FST EU 11
The BP oil spill is a timely reminder to a financial industry putting its own crisis behind it.
www.fsteurope.com � Q3 2010 BUSTED Missed meetings, empty boardrooms and stranded travellers: how Iceland's eruption shook the industry DIGITAL FRONTIER Combating increasingly advanced cyber crime attacks PEOPLE POWER Prudential CISO Tom Doughty on security's human factor GLOBAL CONTROL Assessing the prospect of a universal regulatory system FROM THE EDITOR 7 Black days The BP oil spill is a timely reminder to a financial industry putting its own crisis behind it. I f there is any kind of upside to the unfolding ecological disaster in the waters of the Gulf of Mexico, it is that in BP the world has found its latest bogeyman. With each fresh image of oilsoaked seabirds and tar dotted white beaches, the energy giant is slowly replacing the finance industry as the globe's most loathed example of corporate malfeasance. The more we learn about BP's manifold transgressions in the run up to the explosion of the Deepwater Horizon drilling platform, the more parallels we see with the pre-crash finance industry. Both displayed the same reckless pursuit of short-term profits, the same willingness to bend the rules and the same shocking lack of understanding about the massive risks their actions exposed the world to. The similarities don't end there. By the time the dust settles on the Gulf of Mexico catastrophe, the oil drilling business can expect to be subjected to a far higher level of scrutiny that it has experienced in the past. A few years on from the global economic meltdown, the finance industry is starting to feel the increased heat of regulatory glare. In recent months we have seen the G20 commit itself to stricter controls while the US is poised to sign sweeping banking reforms into law any day now. What this means for many financial organisations is that the task of maintaining and demonstrating compliance is going to become an even bigger job than it was previously. Seeing as the costs of compliance were an extremely large chunk of IT budgets even before the crisis, this is going to entail a raft of fresh challenges. "The financial crisis offers many lessons for management of the global economy � lessons about private sector incentives, lessons about regulation and lessons about global interdependencies" European Central Bank President JeanClaude Trichet (p32) "I want to ensure that the risk owner makes a decision with their eyes wide open. An uninformed risk decision is vastly worse than an informed residual risk decision" Prudential CISO Tom Doughty (p48) While technology is going to play a major role in meeting new responsibilities, it is vital that the people operating it don't lose sight of the very human motivations behind the decisions they make. Following the BP blowout, many stories have come to light about lax safety standards and under investment in key areas. While some of these examples are outright breaches of regulation, many satisfied existing rules and standards, but did very little more. The results of just doing enough are now washing up on the American coastline. As the banking crisis starts to recede in the memory, its lessons also risk being forgotten. The Gulf of Mexico spill is a valuable reminder of what can happen when the bottom line becomes business's only consideration. As the financial industry moves into a new regulatory landscape, there needs to be a clear focus on embracing the spirit, as well as the letter, of the law. BP might be public enemy number one at the moment, but another incident of financial pollution could easily knock it off the top spot. Huw Thomas Editor CONTENTS 9 International development President of the European Central Bank Jean-Claude Trichet gives his take on the changing world of global financial governance Out of the ashes 32 Simply accountable Prudential CISO Tom Doughty explains why employees are a key part in ensuring the integrity of the company's security How the eruption of Eyjafjallajokull has impacted business communications 40 Cyberspace invaders Malicious attacks against banks and their data are growing increasingly intense and sophisticated. What can be done to defend the digital border? 48 62 10 CONTENTS 70 Tricks of the trade Former `ethical hacker' Jason Hart gives an insight into the threats posed by his unethical counterparts 72 The missing link Despite decades of staggering advances, technology can still only do so much. Travelex CISO James Gay tells FST about security's vital human component 76 First defence Employees should be the new line of defence in any cyber security strategy, says a new report from PricewaterhouseCoopers 78 Comply or die 70 Ask the Expert 86 Rhys Morgan GMC Soft ware 88 Steven Mast Dell 104 Gibu Mathew ZOHO 114 Larry Mindel Rule Financial Markus Schulz on the challenges of a tighter, post-crisis regulatory regime 82 Process improvement drives GRC success 38 Virtual meetings = business as usual John Stone explains how to maintain effective communication and business continuity in an unstable global environment How Nimbus Partners helps banking and insurance clients achieve transparency and employee engagement 84 The customer is king FST looks at the value of customer relationship management in the enterprise 46 Bridging the communication gap David Gladding discusses just what makes web and video conferencing a viable option 90 What's your type? Making sense of managed print services. By Amanda Hutchins 54 Prevention and protection Jenny Dugmore reveals the importance of authentication to ensure against identify theft 94 The next big step Adrian Butcher on the importance of personalised customer collaboration and the use of the internet in the fight for consumers 56 Rule the world Is a universal regulatory framework feasible? 96 A brighter day Can ECM help the financial industry emerge from the darkness of the last few years? 60 My word is my bond Mobile phone recording solutions don't all have to be up in the cloud, says Stephen Thurston 100 Service quality Cliff Meltzer explains the benefits of service assurance and outlines the ideal service assurance system 68 Trust is good for business 72 H�kan Nordfjell explains how banks can increase revenues and tap new markets, if they can give users better ways to authenticate themselves 101 Cloudy with a chance of services Kobi Korsah examines the future of cloud computing 12 CONTENTS 102 High performance The value of application performance management Details 131 Swiss spas 134 36 hours in...Paris 136 Executive toybox 138 Branding banks 140 Agenda 142 Books 144 Photofinish 106 Intelligence test Despite tightened IT budgets, business intelligence remains a key industry priority, says Helena Schwenk 108 Risky business Paul Buelens reveals how best to protect against risk in the financial sector 110 Follow the money FST speaks with Ron van Wezel of Deutsche Bank GTB about the company's big moves in mobile payments 116 Preparing for SEPA Mats Wikstr�m offers an insight into SEPA and outlines the challenges for the financial industry 118 Banking intelligence 124 A new payments landscape Andy Brown looks at how payments infrastructure is changing 96 IDC's Trevor LeFleche looks at the banking predictions for 2010 120 No strings attached With mobile banking predicted to be one of the defining trends of the next decade, FST speaks with MoBank CEO Steve Townend to find out how his company is getting in on the ground floor 126 Waking up to social media How can banks fully embrace the social media revolution? 128 The permeable enterprise Managing information flows could be the next strategic challenge, says Michael Schuster 106 124 The FST Europe Summit 21st - 23rd September 2010 Grand Hotel Huis ter Duin, The Netherlands The FST Summit is a three-day critical information gathering of the most influential and important executives from the financial industry. The FST Summit is an opportunity to debate, benchmark and learn from other industry leaders. A Controlled, Professional and Focused Environment A Proven Format This inspired and professional format has been used by over 100 executives as a rewarding platform for discussion and learning. Legal Information The advertising and articles appearing within this publication reflect the opinions and attitudes of their respective authors and not necessarily those of the publisher or editors. We are not to be held accountable for unsolicited manuscripts, transparencies or photographs. All material within this magazine is �2010 FST. Chairman/Publisher Spencer Green Worldwide Sales Director Oliver Smart Finance Director Jamie Cantillon Find Out More, Contact FST +44 (0)117 915 4755 Editor Huw Thomas Managing Editor Ben Thompson Associate Editor Rebecca Goozee Contributors Ian Clover, Lucy Douglas, Nicholas Pryke, Julian Rogers, Stacey Sheppard, Marie Shields, Timon Singh Creative Director Andrew Hobson Design Director Sarah Wilmott Associate Designers Tiffany Farrant, Michael Hall, Crystal Mather, Cliff Newman, Catherine Wilson Online Director James West Online Editor Jana Grune Project Director Oliver Stebbings Project Manager David Corr Sales Executives Abigail Labaton, Joe Hunter, Andy Craven, Glenn Hapgood Production Director Lauren Heal Production Coordinators Renata Okrajni, Aimee Whitehead VP North America Jason Green Operations Director Ben Kelly IT Director Karen Boparoy Marketing Director John Funnell Subscription Enquiries: +44 117 9214000, www.fsteurope.com General Enquiries: firstname.lastname@example.org (Please put the magazine name in the subject line) Letters to the Editor: email@example.com www.fstsummiteurope.com GDS International GDS Publishing, Queen Square House 18-21 QueenSquare, Bristol, BS1 4NH Tel: +44 117 9214000 E-mail: firstname.lastname@example.org 16 THE BRIEF The new kids on the block brand new bank hit the British high street on July 29 � the first since the 19th century. The new London-based Metro Bank, backed by US entrepreneur Vernon Hill who has stumped up much of the UK�75 million initial funding, is keen to set itself apart from the old British banking model and promises to be truly customer-focused, offering a "new, convenient way of banking". So what's involved? Well, firstly, in a recent interview with the Daily Telegraph, Vice Chairman Hill said: "Our job is to eliminate every stupid bank rule we can find" � a broad specification then. As well as annihilating typical bank rules, Metro Bank is planning on offering all the usual financial products: current and savings accounts, mortgages, loans, credit cards and business banking. It's also planning on introducing a dog-friendly service with water bowls and dog biscuits, while humans are catered for with customer toilets available in-store (they don't seem to like the word branch). Ultra-modern, stores will be open from 8am until 8pm as well as at weekends � 8am until 6pm on Saturdays and 11am until 4pm on Sundays � without the traditional glass screens separating tellers and customers. Two stores are opening in July and August, while a further 12 are planned in the Greater London area over A the coming two years, with an aim to expand to 200 outlets within the M25 area by the end of the decade. Anthony Thomson, the bank's co-founder and Chairman told The Guardian, "We have been preparing for this day for a long time and are delighted it's finally here. We plan to offer our customers a great retail experience and we want to make banking fun for everyone." The launch kicked off with three days of `giveaways', including free breakfasts, while stilt-walkers, musicians, jugglers and face painters were also on hand. But Metro Bank isn't the only start-up to hit Britain's high street over the last 12 months, following the emergence of Tesco Bank, Virgin Bank, Walton & Co, and Home & Savings Bank. In August 2009, Tesco announced that it was building a bank `from scratch', and it has already acquired a 50 percent stake RBS had in its personal finance division. Subject to regulatory approval new savings products and mortgages are slated for the end of 2010/11, with current accounts to follow in the second half of 2011, to take the company to a fullservice retail bank. Virgin Money made it's move into regional retail banking with a 14.8 million offer for a small private bank, the Church House Trust, in January this year, and short-cut the process required for getting a license to run a bank. The existing Virgin Money already consists "We plan to offer our customers a great retail experience and we want to make banking fun for everyone" 38% would consider moving to a brand new bank THE BRIEF 17 of savings and investment products, while high street branches with current account and mortgages are due to be up and running by the end of the year. Virgin says that the bank will be run according to the company's lines of simplicity and value for money. Walton & Co is the baby of a British city analyst with backing from Blackstone, a private equity group. It is aimed at wealthy individuals or small businesses and will also work on an old-fashioned personal-contact approach. The first two branches will open next year. But, despite customer toilets, dog biscuits and big name backing, will these new banks really challenge the dominance of the `big four' (Lloyds, HSBC, Barclays and RBS)? Liz Hartley, Principal Consultant for Datamonitor's Financial Services team has said that, "The new entrants will bring a more dynamic aspect to financial services, using tools learned in the supermarket and fast food sectors to generate real consumer engagement to drive business growth." With the top five banking groups having over an 80 percent share of the crucial current account market, these new-style banks are going to have to try mighty hard to persuade customers away from traditional banks, and with Hartley predicting Metro Bank winning a 0.5 percent market share in the sector by 2015, it's not looking overly positive. That said, the financial institutions currently ruling the high street have a lot to learn from retailers in terms of customer service. Research from uSwitch shows that while 57 percent of banking customers are looking forward to having a real alternative to the existing high street bank, only 38 percent would consider moving their main current account to a brand new bank. Forty-five percent believe that new entrants will learn from the mistakes made by traditional banks, but 31 percent are concerned that the new banks won't have enough knowledge or experience of banking and 11 percent wouldn't be confident that their money is safe. Dilshad Issa, Personal Finance Expert at uSwitch. com, says: "Competition is certainly hotting up, but taking on the banking big boys won't be a walk in the park. While consumers are cautious they also like the idea of the competition that new banks will bring. And traditional banks also have some major weaknesses that new players can exploit � they are out of favour with consumers for offering poor interest rates, overcharging and penalising customer loyalty. "If the new banks attack these areas by offering good rates, fair and transparent charges and ensuring they look after both new and existing customers, they could win consumers over and give the traditional banks a bloody nose." Either way, it's about time there was an alternative to the traditional UK banks � and who knows, these new contenders should at least cause an evolution, if not a revolution, in banking. News in pictures Code Pink protesters demonstrate inside the US Senate as Goldman Sachs officials defended their conduct during the financial crisis before a Senate Panel. A worker protests with thousands of counterparts against government austerity measures in July in Lisbon, Portugal. Tough measures implemented by the British government's Chancellor of the Exchequer, George Osborne, have been hailed as `courageous and appropriate' by international experts, as inflation falls in the UK for the second month in a row. 18 UPFRONT In my view Mikael Krohn discusses the challenges for lenders facing uncertainty as they try to balance risk management, scalability and profitability. O ver the past 18 months, the UK lending industry has seen extensive changes. The latest figures indicate that mortgage lending in particular decreased by almost 90 percent since its peak in 2007, according to The Guardian. Following the upheavals of the recent past, banks' risk management processes have been pulled into the spotlight to an unprecedented degree. cutting in an attempt to achieve greater levels of efficiency. However, financial institutions now have an opportunity to use this low activity period to invest in building scalability into their lending processes in advance of the anticipated economic recovery. In order to achieve this, they need to ensure that their processes are both efficient and of high quality. Taking a holistic view on how to solve their challenges relating to risk management, efficiency and scalability should result in well-defined processes that, to a high degree, are supported by IT services. Those financial institutions that do not ensure their businesses are scalable may find that the effect on the bottom line will be short-lived, whereas banks and building societies that are fully prepared for a new period of growth, will be best placed to gain significant competitive advantage. Keeping it simple Regulatory pressures draw attention to liquidity and risk management Liquidity and risk management will continue to dominate banks' agendas in the coming months. The `Basel III' proposals, for example, that were first put forward last December, are designed to build stronger buffers in the financial system, creating a less procyclical financial system in the wake of the economic crisis. However, the French Banking Federation predicted that Basel III proposals would lead to a 360 billion core capital deficit for Eurozone banks, said Reuters, while Wells Fargo claims that lending would drop by US$3 trillion if US banks shrink their balance sheets to avoid having to raise the estimated US$250 billion-300 billion in new capital which the Basel Committee's proposals would require, according to Risk. Despite the gloomy predictions, the Basel Committee Chairman Nout Wellink, suggests that, "a modest reduction in growth during upswings in the business cycle would be acceptable to regulators if the proposed capital and liquidity framework also produced greater financial stability. If the cumulative 0.5 percent to 1.0 percent reduction in growth estimated by Dutch central bank economists is the price for getting a really resilient banking system, that price is not too high." As banks prepare to meet compliance challenges, they are simultaneously working towards improving customer service and rebuilding trust in the industry's ability to effectively manage risk. In addition, we can expect that existing regulations around data quality and processes will be more strictly enforced, and the UK coalition government's statement that the FSA should continue as a separate body under the Bank of England will remove the uncertainty around who will enforce these rules and how swiftly. There is a trend towards greater simplicity in banking to achieve greater efficiency, which banks can leverage as a competitive differentiator. This trend is also a result of the opportunity that derives from new technology and changes in customer behaviour. Online banks that have been set up around Europe using very simple products and processes have already achieved a great deal of success, and more banks will also look to meet the competition through their own direct banking channels. This concept also extends to a more transparent and simpler banking model. Vernon Hill, the founder of the new British Metro Bank, for example, believes in the success of a new business model based on a purely deposit-funded bank. Metro Bank plans to expand its deposit base faster than its mortgage book and expects to have a core tier one ratio that will "never drop below the high teens," said FT.com. Mikael Krohn is VP of EDB Business Partner. "There is a trend towards greater simplicity in banking to achieve greater efficiency, which banks can leverage as a competitive differentiator" Introducing scalability and maintaining profitability Many banks have undergone a period of cost UPFRONT 19 International news Penny pinchers A new Pew Research Center survey illustrates the new frugality many people are embracing could have a long-term impact on the American economy. Indeed, the survey indicated that Americans' prudence may outlast the recession and its immediate aftermath, with almost half of the respondents saying that they plan to save more, nearly a third planning to spend less and 30 percent hoping to borrow less. Downgrading budget The Philippines' new Finance Secretary Cesar Purisima has announced that balancing the budget is not a priority for the Aquino administration given the need to invest in social projects important to the economy. "Our focus is not balancing the budget, but to keep it at a manageable level � maybe at two percent of GDP," he told reporters. The deficit is expected to reach US$7.52 billion this year, around 4.2 percent of GDP. New bonus rules UK banks could gain from a new set of rules on banker bonuses being discussed by European Union governments, after the country unilaterally applied stricter rules on pay last year. According to the new rules � which need the formal backing of the full Parliament assembly � cash bonuses will be capped at 30 percent of the total bonus, or 20 percent for particularly high bonuses. A large part of a bonus will also have to be deferred so it can be recovered if investments don't perform as expected. Stress test Reuters has reported that European bank stress tests will train the spotlight on Spain's cajas and Germany's landesbanks due to opaque finances, political meddling and links to troubled sovereign debt and housing markets. Large listed euro zone banks such as Santander, BNP Paribas, UniCredit and Deutsche Bank are under constant market scrutiny and their exposure to toxic assets, shaky sovereigns and bad debt is largely known. The 45 cajas, or unlisted savings banks, and eight landesbanks are uncharted territory in the European banking sector. The International Monetary Fund devoted extra chapters to both of them it its latest Global Financial Stability Report. Australian dollar up According to the Reserve Bank of Australia, loans to consumers to buy houses increased by 0.7 percent between April and June, bumping up the Australian dollar. Rod Cornish, Head of Property Research at Macquarie Group told Bloomberg that, "Housing finance to investors has picked up. We've already seen significant growth in the first half. That's already locked in, and we'll see more moderate growth in the second half." Brazil buoyed by banks Gains in the Brazilian banking sector have helped improve investor sentiment amidst a barrage of disappointing economic figures from around the world that led to sharp losses on European bonuses and weighed heavily on share prices in Brazil during most of the trading season, reports the Wall Street Journal. Figures released before trading showed industrial growth in China slowed in June for a second month in a row, frustrating hopes that the Asian giant could power a global economic recovery. Further souring the mood were figures showing slow industrial expansion and rising jobless claims in the US. 20 UPFRONT Fully unified communications E Google shuts its Windows ecurity concerns over Microsoft Windows have impelled Google to shift their employees on to alternative operating systems after last year's hacking crisis at Google's China HQ. In a report by the Financial Times, Windows is thought to be slamming shut for all Google employees, replaced with either Linux or MAC OS X, and conveniently clearing the way for staff to install Google's very own Chrome OS operating system as soon as it is released at the end of 2010. A Google employee told the Financial Times that "getting a new Windows machine now requires CIO approval", and although Google has so far refused to comment, Microsoft has responded to claims that Windows is more vulnerable to attacks by hackers and more susceptible to viruses than other operating systems. "When it comes to security, even hackers admit we're doing a better job making our products more secure than anyone else," posted Microsoft Windows Communications Manager Brandon Le Blanc on the Windows Team blog. "And it's not just the hackers; third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others." Windows is by far the most dominant operating system worldwide, boasting a 91.28 percent market share according to NetApplications. Hence, Windows is targeted far more often than other operating systems, and there are no statistics to show that Mac or Linux are more secure. Google's decision to abandon Windows over security concerns may work in the short term as `security through obscurity', but should cyber criminals decide to target Google directly, as they did with their China HQ, other vulnerabilities may be exposed. S xcellent unified communications platforms such as Avaya Aura Communication Manager go beyond existing telephony and data communications networks to bring together voice, messaging, email and voicemail. In the drive to unify communications, however, the humble fax has been somewhat overlooked, despite its business-critical role for many major international organisations � particularly those in the financial services market. Even though fax usage is actually increasing yearon-year, a fax module is generally not included in the unified communications solutions offered by the major players in the market. Network fax interfaces do not come as standard on the latest generation of multifunction printers that offer so many other benefits to organisations of all sizes. In the financial world, this creates a serious black hole in the ability to meet regulatory compliance standards and results in higher document management costs. Fortunately, there is a solution which not only results in lower fax costs but which also allows organisations to fully integrate their multifunction printers into their communications network, to virtualise their fax server and to meet mandatory regulatory compliance standards for the handling, storage and retrieval of sensitive data. Passport 4000 Fax Server from Lane is an IP fax solution based on industry leading Dialogic technology so it fully integrates with the majority of unified communications and Voice over IP systems on the market today including those from Avaya, Cisco and Mitel. "Communications are increasingly moving onto the IP network," says Peter Fincham, MD at Lane. "We have been at the forefront in developing systems, such as Passport 4000, that allow businesses to move beyond voice to include seamlessly integrated fax capabilities. Open, standards-based platforms, such as those provided by Avaya and others, allow us to deliver complementary solutions that together enable businesses to fully realise the potential of their communications infrastructure." For more information please visit www.lanetelecom.com 22 UPFRONT Financial rogues of the Noughties 10. Dennis Kowalski Currently serving eight to 24 years in a New York prison, mainly as a result if receiving US$81 million in purportedly unauthorised bonuses while he was CEO of US conglomerate Tyco. He admitted at his trial that his US$100 million annual pay package was `almost embarrassingly big'. He became the poster boy for early Noughties excess after it emerged he'd spent US$6000 on a shower curtain. 10 09 9. Eliot Spitzer This former New York state attorney became the scourge of bankers as a result of his attempts to clean up Wall Street in the early Noughties. His Mr Clean image was tarnished irreparably in 2008 after he was exposed as a regular customer of a prostitute ring. 8. Adam Applegarth Reckless risk-taking resulted in the first run on a British bank (Northern Rock) for over a century and played a significant role in worsening Britain's credit crunch. He also received a UK�1 million payoff after his fall. 7. Conrad Black Once the third biggest newspaper magnate in the world, Black was convicted of diverting funds for personal benefit from his company Hollinger International and obstructing justice by taking possession of documents to which he was not entitled. He is currently serving a six and a half year sentence. 08 06 6. Bernie Ebbers This bearded, born-again Christian ex-bouncer was a good old boy who built up Worldcom, a telecoms company worth US$180 billion. When the tech boom fizzled out he decided to cook the books and got his company into a right stew, losing investors US$100 billion. Worldcom went bankrupt and Ebbers is currently doing 25 years in prison. 5. Fred Goodwin One of the least popular bankers around, Goodwin's extraordinary mismanagement of the Royal Bank of Scotland led to it's nationalisation and a whopping UK�700,000 annual pension for himself. In February 2009, RBS reported that while Goodwin was at the helm it had posted a loss of UK�24.1 billion, the biggest loss in UK corporate history. 07 UPFRONT 23 05 03 04 01 4. Jerome Kerviel A geeky, 32-year-old trader, Kerviel almost destroyed one of France's major banks, Soci�t� G�n�rale, after he allegedly lost 4.9 billion in early 2008. He says his supervisors knew of his trading activities and that the practice was very common. 3. Jeffrey Skilling/Andy Fastow Co-creators of Enron, this pair pretended the company made profits when it was in fact a heavily-indebted illusion that fell apart in 2001. They are serving 24 and six years respectively, although their boss, Ken Lay, died before sentencing. 2. Dick Fuld Overseeing the destruction of Lehman Brothers, ensuring that the world entered the worst financial crisis since the Great Depression, Fuld's unwillingness to listen to others, bombastic manner and sheer bloody mindedness are legendary. 