in-class pricing and profitability management. He has than price, such as brand, convenience, customer service and case, the price sensitivity score 15 years of financial services domain product innovation. Price is always just one component of is pulled along with the credit expertise, including positions at the overall relationship with the customer – price sensitivity bureau report and credit score Fair Isaac Corporation and Mercer scoring gives banks the ability to quantify and therefore better through the application proManagement Consulting. manage that component. cessing system.

www.usfst.com 117

NOMIS ED P116-117.indd 117

4/3/10 16:28:13

ASK THE EXPERT

A simple plan Tom Crawford explains how businesses can manage growing volumes of data across geographies and systems while meeting the demands of transparent business insight and control.

spotlight is being shone on FS fi rms’ balance sheet exposure, bringing to the surface the need for companies to be transparent about the

risks they are taking. But underneath the surface are complex requirements to analyze and report on multiple counterparties in multiple jurisdictions and across multiple asset classes, which is especially difficult when transactions involve hard-to-value OTC instruments. Th is issue is further compounded by disparate regulatory requirements for lending securities originated in different countries and jurisdictions. Think about the complexity of this picture. More and more attention and resources are being invested in systems and processes: data management, compliance rules, process automation, accounting rules engines, financial data repositories and balance sheet explosion. The key question is how companies can address these demands for transparency, agility and integrity over complex processes and high volumes of data events and positions. The answer is now real: next-generation enterprise-class business process management (BPM) technology. The new generation of enterprise-class BPM technology can provide the toolset to build, deliver, augment and integrate the systems that support not just transparency but also agility and control for data throughout all parts of the enterprise. Furthermore, the right soft ware solution lets companies transform data and processes, implement business rules and calculation engines, securely interact with users and orchestrate and consume or publish SOA services. But most BPM solutions are too slow for today’s increasingly data intensive environments. Poor performance is exacerbated by the use of a workflow-only architecture rather than one that is data, rules and event-based:

most existing BPM solutions can track information from point A to point B but don’t have the intelligence to detect and respond to a breakdown in approvals or process. In contrast, using a next-generation BPM suite in conjunction with SOA enables organizations to respond faster to changing business requirements. For example, an organization growing through acquisition has the need to integrate diverse applications or process steps into an integrated process. SOA is becoming important in this regard as it supports the rapid assembly and coordination of process micro-flows and services.

enforce policies and procedures and provide a method for organizations to defi ne, manage and audit their critical processes. Smart businesses operate with a mixture of processes, rules, supporting systems, information flows, policies, organizational structures, assets and resources. Smart BPM systems match this operating environment to deliver measurable value. These soft ware suites also create a foundation for flexibility and the ability to change ‘in fl ight’ what was previously embedded in coded applications. So how do you know whether a new BPM suite will make the difference for your fi rm?

“The new generation of enterprise-class BPM technology can build, deliver, augment and integrate the systems that support transparency, agility and control for data throughout all parts of the enterprise” Using a system like Microgen Aptitude, this company would have SOA orchestration, external library and system calls, fast transactional control, user GUI deployment and strong integration, graphical business rules and process simulation in one suite. Next-generation BPM suites must be able to manage massive amounts of data at very low latency. But raw performance is not enough; you also need full transactional control. For example, it is not acceptable that a core business system receives a data update but its associated data warehouse does not. Yet many businesses live with this reality, without even realizing the potential risks associated with this inconsistency. From a regulatory perspective, an enterprise-class BPM suite will enable businesses to

Well, consider what you have to lose: if you maintain business as usual, what do you risk? The operational risks of not effectively managing information and processes are huge, and more publicly exposed than ever. The business drivers for true enterpriseclass business process management are urgent and real. Hardware has stepped up to meet many fi rms’ data intensive processing challenge, but the next stage is intelligent enterprise-class BPM soft ware that enables the transparency, agility and control that modern FS fi rms demand. Tom Crawford joined Microgen as Divisional MD in February 2003 after ﬁve years as COO at another high growth quoted software business. He integrated and led, post acquisition, four divisions of Microgen spanning the Banking, BI, Energy and Wealth Management sectors. Now SVP of Microgen North America, he is building out the Microgen Aptitude business in the US.

118 www.usfst.com

Microgen.indd 118

4/3/10 16:57:23

FST US11 Ads.indd Sec25:117

3/3/10 13:05:55

ANALYST COMMENT

Weight loss program Financial institutions can learn to be Lean, says Jeanne Capachin.

ow that fi nancial institutions are focusing on increasing operational efficiency and reducing costs, there are lessons to be learned from Lean processing. Lean processing has been trying to make its way into fi nancial institutions for the past 10 years or more. While success has been limited, there is much fi nancial institutions can learn from Lean. Lean, based on the principles of Toyota’s production system, has long held a place in manufacturing. However, it has yet to fi nd many converts on the services side, and especially within fi nancial services. But the key tenets of Lean are exactly the focus of many fi nancial institution operational and IT groups right now. Lean at its essence is really about creating more value for customers by eliminating wasted activities and increasing efficiency. In practice, it is about making continuous improvements to processes. It's not that financial services firms – and particularly banks – are against continuous improvement. Similar efforts have been tried in the past and some are still ongoing, however, many initiatives have failed to gain traction despite large expenditures of time, effort and money for a number of reasons. First, it takes a sustained work effort. Usually there is exceptional energy and focus for Lean initiatives within fi nancial services organizations at the start. However, sustaining this effort however becomes increasingly challenging through management or personnel changes and competing priorities. Unfortunately, the dollars and cents benefits of Lean accrue not in identifying improvement opportunities, but in actually driving the action plans, metrics and tracking mechanisms to ensure identified changes occur

and cost savings are actually achieved. Th is takes sustained effort and commitment from fi nancial services organizations. Th is kind of sustained effort really requires championship at senior levels within the organization so that resources will continue to be assigned to the projects. There's also a need to work across silos. Efficiencies – and related cost savings – happen when processes are reviewed end to end. Th is means cutting across operational constraints that are pervasive within large institutions and dealing with the related political and resource issues. Th is factor highlights the need for many institutions to look outside of their own organization for Lean expertise, either from consulting fi rms or vendors, in order to bring neutral resources to bear on these efforts. Unfortunately, internal resources are already viewed with distrust, it is only by bringing in trusted third parties that change can happen for some organizations. Perhaps the biggest impediment to implementing Lean efforts is the organization mindset against change. Yet this is exactly what fi nancial institutions should be challenging in order to bring benefits across the organization. In fact, once employees are brought into the Lean process, they become empowered to think beyond the status quo and actually become advocates of change.

Finally, its not just about technology. Too often within fi nancial services, technology is the panacea for every business issue facing the organization. Yet automating a bad process is just time and money thrown away. With Lean, the focus is to make processes as efficient as possible before applying technology. In many cases, institutions have found that their business unit is dysfunctional and improvements in people and processes pay significant dividends even without technology changes. When changes are required however, Lean allows fi nancial institutions to be confident they are maximizing scarce IT resources to the fullest extent. In order for Lean to gain acceptance and success within financial institutions, it must first be ingrained into each financial institution’s culture. This starts by senior level executives endorsing Lean initiatives and following through with constant reinforcement of the goals and objectives. In addition, champions should be designated as part of this effort. While technology can lead the way, efforts must be joint with business leaders. Success depends on working across the various lines of business and supporting groups to achieve measurable results. Despite the lack of acceptance to date, there is much that fi nancial services companies can learn from Lean. These lessons have become imperative in an environment where costs and efficiencies should be priority one for fi nancial institutions. Forward thinking organizations are already there. For others, economic conditions should be driving them to look at the benefits of Lean. Jeanne Capachin is Research Vice President for the Global Banking and Insurance practice at IDC Financial Insights.