1. Bernie Madoff His Ponzi scheme is now officially the biggest ever fraud, costing investors an estimated US$65 billion. This former pillar of New York society was sentenced to 150 years in prison last June. www.cityboy.biz 02 24 UPFRONT Five-minute interview Head of IT Operations at Abu Dhabi Commercial Bank, Steve Dulvin, explains the key role of innovation and the importance of back-office and customer-facing technologies at the firm. T his is one of the best eras for IT heads and managers because it's about making sure we keep the lights on by maintaining our service levels, but also looking at reducing operational costs and I do not believe you can achieve that by reducing your focus on innovation. Innovation and keeping the lights on go hand in hand. Although our main focus would be on running the bank, innovation still plays a very important role in our day-to-day operations. The only difference is that today it's not about it being nice to have but about improving our services with selffunded IT projects. Innovation is not just something that should be seen from a senior management perspective � it's a mindset that we need to spread across the organisation. Everybody in an organisation can contribute to innovation. It means the IT department needs to think bigger and better than they think they can, it's about breaking barriers to our vision and it's about doing things we thought were never possible. IT is the main fabric of the business. We consider ourselves a value centre to the business, although a few years ago the concept of having separate strategies for the business and IT existed. Today, we are very much one and the IT strategy can only be part of the business strategy � they can never be separate. Technology plays a big role in Abu Dhabi Commercial Bank's (ADCB) retail operations for both Islamic Banking and conventional banking. We are one of the most aggressive banks in the UAE and for us in IT it's a race to support the business and continue to deliver new product lines and additional benefits to customers. Almost every study shows that the biggest risk to any organisation is internal. In fact, as we speak we are in the process of implementing bank-wide single sign-on (SSO) with biometric devices to reduce the risk of identity theft. We also use recording tools for GUI (Graphical User Interface) based changes and provisioning tools to automate changes to our critical systems which is reviewed by the quality control department and tested on the UAT (User Acceptance Testing) environment before they are deployed. Disaster recovery and continuity is a continuous process. It's about keeping planning and ensuring rehearsals are done, not just from an IT perspective but also with the business users. It's also an investment you make for something you may possibly use or never use, which is expensive for both hardware and software licenses, which again needs to be measured against the probability and frequency based on the kind of disaster. At ADCB we decided to use the disaster recovery environment as much as we can for user acceptance testing and pre-production tests before any new enhancements are made. The main focus for the next 12 months will be looking at a new core banking solution that will fit into our environment, considering it's been more than five years since we implemented FLEXCUBE. In the last few years we have acquired best of breed applications for each business area to suit their needs, such as treasury, trade finance and CRM. We will be looking for a system that could retrofit into our environment with interfaces to multiple applications but that does not necessarily have to be a traditional core banking system with the ability to serve multiple business areas. We will also be working on a build a service-oriented architecture (SOA) where business areas can have flexibility to choose from services with a lower total cost of ownership and will give us the option of re-using existing assets and services with a much lower cost and a faster turnaround time. SOA has been there for years and is not a new technology. It's about decoupling business process from technology to enable organisations to change spontaneously in the most cost effective manner and today this would definitely be an added value to the organisation. We have several other initiatives that we are looking at but the two mentioned would definitely be on top of the list. "It's about decoupling business process from technology to enable organisations to change spontaneously in the most cost effective manner" Steve Dulvin UPFRONT 25 Mobile strategies new study from Juniper Research, Mobile Payments Markets: Strategies & Forecasts 2010-2014, has found that the value of mobile payments for digital and physical goods, money transfers and NFC (Near Field Communications) transactions will reach almost US$630 billion by 2014, which is up from US$170 billion this year. According to Juniper, the growth across all market segments was being driven by the wide adoption of smartphones and the increased use of apps. Additionally SMS ticketing schemes such as those offered by OBB Austrian Railways and Sweden's Skane Traffic were also important developments. Juniper predicted that while the digital goods segment will account for nearly half of the market in 2010, the emerging segments such as physical goods payments, NFC and money transfers will impact the market rapidly. By 2014 it forecast that physical goods mobile payments market will be worth US$100 billion and that in developing markets SMS driven money transfer services are the main driver, increasing at a rate of 30 percent per annum. The top three regions for mobile payments � Far East and China, Western Europe and North America � will represent nearly 70 percent of the global mobile payment gross transaction value by 2014. The report also says that new services and schemes are being actively established by vendors, re- A Mobile payments will total US$630 billion by 2014 tailers, merchants, content providers, mobile operators and banks, however, in some areas like NFC, greater collaboration will be required to establish a widely accepted business model that translates easily into tangible services. Source: www.techeye.net Global remote mPayment Market: Users (Millions) Split by key regions 2010 &2014 Key findings: Rest of world Far East & China Europe Americas � In developing markets, SMS-driven money transfer services are the main driver, increasing at a rate of 30 percent per annum � The top three regions for mobile payments � Far East and China, Western Europe and North America � will represent nearly 70 percent of the global mobile payment gross transaction value by 2014 � Vendors, retailers, merchants, content providers, mobile operators and banks are all actively establishing new services and schemes � In some areas such as NFC, greater collaboration is required to establish a widely accepted business model that translates easily into tangible services 2010 2014 26 UPFRONT Freedom, power, control "With Scense, VDI migration becomes a mainly automated process" iven changing market conditions, developing technologies, together with new and current legislation, financial institutions urgently need to look at their IT infrastructure in preparation for the eventual recovery when it comes. IT departments need to demonstrate cost-efficiencies whilst still balancing security and compliance with the demands for more flexible working practices from a new generation of user. Many organisations have implemented an off-theshelf solution that seems to meet the challenges being faced by IT � desktop virtualisation infrastructure or VDI as it's more commonly known. Setting up a virtual desktop environment is relatively easy. The challenge is preparing it for operation. Migration can be complex but the benefits of getting it right are enormous. Every single application, process, data and setting that once resided on the physical desktop needs to be migrated to the virtual environment. Achieving VDI is one thing, but if not implemented with care, it can add a layer of complexity to your IT infrastructure that you don't want. For all its promises, it can in fact turn into an IT manager's worst nightmare. With Scense, VDI migration becomes a mainly automated process, rapidly converting large numbers of desktops, with all user-specific applications and drivers installed and all user data and settings, plus corporate policies in place. The result is an IT environment that's thoroughly manageable. Once migrated, Scense continues to provide an effective and resilient management solution that ensures everything stays on track and makes VDI deliver on its promised, by maintaining this new flexible, cost-effective and hard-working IT system. Women recruiters admit to sexist attitudes G A 40% new survey from recruitment specialist Poolia shows that many female recruiters in London's financial heartland admit to sexist attitudes within their companies that can lead to career challenges for their female employees. Whilst many were positive about prospects for women in their organisations, significant minorities admitted to a different situation. Almost one in five of the senior women recruiters interviewed believes that their company discriminates against women when recruiting for senior management roles � despite their published diversity policies. Almost 30 percent do not think women have of the 50 female the same opportunities as men, and almost 50 city managers and percent believe women directors see flexible who take their full working and work/ maternity leave will life balance as a damage their career. career-losing option As a result, almost one in four of the female recruiters interviewed think career-oriented women should take a shorter maternity break. In terms of flexible working, almost 40 percent of the 50 female city managers and directors surveyed see flexible working and work/life balance as a career-losing option, only taken up by junior people or working mothers with no choice (28 percent), as sending a signal to management that they are not serious about their careers (five percent) and even in a few cases as a one way ticket to redundancy when times get hard (two percent). "It's clear from the research that many city businesses are providing great opportunities for women," says Andrew Bath, Poolia's General Manager, Banking & Financial Services, "But we were really struck by the fact that even when businesses have women at a senior level involved in recruitment, how many still find it difficult to balance the needs of women. However, given the current skills shortages, companies need to work harder to take advantage of the knowledge and experience represented by women working in the city." 28 UPFRONT 24% HOW WE PAY FOR THINGS How much we spent in different areas, and how much of it was in cash. Coins and notes will be used in less than half of all transactions within five years after payments made by cash slumped from 73 percent to 59 percent over the past decade, according to new research. A new report, `The Way We Pay 2010 ', published by the Payments Council shows a payments revolution occurred in the Noughties. Presented here is the breakdown of figures for UK cash spending over the Noughties against transactions. Total value in cash transactions UK�176,254 million 66% Total number of transactions in cash 15,432 million Total number of transactions 23,413 million Total value UK�739,592 million Travel | Hotel 83% Airline, Railway 19% Travel Agents 7% Holidays Bus, Coach, Taxi, Car 44% Cheques Rental Foreign Currency 14% 15% 4% 17% Hotel 80% 83% Guesthouses 42% 21% Airline 32% (tickets) 72% Hotels eating 70% 10% and drinking 20% 13% Airline 17% 83% 11% (holidays) 39% Hotel 25% 9% room bills 59% Airline 8% 4% (other) Hotels (other) Other 20% Garages 31% Other Financial Entertainment | Leisure 36% 84% 37% 82% 89% 65% 84% 32% Cinema/Theatre Concert Hall 11% 38% Restaurant Cafe 41% Pub/Club/Bar UPFRONT 29 33% Supermarkets 22% Department stores 26% Clothing 49% 43% 27% Shoes 42% 35% 20% Furniture Household Equipment 43% Chemists 55% Retailers 33% 67% 49% 29% DIY 33% 92% 17% Electrical 75% Confectionery 11% Jewellers 76% Off-Licences 37% Other Any other organisation or individual 62% 68% 72% 59% 90% 23% 75% 63% 18% Any other organisation 25% 19% Mail Order 0% 29% Any other individual 2% Internet only KEY = 50 million transactions = �100 million Number of transactions Number of cash transactions % of transactions in cash Value of transactions Value of cash transactions % of value in cash Sources: Guardian | Payments Council 30 PROFILE George Papaconstantinou With the Greece's financial woes making the headlines all over the world, we look at the man who is at the heart of the storm, Greek Finance Minister George Papaconstantinou. urrently struggling to restore domestic and global confidence to his country's public finances, George Papaconstantinou has spent most of his life studying and working in economics. Born in Athens in 1961. Papaconstantinou graduated from the London School of Economics holding a BSc. He also has an M.A. from the New York University, and a PhD in economics, again from the London School of Economics. He worked for 10 years (1988-1998) as a senior economist at the Organisation for Economic Cooperation and Development (OECD) in Paris before being appointed advisor to former Prime Minister Costas Simitis on Information Society issues. C "There is no such scenario that would see Greece exit the euro region and re-adopt the drachma" However in 2000, he was appointed Special Secretary for the Information Society at the Ministry of Economy and Finance (2000-2002). Until 2004, he served as a member of the Council of Economic Advisors and was a board member of OTE (Greece's largest telecoms company). He was also the Greek representative to the EU Economic Policy Committee (EPC). In 2003 he coordinated the "Lisbon Strategy" for economic and social reforms during the Greek Presidency of the EU. With such experience, it was no surpise that in 2004 he served as economic advisor to PASOK's President George Papandreou for three years. He was also a board member of the Institute for Strategic and Development Studies (ISTAME), PASOK's think-tank (2005-2008). In May 2005 he was elected member of the National Council of PASOK. Over this time, he taught economics at the Athens University of Economics and Business, while also advising the European Commission on research and information society issues. It was in September 2007, that Papaconstantinou was elected a member of the Greek National Parliament for the Prefecture of Kozani, and as a result appointed PASOK's Press Spokesman six months later. In June 2009, the elections for the European Parliament saw Papaconstantinou elected MEP. When he was appointed Finance Minister in the government formed by Prime Minister George Papandreou after the national elections in October 2009, he was in the unenviable position of having to deal with Greece's financial woes. At the time of print, Papaconstantinou was adamant that Greece would not restructure its debt thanks to the the help of the 110 billion European Union and International Monetary Fund loan package. He also stressed that "there is no such scenario" that would see Greece exit the euro region and re-adopt the drachma. What is clear is that Papaconstantinou is on the front lines of whatever Greece decides to do to contain inflation and bolster competitiveness in the country. Whether it will be a success or not is another matter, and one that FST and the rest of the world will be watching very carefully. UPFRONT 31 Company Index Q3 2010 Companies in this issue are indexed to the first page of the article in which each is mentioned. ACI Worldwide ACT Conferencing AIIM Europe Asda Aviva Barclays Blackberry British Airways Business Continuity Institute (BCI) Business Systems (UK) Ltd CA CRM Association CRYPTOCard 124 46, 47 96 138 138 62 IFC 138 40 60, 61 100, 101 84 70 88, 89, OBC 110 108, 109 32 124 40 6, 54, 55 138 40, 62, 84 8, 86, 87 2 106 106 118 40 137 143 106 20, 21 70 138 Lufthansa ManageEngine Meettheboss.com Microsoft MoBank Nimbus Open Text Oracle Ovum Pentaho PGI � formerly Premiere Global Services Photizo Group PricewaterhouseCoopers LLP Prudential Rule Financial SAP Scense Singapore Airlines System One Teradata Tesco Tieto Todos Travelex Twitter UK Cards Association Unisys Virgin Wells Fargo YouTube ZOHO Zurich 90 76 48 114, 115 96 26, 27, 93 138 128, 129 106 138 116, 117, IBC 68, 69 72 40 124 4 138 126 70 104, 105 78 138 104 123 106 120 82, 83 11, 94, 95 96, 106 106 106 13, 38, 39 Danish strippers fail to reveal their assets Dell Deutsche Bank GTB EastNets European Central Bank European Commission Facebook FireID First Direct Gartner GMC Software GOOD HP IBM IDC IATA IQPC iStrategy JasperSoft LANE Telecommunications LinkedIn Lloyds TSB T he Danish tax authority is cracking down on women who strip for cash online or work as sex line operators. Tax cheats selling sex over the internet and phone are the latest in a long list if Danish authority targets. Workers, however, claim that offshore companies may be behind the lack of fiscal transparency. The exact number of Danish women who are employed to remove their clothes on the internet or engage in pillow-talk for telephone sex companies is unknown, but at least 40 have been caught by the authority SKAT, which is seeking to reclaim unpaid taxes in the millions. SKAT investigated 41 women who claimed to have declared all of their earnings. They found that 37 had not made any tax payments. The online sex sites further failed to declare three million kroner (403,000) in owed taxes, with SKAT claiming they were cheated out of an additional 1.5 million kroner (201,000) by the same group. "It surprised us that there were so few filing tax returns. It's a small industry but it's rare that we find problems throughout a complete industry. Out of the 41 we checked, all had cheated," said SKAT's Helle Mulvad. Source: www.icenews.is FEATURE nternational evelopment President of the European Central Bank Jean-Claude Trichet gives his take on the changing world of global financial governance. n recent weeks, we have had difficult news not only on the fi nancial system but also the ecosystem � the news that the oil spill in the Gulf of Mexico is spreading ever wider � from the riggers who lost their lives in the explosion to their employers, local communities, environmental agencies and public policy-makers. Similarly, the fi nancial events of the last three years, which began in a seemingly small part of the US housing market, have touched all of our lives and come to test the resilience of our whole system of global economic governance. The fi nancial crisis has tested the business models and risk management systems of market participants, and the rules and structures of the markets in which they operate. It has tested the preparedness of central banks and governments to take unprecedented support measures to preserve confidence in markets and the economy. And it has tested the ability of the institutions of global governance to restore fi nancial and economic stability. I 32 www.fsteurope.com www.fsteurope.com 33 Just as the Deepwater Horizon oil spill is doing for environmental protection and natural resource management, the fi nancial crisis offers many lessons for management of the global economy � lessons about private sector incentives, lessons about regulation and lessons about global interdependencies and the ever-growing need for effective policy coordination. Recently, the euro area governments and the ECB were once again called upon to demonstrate their ability to take swift and essential action to face up with exceptional circumstances. In 2008, the ECB decided on unprecedented measures when private fi nancial intermediation was fi rst impaired and then on the verge of collapse, and we restored it to its prime function. On both sides of the Atlantic, we had to cope with impaired money markets. We set the conditions for banks to resume lending to each other and to their customers. We helped reconstruct the market when it had disappeared. And we laid the foundations for the nascent recovery to start and consolidate. Th roughout these actions, the ECB has maintained price stability and the stability of inflation expectations. In May, we sprung into action for a second time. It was for the same reasons. Once more, private fi nancial intermediation � often secured by government paper � was threatened. The market for government paper, the basis for the pricing of many fi nancial assets, from fi xed-income instruments to equity, was seriously impaired. We judged, and we continue to judge, that our monetary policy stance was appropriately tuned to the conditions and the prospects of the broader economy. But once more, as in the autumn of 2008, we could see that the transmission mechanism was not functioning sufficiently well to channel our policy intentions to the broader economy. Therefore, we intervened. Our Securities Markets Programme is targeted to those segments of the euro area government debt markets that are most dysfunctional. The aim is to restore a precondition to our primary function of accomplishing price stability in the medium term. At the same time, we have taken note of the commitment of the euro area governments to take all measures needed to meet fiscal targets this year and the years ahead, and that each one of them is ready to take the necessary measures to accelerate fiscal consolidation. And we are in close contact with the Commission and authorities to verify that further convincing and concrete consolidation and reform strategies are prepared and implemented. The Greek authorities have started to implement the ambitious economic and fi nancial programme that was agreed with International Monetary Fund and the European Commission, in liaison with the ECB. Th is programme itself is an important achievement. It is based on prudent macroeconomic assumptions. It is frontloaded. It has the potential to correct long-standing flaws, because it entails a very comprehensive structural reform package. Th is structural reform package to my surprise seems still largely unknown to many. The three institutions will regularly come to Athens to monitor the programme and support the government in its efforts to implement the measures, so as to secure a better future for the Greek people. We consider that the Greek programme has the appropriate features to succeed. Many policy adjustments that seemed Herculean at the start have succeeded in history. And we have indications that the budget execution in Greece in the fi rst five months of 2010 � despite a painful Europe has a highly significant endowment of 580 billion Hard times How the European Central Bank responded to the crisis 6 Sep 2007 200 Injects 250 billion into markets arke 9 Aug 2007 Injects 95 billion into markets overnight to improve liquidity 12 Dec 2007 Announces measures with Bank of England, Swiss National Bank (SNB) and Bank of Canada to deal with pressures in short-term funding markets 18 Dec 2007 Lends nearly 350bn in effort to lower interbank rates 2 May 2008 Announcement with SNB and Federal Reserve regarding further liquidity measures 34 www.fsteurope.com www.fsteurope.c recession � is on track. The central government cash deficit is more than 40 percent below the level over the same period last year. We see encouraging signs in other countries too. Measures are being prepared to credibly advance fiscal consolidation. Those measures are particularly helpful if they focus strongly on the expenditure side, because such measures have in the past proven more effective, and if they address one prime cause of a loss of competitiveness in recent years: the rise of public salaries relative to the rest of the economy. The view that fiscal consolidation is generally negative for growth is too narrow. Demand side economics has in the past underestimated the risks of excessive spending, and is now overestimating the risks of consolidation. We have to take into account that today's adjustments are being made in strict association with structural reforms and they enhance confidence. Both elements will increase supply and, along with supply potential, prospective incomes and thus demand. These adjustments are therefore ultimately growth-friendly. There are very important decisions under way. It is true that Europe's decision-making process is complex. Th is is because it involves both national and supranational actions. But complexity does not mean ineffectiveness. Europe has been remarkably effective during the 2007/2008 fi nancial crisis. Not a single systemically important institution has failed, not a single recovery programme has been refused by any parliament. What markets often underestimate is Europe's complete dedication to the degree of integration achieved so far. Decisions were taken recently, which were difficult to foresee by observers and markets only a few months or weeks ago: a negotiated fully-fledged adjustment programme for a member state, a 80 billion support loan by member states for that programme, and a 440 billion fi nancial stability facility, on top of a 60 billion existing facility. Th is provides Europe with a highly significant endowment of a total of 580 billion (around US$700 billion), without even counting the possible additional IMF co-fi nancing. Global governance and the crisis Global economic governance embraces supranational institutions � such as the IMF � as well as informal groupings � such as the G7 and the G20. Both are necessary, and both are complementary. Supranational institutions offer a framework for dialogue and formal agreement. Informal fora are invaluable for `softening the ground' in areas where decision-making processes remain largely national, whether in forging a consensus on prudential standards and codes, or facilitating the coordination of economic policies when appropriate. How did this system of formal and informal elements fare during the crisis? Let me highlight one strength and two areas that are still in need of strengthening. To my mind, particular resilience was shown by the central banking community, both bilaterally and channelled through the various Basel-based committees. This institutionalised cooperation ensured an unprecedented degree of collaboration in, for instance, the provision of cross-border liquidity � the network of temporary currency swaps or repos set up bilaterally by central banks such as the Fed and the ECB. This cooperation has been reaffirmed and further activated in recent weeks as market conditions have deteriorated, underlining the strong commitment of the central banking community to addressing the global crisis in a coordinated way. "We have indications that the budget execution in Greece in the first five months of 2010 � despite a painful recession � is on track" 16 Oct 2008 Extends 5 billion credit line to Hungary 7 May 2009 20 Lowers its policy interest rate to 1.0%, after reducing it by 50 basis points in March and 25 basis points in April 15 Oct 2008 Joins with Bank of England and SNB to pump nearly 200 billion into markets 13 Apr 2010 Voices support for European Monetary Union's Greek rescue plan 3 May 2010 Suspends minimum credit rating required for Greek governmentbacked assets used in its liquidity-providing operations www.fsteurope.com 35 ww.fsteurope.com Finance Ministers meeting. From left-right European Central Bank (ECB) President Jean-Claude Trichet, Olli Rehn the European Monetary Affairs Commissioner, Greek Finance Minister George Papaconstantinou, Luxembourg's Prime Minister Jean-Claude Juncker. Of the areas still in need of strengthening, the fi rst relates to macroeconomic policies that were clearly insufficiently oriented towards medium-term sustainability. Th is led to the build- up of unsustainable external imbalances between deficit and surplus economies prior to the crisis. No effective mechanism existed to influence macroeconomic and structural policies in key countries where those policies appeared unsustainable from the standpoint of global economic and fi nancial stability. Th is must change. It requires both improvements in the efficiency and legitimacy of international institutions and a broader awareness by national authorities of their global responsibilities. The G20 Mutual Assessment Framework is promising in this regard. The momentum is here, and we fully support this overall process. The second shortcoming was the insufficient coordination in fi nancial regulation before the crisis, which encouraged regulatory arbitrage. Th is was the unavoidable result of the disparity between the increasingly global fi nancial players, and the largely national approach to fi nancial regulation, with only relatively weak coordination at the international level, despite the remarkable efforts of the Basel Committee in respect of the banking sector. The crisis demonstrated quite clearly that proceeding too far down the road of deregulation is not always conducive to better functioning markets. Rather, markets require an effective regulatory and supervisory infrastructure to function properly. Of course, setting common rules in complex and innovative fields such as fi nance requires fi nding the balance between allowing fi nancial innovation and growth, and preserving stability for the good of the real economy. But it should remain foremost in all our minds that the prime purpose of the fi nancial sector is to serve the real economy, not the other way around. Changes to the regulatory environment should reflect that. Given the current downturn and the volatility of fi nancial markets, it is imperative that the timelines for regulatory reform agreed by the G20 in the autumn of 2008 are met. Policymakers should remain committed to setting rigorous standards and designing appropriate transition periods that will allow countries and financial institutions to implement the agreed regulatory standards consistently and fully. In this context, the Basel Committee's reform package, released last December for consultation, forms one of the cornerstones of the fi nancial regulatory reform. It is important, however, that the cumulative impact of the reform package on fi nancial institutions and the real economy is thoroughly assessed. We will carefully consider the impact analysis presented by the IIF in the process of evaluating the multifaceted impact mechanisms of regulatory changes. There may well be differences in views on the most appropriate way of computation as well as on underlying assumptions. We have to deliver a much safer and much more resilient financial system that is to the benefit of the sustainable development of the real economy. "We have to deliver a much safer and much more resilient financial system that is to the benefit of the sustainable development of the real economy" The evolution of global governance As to how the system of global governance is evolv- 36 www.fsteurope.com In the contribution of emerging countries and global growth was 2009 57% Demonstrators dressed as `invisible' protest in front of the Greek Parliament during a demonstration in central Athens ing in response to the crisis, I see three major trends. First, the scope of international cooperation is broadening significantly. Second, the efficiency and legitimacy of global governance is being addressed: the mandates and governance structures of existing international institutions are being strengthened informal fora adjusted and new fora developed. Th ird, the system is moving decisively towards a much more inclusive system of global governance, encompassing key emerging economies as well as the industrialised countries. The acknowledgment of the increasing role of emerging economies is a trend that predates the recent crisis. But the crisis has made it even more pressing. Although emerging countries have also been immediately affected, they have rapidly become a source of strength for the world economy. In 2009, the contribution of emerging countries to global growth was 57 percent. In the same year, they represented roughly one third of world GDP at market exchange rates (31 percent), and close to a half using PPP rates (46 percent). There are several examples where these three trends are becoming apparent. The emergence of the G20 as the prime group for global economic governance is probably the most prominent example. It provided policy impulse and took decisive actions during the crisis. It is now making the transition from crisis resolution to crisis prevention. Th is is the purpose of its framework for strong, sustainable and balanced growth. Its primary goal is collectively to implement coherent and medium-term policies to attain a mutually beneficial growth path. Since this process is fully owned by the G20 members, and involves Heads of State and Government, it also confirms the strong commitment at the global level to more multilateralism in economic decision-making. A second example is the designation of the Global Economy Meeting (GEM) as the prime group for the governance of central bank cooperation. Th is forum includes central bank governors from all systemic emerging economies. I currently have the privilege of chairing the GEM, and fi nd the candid exchange of views at our bi-monthly meetings of enormous value. And a third example is the reform and the expansion of the Financial Stability Board (FSB). It now includes all the systemic emerging market economies, largely overlapping with the G20. Its mandate has been enhanced to strengthen the international fi nancial architecture and global fi nancial stability. The FSB assesses vulnerabilities affecting the global fi nancial system and reviews the regulatory, supervisory and related actions needed to address them. Insights from the crisis Looking ahead, and distilling insights from the financial and economic turbulence of recent years, I would like to stress three points. First, the crisis has shattered previously held convictions that `keeping one's house in order' and self-regulation are sufficient to ensure global welfare. We have seen that improvements are needed to preserve the safety of the global economic and fi nancial system. These improvements concern rules of the game and procedures, but they also concern attitudes and underlying values. Countries have to recognise the global impact of their policies and fi nancial market players have to accept that the prime purpose of the fi nancial sector is to serve the real economy. Second, more than in the past, global governance must demonstrate a capacity to coordinate and decide extremely swift ly. A characteristic of the turbulences that intensified in September 2008 was the extreme rapidity in the succession of events as the crisis unfolded. The very high degree of interdependency between all economies calls for a much higher level of cooperation than in the