120 www.usfst.com

JEAN CAPACHIN ED P120.indd 120

4/3/10 17:06:25

SymantecFULL.indd 1

4/3/10 15:01:33

INDUSTRY INSIGHT

Assistive technology Accessibility should be part of the planning process for ﬁnancial institutions, especially given the trend towards increased regulation and enforcement, says Peter Ganza.

s the population ages, accessibility is an increasingly prevalent concern. The accessibility challenge has made its way to the realm of electronic communications, in particular the needs of the visually impaired when navigating websites and online documents. It is only a matter of time before legislation will be in place to demand that websites and online documents be accessible to this evergrowing sector of the population. Most fi nancial services firms already provide information via large print or Braille statements on demand. This is typically done through outsourced document accessibility services. While this may be an acceptable short-term approach, it poses risks, only addresses very limited volumes, and creates additional and growing costs over time. It is evident that alternative technology solutions need to be considered. Specialized statements can take up to an additional 48 hours to process, while tagging individual PDF fi les to work with assistive technologies can take up to four hours per document. Th is is hardly a tenable proposition for large volume producers such as fi nancial institutions, where monthly demand for accessible documents is well into the thousands, and continues to grow. Today, 3.3 million Americans over the age of 40 are blind or have low-vision – a number that will surpass five million within the next decade. In addition, over 21 million Ameri-

cans have profound visual impairments that require large print documents. Given that a vast majority of these individuals have bank accounts, credit cards and savings in various investment vehicles that require monthly statements, it is essential that they have the ability to access information and/or purchase products and services. Many use assistive technologies to access information on a computer. These range from screen readers to text only browsers and websites to Braille printers. In order for these devices to work, documents and websites have to be built with accessibility in mind. The World Wide Web Consortium (W3C) has developed guidelines for technology products called Web Content Accessibility Guidelines (WCAG). These state that websites, soft ware products and electronic documents should be built to work with assistive technologies. Despite the fact that PDF is the most commonly used document format in electronic statement presentment, it has presented one of the most problematic accessibility issues. A number of organizations, such as the PDF/ UA working group, have been working to address this by outlining the appropriate tagging requirements. One of those criteria is read order. By way of explanation, information such as account numbers, overdue notices and charts can interfere with a reader’s ability to clearly state

the contents in an order that is useful to the consumer. Language specification is another. Tags should tie to the screen reader to allow it to revert to the appropriate language. Alternate text is also on the list of tagging must haves. That means a PDF should be tagged to provide alternate text for links, logos and graphics that are useful to the user. Tables in particular require special consideration. Readers typically do not understand how to read and interpret boxes and charts. The right tagging will notify readers that information is presented in rows and columns so it can be properly delivered. Adapting PDF tagging for accessibility is not as daunting a proposition as organizations may think. A server-based, on-demand technology approach can enable PDF migration that does not require an infrastructure overhaul or costly outsourcing. Rather than tagging fi nished documents, this approach allows organizations to capture data from high-volume print streams and transform it into accessible PDFs. Not only can they automate the creation of accessible PDFs without having to contract to outsourcers, financial services organizations can also gain a competitive advantage by supporting an underserved consumer segment, as well as be prepared to meet any future legislative requirements. Peter Ganza is Director of Product Marketing at Xenos. He has over 15 years’ experience in the technology industry. Before Xenos, he worked at Rymatech helping to automate product management best practices. Prior to Rymatech, he held a number of strategic and product management roles at Symantec.

Accessibility should be part of the planning process for fi nancial institutions moving forward, especially given the trend towards increased regulations and enforcement. It is important that they not be overwhelmed by the perceived complexities and challenges when addressing accessibility strategies, and delay taking action. With the right technology, fi nancial services fi rms can address accessibility needs today, while addressing the demands of the future.

122 www.usfst.com

XENOS ED P122.indd 122

4/3/10 16:29:57

FST US11 Ads.indd Sec26:123

3/3/10 13:05:57

PAVEL VAYNSHTOK_FEB10 04/03/2010 16:26 Page 124

WORKLOAD AUTOMATION

AUTOMATIC PILOT Pavel Vaynshtok explains how the Wall Street Workload Automation Advisory Committee is guiding the development of new solutions.

fter more than 10 years experience in scheduling and workload automation at financial institutions like JPM Chase, Goldman Sachs and Citi, Pavel Vaynshtok came to a conclusion. “During that time, I obviously encountered different people,” he says when we catch up with him in his New Jersey office. “It is a small circle, and what we realized after many years of meetings and conferences is that we have common challenges. We are also dealing with the same vendors, specifically CA. So we decided it would make sense to come together as CA customers and work with CA development to help make its products actually fit in our requirements.” The result was the Workload Automation Advisory Committee, a group of around 50 professionals from 20 major financial companies such as Barclays, Lazard and Wells Fargo. “The purpose of this collaboration is to help each other, and to also give CA a sense of direction of what we like as a community, as a total customer voice,” Vaynshtok continues. “We talk directly to development managers. CA takes our wishes on note and they then develop to suit our needs.” The global nature of today’s financial services market means that this kind of collaboration is particularly valuable. “You have trading in New York, but it is based on what was happening in London or Asia on the previous day,” Vaynshtok explains. “There is a lot of data analysis and manipulation. The computer program might be executed in New York one hour before the trading day starts, but it analyzes data from other regions.” In addition to this, data might be coming from other business units within the bank, from another platform or from external vendors such as Reuters or Bloomberg. “It is a dis-

124 www.usfst.com

tributed environment, with different applications, platforms, vendors,” says Vaynshtok. “Therefore, you have thousands of programmers who write the programs which have a business sense. But those programs have to be connected and executed in a particular order. So that’s what workload automation does. It utilizes huge data center operations across the globe and delivers a kind of sequence of operations.” As systems have grown more complex, the necessity for effective workload automation has become more pressing. From mainframe-centric origins where activity was concentrated on a single computer, there was an evolution to a more distributed environment. Here, it was possible to schedule two different processes to be dependent on each other, allowing them to be executed on two different computers. “We now have various vendor solutions, for example, Oracle Financial or SAP,” continues Vaynshtok. “So workload automation can go directly in those environments and trigger processes, or receive an event from one of those vendor solutions and trigger custom actions. Now we not only worry about how to execute an operating program on demand, but we also have to make sure that everything we did previously – such as delivering an SLA – was done on time as well as being very concerned about the coming business day. We want to make sure that everything’s prepared, that it’s like a real-time prediction, and that nothing wrong is going to happen.” Financial services IT faces some specific hurdles, with the issue of compliance being perhaps the most prominent. In a post-financial meltdown world the industry is under even higher levels of scrutiny and technology has to respond to the environment. “Everything has to be secure,” confirms

PAVEL VAYNSHTOK_FEB10 04/03/2010 16:26 Page 125

Vaynshtok. “Developers and programmers cannot see the work of other people. They cannot access information they are not entitled to. Also, everything needs to be traceable. We need to know who did what and when. This obviously started with SarbanesOxley, but it’s still going on and it’s just getting even more complex.” Cost too is an increasingly thorny issue. For years, IT systems grew largely out of control, with different business units buying separate technologies that were often under-utilized. Today the drive is towards consolidation and making the best possible use of all available resources. Vaynshtok explains that automation has a major role to play in this struggle as it can employ virtual and shared resources to reduce the number of computers an organization needs to run. “We need to do more with less investment,” he says. In addition to limiting technology spend, automation can bring bottom line benefits elsewhere. “For example, imagine a new person being hired to work in the company,” continues Vaynshtok. “There are many steps that need to be made to bring that person into the working environment. There is a desk, computer, phone, building access, UNIX account and so on. Historically, all that was done by manual labor. Tickets were opened. Somebody had to follow up and approve. Only 50 percent of that labor was actual execution. We are now automating and streamlining the process. So once approval is granted, there is no human involved. Everything is automatically generated and created, which offers savings on labor costs.”

The solution provider At over US$4 billion in revenues, CA is the world’s largest independent IT management software provider. CA has worked closely with the Wall Street Workload Automation user base for the past three years, which has resulted in a thriving Wall Street Workload Automation Advisory Committee (WSWAAC) being formed. Dave DeCamp, CA’s Chief Solution Architect for Global Financial Services states; “The WSWAAC members provide invaluable requirements input into product development at CA, since they typically have extensive deployments of CA’s cross-platform, enterprise Workload Automation solutions including Autosys, CA-7, and ESP scheduling platforms. These ﬁnance industry users tend to be among the largest scheduler deployments, and have the most complex performance, security, and regulatory compliance issues globally around managing their batch environments. They are at the very forefront of the evolution of classic job scheduling to dynamic workload management, leveraging virtualization and cloud technology, near real-time asynchronous job management, and scheduling of web services. CA scheduling solutions according to the WSWAAC members, represent the engine that makes Wall Street run behind the scenes, for many of the back end clearing functions that are required for ﬁnancial transactions to complete and settle in an orderly, timely, secure manner”. Find out more about CA Workload Automation solutions at: http://www.ca.com/us/workload-automation-solution.aspx.

“The purpose of this collaboration is to help each other, and to also give CA a sense of direction of what we like as a community” For all the benefits that automation can bring, it is vital that any solutions are able to respond to an ever-changing selection of requirements. “Flexibility is a must-have, because we are big corporations, and we have many historical processes and legacy environments,” Vaynshtok says. “In order to automate some business processes, it really has to go through different environments, and it’s difficult to even imagine what other people are using. So flexibility and self-learning is a requirement for any automation tool.” While Vaynshtok expresses general satisfaction with the flexibility of current automation solutions, he acknowledges that there is some way to go before they reach their true potential. It is this reality that makes his work with the Workload Automation Advisory Committee so important. “Things are never perfect,” he says. “So we talk to our vendors so that they can learn from us what we need. We try to influence development on the vendor side, so they will provide functionality that makes sense to us.” Asked a final question on what key innovations are likely to emerge in the coming years, Vaynshtok points to cloud computing and virtualization as the areas to watch. “Right now in the banks, we operate with fixed computer entities, and to maintain those computers bears a lot of cost,” he says. “If we can obtain computing resources on-demand, and release those resources when we don’t need to use them, that would make huge savings. I think that’s where we’re going.” According to Vaynshtok, such a reality is only a few years away and is a process that cannot be rushed. “Our industry has some healthy conservatism,” he concludes. “So we would try to adapt technologies which are promising. But also, we don’t jump on every single new thing. We would have to develop some models and test them out before it could become a massive implementation.” n

www.usfst.com 125

FROST&SULL VIRTUALISATION_FEB10 05/03/2010 11:03 Page 126

VIRTUALIZATION

Optimisation through virtualization Saumya Upadhyaya of Frost & Sullivan explains how companies can get the best out of virtualization technology.

nterprise computing is expected to do the same amount of work, if not more, irrespective of the business environment that the enterprise operates in. However, with budgets on a downslide, enterprises are exploring means to improve the utilisation levels of their current technology assets and cater to their mounting infrastructure needs. Enterprises across the world are aiming to transform their rigid data centres into agile environments, which can provide rapid scaling and sharing of infrastructure resources. Over the years, enterprises have built up silos in infrastructure, often leading to over provisioned, unmanageable infrastructural components. Virtualization enables these enterprises to benefit through better use of

lutions. Enterprises with a large computing infrastructure are the first to adopt virtualization owing to the benefits that consolidation brings to space, power and cooling expenditures. Server virtualization is the forerunner in the adoption of virtualization, primarily because of the visible benefits of consolidation, reduced operating expenditure, and limited impact to user operations. Since its introduction, server virtualization has been growing at a rapid pace. Enterprises with large server farms are expected to increase adoption and benefit the most out of server virtualization. When implemented the right way, virtualization has a proven record of providing considerable reductions in direct infrastructure costs, indirect costs such as optimised IT infrastructure performance, business continuity and

â&#x20AC;&#x153;Enterprises across the world are aiming to transform their rigid data centres into agile environments, which can provide rapid scaling and sharing of infrastructure resources.â&#x20AC;? existing resources, achieve agility in deploying new environments, maintain a significantly smaller hardware footprint, and a reduce in the cost of computing infrastructure resources. It assists IT administrators to optimally exploit resources and achieve significant costs and business benefits.

Virtualization in action Globally, virtualization has long been portrayed as a technology that would change the dynamics of enterprise infrastructure. Virtualization is shaping up to be one of the major trends that influence the end-to-end infrastructure of an enterprise, namely server, storage, network, application, desktop and so on. The ability to consolidate disparate infrastructure elements, increase utilisation levels and minimise the mounting space and power expenditures are a few of the key drivers for the adoption of virtualization so-

126 www.usfst.com

stability, as well as capacity management. For instance, power consumed by servers and cooling systems could be reduced by between 60 to 70 percent and the space requirements reduced by a factor of the number of virtualised servers per physical server. Similar to server provisioning, storage infrastructures across enterprises are over provisioned due to storage silos created by different business units within the same organisation. As a result, enterprises typically buy almost double the amount of storage they actually need. Storage virtualization would help organisations achieve a more efficient centralised management for their storage and data replication needs along with enhanced security of enterprise data. Storage virtualization solutions enable enterprises to increase their storage efficiencies from 25 to 30 percent, to almost 80 percent. With such an increased utili-

FROST&SULL VIRTUALISATION_FEB10 05/03/2010 11:04 Page 127

sation rate, organisations can delay the purchase of additional storage hardware by using existing storage to meet increasing data demands and consolidate IT assets.

Barriers to wider adoption In-spite of its benefits, virtualization is not

necessarily easy to adopt. Concentrated risk, increased infrastructure complexity and migration challenges to a virtualised environment are a few of the key restraints for adoption of the virtualization solution. While a well-executed virtualization strategy can bring significant benefits to the organisation, an unplanned strategy could create manageability issues. Organisations need, therefore, to have the right networked infrastructure to extract the true benefits of the technology. A holistic view of all the organisational assets is required as implementation of virtualization impacts organisational business and operational processes. Virtualization should be viewed not merely as an IT decision but as a strategic decision, the benefits of which can be accrued over a period. The implementation planning should start with a thorough assessment of technology

Virtualised applications may suffer from lack of resources due to outages, while multiple levels of virtualization make it difficult to isolate the problem to a certain level of virtualization in the scope of the entire infrastructure. As a result, organisations require clear planning of their virtualization upgrade strategy to enable end-to-end management of their virtualised infrastructure. End-toend virtualization orchestrates various levels of virtualization providing the ability to recover from failures within minutes, thereby achieving high efficiency, productivity and cost savings. End-to-end virtualization helps in eliminating virtualization silos and uses end-to-end failure automation practices to detect failure and recover from the outage by fixing or replacing the affected device from the network.

Consolidating infrastructures

Saumya Upadhyaya is Industry Analyst, Information and Communication Technologies at Frost & Sullivan. For more information, contact: tanu.chopra@frost.com.

assets and IT infrastructure along with the supported business processes and then calibrate Key Performance Indicators (KPIs) to track the benefits. A big bang approach to virtualization can easily be a recipe for disaster. Organisations typically start with virtualization of single infrastructure components such as only servers, only storage, only application and so on. While this provides organisations with flexibility of upgrading systematically to a completely virtualised environment, virtualization at different levels of the IT infrastructure also poses a manageability issue.