past. Third, the crisis has rightly accelerated the inclusion of emerging markets into the framework of global governance. But there are two reasons for this change. One is positive: the emerging economies are now economically and financially so important, and systemically so influential, that they must be fully involved in global governance. I hesitate to unveil the other reason that is not flattering for industrialised countries: they did not live up to their responsibilities prior to the crisis. Now, the industrialised countries are called on to contribute to the stability and prosperity of the global economy within the new, more inclusive framework. Moving forward, we see that the global recovery has started to proceed at different speeds across regions, with a relatively modest recovery in advanced countries like the United States, Japan and the euro area and a stronger expansion in the emerging economies. And yet, there is no time for complacency as recent tensions in financial markets have amply demonstrated. Let me stress that it is important that the recovery should be measured in broader terms than the simple resumption of GDP growth and a return to sustainable fiscal positions: it means a full restoration of trust in our fi nancial institutions; it requires the healing of wounds infl icted by the irresponsible behaviour of some fi nancial players on our societies and on the real economy; and it requires renewed confidence that global governance is strong, broad and flexible enough to ensure global economic and fi nancial stability and resilience in the future. This article is based on a presentation given at Institute of International Finance in June 2010. www.fsteurope.com 37 INDUSTRY INSIGHT Virtual meetings = business as usual The growing reliance on audio and web conferencing to maintain effective communication and business continuity in an unstable global environment. eetings are core to the success of a business. Whether meeting clients, prospective customers, board members or staff, people meet every day and organisations build from the meeting upwards. Today, we operate in an international marketplace where organisations deal more and more on a global scale. Globalisation has changed where, why and who we do business with resulting in an increasing need to connect and communicate globally. What therefore would happen if businesses could not communicate or meet? A lack of communication can lead to costly mistakes or delays, loss of productivity and a drop in revenue, ultimately leading to possible failure. If communication is so important, then why do businesses all too often fail to protect it? The recent eruption of the Icelandic volcano, Eyjafjallajokull, brought the realisation of these risks crashing down on the business world. For almost a week, Europe's airspace was practically shut down when thick plumes of volcanic ash spewed from the Icelandic volcano and tumbled across European skies. The whole event opened up the business world's eyes to the fact that many of those companies affected by the travel disruptions did not have a contingency plan in place to deal with such an outcome. In a global business environment fraught with dynamic change, natural disasters, pandemics, civil unrest and strikes, planning for unforeseen events and developing a contingency plan must be considered a key element of strategic management. During the volcanic flight ban, thousands of organisations relied on audio and web conferencing to maintain business continuity. By seamlessly converting to online audio meetings, their employees and clients were able to communicate regularly, safely and effectively whilst sustaining normal operations and maintaining productivity and efficiency. PGi, an industry-leading provider of audio and web conferencing solutions, saw usage of its conferencing service shoot through the roof during the volcanic fl ight ban. In response to the M disruptions, PGi's customer care team provided clients with on-demand, instant access to meetings offering free web services to those affected by the ban, enabling clients to interact and communicate just like at a traditional meeting. By switching to virtual meetings, global companies reported business as usual. John Stone, PGi Executive Vice President EMEA, highlights the importance of contingency planning in our world today: "No matter how carefully a firm formulates, executes or evaluates its strategies, unforeseen events can make a planned strategy obsolete in no time. With an unstable economic environment and the ever increasing need to communicate globally, virtual meetings are a crucial part of risk management as business critical meetings cannot be cancelled without there being some impact to business productivity." Stone stresses that not only is a business continuity planning essential to maintaining efficiency and workflow but, "added to increasing cost pressures and an onus on businesses to demonstrate corporate social responsibility, organisations need to also now look at more cost-effective, productive and environmentally friendly ways of communicating and doing business". By reducing travel and converting to virtual meetings, organisations can save dramatically on the cost of flights, accommodation, transfers, travel expenses and employee downtime whilst also reducing carbon emissions. Statistics show that by eliminating the travel of one employee European trip per month, an organisation could save approximately 5977 per year, reduce their carbon footprint by 3.5 tonnes and could save 21 hours in employee downtime. As the ash cloud disperses, the risk of travel disruption fades temporarily, sleeping like a dormant volcano. What this incident has taught us is that future events cannot be predicted and the business world ultimately is at the mercy of an uncontrollable and unpredictable environment. The only way that an organisation can control and lessen the risk and impact to business is by contingency planning: creating alternative strategies that allow it to maintain business as usual. As more and more organisations adopt a virtual meeting strategy, the benefits and results of conferencing cannot be overlooked. John Stone is Executive Vice President of PGi EMEA, India and Canada. PGi is a leading provider of conferencing collaboration solutions. 38 www.fsteurope.com COVER STORY "Whether these incidents be pandemics or volcanic ash � they don't stop at national borders" Lyndon Bird, Technical Director, BCI We all knew that Iceland's economy had gone up in smoke, but nobody expected one of its volcanoes to follow suit. Like many other industries, finance suffered heavily from the travel chaos caused by Eyjafjallaj�kull's eruption. Rebecca Goozee examines a major wake-up call for global business and asks what lessons this crisis can teach? VOLCANO FACT Eyjafjallaj�kull's last eruption ran from 1821 to 1823 250 million cubic metres of ash has been produced since the beginning of the eruption t's now well over three months since Iceland's Eyjafjallajokull volcano erupted and forced most countries in northern Europe to close their airspace in what has become the region's biggest shutdown since World War II. A period of increased seismic activity began at the end of 2009, but it wasn't until April 14 that the volcano erupted, creating an ash cloud that wreaked havoc for travellers and businesses across the globe. Airlines were undoubtedly hardest hit by the crisis with 100,000 fl ights being cancelled between April 15 and April 20 at a cost of 1.4 billion. When disruptions were at their worst during that week in April, the International Air Transport Association claimed that lost revenues reached 325 million a day. Airlines were already reeling from the effects of the recession, so the disruption couldn't have come at a worse time. "For an industry that lost 7.6 billion last year and was forecast to lose a further 2.3 billion in 2010, this crisis is devastating. It is hitting hardest where the carriers are in the most difficult fi nancial situation. Europe's carriers were already expected I to lose 1.8 billion this year � the largest in the industry," says Giovanni Bisignani, IATA's Director General and CEO. The widespread airport closures of April that saw most European airports � including those of Italy, Spain, Portugal, France, Germany, Switzerland and the UK � closed for days at a time, have since subsided. And it is hoped that recent changes to ash cloud air safety rules will allow more fl ights to operate as the buffer zone � 60 nautical miles (69 miles) between areas of heavy ash concentration, where it remains unsafe to fly, and areas in which there are small levels of ash, deemed safe by aircraft and engine manufacturers � has been eliminated. Th is should hopefully alleviate the burden on both airlines and those planning to travel in the near future. A recent survey by the NBTA Foundation � the research arm of the US National Business Travel Association � of corporate travel managers at major corporations across the globe found that the volcanic ash negatively impacted travel for 80 percent of companies, at an average cost of nearly 158,000 per affected company. Travel companies too will feel a significant impact on their fi nancial results this year. Thomas Cook, for example, has reported an 80 million Wednesday, April 14: Spewing a cloud of ash, which rises to an altitude of 9000 metres, the volcano, situated under Eyjafjallaj�kull glacier in southern Iceland, causes earthquakes and flooding in the region, with 800 people evacuated. Thursday, April 15: By now an enormous cloud of ash has paralysed air traffic in northern Europe, with airspace closures affecting Britain, Ireland, Denmark, the Netherlands, Sweden and Belgium. Friday, April 16: Airports are closed throughout Europe and millions of passengers are stranded around the world. Saturday, April 17: In an unprecedented situation: air traffic in 21 European countries remains static and almost 17,000 out of 22,000 scheduled flights are cancelled. 42 www.fsteurope.com EU Transport Commissioner, Siim Kallas, estimates the total cost of the volcanic ash cloud crisis to be 2.5 billion loss due to the disruption � 23 million in lost revenue from travellers who decided not to rebook their holidays after being unable to fly and the remaining 57 million in costs related to supporting customers who were stranded and bringing them home. The closure of European air space also forced the cancellation of many business trips and meetings before they had even begun. NBTA found that NBTA-affi liated companies cancelled nearly 5600 scheduled corporate meetings and more than 165,000 total trips that had not yet taken place. However, for some businesses it would appear that even an ash cloud has a silver lining. Hotels witnessed an enormous spike in demand as stranded travellers sought accommodation until the airspace reopened and their fl ights were rescheduled. Car rental companies also saw a rise in demand as travellers looked to road travel for alternative routes around the continent. Passenger numbers also soared for Eurostar and continental ferries as stranded passengers attempted to find alternatives to air travel. The highspeed rail operator admitted that it was struggling to keep up with demand Travel was affected by the volcanic ash at 80 percent of companies VOLCANO FACT as tickets sold out in record time. Brittany Ferries and P&O Ferries also reported being inundated with enquiries. But Eyjafjallajokull's economic impact goes far beyond fl ight delays and a bottom line boost to the hospitality industry; the effects of the air travel restrictions were felt across the board by most industries. There were devastating effects for the food industry, with both retailers in the no-fly zone and suppliers around the world unable to continue business as normal. Farmers in Kenya, for example, were forced to dump hundreds of tonnes of vegetables, fruit and flowers destined for the UK after cargo shipments in and out of the country were grounded. Meanwhile restaurants, grocers and supermarkets across the region were left without countless products � from beans and chillies to mangoes and kumquats � that are grown on foreign soil and shipped to Europe. In addition, logistics were obviously hit hard by the crisis and many companies had to switch to road transport to make deliveries. Dutch mail group TNT stated that it was incurring higher costs as it was forced to switch to the road network to make its deliveries. Indeed, the impact of the volcano has brought into sharp focus the Wednesday, April 14 - Wednesday, April 21 Sunday, April 18: 313 airports in Europe are out of use, leaving just 20 percent of the European network open. With 6.8 million passengers stranded, various European airlines carry test flights without passengers to press authorities into reopening airspace. Monday, April 19: IATA strongly criticises the way the crisis has been handled and European Union transport ministers agree to ease restrictions. Tuesday, April 20: Flights resume progressively. Wednesday, April 21: Iceland's civil protection agency announces that the volcano eruption has lost nearly 80 percent of its intensity. www.fsteurope.com 43 VOLCANO FACT Two hours of jet fuel to divert to another airport can cost 50008000 100,000 flights and 10 million travellers worldwide were grounded between April 15-20, 2010 about 15 percent of telepresence meetings directly result in the avoidance of travel for some users in the meeting. Despite telepresence having a shaky start to life, today, with the enduser experience improved and networks supporting telepresence applications fi nally connecting to each other, people are using the technology all over the world. Howard Lichtman, President and founder of the Human Productivity Lab, reveals that the adoption of telepresence is a virtuous cycle. "The more companies that adopt and join telepresence exchanges or telepresence community-of-interest networks the more the next person wants to deploy it, not only so they can reach their partners, but so they can reach the people who have just joined. It's a virtuous cycle that just keeps getting better and better." And there are many benefits to implementing a telepresence solution. On a cost basis you no longer need to fly and it is possible to do more with less, explains Lichtman. "By getting people off planes you're able to save three different costs: you're saving the hard cost of tickets themselves, plus hotels and so on; at the same time you're saving the soft costs of your employees' time in transit; as well as the opportunity costs of what they would be able to do had that not been travelling at all." Then of course there is also more flexibility to doing business. Meetings that would be impossible in other circumstances, because people would have been in different places at different times can now happen. "My running joke is that I'm not so interested in telepresense to keep me from going to India, I'm interested in telepresence to keep me off the Washington DC Beltway during rush hour. Th is is not something that is only available to speak to other countries, but across cities to improve communications." Lichtman goes on to explain that the volcano eruption really reminded everybody that a disaster recovery or continuity plan needs to include action for when planes are not flying. "It really brought out the point that something you never could have considered in a 1000 years might shut down your ability to fly. And everybody still needs to do business. It's a remarkable example of why you need a business continuity plan in place." strengths and weaknesses of businesses across Europe and the rest of the world. From creating more efficient and sustainable supply chains to ensuring business communications are up to scratch. The Business Continuity Institute (BCI) has produced a report on the disruption caused by the closure of European airspace due to volcanic ash, carrying out a quick poll of its 5000 members to understand the impact. While some manufacturers in Europe like BMW and Nissan had pretty big challenges with a lack of components causing factories to be shut and goods not being shipped on time, 84 percent of survey respondents stated that their organisation faced some disruption, with the remaining 16 percent saying they experienced no disruption at all. One in 11 survey respondents claimed that the closure of European airspace was on their organisation's risk register and 27 percent explained that they did actually invoke their plans. The BCI's Technical Director, Lyndon Bird, is keen to emphasise the value of analysis and the planning process of business continuity as opposed to any specific plans. "We've got to start looking at these things from a wider perspective and realise that individual companies and individual countries can't do things on their own � they're all in it together. There is a massive amount of interconnectivity, whether these incidents be pandemics or volcanic ash � they don't stop at national borders. Bird goes on to suggest that businesses are no longer run on a national basis and as such manufacturers and distributors are operating on a just-in-time basis. Th is incident has made those businesses sit up and take notice of business continuity as a concept. "What they're probably doing is sitting up and concentrating internally on how best to plan for what could interrupt activities and broaden the scope of that planning," says Bird. "However, while there's been a period of reflection, I don't think it's fair to say that companies are suddenly deciding they're going to have plans because of this," he adds. Indeed, it's not unreasonable to assume that there could be another interruption to European air space, and if there is and not having air transportation is a problem, there needs to be a contingency plan in place. Social media As well as telepresence technologies, web conferencing, virtual worlds and remote collaboration vendors saw unprecedented demand during the volcano eruption, and likewise consumer-based communications, such as Skype, also saw a peak in demand. Skype users made over 20 million more minutes of video calls than normal in five days � roughly the same time as more than 2.5 million fl ights from London to New York or over 2000 trips to the moon. Marco Scognamiligo, Chief Executive of marketing agency RAPP, was stuck in New York for several days and said at the time that the effect of the workforce's combined relocation could have been catastrophic for the business. Luckily Scognamiligo managed to stay in touch with his team and operate almost on a business-as-usual scale. "I've barely missed a meeting by using Skype voice and video calls to stay in touch with the office." And even social media has provided an indispensable communication tool during the crisis. Gartner suggests reviewing the use of social media sites like Twitter and Facebook to effectively communicate with customers and employees. The power of social media lies it its ability to get information out quickly. When Hurricane Ike caused major destruction in Houston, Texas, Telepresence With its vast global communication and trading networks the fi nancial industry was theoretically in a position to weather the worst of Eyjafjallaj�kull's effects. However, it seems old habits die hard. While business is being done digitally across oceans and borders faster than the speed of human thought, there is still a weakness for some more defiantly `analogue' traditions. Though it is hard to get clear figures on the amount of fi nancial services employees who found themselves stranded in airport lounges rather than at their scheduled meetings, it is safe to assume they made up a fair proportion of frustrated business travellers. The wasted man hours and travel costs are all the more frustrating considering that there are many viable alternatives to physically travelling to the destination of a business meeting. Technologies like telepresence have been improving business communications both internally and externally, offering the chance to communicate when physical travel is either impossible or if it is considered too costly and inconvenient. Even basic videoconferencing could and can be used to schedule ad hoc meetings. Gartner's recent telepresence poll suggests that 44 www.fsteurope.com Ryanair was fined 3 million euros by Italy for failing to help stranded passengers At its worst, the crisis impacted 29% of global aviation and affected 1.2 million passengers a day VOLCANO FACT knocking out power for weeks, the Houston media called on citizens to contribute to the reporting through social media. Th is partnership resulted in the creation of interactive databases that allowed users to report and locate open petrol stations that hadn't run out of fuel, as well as see which neighbourhoods had power and what businesses had reopened. "The earthquake in Haiti earlier this year highlights another important aspect of social media use during major emergencies, namely its potential to rally people behind a cause and raise money for relief efforts. By allowing cell phone users to text donations for Haiti, millions of dollars in aid were raised," says Corinne Weisgerber, Assistant Professor of Communication at St. Edward's University in Austin, Texas. Indeed without social media the thousands of people stranded around the world could have found the situation far more distressing. A Facebook group called Carpool Europe set up by the by the Swedish car-pool movement offered the chance to hitch a lift and Twitter hashtags quickly made the rounds, proving it is the fastest way of starting a movement. The #getmehome and #putmeup hashtags were incredibly useful for people trying to get home or needing a place to stay. Unfortunately, while the key advantage of social media is speed, this also acts as a major drawback in a lot of crisis situations. "The Mumbai terrorist attack serves as a good example in this regard," says Weisgerber. "Although social media allowed people on the scene to report the events in real-time, that event showed how easily rumours and false information can be spread in a network that doesn't offer a formal accuracy check. Early Twitter estimates put the victims at up to 1000 and a rumour that the police were requesting Twitter users to stop real-time updates related to the operations quickly made the rounds. An editor of the Poynter Institute's E-Media Tidbits blog later tracked the origin of that rumour down to a high school junior living in Boston." Social media is also not necessarily a long-term solution to business communication problems or reliable in terms of a business continuity plan; however, it should undoubtedly be considered as another tool in the fi nancial executives communication tool kit. "The reason we are talking about it now is because it's new and completely reshaping the media landscape by allowing us to bypass the traditional media. I think in a few years, after the newness has worn off, we will just see social media tools as another way of engaging customers and colleagues," Weisgerber underlines. Undoubtedly the businesses that come out on top during a crisis will be those businesses that have implemented robust strategies and have built in a natural durability and resilience capability. If anything, the ash cloud crisis has shown that business continuity, disaster recovery and alternative technologies such as telepresence have a sizeable place within the business communication toolbox. It is fair to say that events as severe as the Icelandic eruption are pretty infrequent. But even if business fl ights aren't grounded, there are plenty of everyday reasons to explore alternatives to physical travel. As the technology matures, `being there' will become less important and the use of virtual meeting tools will enable considerable savings, both in travel costs and employee resources. For an industry like fi nance, still recovering from the economic rather than volcanic turmoil of the last few years, the opportunity to get more bang for the buck should be impossible to resist. We are all aware that technology is shrinking our world, why not take every chance to make it that little bit smaller? www.fsteurope.com 45 INDUSTRY INSIGHT Bridging the communication gap David Gladding discusses just what makes web and video conferencing a viable option right now. ith the recent global fi nancial meltdown, coupled with travel chaos arising from natural disasters, weather disruption and strikes, many fi nancial institutions have made huge cutbacks in business travel. More and more of these organisations are turning to video and the web to bridge the communication gap in order to preserve the many benefits of face-to-face interaction and accelerate business velocity to drive recovery from the economic slump as quickly as possible. Besides the clear financial, eco and travel related considerations, web and video conferencing adoption will continue to grow as the need for users to communicate across global timelines increases. While video conferencing in the conference room will always be critical for team meetings, there is also a considerable need for people to easily access the technology from their desktop and remote locations at their convenience, as inevitable personnel cutbacks have led to less people doing more work in the same amount of time. Executives, for example, can meet more often with branch employees through use of video or web conferencing, rather than holding quarterly meetings in which managers and employees travel from place to place. Instead, meetings can be organised and held in a virtual instant. There has even been some discussion within the industry of video becoming the new phone. Th is has significant merit as up to 93 percent of communication is non-verbal in nature and if people have the ability to communicate face-to-face � it is usually preferable, especially when people are communicating in a second language. Expressions are better understood, confusion can quickly be addressed, and working relationships better maintained. Since the days of choppy image quality and sound delays, video and web conferencing has made leaps and bounds over the last decade, thanks to advances in technology, infrastructure and service quality. Web cameras can now deliver clear and effective video at low price points and when combined with solutions, such as CMAD from Polycom, and Movi from Cisco/Tandberg, they allow the enterprise to enable video within organisations in an efficient, cost effective manner. Innovation within the desktop video conferencing space has been tremendous over the past years. You only have to look at consumer adoption of Skype for evidence of the massive demand for people to communicate face-toface. While it's true that Skype may not offer the levels of W reliability and quality needed to support communications within a corporate environment, the fact that more and more people are using it within their own homes is a clear testament to where the market is headed. The broad acceptance of video conferencing is being enabled significantly by manufacturers that have implemented ITU standards that reduce the bandwidth required to achieve crisp clear video. Additionally, innovation in desktop technologies and improvement in the internet as a viable transport medium for video signals will continue to drive video as the standard for communication in the future. Video conferencing is also forging ahead due to companies like ACT Conferencing offering a complete managed service from implementation to user support; after all, it is technology and technology isn't always perfect. With dedicated Service Assurance teams available to assist users around the clock or bookable video conferencing suites at a place near you, managed service providers make it even easier to take advantage of video communications if the resources are simply unavailable in-house. From registration, pre and post-conference support as well as online billing, ACT makes the process simple for any organisation. Based purely on the cost benefits alone � not to mention ease of use, astonishing quality, immediacy and increased productivity � this is certainly the time to take advantage of video and web conferencing. As Senior Director Global Sales for ACT Conferencing, David Gladding oversees direct and channel sales strategies globally. Gladding brings 19 years sales and sales management to the job, 11 with ACT. Prior to ACT, he served as General Manager at NYNEX and vice president of sales at AUSPED. 