Infrastructure consolidation, followed by virtualization, is a key trend currently witnessed in the market. With controlled capital expenditure across the board and virtualization solutions becoming increasingly affordable, virtualization is set to become a mainstream technology in the coming years. As virtualization enablers such as hypervisors become increasingly commoditised, virtualization management solutions and end-toend virtualization solutions are increasingly becoming a key focus area for a number of enterprises and vendors. With enterprise focus moving from a capital expenditure model to an operational expenditure model, virtualization serves as an enabler for cloud computing. This enables everything from IT infrastructure to software to be provided as a service. Enterprises could choose between internal clouds with sharing across business units or external clouds that facilitate the pay-per-use model. Virtualization is the building block of any robust, flexible, scalable and cost-efficient cloud service. Without virtualization at server, storage, and network levels, infrastructure sharing and cloud computing would be a distant reality. In essence, virtualization spanning across the organisationâ&#x20AC;&#x2122;s IT infrastructure, that is, from the data centre to the desktop, enables enterprises to create a dynamic IT environment capable of catering to the rapid scaling of enterprise computing requirements. In addition, the benefits accrued on the total cost of ownership of the enterprise IT infrastructure make virtualization an appealing investment for enterprise decision makers. n

www.usfst.com 127

HONG LOH_FEB10 04/03/2010 16:22 Page 128

BUSINESS IN FOCUS

The information Data, risk and innovation in a post-crisis world. By Hong Loh.

he current market is driven by how you go about saving money. Cost efficiency has become important in order to support the business footprint that has shrunk over the last year. The challenges are there in terms of how you save money and continue to support the existing business in an efficient fashion. But also we have a priority that if the growth comes back, we need to be able to support the growth. For us, it’s more like a shrink to grow program. There’s efficiency in shrinking, not just in people, but in anything that contributes to the cost of the doing business. We’ve been working through pricing our services, making more sense of what it means for this business charge. We converted all the IT costs into a service charge to validate the value that we bring to the business. In that space, we have spent most of last year, almost six to nine months, coming out with a brand new program to say how we embark on the new journey where we can support the business at a more efficient cost base and have a discretionary portion that will allow us to grow. That portion is clearly identified so, if the money comes back, this is the money we’re going spend to get us a set of business priorities. From the application simplification and consolidation perspective that we already embark on every few years, we create a road map for a target set of application platforms and so on. We had to modify that a little bit because in some cases, the roadmap required in its journey some external expenditure. We had to reexamine that to see if we could hold back on them and instead do something different. So instead of refreshing an application, for example, we would reexamine it and re-architect and enhance it in order not to trigger off an expense base. So we’ve done some of that from the application perspective. From the organization, people, and process perspective, we also took a look at it and asked, “What can we do in that space to make ourselves more efficient and eliminate redundant activities or overlapping duplicated activities?” You generally do that in your day-to-day activities, but we emphasized it more this time around. We took a closer look at it in a more focused manner. In our program, we have a multi pronged approach. One is on resourcing. Something that we’ve done before was to leverage global resourcing, so we’re starting to do that. That will bring our unit cost for basic development work down.

128 www.usfst.com

The second area we are working on is accelerating some of our simplification and application consolidation space to bring efficiency to our business operations. We can then create efficiency there not just in a technology footprint and lowering the total cost of technology, but also lowering the cost for the business process in servicing our clients. For example, if you have multiple systems doing roughly the same thing, a lot of times people don’t understand how important data is. The data aspect has to be replicated across multiple systems and if you don’t have a system that automatically flows the data you would require human being to do that data more than once. This then opens up a whole quality issue because the very nature of people is that they don’t like performing repeatable processes. If you have to enter the same information several times there is a far greater risk that you will make a mistake.

“The financial world is all about having the right data at the right time, but also having the imagination to project in a timely fashion so that you’re going to be there first before the rest arrive” The third piece is in the infrastructure side on consolidation and virtualization, embracing newer technology, negotiating contracts or simplifying our platform. We had to accelerate some of them where we can because you can’t easily decide to drop a database system and go to a new one. There’s a lot of work to move platforms. We’re also paying more attention to desktop efficiency. Do we have desktops sitting around where no one needs them?

Challenging times The difficult economic situation has forced us to make some tough choices. Reengineering certain processes require purchasing some applications. We had put some of that on hold because we have to be a bit more stringent of the ROI than at other times. On the other hand, we have accelerated some projects that will bring revenue in the top line. We need to get to the endpoint of people moving money

HONG LOH_FEB10 04/03/2010 16:22 Page 129

HONG LOH_FEB10 04/03/2010 16:22 Page 130

into the company, increasing our EEUM and enabling our distribution organization to be more efficient and ultimately more competitive. It’s not just about efficiency, but being competitive because there are many other fund management companies out there. We have invested in that space. We’ve invested in risk management, which is a challenging area in its own right because you lose money in an area that you did not see. The crisis is an example of that. Every other big company has risk management systems. They saw the data coming, but they set the threshold at a different level or they missed it because of the underlying fundamentals not highlighting the excessive risk associated with certain securities or instruments. We’re investing in two or three other areas that will make us more competitive so that we don’t increase our risk to our client. We want to manage the client and give better service to them. I think there are some foundation items that we can do that don’t change all that much. The fundamental is getting the data points all correct, getting data in holistically from beginning to end into a space where the business can use its imagination to slice and dice it and come up with better ideas and better projections of what will happen. Risk management is not about a perfect sign, but is about imagination beyond what you see today. You must see it in a timely fashion. That’s what’s important. The financial world is all about having the right data at the right time, but also having the imagination to project in a timely fashion so that you’re going to be there first before the rest arrive. It’s all about competition because the moment the others arrive, you no longer have that advantage. That is critical in our industry.

The vendor can help with more predictive tools that can help troubleshoot data errors without having to call the developer. We’re always constrained by time. You only have X hours before the market closes again, and if it’s overnight you have X number of hours before the market opens. You have to have your data right and ready throughout the decision making process. An idea that a vendor can work on is creating a path where you could almost use predictive logic and probability. For example if a number is wrong, then there’s a chance the price is wrong then there’s a high chance it is because someone made a mistake in the underlying data set. So you can make predictive step that will let you do your data troubleshooting without involving a lot of technical people behind the scenes. Even if the technical people are involved, the troubleshooting process needs to be accelerated. From our perspective, everything is about making data into useful information. We don’t make tires or nuts and bolts. People and data make decisions, the set of decision that leads to what the business products are.

New priorities I think that number one priority is to create the capacity to do innovation. So our innovation is mainly in the data aggregation consolidation space and getting a broader view – we’re building a warehouse, for example, that will allow our business colleagues to do better reporting. But it’s not just reporting, but analysis of the data in that to figure out

LEGG MASON BY NUMBERS

Working together As to where the responsibility lies in terms of driving these efforts, there needs to be a partnership between IT and the business. In most cases, the business people always ask for something and then the perception is that IT takes too long to get there. This is true, because if you have to build everything from the ground up, it will take forever. So the IT people have to hold themselves responsible for understanding some of the key building blocks in order to deliver the solutions in a faster fashion. It’s all about taking data, making it into sensible information that gives you an advantage over your competitors. It’s about how you do that in an optimized, efficient fashion and then having the overlay that makes it easy for the business people to turn that data into useful information. That has been a challenge for the industry for a long time. You need to be able to drive things yourself. The responsibility from the IT side is to create capability that allows the business to go wandering around in their own world and come up with something more innovative, without having to involve too many people. Innovation doesn’t involve a huge population. It is usually a small number of people coming up with some great ideas. Our responsibility is to make that happen. It is getting better and better every year, but we’re not quite there yet. We have to come up with solutions as we progress. A lot of the tools need to be more flexible. You need control, but you also need a balance between control, flexibility, and user friendliness. That’s where the vendor needs to focus on the vertical and not try to make the vertical the horizontal that fits the product. So many vendors have verticals in the reporting and business intelligence product set, for example.

130 www.usfst.com

Founded in 1899 Around 3700 employees in 34 countries $682 billion in assets under management One of the 10 largest advisor sold fund complexes Between 500 and 600 IT employees One of the 10 biggest global institutional asset managers

HONG LOH_FEB10 04/03/2010 16:22 Page 131

what to do next. So that’s one key area for us in innovating. How do we make data all come together in a clean fashion that will produce an accurate outcome for the business? Other areas for us are innovations that generate efficiency in the broader business process. In the past we’ve done a lot of custom built solutions by integrating packages together and filling in the gaps between one package and another. We’re now looking more holistically to see how we can provision a tool set that might be easier to implement, and that has the flexibility to react to changes in market conditions so we could add rules in more quickly without doing a major Hong Loh release. Those are some of the areas of innovation we’re looking at, how to turn requirements into solutions in a shorter timeline by leveraging certain tool sets and having the data ready. So a combination of getting data ready ahead of time, which is needed anyway for other processes, and then an end to end flow where we can introduce better control. If something goes wrong in the marketplace, we can change the rule fairly dynamically in our end to end process. One real world example is, when you have toxic assets, it’s very difficult to see across the entire organization or enterprise to what extent your exposure is. So if you had clean data normalized and every data point did not have a duplicated meaning, you can easily answer that question. But that’s not an easy task. There are all kind of data management systems, for all kinds of data models. It’s a multitude of activity to get the investment needed so that people actually use that data in every single step of the business process; from portfolio decision making through trading, through clearing, through accounting, through performance calculation, to compliance, everybody tries to use the same set of data. So we have a lot of emphasis on how we do this in a timely fashion at a cost level that makes sense. You can do all of this as a strategic project, but the

cost basis is too high, Therefore, your project never finishes because it is too expensive and the timeline is too long. It’s about how you break this down into little parts. We have two or three things going on right now that embrace that methodology of splitting it down into digestible pieces that will add value straight away. It could be as simple as introducing a common ID for all securities and have minimum cleansing. We rolled that out in nine months versus the two years that you might expect to see elsewhere. We shortened the timeline by better understanding what the business requirements were and working out how to break the job down so we could roll it out with more momentum. We’re now looking, actually, at overlaying the process more along the top of that. This will then empower the business people to very quickly make various control decisions, or various decisions to speed up a process or a decision to prevent something from happening. The challenge is executing it and delivering on it. Taking a concept into reality sometimes is a challenge but the journey is never as clean as the design says it should be. You throw people in the mix. You throw culture into the mix. You have people who have views of the world and have preferences and people who don’t want to change. You have a mixture of that in the human factor playing a role in the success or failure of your projects. n Hong Loh is Chief Architect and Managing Director at Legg Mason. He oversees strategic initiatives to build the next generation platform for the asset management business. He has over 25 years of experience in the global ﬁnancial services industry with deep understanding of the intersection of technology and ﬁnance and has implemented numerous enterprise integration solutions and data centric integration architectures.

www.usfst.com 131

ANALYST VIEW

Data center transformation The data center continues to face mounting pressure from new technology introductions and a lack of standards in design. IDC’s Michelle Bailey explains what the data center of the future might look like.

ccording to recent research, the data center is undergoing a complete transformation at the moment. “The rulebook that we’ve been operating under for the last 20 years or so is really being thrown out the window,” says Michelle Bailey, VP of Research for Enterprise Platforms and Data center Trends at IDC. “As a result, we’re seeing many different approaches to building, designing and operating a data center take place.” And while a lot of attention is being focused on so-called Web 2.0 data centers – mega data centers with very high power densities being constructed from the ground up as a single, tightly integrated system by the likes of Google, Yahoo! and Amazon in order to run the cloud – Bailey maintains that it’s really the enterprise data center that continues to drive the market. “The real driver is the data centers that companies have ownership of and operate,” she says. “I think if this recession hadn’t come along then we would have seen more activity around hosted, outsourced or Web 2.0 models, but the recession has forced many companies to think about not just the reinvention of their own data centers, but also how they source for those.” IDC believes there have been three key drivers in transforming the data center. “Far and away the number one change that we’ve seen has been site consolidation,” says Bailey. “The level at which these consolidations have been taking place is something that we haven’t seen before; it used to be an organization would be happy if they could go from 40 sites down to maybe 10 or even 20 sites. Now we’re seeing customers wanting to go from 60 sites down to five or six; a really dramatic level of consolidation.” Before the recession hit, says Bailey, most companies were addressing this trend by building new data centers; however, that activity has all but stopped in light of the capital constraints. “There are very few companies today that are building brand new data centers from the ground up relative to where we were just before the recession hit, and it’s basically because no one has $100 million to build a new data center,” she explains. “What this means is that we expect to see a lot more retrofit activity, as more CIOs look

to extend the life of their existing data centers versus building new ones.” This has also resulted in a complete redesign of the data center floor. “Modularity has become king as companies look to make the data center more predictable,” says Bailey. “Companies don’t necessarily want data centers based on a one-off custom design. They want something that’s predefined and predictable over time, and has a measurable power density footprint to it.” But the fundamental game changer has been server virtualization. “We had reached a tipping point around the economics of the data center where we couldn’t really do much more, and virtualization has been a way to help drive consolidation, bring down the footprint and help customers get another year or two out of their data centers simply by lowering the physical size of the infrastructure,” explains Bailey. “It’s been very disruptive, but we’re at the beginning of server virtualization and its impacts on the data center. What’s coming next is a real change in the way we manage systems. Back in 1996, there were about five million physical servers installed worldwide, whereas today there are about 30 million. But what’s been interesting over that timeframe is that spend on servers has actually remained flat. The server market tends to hover at around $50-60 billion annually, and it doesn’t change too much from that. What has changed has been the cost of administration of all of those 30 million servers, which has grown right along with the installed base. What’s also grown is the cost to be able to power those servers, turn them on and then cool them. It’s become a very significant cost on the electricity side, and also a very significant business cost.” Thanks to virtualization, however – along with the downturn in the economy – the server market for 2008-2012 has flattened out for the fi rst time. “We’ve never seen this before,” says Bailey. “We’ve seen downturns during the dotcom implosion, but it was a very short-term implosion; what we’re seeing now is fewer systems going into the market, and we continue to believe that for the next five years that’s how the physical infrastructure will look.”

132 www.usfst.com

Michelle Bailey.indd Sec1:132

4/3/10 16:11:22

What will continue to grow though, says Bailey, is the number of virtual machines. “You’re getting 10-20 virtual machines per physical server, and what we’re seeing is virtual machine sprawl, where the number of virtual machines is growing in the same way that we saw the physical infrastructure grow previously. We’re looking at somewhere around 120 million virtual machines installed on a worldwide basis, and we’ve never seen growth like that in the server market ever before.” But with every virtual machine needing to be patched and managed and upgraded just like a physical server, Bailey believes this could present a huge management problem if customers don’t start changing the way they manage their server infrastructure. “Server virtualization is helpful in terms of being able to deploy systems more quickly. It definitely helps in being able to lower hardware maintenance. But what it hasn’t helped address is the bulk of system administration – taking care of the OS, doing all the patching, the upgrades, etc. That continues to be a problem, and in fact, if we believe our own numbers, that management actually gets worse with the broad adoption of virtualization. “Customers have to start thinking differently about the management of virtual machines, because we can’t continue to allow virtual machines to grow unchecked,” she continues. “There are very few policies being put in around the lifecycle management of a virtual machine – only 20 percent of customers are even thinking about lifecycle management around virtual machines – and the types of tools that we think we’ll need to see in the market are the those that allow you to move virtual machines around, allow you to add resources on the fly, allow you to create what we call the dynamic IT data center: a data center that can ebb and flow with changes in the business.” Bailey says the core to that dynamism is mobility – being able to move

virtual machines from one physical server to another – and cites the adoption of VMware’s VMotion tool as a good example. “We know that there’s good adoption of VMotion today. About 80 percent of customers are using it, but they’re not using it in the way you might think. They’re still using it manually, and what they’re not doing is using policy-based automation tools to allow the mobility of virtual machines around the data center. There’s a lot more to explore in this area – for instance, if you can move a virtual machine from one physical server to another around the data center, that’s high availability like we’ve never seen before in the X86 marketplace.” In fact, Bailey feels we’re only just starting to see what the impact of server virtualization will be. “Every day I’m learning something new about what the advantages are, as well as what some of the hurdles are going to be on an ongoing basis,” she says. “And it’s causing data center operators to think completely differently about many adjacent technologies, too. We see them having to rethink hardware that they’re buying; there’s much more importance attached to shared storage and network planning and capability is also receiving a lot of attention. In terms of management, I think it’s going to create more of a crisis than it’s solving on the hardware and consolidation side.” However, there’s no doubt the benefits will far outweigh any potential challenges. “For example, moving virtual machines from one data center to another gives you the ability to do site recovery with virtualization,” she enthuses. “It really does change the way that customers can think about doing that at a price point like we’ve never seen before. Disaster recovery is a little way off. You still need a dedicated network and we see most customers still using traditional replication tools to make that happen, but you can bet that over the next several years that’s going to be something that gets baked into virtualization technology, and so it’s a real game changer.”