46 www.fsteurope.com HUMAN SHIELD Prudential CISO Tom Doughty has an alternative view of security measures. He believes that crediting individual employees with the ability to make informed decisions is the best route to a secure and effective enterprise. T he cornerstone of every fi nancial services fi rm is security, with institutions around the world proactively working towards protecting customer data and preventing emerging threats. And as the CISO of Prudential, Tom Doughty knows all about security at the fi rm � you'd be worried if he didn't � but rather than assigning this role only to himself, he believes his role is ensuring everyone else in the company is accountable for security. In order to ensure this is the case he has to guarantee that the impact or implications of security measures � or lack thereof � tie to each employee's operational life, and that the benefits of a security programme are realised. "It requires a little bit of intelligence and homework in terms of what is a given motivational area for their daily operations, but drawing that linkage is what I really want to do on a day-in, day-out basis," explains Doughty. Indeed, tools and technology cannot create a culture; they can leverage a culture, but at the end of the day people without access to information and processes will be making decisions that could potentially compromise security. "Whether you're an individual contributor or a senior manager, you're making those decisions in one size, scope and breadth every day. What's really important in terms of the delivery of the security programme at Prudential � and I would argue that every enterprise is similar � is not to tell people what to do from a security standpoint and say, `Here are the tools that I want you to use from a security standpoint,' but provide information, options and a framework within which those employees can make good informed residual risk decisions." www.fsteurope.com 49 THE PERSONAL SIDE OF BUSINESS Prior to his role as CISO for Prudential Finance, Doughty was himself in a BISO role for Prudential Securities. Looking back, he is certain that he would have approached the position differently. Highlighting his current external focus as opposed to having responsibility within one specific business unit, Doughty says that to some degree his external focus is due to the culture of the business unit and the different breadth of businesses that the overall information security programme has for Prudential as a whole. "There was definitely more of an opportunity for consensus building on a wider basis in this current role as opposed to the former role within the business unit," says Doughty. "Of course, within a given business unit there tends to be an operational focus and where an optimal solution may work for one, it positively won't work for another. The balance is all down to ensuring the many different solutions are maintained across the organisation for the greater good and that will clearly become more complex, the more moving pieces you have in the organisation. And this manifested itself relatively early on in the role. We really focused on clarifying some of those roles and responsibilities, taking a hard look everything and turning the organisation on its side to see how everything would and should work alongside everything else." Is the organisation aligned correctly in terms if what is expected from the enterprise security organisation and the corporate technology side? Well Doughty explains that, for the most part, everything meets in the middle, which is something he hopes to continue, particularly in terms of how the threat landscape changes and to what degree controls shift back and forth between business process and business unit application logic versus infrastructure level controls. "We're going to continue asking hard questions of ourselves: are we organised in the right way; are we focusing resources the right way; are we focusing on some areas where we're inadvertently diverting resources towards legacy controls when they've become either mature or overcome by events and we need to shift that resources to new controls coming into the portfolio?" Doughty describes his current position as a different level of decision-making and resource directing to match the vision that he had in the prior role, saying that part of that transition was down to being able to think that way during such a large transition of Prudential Securities into a joint venture with an outside company. "Converting all that control infrastructure within the business at the primary application level involved turning the whole system on its ear to see whether we were doing the right things in order to integrate with another organisation. It was undoubtedly a good stepping stone set of lessons to what became a bigger challenge with some of the same requirements on a larger scale." Determining a strategic direction for the security programme is not something that can be done within the four walls of Prudential alone. Indeed, Doughty spends a fair amount of time talking to peers in other enterprises regarding strategy, as well as gaining advance warnings from talking to others who are experiencing problems. "It's often said that financial services tends to face problems earlier than some other industries � but even within financial services, we all have our turn taking the first bite of the apple so to speak, in terms of different problems. Sometimes it help to have those relationships to be able to learn from their experiences or thoughts before they manifest themselves here, and then we have our turn where maybe something is manifesting itself here first. Hopefully we can sow some seeds that we'll reap some informational investment from later on by sharing with others." Indeed, interacting at the right level in terms of exchanging information is tremendously helpful � the more you give, the more you tend to get. Doughty explains that as well as pooling together to look at resources, he and his peers will also be involved in the vendor space to some extent, generating ideas for technology direction, for example. "This can help us based upon our vision of where we think the next generation exposures and risks are going to be that we need to develop new pieces of the portfolio for," he says. "Looking at the portfolio of controls over time is a really healthy way to avoid complacency in this game we're in." 50 www.fsteurope.com Rather than telling people what to do, Doughty is keen to highlight that the employee, or "risk owner", makes the right technology risk decision. "I want to ensure that the risk owner makes a decision with their eyes wide open; whether that decision is right or not, I want to start the process correctly. An uninformed risk decision is vastly worse than an informed residual risk decision." Indeed, Doughty is focused on motivating � as opposed to mandating � for security sensitivity. He explains that as Prudential operates within a federated business model it engenders federated management, meaning there are issues that are significantly up to the discretion of individual lines of business to navigate as efficiently as they feel is possible and required within the business environment they are operating in. "That balance refers to the non-negotiables in terms of infrastructure level security, baseline level controls, that for lack of better description are non-optional, versus those business process-specific things where we are really engendering and supporting those day-to-day, week-to-week, monthto-month risk decisions," says Doughty. "One good example could be our institutional businesses where they live both sides of that balance on a day-to-day basis and an engagement by engagement basis. However, on a business deal by business deal basis where they're selling business to institutional customers, more and more we fi nd that security is at the forefront of the questions those institutional customers are asking of Prudential." Doughty goes on to explain that his security team tends to get more and more involved in assisting those business discussions with institutional customers that demonstrate controls, which is a case where standard framework for internal control is not going to benefit the external expectation of every customer. Working to Pareto's Law of the 80/20, Doughty's team provides value by trying to avoid having a checklist mentality in the security programme. He explains that nonetheless, there is a very well-defi ned and structured set of policies, standards, security engineering specifications and guidelines that are the default expectations, which represent the 80 percent. By and large the 80 percent represents business as usual, a typical business need or problem that fits the framework. The remaining 20 percent is dedicated to the time when there is a non-standard business risk or a non-standard business requirement where the framework simply does not fit. "In say an international arena, where Prudential is doing a greater percent of its business on a year-in, year- out basis, there are different right answers, different from the framework and different from our standards. It doesn't necessarily mean wrong, it simply means that we have to have that business risk decision design an alternate control, alternate set of mitigators, and assume the right risk. "Now that could mean that we mitigate something exactly to the same degree and have the same level of residual risk as we would expect at 80 percent, or in some cases we could have a significantly different level of residual risk assumed by the business. As long as that's a considered residual risk and I've done my job so that the business is making a residual risk decision that is appropriate in terms of local regulation, and most importantly their risk appetite, then that's the deliverable." Education As Doughty is continuing to look to motivating people at Prudential, the onus is very much on him to ensure that employees are educated about various security risks. He explains that this educational aspect to his role is very much an undercurrent tied to everything that happens in the security programme, even if what he is doing is implementing a technical solution. As such it remains a major part of his position and one that is difficult to measure, particularly when there is a continually shift ing balance between technical control and human control � the awareness message arguably becomes more difficult to achieve over time as both positive and negative opportunities manifest themselves. "I've been in this role for between four and five years now and generating awareness was one of my early objectives," says Doughty. "When I first started looking at what was important to an individual on a larger scale, many people maybe saw security as an impediment or as a speed bump that needed to be navigated rather than as a resource." "What's really important in terms of the delivery of the security programme is not to tell people what to do from a security standpoint" Th is approach has paid dividends for Doughty, not only in terms of avoiding beating people over the head with ideas, but also encouraging them to do their homework about what is important to that risk owner and fi nd a way to deliver some unsolicited value for them that they didn't even ask for. "What ends up happening as a result of looking at how to make someone's life easier is that some of those relationships that were positively contentious have become my most fruitful allies within some of the business units because if you reach that realisation with somebody that it's OK to want the right thing for different reasons, that's not something that should be resisted." www.fsteurope.com 51 And in terms of ensuring his team is integrated within Prudential to guarantee the best relationship possible, Doughty explains that there are two aspects that he considers important in facilitating this. First, there is a direct team as part of the Information Security Office at the enterprise level, which has a functional line of responsibility and is focused on security in the infrastructure that corporate technology management maintains to provide a technologyoperating environment for each line of business. The second aspect is down to the Business Information Security Officers (BISO), who Doughty describes as the people who have security in their job title. "It's really core to having people engender the concept that it's not a security person here from the corporate environment, what we want is the business risk drivers to feed into the programme as directly as we can. We want the business risk owners to feel like they own the Business Information Security Officer, as a partner within the business unit," explains Doughty. So while the BISOs have a functional role plugging into the Information Security Office, external to the corporate technology outreach side are Doughty's direct employees, who deal with the people on a project level in the lines of business. "We rely on the BISOs and their teams to feed information from that line of business back � they are the security evangelists for the programme as part of the business as opposed to the outside pushing in." Metrics are a hugely important element of this. However, as with everything else in his role, Doughty has an alternative way of identifying useful metrics. "I tend not to be a huge fan of red versus green metrics for security, ROI for security or some other methodologies that you'll see some programmes use," he says. "That gets too close to the checklist mentality. I look at the deliverables, and the security programme deliverable in my mind is facilitating those informed risk decisions, and it really comes back to that concept of allowing ourselves to not only facilitate, but take intelligent risks." Doughty explains that his management will give him direct feedback if they believe him to be allowing excessive risks. "I think my philosophy is different from a lot of people in my role. We do have some structured things in terms of annual structured assessments with both qualitative and quantitative measurements in terms of each business unit's execution measures within that federated model that I'm responsible for. "I think a lot of CISOs rely excessively on the quantitative measures. The fact of the matter is those quantitative measures should be indicators and if the qualitative feedback is that I'm missing something, one of the first things I'm thinking of is if I am looking at the wrong quantitative measures and do I need to adjust those metrics then. There's a lot of qualitative stuff that we do to run the programme at an infrastructure level to protect the business. In terms of how well that's translating the business value I need qualitative discussion with business people who are responsible for various lines of the business." Social media Looking at another aspect to his role, Doughty explains that Prudential works from the top down when implementing new initiatives. And one particular subject has been discussed in great detail: social media. Specifically looking at how best to embrace it, how to draw judicious boundaries around it and how it should be recognised whilst being taken advantage of in order to make the most of this emerging communication technology. "This is a medium for communicat- 52 www.fsteurope.com ing with customers, communicating with each other and for gathering information that's useful in the marketplace. "At the same time there are realities ranging from purely security concerns in terms of data leakage, surface area for malware and at the same there are some regulatory realties we have to make sure we are paying close attention to here, particularly in terms of registered representatives and our requirements to modulate, monitor, archive, capture electronic communication in the workplace � these are certain non-negotiables. I think it's become much easier for organisations, including Prudential, to recognise that there's a balance to be achieved in embracing these tools as part of a bigger reality that has come to pass in the workplace in the last few years." Doughty goes on to explain that Prudential remains very flexible in terms of where people are able to do their jobs from � using very robust remote access architecture in a secure manner � so they can achieve more work-life balance. "Sometimes I look at this and think if we are OK with people working flexible hours and there's less of a hard line between personal time and work time in both directions, we also shouldn't be too concerned with giving reasonable controls to someone using social media even for personal reasons within reasonable guidelines in the workplace." While this calls into question what is reasonable and what is not, Doughty believes that the firm is taking a healthy look at how to ensure people work to their full potential while doing their jobs. He says that while there is some technology beyond the tools themselves that he is looking at in terms of better monitoring capability he hopes to open these tools up more to the registered representatives who have the regulatory concerns. "Th is constitutes an area where we trust people as a primary control and use the technology as a complement to that," says Doughty. "If you give people access to use Facebook, LinkedIn and Twitter throughout their working day, none of the other rules go away in terms of what you can and can't say about Prudential and all the other control in terms of other categories of websites that for several reasons we would prefer not to be used in the work-place are still enforced. However, just as we don't monitor and control everything that someone might say on the telephone, we're trusting them to do the right thing within certain avenues and social media as well." Taking a common sense approach, Doughty emphasises that there are still established guidelines that didn't need to be changed around embracing social media and the types of information that can be shared; rather, there are very specific types of higher risk information that need to be caught and blocked. "The point is that while there's more surface area, all of the same controls still apply. And if you're going to exchange some information on Prudential you're doing so responsibly and within the policies and guidelines of Prudential." Like social media, Doughty explains that many of the tools and technologies used to ensure security in financial services can be bought all day long because there are so many to choose from. The trick is choosing the tools that are going to provide active protection from a purely technical perspective, and picking those that improve workflow and benefit those that use it. "At the end of the day, you need to be very judicious about the policies that you implement." www.fsteurope.com 53 EXECUTIVE INTERVIEW Prevention and protection Jenny Dugmore reveals the importance of authentication to ensure against identify theft. Jenny Dugmore is CEO of FireID and has been involved in the IT industry over three decades. She was instrumental in the growth and expansion of SPL (Dimension Data) and Software Futures and spearheaded the successful introduction of FedEx into Southern Africa. Dugmore has extensive senior management experience and success in the IT industry, in enterprise sales and establishing market credibility. What role does authentication play in securing financial transactions? Jenny Dugmore. For the fi nancial industry, there is a clear need to ensure that transactions are conducted securely and only by authorised parties. Web services are gaining momentum and becoming part of trading and banking applications, exposing institutions to a growing list of sophisticated web-based threats. There is also a growing number of attacks such as phishing, spear-phishing and man-in-the-browser attacks, which seek to steal consumers, credentials and identities. Mobile banking is another growing sector that allows banks to benefit from the pervasiveness of mobile phones. In this landscape, trust in identity is essential. Without trust, consumer protection cannot be guaranteed. Without proper authentication, neither the fi nancial institution, the merchant nor the consumer can be sure that valid transactions are being made. Most banks currently use strong authentication for this purpose, and many have adopted two-factor authentication. FireID provides strong authentication via a simple, convenient and cost-effective means. What steps are most financial organisations taking today for authentication? JD. Short message service is a common technology used for the delivery of one-time passwords, or OTPs, because it is available in nearly all handsets and has the potential to reach all consumers. The cost of SMS messages adds up, so it might not be suitable for some enterprises. OTP over SMS also uses an encryption standard that several hacking groups report can be decrypted within seconds, while some service-providers may not encrypt it at all. Besides hacker threats, the mobile phone operator becomes part of the trust chain � or multiple operators when a user is roaming. Also, users cannot authenticate themselves if network connectivity is unavailable. Physical hardware tokens are another tool used by some organisations. Users must carry these devices and many fi nd them to be inconvenient. They're frequently lost or forgotten, and users can be denied critical access if they don't have the device with them when authentication is required. The most cost-effective solutions generate OTPs on a device that someone already owns, such as the mobile phone. These systems avoid the costs associated with issu- ing, and re-issuing, proprietary electronic tokens and the cost of SMS messaging. How has the nature of authentication changed for financial companies? JD. Online and credit card fraud is now more lucrative for criminals than the drug business. Identity theft is a big issue and we have to be more cautious with the credentials that make up our identity, both in the real and online world. Recent phishing attacks have called into question the use of OTP, but organisations must realise that security can't be achieved by one technology alone. With OTPs, banks can still confidently confirm that the user credentials entered truly are identification for the customer. However the customer still doesn't know that the site they are entering information into is real. Our solutions go a step further in addressing the above issues and ensure that the user will be logged into the correct mobile website avoiding phishing attacks. What steps can financial companies take to stay ahead of these new attack methods and protect their users? JD. Companies should consider both out-of-band and mobile web authentication to protect fi nancial transactions. Out-of-band authentication verifies and authorises transactions by generating OTPs based on the details of the transaction itself, such as recipient and amount. Th is ensures the integrity of the transaction won't be jeopardised if the authentication is compromised or hijacked. Th is method can hence be used to address transaction verification and/or authorising batch transactions. Our Transaction Verification application generates a unique code for each transaction on the user's mobile phone, independently of a web browser that could be compromised. Th is protects against man-in-the-browser, or man-in-the-middle, attacks. FireID's Mobile Web logs the user directly via their device into the secure mobile website with a single click and without the user having to type in the OTP or website address. Users are authenticated by a hidden OTP transfer and then directed to the website. Th is process ensures the mobile application will always log the user into the correct mobile website avoiding phishing and man-in-the-browser attacks. "In this landscape, trust in identity is essential. Without trust, consumer protection cannot be guaranteed" 54 www.fsteurope.com FEATURE Rule the world The spectacular failures of the past few years have added new momentum to calls for global banking reform. But is a universal regulatory framework feasible and, if so, what would it mean for the industry? 56 www.fsteurope.com W "Politics is embedded with financial regulation" hen the G20 summit convened in Toronto on June 26, it was clear that one topic of discussion was going to trump all others. In the wake of the global crisis, leaders have been falling over themselves to promise a greater level of regulation on the fi nancial industry, strengthening systems to ensure that something as cataclysmic never happens again. In truth, some of these hard words have been little more than posturing. Battering the banks has become an easy way for politicians to play populist. The general population is unusually eager to see the fat cats it blames for the meltdown get a figurative � and in some cases literal � tarring and feathering. As a way of bolstering poll numbers, elected officials have been happy to indulge their constituents' vengeful urges, at least rhetorically. But the bellicose words have so far outstripped limited genuine action on the part of government, hardly surprising given the complexity of the problems currently being faced. Therefore, all eyes were on the meeting of world leaders in Canada to deliver some concrete progress. In the days following the summit, plenty of headlines trumpeted the agreements reached in Toronto to apply new rules to the global banking system. On 28 June, Canada's Globe and Mail stated that `G20 sounds warning on bank rules', while the Financial Times went with the even stronger `G20 backs drive for crackdown on banks'. But look a little closer and plenty of issues remain, not least that getting to this agreement has meant relaxing the timetable for certain countries to comply with the Basel II regulations � initially slated for implementation in all major centres by 2011. The precise terms state that `new standards...will be phased in over a timeframe that is consistent with sustained recovery and limited market disruption, with the aim of implementation by end-2012'. In practice, this means that, as long as the argument can be made that doing so would harm financial recovery, certain states will be able to delay the pain new regulations might infl ict on their bottom line. As loopholes go, it's a pretty big one and something that could have a destabilising effect on the global fi nancial system. There are very real concerns that such a staggered implementation would lead to competitive disadvantage for territories that adopted changes early. We have become accustomed to threats that any tightening of the rules will result in the entire industry upping sticks from said territory and moving to a friendlier business climate. While it's worth taking such statements with a pinch of salt, there is little doubt that fi nance can more easily become nomadic than certain other fields. According to the Chief Risk Officer of a major European insurer, speaking under condition of anonymity, "If you impose a new regulation on the car manufacturers they're not moving their factory easily. But shift ing the trade from London to New York or from Frankfurt to London will be a matter of seconds or milliseconds. If you don't have regulations that are equal and create a level playing field that will only create losers because if people want to continue to trade they will trade and they will not stick in Germany and pay the taxes on that transaction if they can get the same transaction for free in Switzerland or London." Tech matters It is not simply the case of lost revenue. A key consideration for fi nancial institutions is the increased compliance costs that new regulations will entail. Even before the crisis, compliance represented a large proportion of fi nancial institutions budget spend. As the rules get tighter, so these costs will get higher. "Regulation is going to become more costly," says Rod Nelsestuen, Senior Research Director, Financial Strategies and IT Investments at analysts TowerGroup. "I think that's a natural consequence, not just because we have more of it but because the regulation needs to become more sophisticated. When you increase the sophistication you also have to increase your investment in both technology and people. In the US for example, there are a lot very knowledgeable regulators but a lot of the people doing the work might not have a depth of experience." The technology required to beef up regulatory systems also doesn't come cheap. "We need to do a lot more reorganisation and restructuring of data," says TowerGroup's European Research Director Bob McDowall. "Data management and analytics need a major overhaul, where the costs are substantial. They run into tens of millions for the largest institutions." McDowall believes financial institutions could react to this increasingly stringent regulatory burden in a number of ways. Outsourcing in certain areas would reduce the need to spend on in-house technology, while also passing on some of the compliance burdens. Another alternative will likely be banks divesting themselves of businesses that draw the largest regulatory heat. While this will undoubtedly diminish spending in certain areas, there will still be costs associated with getting rid of businesses, as well as the loss of income those businesses brought in. Basically, nobody is getting out of this without being hit in the pocket in some way. Back to reality? But the biggest problem at the heart of plans for a more global approach to regulation just might be the entire thing. Getting four people to decide where they want to go to dinner can sometimes be a challenge. Getting dozens of different countries and organisations to settle on a set of rules for something as complex as the international fi nancial system has almost limitless potential for intractability. McDowall gives the example of the Basel III requirements, which aren't even expected to be fi nalised until 2011. "It's not that banks don't wish to implement Basel III," he says. "They would like to take it in two or three pieces. There are those elements that perhaps would like to implement by the end of 2012. There are others who would prefer to leave it to at least the middle of the decade and there are probably others that wouldn't wish to implement at all. They'd like to kick it out to the long grass. It's a process of negotiation and there are some big issues at the moment. www.fsteurope.com 57 If we want to either get out of the current economic downturn or help commerce and industry to refi nance, then clearly putting strong capital and liquidity constraints on the state might not be too helpful." On a purely self-interested level, it is completely understandable that certain nations would resist the elements of Basel that might cause them harm. Spanish banks would be affected by the proposal to exclude deferred tax assets from capital, their French counterparts by a rule enforcing full capital allocation for partially owned subsidiaries, while UK banks would feel the pain of a deduction of pensions deficits. However, by allowing reforms to be phased in as and when it suits particular territories, even watering rules down to in search of agreements, there is a very real risk that we'll end up with a weak system that doesn't do the job it was designed for. It is clearly thought that reducing the scope of the Basel accord and lengthening its transition period is one of the best ways of ensuring that all 27 signatory nations will eventually adopt it. However, with a transition that some believe could stretch to as long as 15 years, there will be ample opportunities for organisations to sidestep rules in certain markets simply by channelling business through those which have yet to impose them. Taking a very different tack, it is possible to make the case that a single framework for the entire global fi nancial system is just too broad a solution. It is undeniable that the industry operates at very different levels and at varying stages of maturity depending on where you are. "If you take the APAC countries, they've not been particularly affected by the crisis and they think that Basel II should have been implemented better," says Bob McDowall. "To the extent the African countries are involved, they'd be very happy with just Basel I. I don't mean that in a pejora- tive sense. That's just quite an adequate measure for risk regulatory capital for the traditional business conducted in the region. Each geography has slightly different problems to address." The slow pace of global agreement and the differing regional requirements create the possibility that, by the time they are implemented, proposed global regulations will already have been superseded by more regionally-focused ones. In July, the US Senate passed its long-debated banking reforms, which now only await the signature of President Obama before becoming law. Designed to stave off a repeat of the irresponsible practices which led to the collapse of Lehman Brothers and Bear Stearns and which forced the government into a series of mind-bogglingly costly bailouts, the new rules contain provisions to stop institutions becoming too big to fail and prohibit proprietary trading. Could a country as fi nancially heavyweight as the US choosing to implement its own rules have a detrimental effect on progress elsewhere in the world? "I don't think so," says McDowall. "The US has a slightly different situation where perhaps only the top 20 banks there are international while the others are very domestic. In this context I don't think what Europe and Asia are doing is going to reflect necessarily what the US does." Regardless of the way that individual regulatory regimes may influence a more global model, their very existence undermines much of the collaborative work which is currently being done. A patchwork of local rules springing up during the long gestation of a more worldwide approach adds layers of complexity to international trade and carves perilous bumps and troughs into an ideally level playing field. Basel III requirements aren't expected to be finalised until 2011 Alternative outcomes But if global agreement is so hard to reach perhaps 58 www.fsteurope.com Third time's the charm? The long road to Basel implementation 1975 Basel Committee on Banking Supervision (BCBS) established by G10 countries 1988 Basel Committee produces Basel Capital Accord, applying international standards for credit risk US President Barack Obama, UK Prime Minister David Cameron and German Chancellor Angela Merkel at the G20 Summit in Toronto, Canada 1999 New Basel Capital Accord, or Basel II, is proposed. Outlines new focus on operational risk designed to plug gaps left by earlier agreement there is a more manageable way to stabilise and regulate the market? "You don't need to have the whole world agreeing on it," says our anonymous Chief Risk Officer. "If you have the G20 agreeing on it, than that's enough because I don't think you will see a hedge fund trader going to Angola. He may consider going to Switzerland, Singapore or Hong Kong, but he would certainly not set up in Uzbekistan only to avoid the taxes. That's why the G20 doing it alone would be sufficient. In the fi nancial business, if you look at equities that are trading globally, the G20 makes up about 99 percent of global trading." And what of the oh so familiar complaint that an excessive focus on regulation and compliance will stifle economic recovery? Notoriously resistant to any perceived meddling, the financial industry isn't exactly falling over itself to implement changes. The idea that rushing such plans could slow recovery has been seized on with vigour. "I don't think it's actually oversight of risk management which will stifle recovery," counters Bob McDowall. "It's basically about how regulation is implemented and operated. "Obviously managing systemic risk is extremely important. That comes right at the top because if the system goes under, the systemic risk goes right to the top. I think secondly you've got to enable banks to service what I call genuine economic requirements; genuine funding of commerce and industry to meet its requirements as it comes out of this recession. The third point is it's important that the national fi nancial system is safeguarded against `risk pollution' from outside. Each country has to look after its own national fi nancial and banking system. That may lead to confl ict overseas particularly in Europe. For example, for banks from other jurisdictions or countries who conduct business in the UK. We already have the Bank of England telling the banks here to manage their risk within Europe. It's not so much their direct exposure to sovereign bonds in the Eurozone, but to the institutions within those jurisdictions which are economically weak at the moment." Ultimately, even the idea of a pan European regulator, let alone a worldwide one, might just be a bridge too far. The crisis has been a chastening experience for the industry and being seen as a global institution isn't the badge of honour it once was. Banks are increasingly focusing on local markets and targeting international involvements much more carefully. In such a scenario is it really feasible or desirable to apply a one-size-fits-all regulatory framework? "The idea of the pan European regulator is a political issue," says McDowall. "I don't think it necessarily satisfies the regulatory needs of each national economy. You can have agreed principles, but principles will be enshrined in national legislation or financial regulation in different ways to suit the needs of the national economy. It could also end up reflecting the political view of the industry because I'm afraid politics is embedded with financial regulation." It seems the world may have to continue its wait to see the fi nancial industry brought under some form of centralised control. The long and winding road still being traversed towards adoption of the Basel accords is a clear indicator that these kinds of changes can't happen overnight. What is required is cooperation both between national governments and their industries, and between different governments themselves. The turmoil the world has experienced over the last few years had complex roots and will have equally complex resolutions. Furthermore, the intertwined nature of today's global markets mean that we are all in this together. It's up to everybody involved to work towards realistic and genuinely beneficial solutions. Hopefully we won't still be debating the implementation of Basel XI in 2085. 