DATACENTERS

www.usfst.com 133

Michelle Bailey.indd Sec1:133

4/3/10 16:11:24

CHRIS SKINNER_FEB10 04/03/2010 16:14 Page 134

MARKET ANALYSIS

In the hot seat FST sits down with Chris Skinner of The Financial Services Club to get his views on the outlook for ďŹ nancial services institutions as we head towards economic recovery.

CHRIS SKINNER_FEB10 04/03/2010 16:14 Page 135

ollowing the economic turmoil that we have witnessed over the last few years, it is no wonder that the financial services industry is undergoing a period of rapid change. For those working in the industry, keeping up with this change is one of the main challenges they face. As new legislation is brought in, new technology explored, new products launched and as increased competition arises, the financial services industry is in a constant struggle to stay ahead of the game, or at least to keep up. For those interested in understanding and planning for the future operating environment for the financial services markets, The Financial Services Club offers a unique service which allows senior executives and decision makers to network with hundreds of professionals all sharing a common interest in the future of the industry. Chris Skinner is Director of The Financial Services Club and an independent commentator on the financial markets. Here he provides insight into how the financial services industry should be preparing for the economic recovery.

“ “ On preventing future ﬁnancial crises:

This crisis is nothing like any previous depression or recession that we’ve seen because we’re in one that’s actually recognizing the globalization of the trade, so every economy is interconnected with every other. The unwinding of that process has been where the strains have shown, which is why you have a G20 rather than a G7 or G8 response to the crisis. If we did let that unravel then we would have to accept that this would be a humungous depression because that’s what we’d have to go through to unravel global connectivity and trade. So no one’s going to let that happen. The question then is what’s the nature of where we are in this cycle of unraveling and rebuilding? If you put a group of economists in the room then the collective noun is a disagreement. So you don’t get agreement amongst economists, and now they are asking whether this rally and this bull market that’s starting to come through at the moment is just a false dawn? Most people are saying it is but then another camp comes out and says that is isn’t and to be a realist I try to hedge my bets. I think we’re seeing a slow movement towards stabilization, so I don’t think we’re in a bull market. I don’t think we’re in a bear market. I think we’re in a moment where the irrational exuberance that caused this collapse has been put out. The ﬁres have been dealt with, but we still have smoldering cinders around the world that could catch light again, but they won’t catch light if we don’t let them. So that’s the job for everyone now to actually work on how to keep the ﬁres out and make sure they stay out.

On giving global commerce a boost:

he governments of the world, through the easing programs, have stimulated a lot of trade that wouldn’t otherwise exist. China in particular at the moment is the area that everyone is looking to because they have been stimulating the Chinese economy at the rate of $200 billion a month in the past few months, and that is going to make a change happen. What everyone believes is that the Asian economies will be the economies of growth for the next decade and potentially for the next century taking over from the traditional western economies. You can see that from the swagger of the banks like ICBC and China Construction Bank. The Asian banks overall, but particularly the Chinese banks, have money in the pot to spend and that’s not the same when you look at the American banks or the European banks. There’s a big imbalance and the question is that if you do stimulate trade as we have been through investments by the governments, will it actually result in a secure economy or will those imbalances remain? China is still very dependent on trade with the west and if we’re not buying, what happens to the goods that they’re producing? A comment made by one of the attendees at Sibos in Autumn last year was that to a certain extent the banking industry is like a drunk that wakes up and has a real hangover. Do you give the drunk more hair of the dog and keep them in that imbibed state, or do you try to bring some sobriety? By feeding more money from governments into the economy, you’re potentially just keeping the problem there rather than dealing with it.

“

On rebuilding consumer trust: The ﬁnancial industry must become far more transparent and open and lay the cards on the table. It must be honest and get into a conversation with people about exactly how the industry operates, how the fees are structured, and why banking can be trusted. I think the issue at the moment is that a lot of the industry is keeping their heads below parapets.

www.usfst.com 135

CHRIS SKINNER_FEB10 04/03/2010 16:14 Page 136

“

On spending on innovation:

here is a big chasm between those who are spending only on what they have to versus those who are spending because it will grow business and market share. The imbalance is best demonstrated by two banks – HSBC and Citibank. Citi at the moment has a line that might shock some people. They spent over $1 billion in 2009 on their global transactions services technologies and many people say that this is a bank that surely shouldn’t be spending anything. Well the truth is that the transaction services, the payments business of Citibank makes about $9 billion in revenue, $3 billion in profitability each year, and if you don’t make that investment then you lose your competitive edge, and the customers that are generating those revenues and that profitability will go away, making it even worse for the bank. So they have to spend, but they’re spending on what keeps their competitive edge rather than spending and investing in something that’s going to get them beyond the curve. Now they are beyond the curve in that part of the business. It’s the rest of the business that is impacted because you can’t spend on the areas that aren’t making money, and that’s where those like HSBC will see a competitive advantage in that it splits the banks that are severely constrained budgetary-wise and just doing what they have to do for operational expenditure and efficiency against those that say, “Here’s weaknesses that we can exploit.” So yes, Citi may be investing in their transaction services payments business, but are they investing in their cards business, in their branch systems, in their investment bank businesses? Not really. They’ve got a credit issue with credit card exposures in defaults they have in the States. They’ve equally got some new branches that may be deferred for this year. That means that some of those branches don’t look quite as nice as some of the competitors could do if they invested, and equally they’re sending off most of their investment banking business. When you take HSBC as a contrast, and HSBC, don’t get me wrong, they’ve had problems too. They’ve made over $50 billion losses in the States through the acquisition of Household, but they can actually manage their imbalance in the States because they have a big footprint in Europe and another even bigger footprint in Asia. It’s an economy that’s actually in positive mode still compared to Europe and America, and through that they’ve invested quite significantly in major technology renewal programs and their core infrastructures and platforms. The best example of this is the internet service and some of what they’re doing as an internal network capability. They run the largest Cisco privately held network in the world as a bank, as a

136 www.usfst.com

private banking network. They could run the internet on their private network, but instead they run the bank on that network. That’s cost them a lot of money, but as part of that they have these internet banking platforms that they spent $215 million developing. Now how many banks could spend $215 million just on building an internet banking platform? Hardly any, but the platform they built is a global platform. It’s a single internet banking service for the world of the HSBC clients, and within that each country then just tick boxes and says, “These are the bits we like. These are the bits we don’t like and here’s the bits we can use. Here are the bits we aren’t going use.” So the service for internet banking around the world for HSBC looks localized, but it’s actually a global platform. One of the things within that, which is referenced by Ken Harvey, the Chief Technology and Services Officer of HSBC, is that by having these global platforms they don’t have to create new iterations for every new operation, and that means that the net saving each time you open or gain a customer because all you’re doing is adding more traffic to the network of the privately held network of HSBC. The best way to illustrate this is if HSBC were to go into a new country, let’s say they want to open business operations in Laos in Asia, all they have to do is create a marketing campaign for example if it’s a pure electronic offering like a credit card, because all they’re investing in is the cost of the physical marketing, of the actual marketing campaign, the adverts. Everything else is free. It’s on the network and it’s already there. If they want to open a branch in Laos then the only cost is the actual bricks and mortar. They just plug it into the network. That’s the beauty of that investment, which other banks have been unable to make.

CHRIS SKINNER_FEB10 04/03/2010 16:14 Page 137

“

On spending on regulatory compliance: Regulations stimulate change. Anything that involves change in a ﬁnancial service requires investment, so what this means is that every bank is going to have to make substantial changes to their systems and internal controls and structures to respond to things like the de Larosière report, which is a big European report looking at what Europe has to do to stabilize banks and to respond to Tim Geithner and Barack Obama’s changes in States, part of which means that, for example, liquidity risk and capital asset management of the bank becomes the central focal point for the regulatory regime, the compliance regime, and the overseeing structures of Europe and America. Knowing you have to do that you then have a double sided view of the

world, in terms of on one side you could say, “Well this is a big overhead of change that we’re going to have to comply with. What’s involved? How do we comply? Let’s make the minimum investments that we need to make to support the new regulatory regime.” Or you can say on the positive side, “How can we take this regulation and actually get the best return on that investment through this change program that we’re going to have to make anyway because we’re being forced to?” For most institutions they’re going to take the latter view obviously because it’s the sensible view, and what does that mean in reality? It means getting liquidity risk reporting and capital assets structured and managed in such a way that you can avoid these issues we’ve had. Real

time becomes a central focal point for internal and external management structures – real time technology trading systems, real time technologybased risk management systems, real time technology-based cash pooling, netting, and management positions, real time everything. When you speak about real time everything then obviously there are huge opportunities within that program to get better information systems, better customer service reporting systems, better corporate management systems to give to your customers, to say, “Well we’ve put everything into real time because we had to for reporting to the regulators”, but to get the opportunities out of that investment we’re also going to give real time information services to all our customers. Wouldn’t that be fantastic?

On harmonizing and reinvesting in emerging markets: The lack of investing in emerging markets or markets outside domestic interest was a big concern of the G20 and of the whole easing program. The reason why governments have provided this security and backing to the banks is because they want to keep global trade flowing. If countries or national banks move to being very domestically oriented or to build protectionism – and there are some concerns regarding protectionism, particularly the US actions around trade with China recently – then we’ll get into potentially a third world trade war, which we don’t want. That wouldn’t be good for anybody. Having said that, if you don’t get your domestic economy and institutions back on their feet and their blood pumping and lending for example, then that’s not good either for the domestic agenda. That’s a fine line that’s being walked by the politicians rather than the institutions. The institutions are just doing what they need to do to get their financial streams flowing again, which is why we see this issue around lending access to capital, loans overall, mortgages overall, and whatever the banks say, the first thing they have to do is to repair the balance sheets and capitalize the ratios, which is what they’re focused upon doing. So you really have this balance between the needs of the global economy to continue trading – because if they’re constrained then we’ll never get out of these economic doldrums – but at the same time the banks have to repair their balance sheets and their capital asset ratios to be recognized as being viable and national regulatory regimes and structures. That balance is not complete yet. We haven’t got through this yet, and whatever anyone says about green shoots, they are there, but some people are asking what’s the fertilizer they’re putting on them? That’s where we have this balance because in some countries I think there is still emerging market support, but in many the domestic agenda is taking priority.

www.usfst.com 137

CITY GUIDE 138

St. Petersburg Time: + 3hrs GMT | Currency: Russian ruble | Language: Russian | Population: l Six million ll

St. Petersburg may have lost its crown as the capital city of Russia after the Russian revolution, but vistors to this cultural landmark will enjoy an experience that parallels any trip to Moscow. FST gives you a whistle stop tour of Russia’s most diverse city.

Souvenir Russian nesting dolls

Church of the Resurrection of Christ

Catherine Palace

About St. Petersburg was established on the site of a swamp by the emperor Peter the Great, who then declared it the new capital of the Russian Empire. It remained the capital for more than 200 years until the 1917 Russian Revolution. Today it remains Russia’s second largest city and is home to six million people. As well as being a major European cultural city it is also a strategically important Russian port on the Baltic Sea and is often described as the most Western city in Europe. The city attracts visitors to its myriad cultural attractions all year round but the summer is a particularly popular time to visit; as this is when St. Petersburg’s White Nights occur. On these occasions the sun shines for almost 24 hours a day and city life continues around the clock. What could be more bizarre than a walk along the city’s canals in bright sunlight at midnight?

Getting around St. Petersburg has Russia’s second largest airport and is well connected from Europe and the former Soviet Union. Travelers from Asia, Australasia or the Americas may have to arrive via Moscow, however. When you reach St. Petersburg there is an extensive public transport network includ-

City Guide-St Petersburg.indd 138

TOURIST TIPS • Don’t travel to St. Petersburg on a tight budget. The city is the second most expensive in Russia and the 12th most expensive in Europe, putting it ahead of Paris, Singapore and New York. Cheap accommodation is hard to ﬁnd but public transport offers a way to save the pennies. • Don’t forget that all visitors to Russia require a visa. This is usually only issued to travelers with fully booked and conﬁrmed travel arrangements. The processing of visa applications can take anything from 10 working days, so arrange this well in advance. • Contact your doctor or a travel clinic for up-to-date information on vaccines before you travel to Russia. Generally travelers are recommended to be vaccinated for diphtheria, polio and tetanus. Food and waterborne diseases are common so typhoid and hepatitis A vaccinations are also recommended.

4/3/10 16:14:43

CITY GUIDE 139

Relax A great way to explore the city, particularly in summer, is to tour the canals by boat. The typical tour is through the Moika canal then out along the Neva to see the Peter and Paul Fortress before returning through the Fontanka to the Mariinsky Theatre. The majority of tours are in Russian and start from around $14. If the weather permits, consider an excursion to Pushkin, formerly the summer residence of the imperial family. The Catherine Palace is surrounded by lush parkland fi lled with waterfalls, boating ponds and statues. It’s the perfect place to enjoy a picnic and escape the city bustle. Grand Hotel Europe

Sleep Hotel Astoria and Angleterre Hotel These adjacent hotels occupy an unrivaled setting in St. Isaac’s Square in the city center. This is just a short stroll from St. Petersburg’s most popular attractions, including the Hermitage and the Mariinsky Theatre, home of the Kirov Ballet. Both hotels are managed by the Rocco Forte Collection and combine a traditional Russian ambience with exceptional international service. There is a choice of luxurious suites, while guests can enjoy six restaurants and bars, a spa and beauty studio, fitness centers, swimming pool and business centers. There is a choice of stunning banqueting suites for up to 450 guests, a conference room for 205 people and meeting rooms that can accommodate up to 100 participants. Rates: From $270 a night Grand Hotel Europe Th is hotel is steeped in history, having been a fi xture in St. Petersburg for over 130 years. According to its website, it was where the composer Tchaikovsky spent his honeymoon and where George Bernard Shaw once dined with Maxim Gorky. It is situated on Nevsky Prospekt, one of St. Petersburg’s most impressive avenues and is a stone’s throw from the city’s most prominent cultural landmarks, including the Russian Museum and the Mikhailovsky Theatre. There are five restaurants to choose from and a health club that includes a gym and plunge pool. Rates: From $345 a night

ing suburban trains running to most destinations within 50 or 100 miles of the city center. Buses run within the city and as far afield as Moscow and the Baltics. Cars are available to hire for around $70 a day though for newcomers to the city this is not recommended as the roads are in a poor condition and there is a distinct lack of signage. The most convenient way to travel, however, is on the St. Petersburg metro, which covers a network of 58 stations. The entrance to each metro station is marked with a blue M and the flat fare for all journeys is around 70 cents. Smart cards can be purchased then topped up to pay for multiple journeys over a fi xed time period.