2005-2009 Basel II goes through a number of updates in response to perceived problems with initial draft 2009 Basel III documents published for review 2010 G20 meet in Toronto and reassert support for Basel rules 2012 Basel III implemented? www.fsteurope.com 59 TROUBLESHOOTER My word is my bond It doesn't all have to be up in the cloud, says Stephen Thurston. Today's mobile phone recording solutions can both use a firm's existing recording technology and support global deployments. Line Identification (CLI) cannot be forwarded on via the switch for privacy reasons. So where does this leave the tes: ri London w UK? Some companies are opting att from M horit y to implement `hosted mobile ice s Aut ial Se rv phone recording'. Th is solut he r Financ he "The UK vie wing w tion typically routes calls to a re nt ly re pre cur ing e xe m hosted call recording platform (F S A ) a all re cord c g wit h he mobile located in a secure telecoms to li ft t d in de alin volve network with search and t he panie s in om in actions tion for c replay of calls and texts nd t rans y e rs a commodit available via a secure web clie nt ord ial and nc nd, fina cision portal. Compliant softquit y, bo it h a de e . W ware is loaded onto the marke t s ble ila es y is ava de rivativ mobile handset and t e chnolog what e xisting recording of mobile immine nt, rage our ve an we le conversations in nd how c a re ?" this instance is ast ructu inf r t e le phony typically provided as a hosted service with pence-per-minute service charges on monthly contracts. Th is tends to suit smaller fi rms with little recording capability in-house here are currently only limor larger fi rms who may be seeking to outited mobile phone recording source establishment solutions available as the costs. technology is still at a fairly For those fi rms embryonic stage. The key conwhere retaining data sideration for any company in-house to meet orinvesting in this area should focus on how best ganisational requireto deploy the technology whilst minimising disments is of greater ruption to the business and ensuring they have concern, there are a a secure, tamper-proof and compliant solution number of compliwhich meets relevant compliance, data retenant, tamper-proof tion and security policies. `on-premise' solutions For those fi rms with an international or that enable fi rms to global footprint it would also make sense to use their existing restandardise on one solution. Th is can cause cording systems. One additional headaches however, as different such solution uses a markets have different legislation governing `Compliant Enterthis area. In Canada for example the practice of prise Server' (CES), conferencing mobile calls as a means of recordthrough which all calls are routed and securely ing is illegal, in Germany a decision has been delivered and authenticated to handsets regismade to implement technology which can stop tered to the service. A soft ware application is calls being recorded half way through the concentrally deployed to mobile handsets and once versation and in Australia a customer's Calling calls are routed through the CES, these calls are "When looking for a solution to deploy across more than one region, firms should opt for technology that supports international and roaming users" then recorded by the existing landline recording system, whether that's NICE, Verint or any other manufacturer a fi rm may have already invested in. Th is consolidates fi xed and mobile call recordings in one place and ensures call recordings are backed up alongside any existing business continuity strategy. When looking for a solution to standardise on and deploy across more than one region, fi rms should opt for technology that supports international and roaming users. It should also have the flexibility to have certain features customised to meet different privacy and legality issues across borders. The capability to incorporate `whitelists', which will pass calls through without presenting them to the recording system, should be considered in those regions that have more flexibility in their regulation, similarly `blacklists' can be established to restrict calls being made to specific numbers. With countries like Norway already implementing mobile call recording to meet upcoming legal requirements on 1 January 2011 and other Scandinavian regions expected to follow, there are a number of lessons that the UK should be able to derive from these implementations. Stephen Thurston, is Director and co-founder of Business Systems (UK) Ltd, the independent call recording specialists. Thurston has over 20 years experience in the voice recording industry and has been involved in providing large-scale enterprise solutions within corporate banking environments and many of the UK's best-known contact centres. T 60 www.fsteurope.com R MO ECORDING S BILE PHONE Business Systems now has mobile call recording technology available for current working requirements and future compliance and regulatory needs. WWW.BUSINESSSYSTEMSUK.CO.UK T: +44 (0)20 8326 8280 CYBER SPACE INVADERS 62 www.fsteurope.com Malicious attacks against banks and their data are growing increasingly intense and sophisticated. What can be done to defend the digital border? There can't be many people out there who would disagree that our hi-tech, networked 21st century world has brought some pretty big benefits. The ability to remain in constant touch with people all over the world via mobile phone and do all our shopping without even getting dressed has improved our lives immeasurably, but there are downsides. It used to be that if someone wanted to rob you, they'd have to approach you in person or fi nd their way into your home. Now, it is possible for a thief to put his hand in your pocket at a distance of thousands of miles, the first you'll know about it being when your bank account suddenly empties. Of course, it isn't technology's fault. From highwaymen to snake oil salesmen, unscrupulous individuals have been using every tool at their disposal to part people from their money for centuries. However, the changes wrought by the unstoppable rise of the internet have made it far easier for the modern day cutpurse to waylay untold numbers of potential victims. In its 4th Quarter Phishing Activity Trends Report, the Anti-Phishing Working Group revealed that it had received 92,641 unique phishing reports in the fi nal three months of last year. Similarly, MarkMonitor's 2010 Brandjacking Index tallied up 565,502 attacks over the course of 2009. As significant as these figures are, both only really offer snapshots of the problem's size. It is extremely difficult to pin down exact figures, but as far back as 2005 analysts Gartner estimated US consumers alone received 109 million malicious phishing emails and that American businesses lost US$2.8 billion in 2006 as result of such attacks. Allowing for the increased ubiquity of the networked economy over the past few years, it is reasonable to assume that today's official figures represent just the tip of the iceberg. What is without doubt is that fi nancial institutions remain the most popular target for online scammers, with around 40 percent of all attacks being aimed in their direction. As banks move more and more services online, so cyber criminals are working to fi nd new ways to penetrate their defences. One of the most worrying www.fsteurope.com 63 of these unwelcome innovations is the man-in-the-browser attack, which has become an increasingly common problem for FIs and their customers over the past few years. Th is method sees a user's computer infected with a trojan installed through a vulnerability in the operating system or soft ware, quite often a browser. The attacker is then able to manipulate information through that trojan as the user conducts business with their fi nancial institution. Individual man-in-the-browser attacks are created to specifically target the way different fi nancial institutions work their log-in processes and form fields on their own sites. KNOW YOUR ENEMY MAN-IN-THE-BROWSER Becky Pinkard is former Global Head of Attack and Data Leakage Monitoring at Barclays. During her time with the bank and her long experience in the industry, she has witnessed the changing nature of the digital assaults IT professionals have to face down. "The man-in -the-browser attack is defi nitely evolved from the phishing threats that were the biggest way for attackers to try to take advantage of people by sending them an email link of some type or giving them a malicious link that the user would have to click on," she says. "The link would either re-direct them to a fake site or it would try to download some software to their computer at that point. With the man-in-thebrowser-attack, they could have had the trojan installed in a various number of ways." Users can open the door to man-in-the-browser attacks by visiting another site or they could be infected by a botnet which then allows the master controller to send a trojan direct to their system. What makes this type of attack such a threat is its key difference to more familiar phishing scams. "Users don't have to do anything special," Pinkard continues. "They're not going to a site that looks like that Differs from phishing in that, rather than directing users to a fake website, it secretly captures data as it is entered into a legitimate portal without interfering with the transaction. of their bank, they're actually going to their bank's site. The trojan is in the background and it's manipulating what they think and what they know to be a legitimate conversation with that bank. That's why it's been such a dangerous evolution." It is precisely this seamless integration into the everyday banking experience that renders the man-inthe-browser that much more difficult to tackle. As more traditional dangers like phishing have entered the mainstream, web users have become increasingly savvy when it comes to detecting them. "The media has just had a field day with the phishing attacks, for example," Pinkard confirms. "You could have asked my mum what a phishing attack was and while she couldn't give you the technical breakdown, she could tell you that it's bad and it means she's visiting a site that's not legitimate." In the case of emerging threats like man-in-thebrowser, it therefore falls to technology to fi ll in the gaps the average web user may not be able to see. Pinkard explains that, at Barclays, steps were taken to implement specific authentication processes and form actions in order to block the progress of malicious intruders. "With the man-in-the-browser attack, what we saw was that they would have to understand exactly how the log-in process works," she says. "They would have to understand exactly what the forms would do when you fi ll them in and submit them. They have to set up their process so that it goes, literally, step by step with that as the user goes through the process. If they get a form field wrong, or they get a link wrong, the whole thing breaks down and it fails. There's defi nitely an aspect to trying to stay ahead in terms of the technology." A function of our ongoing technological revolution is a major shift in what companies consider to be their most important resources. Data is king now, and nowhere is that more true than in fi nancial institutions. "One of the things that we've noticed over the last 30 years is that the ratio of intangible assets to tangible assets has changed dramatically," says Dan Turner, COO and CTO of Vistorm, an HP company. "Th is has major impacts on the amount of stakeholder damage that can result from these types of online attacks. If you look at some of the banks � certainly before the fi nancial crash of the last couple of years � they were heavily IP orientated. Their shareholder value, their capitalisation was mostly made up of intangible assets." Protecting these assets takes on an increased significance in a world still shaking from the effects of the fi nancial crisis. In the wake of collapsing markets and once indomitable banks revealing hitherto unimagined weaknesses, the battle to regain the trust and confidence of consumers is critical. "It's a problem for the banks simply because it's an attack against information that the customers trust the banks to hold and to take care of," confirms Pinkard. But it isn't only down to financial institutions to protect their 64 www.fsteurope.com 64 www.fsteurope.com FAST FACTS Know the score 2009 in phishing 1. 36%.........Growth of attacks targeting financial brands 2. 598....Average number of attacks per organisation 3. 154%.......Growth of attacks targeting payment services 4. 44.7%......Proportion of phishing sites hosted in the United states 5. 62%.........Total growth in attacks since 2008 Source: MarkMonitor Brandjacking index CODE BREAKING How secure is your password ? UNBREAKABLE g01111001110011101100e 011235813213455134 deathknight55 STRONG algoreisright ncc1701 starrynight ggekko GOOD enzoferrari thx1138 babygirl flipper goodmorning business abc123 michael snoopy iloveu princess biteme WEAK FAIR ihatemylife dreams rockstar dragon qwerty secret access password monkey pass money 121212 letmein 123456 diamond football master Teens Students Geeks Enviromentalists Professionals Retirees systems. "Simultaneously we have to look to our customers to maintain their systems. I know that several institutions do that. Barclays for example gave out free anti-virus software to try and help customers maintain a clean system whenever they're working with the bank." Following the turmoil of the fi nancial crisis, many consumers are looking to alternatives to the traditional banking solutions. Retailers such as Tesco have been quick to exploit the dissatisfaction many average consumers feel, setting up their own `no-frills' banks and siphoning customers from their more venerable peers. "I think the fi nancial institutions that were there previously have to work exceptionally hard to do the security piece right," says Turner. "They don't want to have any kind of additional risk of losing any more trust and hence, customers." Reputational damage is one thing, but it's when money KNOW YOUR ENEMY PHISHING Creates fake emails and websites purporting to be from trusted organisations, tricking users into entering personal data such as bank details. enters the picture that organisations really start to sit up and take notice. Costs incurred as a result of cyber attacks aren't limited to what thieves successfully steal. An increasingly stringent regulatory system means that organisations that fail to take sufficient care of customer data can fi nd themselves saddled with heft y fi nes. For example, a recent amendment to the UK Data Protection Act raises the possibility of penalties as big as UK�500,000 for any company judged to have been careless with other people's information. Even before the crisis, the compliance burden facing FIs was taking up ever larger chunks of the IT budget. With the recent G20 meeting promising tougher regulations throughout the world, banks have every reason to be wary of the increasingly ingenious attempts to pierce their digital defences. "What I see in my work dealing with data breach and 66 www.fsteurope.com information leakage, is that I think we're going to continue to see regulations," says Pinkard. "We're going to continue to see fi nes associated with regulations. In my experience, any time a company starts to see the costs add up, they really start to sit up and pay attention to what they need to do to mitigate the situation so that they can limit the potential damage or the potential risk of having to pay out these fi nes." Network security professionals are not only facing increasingly sophisticated attacks. The growing complexity of the networks they are charged with protecting creates problems of its own. Says Pinkard: "One of the issues that especially larger and global companies are dealing with is the fact that, as more and more companies continue to expand and go through mergers and acquisitions, it gets increasingly complex to bring together not only the networking infrastructure required to get the technology where it needs to be, but to do it within the time frame that's given by the business. And then you have to add the security that's required on top of that." The challenges involved in meeting the needs of the business while simultaneously keeping adequate security in place are only amplified when mergers and acquisitions � more common in the uncertain past few years � challenge technology professionals to create reliable and secure links between disparate legacy systems. Building and securing new systems � or even just retrofitting old ones � is an expensive business. Understandably, given the shocks the market has endured over the last few years, budget-holders have become extremely picky about where they spend their money. If an old security system seems to be doing its job, it can be difficult to build support for replacing or overhauling it. "There's a reluctance there by the business, a lot of times, to take that step," Pinkard confirms. "There's the potential that they could lose business, or they could cause outages or tick off customers in the process." However, the aforementioned tightening of the compliance net and the growing sophistication of security threats are definitely tipping the balance. Surely it is better to put up with a little pain now if it will prevent real agony in the future? KNOW YOUR ENEMY TROJAN A programme that conceals harmful code, tricking users into installing malicious software on their computers. KNOW YOUR ENEMY PACKET SNIFFER Intercepts routed data and examines each packet in search of specified information, such as passwords transmitted in clear text. is often said that change is the only constant. If that is true, then the last few decades have been some of the most constant in human history. In around 30 years, the world � and the fi nancial industry � have moved from largely analogue to almost completely digital. The rate of development has accelerated so much that keeping up with it has become more and more difficult. "It's a constant challenge not only from a security perspective, but just from a CIO's office in general to stay ahead of that and stay abreast of what's the latest and greatest technology." Pinkard explains. "It's about what's going be here and work for us not only now, but as we go forward. When I fi rst got started in this business about 15 years ago, people were looking at making five-year plans and seven-year plans. Nowadays you're lucky if you can make a plan that's 18 months to two years down the road." It Take mobile banking. Widely thought to be one of the big growth areas for fi nancial institutions in the next decade, it raises a raft of new problems for information security professionals including, from how they authenticate mobile devices to how data is protected if a device is lost or stolen. There needs to be a clear understanding of the vulnerabilities of the medium, followed by a huge amount of work to mitigate these vulnerabilities. According to Pinkard, this is not a simple process. "The problem is that a lot of times, we get out there in front of the technology and we think we've found all the holes, or that we have all the fi xes, or we have all of the fences that we need in place," she says. "Then you put something out there. Once it's up and running, attackers are starting to pound on it day in and day out. They're the ones that are doing the real work for you, but they're doing it to their benefit, not yours. Because they're the ones who will eventually fi nd the holes, or somehow create the hole, and then take advantage of them. It's a constant battle." Letting cyber attackers illustrate the weaknesses of a security system might sound like the digital equivalent of testing a bullet proof vest by putting it on and inviting someone to shoot you. However, it is one of the surest ways of identifying potential vulnerabilities, provided the response to them is quick and decisive. "Speed is definitely essential," Pinkard agrees. "It's an age-old joke that the only secure computer is one that's completely disconnected and buried in a concrete bunker. If any company wants to do business in today's environment and in the networked world, it has to assume a certain measure of risk." That is one of the hardest realities to grasp. No matter how much is spent, how many hours are devoted and how much technology is developed, a 100 percent secure networked environment is little more than a pipe dream. There will always be chinks in the armour, and it is up to individual organisations to ensure they have the best possible protection to respond swift ly to weak spots when they appear. "It's a relentless and dynamic threat environment out there," says Dan Turner. "Malware just gets more and more sophisticated, almost changing shape nearly every few hours. As new operating systems come out, people will continue to aggressively exploit them. While the general economy is in a downturn, I would say the cyber criminal world is in fairly healthy spirits." As information becomes a global currency, a source of business success and a sought-after prize for thieves, IT security needs to step up its game. The attacks aren't going to stop. In fact it's much more likely that they will become increasingly intense. Those at the sharp end will have to redouble their efforts to repel the invaders. "The data is truly the thing that is most valuable," says Pinkard. "It's all about maintaining the sanctity of that data and taking care of it so you can continue to build the reputation of your company, and maintain the trust of your end-user or your customer." www.fsteurope.com 67 EXECUTIVE INTERVIEW Trust is good for business H�kan Nordfjell explains how banks can increase revenues and tap new markets if they give users better ways to authenticate themselves. When it comes to authentication, aren't banks just interested in cutting the cost of fraud? H�kan Nordfjell. Online banking is about more than cost cutting. Banks are just waking up to the potential for increased revenue and new business opportunities in the online arena. In this context, online security is not just a cost of business to be weighed against losses to fraud. Bank innovation and vision lead the way but trust and security form a barrier; customers will only use the online channel if they trust it. But it will only work if banks change the way they build a business case for trust and security. In this context, banks need to re-evaluate their costbenefit calculations for online security. If they only count the cost of fraud they will miss the bigger picture. Poor security has a significant opportunity cost. Banks should focus on the benefits of moving a customer online and getting them to buy more when they get there. Increased security makes each customer more valuable and more profitable. Isn't a bit of a chicken and egg situation? Online innovation demands better security but banks won't put it in place if there are no immediate revenue or savings. How do you resolve this paradox? HN. It's a common mistake to believe that current levels of bank security, and particularly static passwords, are sufficient and don't need to be improved. In reality, when security is poor, everyone focuses on the cost of fraud and the difficulty of developing new services in an insecure environment. Th is makes it hard to upgrade security and hard to develop new business opportunities. Instead, I think people need to do two things. First, they must understand the real cost of insecurity. Second, they need to see the benefits and opportunities created by stronger authentication. People tend to think about the direct cost of the fraud; the losses to online criminals and the cost of reimbursing customers. But that's only the tip of the iceberg. There are big costs involved in understanding, detecting and preventing attacks and bigger costs to a bank's reputation. Victims assign some of the blame for security problems to their bank. For example, a recent survey in the US found that four in 10 businesses switched banks after suffering a fraud incident. Now the cost of fraud is the expected lifetime revenue from a disappointed customer. "You need a baseline of trust and security. Customers need to feel confident to transact with you online" H�kan Nordfjell How does better security increase revenues? HN. You need a baseline of trust and security. Customers need to feel confident to transact with you online. Staff need to be free to focus on business development and service innovation rather than fi refighting security problems. Once a secure foundation exists, banks can build new high-value services online. The trend in Northern Europe is for branches to switch focus from low-value transactions, such as cash withdrawals and cheque deposits, to high value sales, such as loans, fi nancial and business advice. The branch becomes a venue where banks can meet their affluent customers. With the right security, banks' online portals can become an integrated part of this trend towards highvalue, high-touch customer service. It can also increase commerce spending, take care of many more low-value transactions and enable completely new lines of business. If banks want to attract customers, up sell new services and out-compete their rivals, they need good security. It's not just a cost of business. It's good for business. H�kan Nordfjell is the Chief Operating Officer at Todos, where he is responsible for Global Services and Operations. Todos helps banks and other businesses create trusted, secure relationships with their customers online. Todos was acquired by Gemalto in April 2010. 68 www.fsteurope.com INFORMATION SECURITY 'm often asked exactly what an ethical hacker is. Essentially it's someone who understands how to gain access to a company's systems in order for them to cover the vulnerabilities and other problems within the business prior to someone else fi nding them. I've worked with some major global organisations, which I cannot name, but ethical hackers can work with any company from an SME business to a large global bank. All businesses are opening up their networks now, adding remote working solutions and doing more on the web. And this makes them more vulnerable. Real hackers come in all shapes and sizes. They are often disgruntled ex-employees or people who are still working within organisations. Alternatively they could be a competitor. Hacking doesn't have to be malicious; people often do it as a challenge. They hack into companies' websites then deface them, effectively putting graffiti onto the websites. In the UK there are thousands of websites that are hacked into in this way. It's easy to do � even my I grandmother could do it. The way of doing it is simply to get hold of someone's username and password. To do that, go onto YouTube and search under `how to crack someone's username and password' and you get thousands of different videos that are about 10 minutes long. Social engineering often plays a big part in the hacking process. A good example of this would be; Fred has just started at a new company and has announced this on his LinkedIn page. A hacker could contact Fred and say `I notice you've just joined the company, I work within the IT security department and I need to confirm you have all the relevant policies and procedures and that you have been given the right URL for your remote access web mail account.' Fred is then asked to disclose the information. A week later the same person contacts Fred and tells him there have been some business continuity issues within the company and tells him to click on a web link to check their login details still work. What has happened is that Fred has been directed to a fake external website and by now the hacker has his username and password through "Education is going to be vital in strengthening IT security as we move into the future" Former `ethical hacker' Jason Hart gives an insight into the threats posed by his unethical counterparts. 