City Guide-St Petersburg.indd 139

See The historic center of St. Petersburg has been listed as a UNESCO world heritage site and with good reason. Its highlight, the Winter Palace, is actually a vast museum showcasing a collection of over three million artifacts from across the world. The collection includes works by the likes of Rembrandt, Da Vinci, Michaelangelo and Rubens and visitors are recommended to get a tour guide to avoid missing out on the best bits. After a day spent exploring the Winter Palace’s gems, no visit to St. Petersburg is complete without an evening at the opera. The Mariinsky Theatre, formerly the Kirov, offers world-class performances of both ballet and opera, including those sung in English. For a more intimate experience visit the St. Petersburg Opera which features just 200 audience seats and puts on cheaper performances.

Eat Taelon For a true taste of new Russia, visit this ultra exclusive restaurant, which is housed in an opulent mansion house in the city center. Dress to impress in this glittering setting which features marble fireplaces, gilded ceilings and an adjoining private club and casino. Specialities include caviar, oven-baked partridge in coriander sauce and baked dorade with ragout of spinach and snails. Sunday brunch comes with black and red caviar, lobster and champagne. If you’re feeling flush, enjoy a glass of cognac for $216. Mechta Molokhovets Gourmands will delight in this intimate restaurant, which has a menu based entirely on a famous 19th century Russian cookbook entitled A Gift to Young Housewives. While the title of the book may be old fashioned, the menu in the restaurant is anything but. Cooking is state-of-the-art and includes dishes such as venison fillet accompanied by baked pears filled with cranberries and soaked in chanterelle sauce. There are only six tables in the restaurant though, so booking is highly recommended.

4/3/10 16:14:49

Quote/Unquote 140

The topic of banking regulation has taken on some fresh impetus following the ﬁnancial crisis. FST rounds up what some of the biggest names in the business have to say.

“Whatever their size, whatever their range of activities, you need good regulation. It’s the principle and practice of regulation you have to focus on, not the size of banks.” UK Business Secretary LORD MANDELSON expresses doubts about the Obamavadministration’s proposed regulations.

“The danger is that Congress and the administration may try to hide behind the banner of Volcker’s reputation, enact this one dimension of reform and nothing more, and pretend that it is sufﬁcient to repair the ﬁnancial system.” GEORGE SOROS worries that the Volcker rule doesn’t go far enough.

Our regulation in this country is probably as loose as or looser than it was in the United States. Our securities commissions, what have they done? White-collar crime in this country, it’s a pretty good bet – it’s almost as good as the house in Las Vegas. 84-year-old Canadian Billionaire STEPHEN JARISLOWSKY on his nation’s regulators

Quotes.indd 140

4/3/10 16:25:03

Quote/Unquote 141

“I am a believer that the system has gone badly awry and needs massive reform.” Former Vanguard Group CEO JOHN BOGLE

“The British screwed us.” HANK PAULSON reacts badly to the news that the FSA did not to approve a guarantee which would have allowed Barclays to buy Lehman.

“[Risky financial activity is] like pornography – you know it when you see it”. Barack Obama’s economic guru PAUL VOLCKER responds to the Senate’s banking committee insistence that it’s impossible to deﬁne banks’ proprietary trading.

“I can understand the idea of putting limits on banks’ speculative activities, but at the same time, there are differences between individual countries regarding how they have dealt with this issue.” Japan Finance Minister NAOTO KAN urges the US to consider country-by-country differences in banking oversight.

Quotes.indd 141

4/3/10 16:25:04

Your World. COVERED From the people you hire to the products you sell, if you’re in business, we’ve got it covered...

Financial Services Technology Providing for its customer’s needs and demands is the goal of financial institutions now more than ever. But it is a tricky remit to fulfll. Your customers want it all – security, cost-efficiency, speed, added functionality and, most of all, convenience. Can it be done? Read FST to find out... ALSO AVAILABLE FOR: EU

US ious

ion

Edit

Previous EU Edition

Find out more: www.usfst.com

Next Generation Pharmaceutical

Next Generation Power & Energy

Approximately 50% of new drug development fails in the late stages of phase 3 – while the cost of getting a drug to market continues to rise. NGP is written by pharmaceutical experts from the discovery, technology, business, outsourcing, and manufacturing sectors. It is committed to providing information for every step of the pharmaceutical development path. Available for: US & EU

A poll of 4000 utility executives posed the simple question: what keeps you up at night? The answers were costs, new technologies, aging infrastructure, congested transmission and distribution, viable renewables and inadequate generation capacity. Available for: US & EU

Find out more: www.nextgenpe.com

Find out more: www.ngpharma.com

Business Management

Infrastructure

What business processes work? What are the proven, successful strategies for taking advantage of domestic and international markets? Business Management is about real, daily management challenges. It is a targeted blend of leadership and learning for key decision makers in government and private enterprise. Available for: US, EU, MENA

Infrastructure provides insight on how developers can achieve critical objectives by integrating leading-edge solutions across their operations – helping them to make informed decisions about technology and operations solutions for all of their areas of responsibility. Available for: US, EU, MENA

Find out more: www.americainfra.com

Find out more: www.busmanagement.com

cataloguepage.indd 142

4/3/10 16:55:22

BOOK REVIEW 143

A good read FST takes a quick look at what some of this quarter’s best business book releases have to offer

The Upside of the Downturn By Geoff Colvin

According to Colvin, Fortune’s Senior Editor-at-Large, this recession will be a defi ning period for business. Some will emerge stronger and more dominant while others will weaken and fade. Colvin is one of world’s most respected business journalists so is able to offer practical examples from the real world to illustrate which companies have got it right and which have failed – and why. He suggests savvy businesses see the downturn as a rich opportunity to restructure, reinvent and reimagine their businesses and lay the groundwork for future growth. FST SAYS: Although just 170 pages long, this is a must read for C-Level executives looking to capitalize on the opportunities and challenges of the recession. Highly recommended.

Why Iceland? How One of the World’s Smallest Countries Became the Meltdown’s Biggest Casualty By Ásgeir Jónsson Even 12 months on from the breakdown of Iceland’s economy the scale of this tiny nation’s downfall is still hard to comprehend. Th is is a country with a population of just 300,000 that up until the 1980s was heavily reliant upon the cod fishing industry. However, by the end of the century it has transformed itself into a major player in world fi nance, building an international banking empire worth 12 times its GDP. Ásgeir Jónsson examines the country’s implosion in painstaking detail and where it all went wrong and the pivotal role the UK played. FST SAYS: A well-written and in-depth account of the chain of events leading to Iceland’s collapse from an expert behind the scenes in Iceland. This is a real lesson in how not to run a nation’s economy.

The Future of Work By Richard Donkin The Future of Work presents a cohesive argument for a fundamental change in attitudes to work – one that could create a healthier society capable of meeting the expectations and concerns of a developing economy. By looking at the forces shaping the future of employment, this book concentrates on seven significant themes underpinning change in the modern workplace: demographics, talent, measurement, networks, health, age and leadership. FST SAYS: Separating popular myths from truly transformational trends, Donkin has produced a fascinating read for anyone with responsibility for people at work. An essential guide for using technology to intelligently manage your staff.

BOOK SECTION FST.indd 143

4/3/10 17:01:05

PHOTO FINISH 144 Shaun White, USA Olympic Gold Medalist in the Menâ&#x20AC;&#x2122;s Snowboarding Halfpipe, rings the closing bell at the New York Stock Exchange on February 23.

PHOTO FEATURE.indd 144

4/3/10 16:26:41

FST US11 Ads.indd Sec27:145

3/3/10 13:06:01

FST US11 Ads.indd Sec27:146

3/3/10 13:06:02