70 www.fsteurope.com ICKS OF TR TR A DE THE M O S T WA N T E D Three of the world's most notorious computer hackers Jonathan James aka c0mrade The first juvenile to serve prison time for hacking, James was sentenced to six months in jail in 2001 at the tender age of 16. His activities included creating a backdoor into the US Department of Defense's Defense Threat Reduction Server and stealing programmes worth an estimated US$1.7 million from NASA. James committed suicide in 2008. Kevin Mitnick aka Condor The most wanted hacker in US history, Mitnick's varied intrusions sparked an FBI manhunt. From exploiting the Los Angeles bus punch card system to get free rides at the age of 12, Mitnick graduated to phone phreaking and hacking. Things came to a head when he went on a two and half year coast-to-coast hacking spree. He was captured after breaking into computer expert Tsutomu Shimomura's system when Shimomura made it his personal mission to track Mitnick down. Kevin Poulson aka Dark Dante Famous for rigging a radio phone in competition to win himself a brand new Porsche, Poulson also devoted a great deal of effort to braking into various US government computer systems. Arrested in 1991, he was sentenced to five years in jail in 1994 as well as being forced to pay US$56,000 in restitution. Proving that there is life after hacking Poulsen is now Senior Editor at Wired News. In passwords and usernames protected just 1959 4 computers befriending him and gaining his trust. Social engineering is a very old concept but combined with technology it's very powerful. One of the most important risk factors large organisations have to consider is possible damage to their reputation or brand integrity. People don't put a value on these types of things and it's very hard to do so. But to have a security breach and for that to be on the front page of The Times newspaper the next day means your credibility has gone overnight. It doesn't matter if you're a small charity or a large global organisation, your reputation is crucial. Part of reputation, credibility and integrity these days is about taking information security seriously. And unfortunately many people still aren't taking it seriously. When it comes to guarding against hacking attacks it's all about understanding what the potential risks are. But there are also some other fundamental things people can do. Many have implemented fi rewalls, antivirus soft ware and content fi ltering. But when it comes to protecting passwords they haven't really done anything, and yet they are still opening up their network and businesses to third parties. Being able to control usernames and passwords is vital and having a form of two-factor authentication mitigates a lot of that risk. Th is enables companies to control who is coming in and out of their business networks. Two-factor authentication can be used to log into any remote application, online application, and remote working solution or VPN solution. In any instance when people are getting information externally from the business, they should be using two-factor authentication. Th is is not a new technology, it's been around for over 20 years. However there are now easier and simpler ways to implement it. Services are available which allow you to solve problems instantly, within minutes without any infrastructure or hardware requirements, removing all the hassles and headaches of implementing a two-factor authentication solution. And it's cheaper than a cup of coffee per month. We're hearing a great deal about cloud computing these days and the security risks it might entail. The underlying element that secures cloud computing and the ability for an individual to access that cloud computing application, is a username and password. And if that username and password is not protected using two-factor authentication then certainly the whole credibility of cloud computing falls down because it's wide open. But for cloud computing you can use two-factor authentication to mitigate the risk. If you look at any Fortune 500 company now they have a Chief Security Officer, which is fantastic. The view now is that people are becoming very technical and it's all about the technology solving the problem. But unfortunately technology only solves a very small part of the problem. I think people need to get some real basics in place. For instance usernames and passwords have been around since 1959 and that was a control that was put in place to protect four computers at the time. We now use it to protect every single part of our assets and our IT infrastructure. People don't even go onto the internet now without using anti virus soft ware. So why are we still using a control that came about in 1959 to try to solve millennium issues. Education is going to be vital in strengthening IT security as we move into the future. We need to start educating people now because they still don't believe the risks. We've got children growing up who, at the age or five or six, are already using computers and seeing the internet as another form of life or reality. Children are given sex education at school so why aren't they given internet education in the same way. The same principles and levels of awareness need to be applied there. Jason Hart is a former ethical hacker and current CEO of CRYPTOCard. www.fsteurope.com 71 SECURITY The missing link Despite decades of staggering advances, technology can still only do so much. Travelex CISO James Gay tells FST about security's vital human component. S ince the fi nancial crisis put the global economy in a stranglehold, the market for international payments services has rapidly expanded as businesses and consumers the world over place increased importance on cash management. Businesses in particular have sought to achieve integrated global payment platforms that are capable of meeting their international payment needs. Travelex, the world's largest non-bank provider of international payments and foreign exchange solutions, is well placed to take advantage of this market expansion, and rivals even the largest global banks in its ability to deliver a truly global payment solution. In September 2009, consulting fi rm TowerGroup ranked Travelex Global Business Payments as the industry leader in global payment solutions for the small-medium enterprise (SME) market and as number three globally for innovation in payments in the SME market. Th is is testament to the fact that Travelex continues to innovate in the payment industry. James Gay is the CISO at Travelex and despite the importance that many attach to the role of technology in innovation he tends to believe that when it comes to security, technology is vital but it isn't the most important part of the puzzle. "The security industry as a whole has realised that it is no longer a control and blocking industry. It is a business enabler. People expect security. You can see the challenges that people are facing with the loss of personal data, bank fraud and credit card fraud and the security industry is at the forefront of helping people resolve those challenges. So we have to be more of a people business than we've ever been," says Gay. In his view, the technology is an enabler for what Travelex does, but without the proper concepts of how to deal with the people part of the puzzle the technology isn't really much use. "The technology is always going to be there as we need the tools to implement things and we need to do things faster, cheaper and better," says Gay, but he is quick to stress that the main areas of investment over the next 12 to 18 months will be in people. "Without the right people it doesn't matter how good your technology is, you will not be able to implement it properly," he explains. The importance of understanding business needs before investing in technology is vital since the market is awash with technology solutions � some better than others � and businesses need to have the correct person in place to make decisions regarding the viability of technology investments. Th is, Gay believes, is the most challenging aspect of rolling out any type of information system, whether it is security related or not. Most of the challenges he faces in his role are human as opposed to technological. "Security and information security is about people. It's about getting people to understand that they are adding value somewhere and that they are responsible for security. Everybody in a company is part of the security and if they don't understand that then we are heading for trouble," warns Gay. As CISO, Gay believes that he is not actually responsible for security at Travelex, but rather he is accountable for it and those who deal directly with the customers, those who do fi nance and those who work in the offices, are responsible for security. "I simply make sure that they have the tools and the awareness to get it done," he says. "I'm accountable for the quality of that process." "Security and information security is about people. It's about getting people to understand that they are adding value somewhere and that they are responsible for security" And this is why processes are so important. It's no good implementing them if the staff cannot work with them or they slow the staff down and they end up circumnavigating them, says Gay. "The whole point of our security is to add a protective shell around our processes, but it shouldn't get in the way of those processes. If there is a quicker cheaper way of doing things � as long as it doesn't increase the risk to the company � then we have to fi nd a way of enabling the security in a different manner." The way that Gay evaluates the effectiveness of the business processes is quite hands on and involves him actively getting the opinions of those who use them � his staff. Wandering around the office he enquires as to how and why staff do what they do and likewise how they would ideally like the processes to work. Based on these responses he then tries to fi nd a compromise that lies somewhere between efficacy and security. There are obviously some processes that are unavoidable such as audit trails, which are required by legislation, but even in this case Gay says that this doesn't necessarily have to be done the hard way. "In my ex- www.fsteurope.com 73 perience there are easier ways to do things and still be as secure and have the same risk mitigations. You just have to think outside the box," he says. But, he stresses, this can't be done by just looking in from the outside and requires that you work with your staff so that you can become an integral part of the solution rather than the problem. And this pretty much sums up Gay's management style in general. "I think Peters coined the term `management by wandering around' some years ago. If you sit in your office you're going to see symptoms. I'm naturally an inquisitive person, wherever I'm working in a business I want to be part of it, part of the sales process and part of the delivery process," he says. "As the CISO I have to be part of the security process, but this is just part of the quality delivery of the organisation. So by being out there and by being an integral part of it and by knowing what people are doing, what they are trying to do and by knowing what is failing, I get to see the things that are actually going to happen to us. So although I get to see the symptoms, if I haven't predicted something happening, then I haven't done a very good job," explains Gay sternly. Th is wandering around is also something that he encourages his staff to do so that they too can understand how things can be done better. "Part of being a CISO is making sure that the next generation of CISOs understand the thought process, the risk management process and the risk assessment process," says Gay. " So quite often I won't come up with a bright idea, in fact I try not to. I try and get my people to do the same sort of analysis that I do." But as much as Gay likes to be in the thick of it, he admits that being on the frontline and seeing every smart problem that arises is not actually very realistic in his job. So he relies heavily on the feedback from his user base as to the problems and failures they experience. But despite the proactive and interactive approach of Gay and his staff, it is still necessary to implement some kind of measuring process in order to judge performance. Th is is an integral part of business intelligence. "I think there has fi nally been a realisation that we can no longer have people wandering around in white lab coats, but if you can't measure something, how can you see whether you are doing it well or badly?" asks Gay. "Without the right people it doesn't matter how good your technology is, you will not be able to implement it properly" Global state of IT security For many years, information technology � and, by extension, information security � was among the most likely cost centres to encounter cutbacks in funding when companies fell upon difficult economic times. Is that true? To find out, PricewaterhouseCoopers asked more than 7200 CEOs, CFOs, CIOs, CISOs, CSOs and other executives responsible for their organisation's IT and security investments in 130 countries. Key highlights from the findings included: � The economic downturn, as a major driver of information security spending, has slammed onto the executive agenda � The number of respondents who say that their organisation has a data loss prevention (DLP) capability in place has leapt this year � from 29 percent in 2008 to 44 percent in 2009 � Last year, the survey revealed significant misalignment among business and IT decision-makers. This year, the tide has changed � One of the strongest trends this year is the increasing interest in the virtualisation of IT assets Source: PricewaterhouseCoopers "The only way to measure things is to have that intelligence behind it as an integral part of the quality delivery of a business. Your metrics are just as important as the fi nancial performance of the company and the market impact that you have," says Gay. Another aspect that he rates very highly is the need to look outside of Travelex at the whole security industry rather than just at the fi nancial services industry, in order to learn what the tools of the future will be. Academia is an extremely important source of information for Gay and he monitors it to see what is occurring in encryption technology, banking and in the credit card arena, which is particularly pertinent since Travelex recently launched its own prepaid cards. "I'm halfway through a PhD at the moment because I believe that by interfacing with academia, understanding what academia is thinking and helping it to understand the problems that we face, then we have a joint approach to solving some of those problems. You have to interface with everybody that has an opinion. You don't necessarily have to take those opinions on board, but opinions will form the body of knowledge that you use to move forward," says Gay. He is already doing this with the likes of Web 2.0 and the cloud and plans to do so with regards to the newer mobile technologies. "I look at some of the industry forums, not necessarily the security industry, but wherever people are looking at new ways of doing things and at new ways of breaking things. If they're going to break, they're going to break in an insecure manner, so I want to know their ideas on how to stop them from breaking in the future." 74 www.fsteurope.com Security innovation How do you balance that need to keep the lights on with the need for innovation? James Gay. I have a responsibility to the organisation to help them migrate to the 21st century of information movement. Travelex has evolved to now actually doing international transfers of money at the click of a button, to selling people cards to go on holiday with rather than a wallet full of cash. On that card there's nothing that identifies that person � it's kept on a server in a very secure location, so there's no risk to the people but there's a risk to the organisation. Does that mean we've got a bigger security risk? Well, probably not. It's a different security risk, and it's that shift that's my responsibility to help an organisation understand. It's not that we've got a million pounds here and we're going to lose it any differently than we did before. We won't be losing it physically, we'll be losing it through information loss. The controls we have to have are going to migrate from having bulletproof glass in the branches and things like that to having bulletproof security on the internet, so my main job at the moment is to help the organisation embrace those new security risks and the controls we're bringing in to mitigate them. On the day-to-day management side, I have to understand whether that's getting through or not, whether people are out there saying: "Oh, we shouldn't do this because it's too scary." It's my job to make sure that nobody ever says that in the organisation. Nothing is ever too scary. Something may be a new risk. Have we understood the risk? Have we gathered the mitigating circumstances we need to understand whether we're controlling the risk or not? And is the risk too much for the business to face? I have to help people understand the metrics behind that, and then help the business make the decision as to whether we want to move in that particular area. It's not my job to stop or to start any particular piece of the business, it's my job to make sure that the executive is properly informed to make the right business decisions, but not be scared about moving into the new age because they haven't been there for 20 years. Regarding mobile technology, this is something that Gay welcomes and he says it is something that Travelex will have to get involved in otherwise it risks not being in business at all. "Mobile is what people are saying is going to be the new contactless technology. We need to embrace the way that people are going to be using it but also understand that we then have a duty to educate our customer base, not just our employee base," says Gay. He goes on to explain that there is an important distinction between those who have to learn to adapt to this new technology � digital immigrants � and those who have grown up with the technology and are comfortable using it � so-called digital natives. Digital natives, he says, are the people that he will be doing business with and they need to ensure that they are in a position to do that as seamlessly as possible. "They don't want to know about passwords and authentication and whether it's a BlackBerry or an iPod. They just want to know that they have communicated with you, that they have a request for service and whether we are fulfi lling that service correctly or not, because if we don't they are going to go somewhere else," he says. "We're not there today and I'm not going to pretend that today we are ready for iPods and BlackBerrys, but we are actively embracing where we need to be. "So my job as CISO and as part of the information technology team is to help the business embrace the new world willingly," says Gay explaining that he has a fantastic group of executives behind him. "My boss has been made responsible for mobile technologies, which is great because I've got a really great relationship with my boss and I can try new stuff out there and I don't have to explain to 100 people on a committee. I can just go to my boss and say `Let's have a try at this' or `Let's have a look at that'," says Gay. Having a supportive executive also makes it easier for Gay to sell information security, and by all accounts this is no easy task as you are selling something for which effectively the very best outcome you can hope for is nothing. "In a lot of the fi nancial services areas nothing is a pretty good result and by having a supportive executive it's not that difficult to sell the need," says Gay. "The quantity is always a difficult discussion in any business. I would like to have perfection. The executives would like to have perfection. We look at the cost and we balance the risk with what we are willing to pay. In an industry like ours where we are in the business of risk, we take a risk on a daily basis and that risk decision is made by the executive on an informed basis. It's my task to make sure that they have all the information to make that decision. Sometimes its quantitative and sometimes its qualitative. "Sometimes its just a plain-old case of `I've been doing this for so long and I can tell you that there will be a problem if we don't do this' and luckily, with the respect I have from my boss and the executives, if I have to pull that one out of the bag they say `Well if you really believe that then we will go with you, but don't play that card too often'". www.fsteurope.com 75 SECURITY First defence Employees should be the new line of defence in any cyber security strategy, says a new report from PricewaterhouseCoopers. any organisations are worryingly complacent when it comes to information security assuming that `it won't happen to me,' while individuals often tend to think that it is someone else's problem. However, a new report from PricewaterhouseCoopers LLP (PwC) examines cyber security and explains how organisations should be making employees the first line of defence against damaging security incidents. Security awareness: Turning your people into your first line of defence suggests that the response of organisations to improving protection and reducing risks has historically been strongly biased towards further investment in technology. In essence, they have been solving what are perceived to be technical issues with technical solutions. Craig Lunnon, Senior Manager of OneSecurity at PwC, thinks this approach is misguided. "Technical solutions are too frequently being prescribed for people problems. Although technical defence is vital, systems are inherently vulnerable to both negligent and malicious acts by people. Ignorance, confusion, anger or even curiosity can all give rise to incidents." While the argument to change behaviour is applicable to all sectors, fi nancial services should expect to see a better than average return for a number of reasons, says Lunnon. First, the sector is traditionally a high spender, which creates an opportunity to optimise the investment. "All parts of the sector from retail banking to investment banking rely on high levels of client trust. Loss of reputation has an M immediate and sometimes fatal impact on organisations in this sector," he explains, going on to say that the fi nancial services industry employs bright people and expects them to think for themselves, but traditional approaches often seek to limit rather than enable. The security awareness report considers whether information security currently has the right focus, and is backed up by PwC's 2010 Global State of Information Security Survey, which shows that only 48 percent of organisations questioned in the UK have an employee security awareness programme, falling behind global leaders � the US (64 percent), India and Australia (59 percent). Efforts to improve security often create cumbersome processes that get in the way of people doing their jobs. Consequently, they can be tempted to by-pass security controls, so the human element of technical solutions often diminishes the desired effect. What is required, suggests the report, is a new approach in which an investment in understanding and influencing the behaviours of all those concerned is balanced against continued investment in technology. The difficulty large organisations often face is that security functions tend to be autonomous, fragmented and isolated while ignorance can provide a false sense of security among a workforce. PwC recommends that better engagement between security teams and the business is needed as well as higher levels of engagement between organisations and employees. "What is required, is a new approach in which an investment in understanding and influencing the behaviours of all those concerned is balanced against continued investment in technology" 76 www.fsteurope.com The solution is to invest in people. Make them the first line of defence � rather than the cause � of security incidents. Thus, the return on investment from a strategy that leads people to exhibit new behaviours around Invest ment in securit information security will exceed misdirected investmeasu y awar res pay eness s for it ment in technology-based solutions. "The goal is that all and ca self m n help any tim in: those working for an organisation are alert to risks, will e s ove r want to act to protect information and will be actively � Redu cing in supported in doing so," says Lunnon. "As the first line of cident fraud s of th ef t, los defence, security-aware employees are often best placed s and � Avoid ing bre to identify a potential breach or weak link. Equally, they aches regula of law tion can prevent and reduce the impacts of incidents when and/or � Ensu ring co they do occur." ntinuo busine us ava While Lunnon is not arguing for a `one or other' apss-crit ilabilit ical inf y of � Prote ormat proach, he is hoping that a more balanced approach will c ting b ion rand a p o ten t nd red be enabled by ensuring employees are aware of security ial for ucing repu t a the � Enab risks. Using an analogy, Lunnon explains, "When teentional ling th risk e use o marke age children start driving we look for the most approf secur ting dif it y as a f er en t positiv priate and safest car we can afford, as well as helping iator e them fi nd a decent instructor. Th is is a balanced approach to risk. In information security terms this means developing the most appropriate technology solutions, but accepting that ignorant, negligent, malicious or even plain over-enthusiastic use of this technology can still result in damage to the organisation." Using employees as a fi rst line of defence allows an organisation to set out how it wants its people to behave and develop interventions and controls that will deliver measurable change. It also highlights the potential issues influence with the rest of the business. Unsurprisingly, the with traditional approaches. "In the fi nancial servicsolutions put in place tend to be tactical rather than es sector people are paid to think for themselves strategic. To make employees the fi rst line of deand to manage risk for themselves within set fence requires a shift in culture. Th is needs exparameters, so how would you expect someecutive sanction and support along with the Only of UK organisations one to respond to having their access to the involvement of a broader group of influenchave an employee internet constrained at work? A significant ers across the organisation. Securing such security awareness proportion will fi nd a way round the barrisupport and engagement is a challenge." programme ers and place the organisation at increased Changing behaviour is not a black and risk. An alternative might be to raise awarewhite process; there are extensive grey areas ness of the risks, provide a source of up-to-date that are multi-faceted, complex and on-going. information on these risks and then trust them to And most organisations tend to take action before manage the risks for themselves within given parameters, they are clear on the direction they are seeking to travel and with appropriate sanction if they don't," suggests and how they are gong to measure success. "How many Lunnon. times do awareness campaigns rush into creating inThere are of course challenges involved in making tranet sites, running workshops and briefi ngs and trackemployees the fi rst line of defence in terms of cyber strating staff attendance only to report no sustainable impact egy. Lunnon explains that traditional approaches tend to on the level of breaches or other issues?" asks Lunnon. come out of a control or compliance mindset and mitigate "By taking the time to articulate what is expected of staff risk by tightly controlling employee behaviour � even and how changes in behaviour from a known baseline can where awareness campaigns are put in place, this is often be measured, businesses have a framework to critically to satisfy regulators or internal compliance requirements. appraise plans and then measure impact on an on-going Although organisations are required to meet regulatory or basis." internal compliance requirements, they need to break out Given the increasingly high profi le reports on data of this way of thinking about information security or the loss, credit card fraud and internet hacking, it is clear that bigger picture will be missed. having a solid cyber security programme in place is key "With all due respect to those engaged in this work, in good IT security practices. By ensuring that employees information security often falls to a senior manager are at the heart of this, it will underpin the organisation's within the IT or risk function who might lack appropriate approach to security and maximise protection. Securit y awar eness 48% www.fsteurope.com 77 FST speaks with Markus Schulz, Chief Compliance Officer at a major global insurance company, about his personal views on the challenges of a tighter, post-crisis regulatory regime. Some financial organisations are reporting a huge increase in compliance workload as a result of growing regulatory requirements. Is that something you're seeing and if so, how are you coping with it? Markus Schulz. There are indeed a number, one could even say a large number, of new and revised regulations on the horizon and perhaps even more ideas and concepts where it is unclear at the moment if they will make it into regulation. However, there is one aspect that I think is important to realise for many of the regulations, to see where there are potential differences between the various sectors, such as insurance is not the same as Banking. Therefore, it is important that the public and the private sector work closely together to establish where these potential differences are and what they mean for new regulations. It's maybe more than ever a case of not one-size-fits-all and that's something I see many corporations engaging in right now. One example for this is Solvency II, which is one of the aspects where it seems to be critical to differentiate amongst the various industries and business lines and sometimes maybe even within those business lines. I believe that all industries are keen to have the right solvency levels, but right needs to be defined well and also in relation to the market standards of an industry where historically some have held higher solvency levels than others. It won't be beneficial for the markets and the consumers if unrealistic solvency requirements are established that cannot be met. But this is also an opportunity to create a level playing field by introducing the right requirements. I don't believe that anyone is completely relaxed about the new wave of regulations and this may vary institution by institution, but there only a few things that some large companies in the financial services industry may have not started working on already in advance of it becoming a new regulation, which is the last step in a long process. One aspect that is behind many of the new regulations is the concept of treating customers fairly. While every company has a kind of customer centric approach it is more a focus than ever. In the UK for example we have the retail distribution review and in other countries there are similar developments requiring distributors to change their models and for producers to see how to best serve this new market set-up. After the Lehman's story we have seen an even bigger regulatory focus on marketing material disclosure, ease of language, ease of marketing material and meeting customer needs, which is not new to the industry, but has requested a lot from compliance functions and the business to ensure there is no ambiguity towards the customer and that customers have a fair chance to understand what they are buying. This is also the objective of the Packed Retail Investment Products (PRIP) review work on EU level at the moment. Is tackling these challenges more a case of optimising processes rather than simply hiring more compliance officers? MS. This varies by company and when talking to my colleagues, some have staffed up and others have rearranged matters and reprioritised. What I noticed is that there seems to be a noticeable increase on the solvency teams where some additional manpower is often necessary to meet short time lines. Some companies don't seem to have made any major changes, which could be an indication that they started a little earlier with some of this giving them a longer period to meet the objectives. One of the big buzz phrases we often hear from regulators is that they want to see compliance `in the DNA of the organisation'. What does this mean to you? MS. I use that expression for years and truly believe in it. Compliance cannot be an activity that's pushed on to the business from the outside. Compliance must be embedded in the business, ideally to a point that employees never even think about it, it simply happens. You want to have people doing the right thing automatically and not because someone stands behind them telling them what to do and how to do it. To get there, this of course takes time, focus, efforts and the right approach. Have the events of the last few years had an impact on these kinds of efforts? MS. Absolutely! On one hand we have more regulations, or perhaps it is better to say more visible regulations and public talk about them that reach many more people then before, so regulatory compliance means something different to many people than a few years ago. At the same time the economic downturn has resulted in some companies reducing staff, which can put the remaining teams under pressure to do the same with less. So while we have a better understanding and appreciation of regulatory compliance in a broader community of people, there is the increased risk through additional pressures. Th is is not necessarily always balancing itself out There always is the risk that people may take shortcuts and this potentially is more so the case in a downturn then normally, but that requires more monitoring and oversight than you had to do before and establish additional Key Risk Indicators and controls creating a sound early warning system. The other side of compliance is demonstrating to the regulators that you're working towards these goals. What do you have to do to satisfy these requirements? MS. I guess it comes down to having a solid compliance approach, a solid compliance programme and of course having the right monitoring, oversight and quality assurance on your programme. Quite often I've seen companies that establish a new compliance programme by sending out a policy and then basically that's it. But that's not it. You cannot just send out the policy saying, "We have a new compliance programme on this topic." There's much more required to it, even down to sample testing. So you have to have the first line, the business, really embedded in the compliance thinking and for them to adopt it into their DNA. Compliance needs to help translate what it actually means in day-to-day life and assist in adjusting the processes. Then you need to test it regularly and monitor, maintaining oversight from a compliance perspective. You also have to audit regularly to test that the first line and the second line is really doing what they're saying they're doing. If you can demonstrate that, and you have that approach and process in place as a standard in your firm, then this is something you can use to demonstrate your compliance to regulators. From the outside that sounds like quite a lot of work. Does it take a lot of time and effort to get all those things running in the way that's going to satisfy regulators? MS. It is a lot of time and effort, particularly if you do it as an ad hoc one off task. However, if you embed it as a regular task and a regular activity right from the outset it is much more simple to keep an eye on. I'll give you an example: if you implement a new compliance process with the business and establish from the outset the right key risk indicators, with maybe a dashboard or a report that you create on a regular basis � hopefully automated where you can � thereafter you can monitor these reports and go back to the business if you see certain indicators pointing in a direction. That's what's also called `desk monitoring'. You don't have to go anywhere, rather you can just look at the material on your desk. Although it shall be noted that this is only one element to provide assurance. Does this kind of work ever hamper agility in business? Does it get in the way of core activities? MS. There can be these complaints from the business and I am sure some Compliance officers hear that more than once. If you're not doing it right, you will be seen by management as an impediment to the business and that you're slowing things down. Of course there is that risk, but on the other hand we have seen how expensive it can become if you don't get compliance right the fi rst time. I'd rather have it right first time and right by design rather than spending time on rectifying situations. People understand that and see the value of it now, but you have to constantly work on it, particularly when you hire new people, as they won't be familiar with your company's way of doing things. Do you think that businesses are really seeing the need for increasingly stringent compliance and risk controls, compared to the more relaxed rules that were around previously? MS. There sometimes is the belief that some of it is over reaction. In those cases you will need to work with them to make them understand why and what the consequences can be if a company gets it wrong. Easier said than done and sometimes it poses a real challenge, but not an insurmountable one. But ultimately they are as sceptical as they have ever been. So you still need to invest the same amount of time and effort to allow people to see that this is the right thing to do. However, once they're convinced they just get on and do it. Is there any way that you can spin these activities into something that genuinely benefit the business or are they always going to be a necessary evil related to regulation? MS. Of course any compliance function likes to say that they bring an added value. There are good examples out 80 www.fsteurope.com there where compliance has helped to prevent business losses or has helped the business to differentiate itself in the market. It is not always easy to fi nd those cases within the organisation, but they are excellent messaging tools when being used as examples. At the same time, however, a compliance officer needs to be aware of all the alleged cases where there are complaints about how compliance has actually caused the organisation to lose business. It's worth having a look at some, as it's rare that compliance was the reason for losing the business, but it is an often used argument to hide behind. In the end I fi rmly believe that a robust compliance framework should allow the business to be more agile and enable them to turn new and non-standard situations into opportunities, when they can rely on the right compliance framework supporting them. There is a lot of talk of the need for greater transparency in the way financial institutions manage processes relating to risk and compliance. Is this an issue that you are looking at? MS. My background is in banking and there they've been dealing with various regulatory requests related to transparency, such as cross-border payments for some time. Today the transparency focus may have shifted, but is as prominent or even more so, for example, when it comes to commissions. The other dimension is transparency in regards to taxes and untaxed funds. We all have been able to read the press coverage on this in recent months and this will be a topic on the agenda for the foreseeable future. Companies addressing the challenges stemming from this differently and there is not an industry-wide approach to it. Some may opt to have a rigorous approach and exclude entire lines of business to be on the safe side and others may opt to look at individual cases. And of course any hybrid in between. Th is very much depends on the control framework of each institution and their ability to differentiate by product or even customer Insurance is a long tail business. It's not something that you do five years and you're out. Therefore you really need to think about your reputation in the long-term. You've said that you see some firms ahead of the curve with regulation and compliance and that you'd been working before the rules came down. So where do you see the priorities going forward over the next 18 to 24 months? MS. Solvency II must be number one priority for everybody. Of course another big topic is anti-bribery and anticorruption and data privacy. Tax related regulations will battle for number one priority in the coming months with all the other regulations ou or in the pipeline. These are things we're working on and they're not new. We've working on them for a while, but I certainly think they will be a dominant point on the agenda for the next few weeks, months or maybe even years. Moving together? Schulz responds to the news that the G20 plans to allow different territories to implement regulation at different times, according to individual economic needs. I think this can have a significant impact. I believe it has to be a level playing field otherwise we will see market distortion and regulatory arbitrage. Let's say one country moves forward in isolation with a significant new regulation that will require firms to change their way of doing business and every change will cost money in the complex and interconnected world we operate in. Should other jurisdictions not do something similar then there is the risk that some activities may be shifted to other territories where it may not be required to change processes and operations. This can not be in the interest of the G20. Many financial services and products can be operated out of many different territories and have an immediate global reach. Maybe the financial services industry is the most globalised one, as it will often only require shifting processes to operate in another territory and not factories and machines. Therefore these changes can take place rapidly and frequently if required. So the more consensus there is on the major items, the better it will be for the consumer and the markets as a whole. We have seen what can happen when regulatory arbitrage is exploited in the past and in the end the consumer may be affected. One topic that has received significant press coverage is the introduction of executive compensation caps. At the moment that some countries establish it and others don't, we may see head offices moving over time and executives sitting in other locations and on contracts of other jurisdictions. Most executives spend much of their time on the road any how, so where they start from may not make a difference to some Clear market rules, global alignment and a consistent framework will allow for more business opportunities, faster developments, cheaper operations and an overall benefit to consumers and companies operating in a healthy sustainable environment. www.fsteurope.com 81 PROJECT FOCUS Process improvement drives GRC success How Nimbus Partners helps banking and insurance clients achieve transparency and employee engagement for governance, risk controls and compliance success. W hen ING SW Europe started a Compliance Maturity Programme it turned to Nimbus for guidance on business process optimisation. Having evaluated compliance operation changes imposed by MiFID regulations, it became apparent that an eightfold increase in capacity was needed. ING and Nimbus ran a process definition workshop with several compliance officers. As a result ING obtained a complete end-to-end view of the processes in question and were able to identify many opportunities for process optimisation and elimination of manual procedures. The next step was to build the required automation. Capacity issues within IT forced ING to outsource development and hosting. Nimbus' hosted soft ware-as-a-service capability was selected so that no soft ware needed to be installed on ING's infrastructure. A technical specification was built from the process content, which after a couple of reviews with ING was handed to the development team who started work straight away. Within three months the capacity increase was achieved. The application has been rolled-out across the whole SWE region in 2009 and in 2010 is rolling-out internationally. Further compliance automation projects have been similarly developed and delivered by Nimbus for ING, including fi nancial instrument trade approvals, insider registration, gift and entertainment registration and outside positions registration. Further modules are being added including Contract Insider, Services Insider and Document Registration. As a consequence of the success enjoyed by ING, Nimbus has packaged the applications as the "Nimbus Compliance Suite" to make them available to other clients. Antony Bream is Global Head of Nimbus' Financial Services Practice and has spearheaded its growth since 2004. Nimbus' recent customer engagements include RBS, RBC, Northern Trust, HSBC, Allianz and ZFS. which integrates processes, risk, controls and KPI's. Interaction is driven through Nimbus Control's "Action Management" module which helps push personalised workflow tasks to users, such as attestations, risk control self certifications, reminders and escalations. In addition to soft ware, Nimbus provided a global professional services team, working across three global hubs to help capture over 4000 processes in four months, and established a Center of Excellence to ensure the content is consistent and kept up-to-date. The result: One source of the truth for business processes, risks, controls, KPI's and associated tasks. Transparency from global overview down to operating departments and individual control instances. Consistent data capture, reporting and behaviour by all risk and control officers, irrespective of department or region. Clear understanding of how risks, controls and compliance obligations interlink and how they impact the banks operations. Easier audit, with evidence of consistent data, consistent management control and stakeholder engagement. "Nimbus Control provided a process view that greatly facilitated the definition of requirements between compliance specialists and developers. Our cost per transaction reduced from 16 to less than 3, and we have exceeded our target for automatic processing." Erik Werson, Programme Director � SWE Compliance Maturity Programme, ING Customer: ING � South West Europe Managing risk In another example, Nimbus has been working with this international investment bank on a risk and controls project for 18 months. Following a FSA audit the bank decided to establish a global, consistent GRC framework, which transcended traditionally siloed, product-aligned departments. The historic approach to managing risk and controls through spreadsheets had not provided the required oversight. The bank adopted Nimbus Control to create a transparent business process model, together with a consistent risks and controls framework. Th is is being deployed to all required employees via a Microsoft SharePoint portal, Challenge: Achieve MiFID compliance and an eightfold increase in trade request approvals, whilst reducing processing costs and improving control and reporting Solution: Business process standardisation across local compliance teams, substantial process automation eliminating manual steps and email. Used Nimbus Control for process improvement and Nimbus Compliance Suite for automation. Benefits: Eightfold increase in trade request compliance transactions, cost per transaction down from 16 to less than 3. Compliance officers now able to concentrate on value adding tasks. Obtained real-time compliance reporting. 82 www.fsteurope.com CUSTOMER RELATIONSHIPS The customer is king With so little to differentiate between you and the competition these days, customer experience is a key part of your arsenal. FST looks at the value of customer relationship management in the enterprise. hile fi nancial soft ware and technology has improved in leaps and bounds over the past decade, the customer has been left by the wayside. However, in the aftermath of the economic crisis, issues of trust and confidence are becoming increasingly important in the fight for business. Indeed, studies have shown that a five percent increase in customer retention increases a bank's profitability by an average of 50 percent. A customer relationship management (CRM) strategy, that focuses on optimising profitability, revenue and customer satisfaction by implementing customer-centric processes, is becoming progressively more popular, meeting the most demanding requirements from fi nancial services institutions. So what are the business benefits behind a successful CRM strategy? One of the biggest is the development of better relations with existing customers, leading to: increased sales through better timing of anticipating needs based on historic trends; identifying needs more effectively by understanding specific customer requirements; crossselling of other products by highlighting and suggesting alternatives or enhancements; identifying which of your customers are profitable and which are not. Early beneficiaries of successful CRM strategies have mainly been banks. Th is is due to the use of data mining technologies to learn from the millions of transactions and interaction with their customers. Bank of America, for example, has pursued a CRM strategy both in response to changing market conditions and the challenge of new W technology. By combining customer profitability with channel preference modelling, it is refi ning the products and services it has refined products and services it offers and leveraging information to improve the effectiveness of its marketing. However, not all fi nancial institutions have been so successful. A recent report from Gartner, Three Steps to Create a CRM Strategy, identifies the three key processes that need to be involved in a successful CRM plan. Ed Thompson, Vice President at Gartner, explains that following these three steps will provide a solid framework for CRM success. "A CRM strategy cannot be developed in isolation, and it must build on existing sales or marketing strategies that are already in use." Gartner defi nes the three steps as setting the destination, auditing the current situation and mapping the journey to the destination. By setting a destination managers are urged to examine the various defi nitions of CRM and identify why the company wants the initiative in place and what results it hopes to achieve. Auditing the current situation begins with a full assessment of past initiatives and understanding what needs to be changed. Mapping the journey involves identifying the steps to achieve the vision. "Setting the destination, auditing the current situation and mapping the journey is an iterative process that may require several revisions before a fi nal CRM strategy is developed," says Thompson. "The challenge is to avoid rushing the development process, as the company may be committed to many years of change." 84 www.fsteurope.com Business benefits Michael Thomas, National President of the CRM Association, explains the importance of a solid CRM strategy. Is it possible to increase retention and grow relationships through customer interaction? Michael Thomas. I feel that effective customer interaction is vital today mainly due to the competitive atmosphere and power shift that benefits the customer. Customer satisfaction does not always mean what it implies, in order to increase retention and growing relationships you want to create advocates. The mere fact that a customer would refer business is a great indication of a win-win scenario. The customer lives in a world of Web 2.0 practices where collaboration that is created by Web 2.0 it can be good and bad. A customer advocate can only enhance their experience and give a company a great venue to improve products, interactions and positive earnings. How important is it to be able to leverage customer data to drive value-based product recommendations and cross/up sell offers and enhance customer experience? MT. One size does not fit all, and having good data to reveal the best characteristics of your best customer will give a marketing executive the ability to model and seek out like companies to sell to. Having this data can also lend direction to enhancing current products and planning for additional products to roll out. It is very important to know the good, bad and ugly of your customer data. Being able to model behaviour and buying trends will keep you from marketing incorrect messages to the wrong people thus causing a low ROI on marketing dol- lars. Enhancing the customer experience will assist in gathering more share of the customer's wallet. Can CRM be used to leverage event-based marketing? MT. If CRM is used properly and information is tracked properly used to create a profi le that can be leveraged by events so the right message gets to the right person at the right time. CRM in this case is tracking company information in all three components, marketing, sales and service. What are the business benefits of outsourcing customer care to a specialist? MT. What you have to realise is that you are outsourcing the main touch points of the customer to someone outside of your company. Having this outsourced specialist contact may look good on the surface but if there is a disconnect with your company's values it can spell disaster. It is very important that ramping up a specialist with the right company training and setting up the right metrics to track what is going on. In your opinion, what issues in general need addressing in the industry? MT. I think companies have to rethink their CRM strategy and migrate it to a more Customer Experience Management model. Earlier CRM initiatives were pretty much one-sided and one directional. The emphasis today should focus on aligning their CRM strategy, with the customer facing employees and making sure that the customer is actually receiving and acting upon this strategy. www.fsteurope.com 85 ASK THE EXPERT An integrated communication strategy Rhys Morgan explains why simply knowing your customer is not enough. T he crisis of confidence and trust in banking in the post credit crunch world throws up new challenges in the battle for customer loyalty, but it also presents new opportunities to not only keep customers, but increase revenue. If that sounds too good to be true, well it's not. Other business sectors have been there and done that. It takes vision, it means doing things differently from the way they have always been done and yes, it means some investment, but the ROI is impressive � and compelling. It all starts with how you talk to customers, what you say, how and when you say it and what it tells them about how they are valued. Know Your Customer (KYC) is taken as read. But it is only the start. You must look outside the often cloistered walls of corporate banking and finance and "Technology has the answer, but it won't solve the problem unless banks and finance houses are prepared to go half way to meet it" learn from other business sectors who have enjoyed high levels of customer trust and who have had to fight tooth and nail in the face of fierce competition and tight budgets to keep one step ahead of the competition and still grow their businesses. For the successful, the key has been much slicker, includes more specific targeting and much more imaginative customer communications driven by high levels of personalisation instead of the general round robins and quickly binned inserts that were once the staple of direct marketing. Communication is a two-way street, it means offering customers a choice of how, where and when they are addressed and respond accordingly. We live in a multi-channel world; emails, SMS, phone, print, web or any combination need to be harnessed to get the message across. Every reason for contact, however routine needs to be made the most of. At the same time the customer must not get the impression that the right hand doesn't know what the left is doing or that to the banks they are, after all, just a number. Technology has the answer, but it won't solve the problem unless banks and fi nance houses are prepared to go half way to meet it. Sophisticated current soft ware frees up organisations from limiting their communications strategy to fit in with what is, or was, technically possible. Instead it inspires them to start from what they would ideally like to be able to do with the knowledge that they can now acquire about their customers. In fact they can achieve it much faster, with less staff, at a lower unit cost and with much, much greater effectiveness than before. It's rather like the progress of computers, where today's tiny hand-held devices we all use do more than yesterday's mainframes, that only backroom boffi ns could understand and operate. In terms of communication, the new solutions mean that instead of IT staff deciding what can be done, personnel throughout an organisation, anywhere in the world, and their service suppliers can collaborate as never before to speedily create, trial and produce a completely integrated communication strategy. Traditional departmental and functional barriers should not be allowed to be barriers to progress. Centralised marketing and sales teams, back and front office, call centres or regional management teams can all be involved in the total customer communication experience with their input and access automatically managed. Around the world fi nancial institutions are putting their toes in the water and trialling this new approach. The results speak for themselves. For the UK's beleaguered banking sector, the case studies make compulsive reading. Rhys Morgan, a Chartered Electrical Engineer, joined GMC in 2008 having previously worked for a number of blue chip companies in the industrial engineering sector and laterally enterprise software solutions sector. He managed a number of high profile projects before moving into sales and regional management. 86 www.fsteurope.com ASK THE EXPERT Printer performance A look at the importance of high-quality printing in an IT purchasing strategy. P rinters are all too often overlooked in an IT purchasing strategy � and this is a great shame. Your printers directly produce the material customers and business partners see, and they also represent a large and mostly unmanaged cost to your business. Printers are easily managed and the decision criteria can be easily understood. Printer choices are being driven by the recession and a new environmental awareness � backed up increasingly by regulations. That's why printer makers are responding to these demands, and the market is moving into a new phase. Users will be choosing to have fewer printers, but larger, more efficient and smarter printers. They may increasingly also choose to buy a print service instead of running and managing all. If you understand the direction of the market, and the specifications of existing printers, and if you can calculate the output you require, you can compare the likely total cost of ownership for a range of models, and find the one that suits your needs best. Money may be tight, but people are still prepared to pay for quality printing, says Dell's Senior Manager of SMB printers, Steven Mast. "Companies do want to reduce costs, but they'll be doing that by applying efficiency practices," he says. The recession has hit many printer manufacturers hard, as companies put capital acquisitions on hold while looking for more economical office solutions. But Mast claims that there is still a demand for high quality printing technology. "I think we saw a significant impact from the economic recession on pretty much every part of the printer business � the whole space � from inkjets all the way up to the high end boxes," he says. "We did see that our toner sales actually held up fairly well over the course of this year, which to me serves as an indication that customers are still out there printing, they are just trying to extend the life of their existing products as long as they possibly can." That's probably just as well, since the company has pushed the performance boundary with their fastest A4size colour laser printer, the 5130cnd, which can process up to 45 pages per minute. It's aimed at medium to large size businesses with heavy printing needs and Mast says its cost of ownership should appeal. "We put duplexers on the vast majority of our product line up, and we offer it as standard on everything in our mid and high-range products." Despite the demand for high performance, multifunction printers and advanced features are still wanted, says Mast: "We did not see a move away from colour or a move away from MFPs [multifunction printers] last year, so we did not see any effect of customers saying `OK I no longer want colour � I'm just going to stick with the cheapest black-and-white box that I can.'" Demand for these features is, in part, kept up by the fact that these printers are smart enough to keep the costs under control, he adds: "When you buy a box we provide tools for our customer that allow them to have a colour box deployed in their network, but only allow certain users to print in colour on it. You can still get a colour box � for a very competitive price � but if you only want a couple of users to be able to print in colour you can lock the other users just to print in mono." "Companies do want to reduce costs, but they'll be doing that by applying efficiency practices" Steven Mast manages the Global Imaging Product Management team for Dell's Consumer and SMB segments. Mast has been at Dell for 12 years concentrating on product and programme management. Prior to Dell, Mast was a Senior Manager with Deloitte Consulting's Supply Chain Management practice and holds an MBA from Duke University and a BSCE from the University of Texas at Austin. 88 www.fsteurope.com DOCUMENT MANAGEMENT hat's you r W t y p e? Making sense of managed print services. By Amanda Hutchins 90 www.fsteurope.com I n its simplest terms, managed print services is the movement from the traditional decentralised process for purchasing document production equipment (printers, copiers, faxes, and multifunction devices), services and supplies, to one of outsourcing the management of all or part of the document production and management process to an internal or external department for centralised management and control. While it is possible to do this with an internal organisation most fi rms fi nd that they can achieve the greatest benefit and optimisation by using an external organisation, which is focused upon providing MPS. To understand why MPS has become so popular you have to first understand the facts about a normal, medium-sized organisation's hardcopy fleet. The average cost of the fleet is nearly 560,000 year for a firm with 750 employees. That same fleet will require 3700 hours of IT support, will use over 33,000 kWh of electricity and generate over 85.73 tonnes of carbon emissions. Keep in mind that is equivalent to the total CO2 output of 16 cars over an entire year. Prior to implementing an MPS engagement, the majority of fi rms have a ratio of 2.2:1 employees per hardcopy devices. After implementing an MPS engagement, the ratio is 5.7:1. As is evident, a hardcopy fleet that isn't managed properly can be time consuming and a money guzzler, not to mention hard on the environment. MPS has repeatedly been shown to save organisations of all different shapes and sizes across the world money, time and resources. Below are a few of the hundreds of examples of organisations that have saved time, money, and resources by implementing MPS. DOW Chemical was able to achieve a saving of almost 17 million while reducing the number of devices by 10,500. The Department of Ecology at the University of Washington was able to save 160,000 in their first year of implementing a MPS programme. Altruist Financial was able to improve work efficiency by 50 percent by implementing document workflow enhancements. Korea Exchange Bank was able to reduce their annual direct costs by 20 percent. In fact, savings are so significant some government organisations are mandating MPS. In January of 2010, the state of Washington passed a bill, which requires all state agencies with 1000 or more employees to adopt an MPS programme. Research tools Two studies are used in determining the current state of the managed print services market: 2009 MPS Market Size, Share and Forecast and the 2009 MPS Decision Maker Tracking Study. The forecast compiles revenue data for hardware, supplies, services, management, and devices under contract. This information can be viewed globally, or by country. The MPS Decision Maker Tracking Study collects demographics, purchase metrics, and brand metrics from decision makers in the MPS field. Currently this study collects data in North America and Western Europe (Germany, France, UK) and is being conducted in Asia Pacific in 2010. Market forecast Photizo Group predicts that in 2010 the MPS market will make up 29 percent of the global market for hard copy document output. B0y 2013 MPS will account for over half of the industry's revenue. Photizo Group developed three stages to give a framework for describing the customer adoption process used for MPS. The stages have been expanded to better address the steps within each stage. Stage 1 is the control stage, which includes assessments, understanding the user requirements, and planning. Stage 2 has been expanded into Stage 2a and Stage 2b. Stage 2a is optimise, which includes fleet consolidation, right sizing, and asset deployment. Stage 2b is asset management, which includes on-going, proactive fleet management including redeployment, updating, changing, and deleting devices based on the economics of operating costs and expected savings. Stage 3 has been expanded into Stage 3a and Stage 3b. Stage www.fsteurope.com 91 3a is document management, which includes simple document management, document workflow, and document archiving. Stage 3b is business process optimisation, which includes process analysis, consulting, workflow analysis, and business process improvement. Th is is all shown in the Expanded Customer Adoption Model Chart. These stages represent the typical lifecycle for adopting MPS. Th is process can take months or several years depending upon the complexity and size of the organisation. It has been a long held myth that MPS is just for large organisations. Recent data has shown that this is changing. In North America small businesses account for 21 percent of the MPS engagements and medium businesses account for 33 percent. In Western Europe, small and medium businesses each account for 26 percent of the MPS engagements. Some other common characteristics of MPS decision makers are: � In North America, three industries comprise the majority of the respondents (manufacturing, fi nance and banking, and other). � In Western Europe, three industries comprise almost half of the respondents (manufacturing, fi nance and banking, and retail or wholesale). � The majority of MPS contracts are at multiple domestic sites within a single country. � There is a high level of interest in MPS and those organisations that are slow to adopt MPS will miss out on savings, improvements in productivity, and lose competitive advantage. � The decision making process is complex and involves all decision makers. Th is implies that vendors cannot expect to win by influencing a single `influencer' category for their specific technology but rather, must engage across a spectrum of decision makers to win the engagement. The brand strength index represents the likelihood of initial purchase. The higher the brand strength the greater the likelihood of purchase. Brand strength is comprised of a single vendor's scores on unaided awareness, familiarity, and consideration. Unaided awareness shows what brands people have in the front of their minds. Respondents are asked what brand names they are aware of, without any being supplied to them. Familiarity represents how well known the brand name is to the respondent. The more familiar the name the higher the likelihood of initial purchase. Consideration is how likely the respondent would think of the brand name in the future. Just like familiarity, the higher the consideration the higher the likelihood of initial purchase. In North America and Western Europe the same vendors fi ll the top three spots for brand strength, but not in the same order. In North America, the top three brand strength vendors are HP, Xerox, and Canon. In Western Europe it is Xerox, Canon, and HP. The brand experience index represents the likelihood of repeat purchase. The higher the brand experience the greater the likelihood of repeat purchase. Brand experience is comprised of a single vendor's scores on satisfaction and recommendation. Satisfaction represents how satisfied the respondent is with their current vendor in terms of different factors. Satisfaction is important because it gives vendors an idea of where they are lacking and need improvement. Recommendation represents how likely the respondent is to suggest the vendor to others. Th is is a critical component of loyalty, because many customers say they are satisfied with a vendor but are not willing to recommend them. The willingness of the customer to recommend a company can overlap into many different areas, not just brand experience. In North America and Western Europe there is a difference between the vendors that lead in brand experience. In North America, HP, Xerox, and Canon lead for brand experience. In Western Europe, Global Imaging Systems, Xerox, and InfoPrint lead for brand experience. Xerox is the only company that is a top three leader in both North America and Western Europe. "It is essential to keep an open dialogue with vendors. The more open an organisation is in terms of sharing its objectives, the better the vendor's solution can be" Conclusion Organisations continue to look for ways to save money and reduce their impact on the environment. Implementing an MPS programme can save an organisation a substantial amount of money over time. The MPS market is evolving and growing and with that comes the realisation of the immense savings MPS can bring. However there are a number of factors companies must consider before implementing an MPS. It is vital to think about the organisation's needs and what is most important to the organisation. For instance, is a vendor that is skilled in managing the change environment more important than a vendor that is skilled in environmental sustainability? This year Photizo Group is publishes a global Satisfaction and Loyalty Report. This report ranks vendors on many different satisfaction and loyalty factors, which helps end-users determine the vendors that match their needs the best. When considering a vendor, also consider the software that vendor uses. All software tools are different. Depending on your contract, you could have a lot of interaction with MPS software. It is also important to develop a `road map' for the future of printing in the organisation. Most contracts last three to five years. For this reason, companies should think about where they want their managed print services to be in that period. For most organisations, it isn't feasible to implement every part of the MPS in a year. It may be more feasible to switch out all of the devices in the fi rst year, start removing the in-house resources during the second year, and have everything completely outsourced in the third year. Finally, it is essential to keep an open dialogue with vendors. The more open an organisation is in terms of sharing its objectives, the better the vendor's solution can be. It's also worth getting expert, independent advice, which may be more objective than proposals from vendors, who still want to sell hardware. Amanda Hutchins is Market Research Manager for Photizo Group. 92 www.fsteurope.com INDUSTRY INSIGHT The next big step Adrian Butcher on the importance of personalised customer collaboration and the use of the internet in the 21st century fight for consumers. he fi rst phase of internet banking is wellestablished, fulfi lling its vital role in many ways. Costs per transaction � payments out, for example � are a fraction of their branch-based equivalent and combined with card transactions are helping towards the demise of expensive cheque processes. Customers can access secure service 24/7/365 from home. Branch staff, aided by in-branch terminals and the web, can increasingly re-deploy to enhanced customer service and sales. So already, a revolution has commenced. Whilst changing customer behaviours takes time, the combined impact of the web as a B2C or B2B medium in all sectors has `turbocharged' the change for all of them, including fi nancial services, with new services adopted ever more rapidly. T alised service in the new world of always-on and � with regulators in mind � always right, always recorded. Future service The new customer service world will inevitably include the new � social media � not just as a marketing tool (YouTube, Twitter etc) but for personalised customer collaboration and dialogue. No longer a gimmick for younger customers, this could be something firms have wanted for 15 years � instant and secure customer communications that email is not trusted to provide. Social media has another valuable lesson for financial services firms � video communication, the most persuasive, is now cheap to distribute � what would a TV station charge for several minutes viewed 60 million times (they can't even offer that) � achieved by unknown singer, Susan Boyle, in a few weeks. Super-premium customer service Enter phase two Phase one largely looked at the basics � simple transactions, balance checks etc. � addressing what customers do in greatest volumes; banks appreciated the low costs and customers the service flexibility, but both would recognise this as commodity service, not competitive differentiation. Furthermore, it effectively `re-purposed' structured information that companies already handled well. Phase two addresses the world of unstructured information, placed in context with structured information, therefore having some structure attached, via metadata. Th is relates to all customer dialogue, not just transactions, in a multi-channel environment � branch, contact centre, web, perhaps third party channel � in a variety of electronic and paper `documents' flowing from fi rm-to-customer, customer-to-firm, including marketing and sales communications used by customers in making decisions. We can describe its aims in somewhat circular terms: a 360-degree customer view (achieved by some of our utilities clients years ago) and � crucially � a more rounded customer relationship. We can now conceive previously unheard-of levels of service. For customers investing via the fi rm, perhaps a daily video update from key fund managers, to hear their latest thinking? The Asian early morning view at midnight in Western time zones? View your KYC details and request an update? A 24/7/365 instant correspondence service for customers particularly in need of fair treatment? Now, defi ning service levels for different customer segments can reflect needs more than cost criteria. "Now, defining service levels for different customer segments can reflect needs more than cost criteria" What does it take? Th is new service environment requires an integrated suite of enterprise content management (ECM) capabilities � managing documents of all kinds, integrating all channels, marshalling all customer-specific content and some non-specific content effectively to offer, provide, control, monitor and record the 360-degree customer relationship. Only major ECM suppliers like Open Text can offer this. Final word A student website started as a private joke accumulated 2000 followers in 24 hours and three weeks later reached 35 million hits, 30,000 information posts and spread to 50 British universities. The web moves at lightning speed. Customers can switch fi nancial service providers easily for the latest service offerings. Financial service providers who don't act soon may fi nd themselves uncompetitive faster than they thought possible. Back to the future Phase two will bring together past and future. Customers who remember `the bank manager' may recall personalised service, removed by fi rms both for more consistent customer dealings (granting loans etc) and cost control. Now, we want to re-introduce highly person- As Director for Value Engineering in EMEA, Adrian Butcher's function works with customers and customer segments to explore and quantify the business benefit potential and hence business cases for investment in the Open Text Enterprise Content Management (ECM) suite of capabilities. He sees innovations in customer service emerging in a range of industrial sectors, including financial services. 94 www.fsteurope.com CONTENT MANAGEMENT A brighter day Can ECM help the financial industry emerge from the darkness of the last few years? FST sits down with AIIM Europe's Doug Miles to find out. In a post-crisis world there is a huge amount of pressure on financial institutions to cut costs and increase efficiency, as well beefing up compliance. What role do ECM solutions play in this? Doug Miles. They certainly play the same sort of cost improvement roles that they've always played in terms of improving business process, particularly in forms processing and claims processing and that kind of thing. Interestingly we measure each year what the biggest driver is for ECM, and we've seen how compliance peaked in the 2005-2007 in the mid 20-percent range and then fell back as costs went up and up and the recession hit, with cost saving becoming the predominant driver. The financial sector is no different from other sectors here, heavily driven by improving costs. The main driver for ECM is improving costs and it's no different than other sectors. So even though compliance in theory would be a higher driver in finance, cost is king at the moment. Implementing any technological solution costs money. Do organisations that spend on ECM experience a true return on investment? DM. We do various surveys on return on investment of business process improvement and capture projects particularly. And, you know, about 50 percent show return in less than one year and about 70 percent normally show return in 18 months, which is a fast turnaround compared to most IT projects. With regards to the actual implementation of such solutions, what are the technical challenges involved in getting one off the ground? What options are open to organisations looking to do this? DM. Well, there are three different ways at the moment of choosing when you're going to run a capture project. You can run it as an outsource; so quite a number of companies are using subcontractors to have all of their inbound mail scanned by a bureau and then pulling it all across electronically into people's inboxes. You can do the same sort of process in-house but centralised. So you install a big mail scanner or a big incoming forms scanner and then distribute the scanned images around the business from there. Or you can go for a distributed platform, which means that you've got all your MFP's and branch office scanner standards all connected into similar a common platforms. You can then apply the same sort of content recognition from wherever you do the scanning, in order to feed the data from the forms back into the business processes. However, at the moment there seems to be a preference for in-house capture use because people are prepared to invest more money in the software in order to get an improved quality of capture recognition for scanning forms and documents rather than just sending around images and struggling with conversion software all around the business. Do you think the financial industry could learn anything from how other industries have employed content management solutions? DM. The closest analogy is probably national and local government, strangely, in that both industries process a lot of forms-based stuff and a lot of customer case-based stuff, all of which has got a vast capability for improvement through workf low. They should also be applying business processes management in a multi-process way rather than treating each one as a single process and implementing a point solution. Quite a few have applied solutions for claims management, but haven't really rolled it across some of their other processes, which are still fairly manual. Re-engaging with customers and rebuilding trust is obviously a major issue in the financial industry at present. What kind of applications does content management have in improving and strengthening the relationships between banks and customers? DM. To be honest, I think this is the biggest issue out there. Connecting together multiple repositories comes up as being the second most important priority in the financial sector after electronics records management. And that's largely driven as a result of all the M&A activity that's gone on in the financial sector. Organisations "Connecting together multiple repositories comes up as being the second most important priority in the financial sector after electronics records management" have got databases of customers sitting in help desk systems. They've got previous content management systems with customer records in, they have CRM systems with customer records, and any particular situation might involve staff needing to go into any of those systems, generally when the customer is on the phone. So there are two alternatives. One is to pull it all together in a new fresh system, a kind of `green field' approach. The other is provide a portalling system with a single sign-on that allows everyone to access and search across multiple repositories. One of the biggest drivers in the financial sector at the moment is to achieve a sort of linking together, particularly linking together CRM and the help desk systems with back office content management systems. There is also the issue of output. In situations where you're sending customers printed output or email output or text message output, you need to work to coordinate each of those channels together. There's a good term for that, which somebody told me the other day, which was `channel agnostic content management'. www.fsteurope.com 97 Part of the issue is that data comes in via so many different channels. You might send your insurance company a letter, you might then ring them up to follow that up, you might send a text message or a fax. So there are sorts of ways that the content can arrive, all of which have to do with either the same case, or certainly the same customer. If organisations are not fully agile in connecting together all their data, then the people dealing with this communication are completely in the dark as to what the customer's conversations with the business have been, knows about his contacts with them and they can't pull it all together, follow what the customer is saying to them. It's certainly where a lot of the pain is being felt by the customers. If you ask most customers, "What's the biggest problem that they are dealing with at the moment." Whether it's a utility company or a finance company, � it's usually horror story after horror story of, `They couldn't find my records. They put me through to a call desk in India. They know nothing about my circumstances.' It's all that kind of disconnect stuff that goes on. It tends to create very bad customer relations very quickly. The reason it's important in the financial sector is that all of these mergers and amalgamations that have been going on have just made the situation 10 times worse. Do you think this is something that is going to continue to be a problem in the post-crisis world where mergers have become more common? DM. I think where people are spending money � and they may be spending it on SharePoint or on other products to do this � is to actually build these portals that create one way in, so that staff users don't need multiple log-ins to access for all those different repositories they've got in order to see them. They're spending on interconnection access and search access. Then there's another factor that's coming in; case management, which is a big thing at the moment in ECM. It's a fairly vague term, but what it tends to mean is that for many functions you've oft en got some ad hoc processes that you have to follow. So you can't make those very rigid, as the people who are involved are not necessarily the same people each time for the different cases. Therefore, you have to have a fairly f lexible system that can pull in different contact people who've got different relationships, and are connected together with different channels of communications. This enables you to see that going through a dynamic workf low isn't necessarily as mappable as one that a standard process might take. What are you finding are the most common solutions to these issues? DM. We find when we ask people what their policy is on doing this, that about 35 percent are building a fresh ECM system from ground up. Then there's about 15 The upsetter Doug Miles explains how SharePoint is shaking up the ECM space. ne of the most interesting current trends is the arrival of SharePoint. People may or may not consider it to be an ECM product, but it certainly plays in the ECM area. For the first time, we're seeing 100 percent of office employees having license access into the content repository. So in the past companies couldn't afford to provide all 100 percent of their office workers with licenses for the ECM system. And what we're seeing now is a significant proportions of companies who are providing 100 percent access into SharePoint and are using it either for portalling or to store documents and even in some cases, records. The concept of ECM has been given a bit of a boost by the arrival of SharePoint because it genuinely can provide content services at a much lower cost which allows it to become truly enterprise-wide. AIIM's biggest problem, to be honest, is trying to work out what to do with SharePoint, and what to do about SharePoint. It is becoming a very dominant player and a lot of SharePoint implementations are being driven as part of the IT infrastructure, which relates back to what I was saying before, but without a great deal of information management expertise. Up until the 2010 release of SharePoint, the product itself didn't have a lot of information management capability built in. There is much more capability in the 2010 release, but unfortunately there's still a huge gulf between how the product should optimally be used to provide the best practice environment for information and records management, and the almost experimental way its being rolled out in some cases. and the knowledge that most organisations have to actually do that. So part of AIIM's objectives, therefore, is to try and train people better and make them more aware of those issues. Without that training, there's a risk that the content chaos that people currently have have outside of content management systems on their file shares and local drives, is just going to be replicated inside of SharePoint � especially if they let it carry on being implemented without any great upfront planning and policy making. O SharePoint adoption Office SharePoint server MOSS in use, 22% SharePoint 2010 in use or imminent use, 7% No and no plans, 28% Windows SharePoint services 3.0 WSS in use, 7% Implementing 2007, 16% Using 2003 but implementing 2007, 5% Plans in next 12-18 months, 13% Using SharePoint 2003, 8% 98 www.fsteurope.com Reasons for adoption 0% Improve efficiency Optimise business processes Compliance Mitigate risk Reduce costs Enable collaboration Improve customer service Faster trurnaround/improved response Competitive advantage 5% 10% 15% 20% 25% 30% Content Management Interoperability Services (CMIS) is the one that's showing most promise for connecting together disparate systems. And interestingly it's not just different ECM systems; it also connects different enterprise systems. So SAP are a player in that, and Oracle are also using it in their products. The industry is moving in the right direction to provide standard connections to bring these different things together, but we still find there's a huge level of disparate bespoke connection work going on to connect different enterprise systems to different records management systems and portals across the lot. It is an issue that can bite people because of the rate of upgrades to different enterprise systems. It's hard enough upgrading in the first instance, let alone when you've got to redo all your connections across all these repositories. Do you think there's enough cooperation across the industry in this area? DM. Truthfully, yes, it's very good. It's driven by the open-source crowd to some extent. They've obviously got a vested interest in it which is fair enough. Open source portals are quite popular and because things are more exposed they are more likely to be standardised. Do you envision a future where we have a pretty standard landscape where different systems can talk to each other? Or is that a pie in the sky idea? DM. It's getting there. I think about 15 to 20 percent of people said they would be looking at CMIS. It's something that needs to be driven by customer awareness of the fact that these types of systems and standards exist. If the user base don't know about it, then there's no real driver to force the manufacturers to supply it. But having said that, the popularity of the CMIS group and the support level is very strong. There are standards at the other end of things in terms of record management that are almost going the other way at the moment. For example, there are some very strong records management standards such as MoReq2 that have not been particularly appropriate to other vertical industries. They've come from government requirements, and national archive requirements, and they're not necessarily appropriate to fi nance and insurance itself. There's a move afoot to try and produce records management standards that are more vertically orientated. But that's quite a different scenario than connection standards. In terms of the best practice records management standards, we reached a point where it went too far and the industry couldn't keep up with the demands being made on it by some of the national archiving and standardisation grouping. So there's a bit of a move back to creating a more pragmatic standard that works across more industries � it's called MoReq 2010. Doug Miles is Executive Director for AIIM Europe. For more information go to www.aiim.org.uk 60% 50% 40% 30% 20% 10% 0% 2004 2005 2006 2007 2008 2009 2010 Cost/ efficiency Compliance/ risk Customer service Collaboration 0% Contract/customer/supplier litigation Financial reporting/Sarbanes-Oxley Your financial audit Your own ISO quality programmes Industry-specific regulations Employee regulations Health and safety regulations Competition/fair trading Patent protection 10% 20% 30% 40% 50% percent who aren't trying to connect things together at all. Most of the rest are doing either some sort of frontending, or portalling, or amalgamating SharePoint into some of their schemes with a back office records management. So there are a number of strategies that people are using, but it's interesting that there are still a third of people who are building from the ground up. Is there a lack of standards and if so, does that potentially slow down adoption and development? DM. Yes. Interoperability standards are an issue. The www.fsteurope.com 99 EXECUTIVE INTERVIEW A certain ratio Cliff Meltzer explains the benefits of service assurance and outlines the key business drivers and capabilities. How would you describe the benefits of service assurance in a nutshell? Cliff Meltzer. Imagine being told by a doctor: You may need a heart transplant, but I'm not quite sure why. Th is would be similar to a CIO who turns to his company, reports that the IT system is underperforming to the detriment of the business, but can only guess as to the cause, or to when the situation might improve. In the medical scenario, the patient would say they need a different cardiologist � but in the fi nancial services industry the business would say it needs a change of CIO. From a technology perspective, service assurance is a portfolio of discovery, monitoring, and visualization capabilities that enables organisations to link real end-user experience, transactions and applications with the underlying systems and network infrastructure supporting them so they can understand the real-time performance, risk and quality of business services across physical, virtual and cloud environments. How granular does measurement need to be? CM. If an organisation is unable to measure the performance of every critical infrastructure component and the dependent applications and business transactions, then they cannot detect where a problem may be, which means flying blind. A quality service assurance solution can pinpoint the root cause of an issue that's degrading the entire system. Is this particularly important to the world of financial services? CM. Th is is especially critical to fi nancial institutions competing on customer satisfaction, giving rise to a need for products that are granular and precise enough to spot problems before users suffer infuriating inconvenience � and the business loses revenue and customers. The ideal service assurance solution sets a baseline performance level by monitoring individual transactions. Then, when a threshold is breached, an alert is triggered and comprehensive information about each component impacting that transaction becomes instantly available to enable pre-emptive, or at least immediate, corrective action. Once they've tried it, can financial institutions ever go back to the days before automated service assurance? CM. In the same way consumers muse over how they ever managed without mobile phones, financial institutions look back at pre-service assurance days as the dark ages. After we install a service assurance solution, clients say they can now see how services are running and where things might be drifting, which they never had before. They tell me it's like turning on the lights to suddenly see everything that's critical to them. How does service assurance help cope with changing levels of end-user interaction? CM. Visibility of every component in a complex IT environment is crucial to handling upsurges in demand generated by new online products and internal applications. Financial institutions have been victims of their own success by releasing exciting new services without being able to cope with rocketing demand. Service assurance prod- ucts serve to determine capacity in a system and identify the point at which problems are likely to occur, based on usage trends. By the same token, a business needs to add or change applications quickly without worrying about negatively impacting the performance of other applications, transactions or services. "In the same way consumers muse over how they ever managed without mobile phones, financial institutions look back at pre-service assurance days as the dark ages" What is the number one issue keeping CIOs awake at night with worry? CM. The IT management industry is going through a paradigm shift with virtualization, cloud computing and Soft ware-as-a-Service. CIOs need to learn how to leverage new technologies in order to respond to business needs more rapidly � but this takes them out of an established comfort zone of guaranteeing performance and reliability. Service assurance is designed to enable organisations to make informed decisions and adapt to change, migrate to new technologies when viable, and select the best set of tools to meet dynamic business requirements. How would you describe general attitude to new IT trends among financial services organisations? CM. After working with large financial organisations for many years I would say they want evolution, not revolution. However, these and other companies should fight the reluctance to go to cloud, because it offers the ability to respond much more swift ly to a rapidly-changing IT environment. My advice is to start with a private cloud, which will provide experience, firewall comfort and business benefit � then evaluate those applications suitable to move to a public cloud, while maintaining a level of performance critical to their business. Cliff Meltzer is Chief Development Officer for the CA Technologies Centers of Innovation. He is focused on developing Infrastructure Management, Application Performance Management and Business Service Analytics products and solutions. Cliff joined CA Technologies in November 2009 from Apple Computer where he was vice president of CPU software, responsible for leading the development of platform dependent software across all Macintosh products. 100 www.fsteurope.com INDUSTRY INSIGHT Cloudy with a chance of services Kobi Korsah examines the future of cloud computing. A s I sat down to write this there was already a lot of cloud noise in the media. I noted with considerable interest that much coverage on the subject had even appeared as editorial in several respected non-IT publications over the last nine months. The fact is the world is keenly watching what would appear to be a seismic technology shift ; probably as important as the day Karl Benz first attached an internal combustion engine to the chassis of a horse cart to create the first car. Benz's insight provides a great example of how the inspired coupling of existing technologies has greatly enhanced life. The almost accidental advantage that combining mature technologies often brings is a powerful catalyst both for market creation and for business acceleration; and it continues to enhance the fortunes of modern day businesses such as Apple Computer with its iconic iPod and subsequent market shaping initiatives. But what does all this have to do with cloud computing, and more importantly fi nancial services? potentially damage reputations and even result in compliance challenges. It's life but not as we know it... Most components of the cloud predate it and the provision of fi nance IT services is heavily influenced by these developments. In addition, infrastructure and applications are often sourced from disparate organisations to complete a service with non-core capabilities such as credit checking. To keep business running smoothly, IT rightly places a tremendous amount of value on gathering and aggregating information on all underlying network and hardware throughput, and on monitoring availability and performance of revenue generating applications. However, what senior management tell us they are interested in is assuring service quality to ensure positive business outcomes; such as winning new business as a direct result of improvements in transaction speed. But further complexity is on the way. After a period of scepticism, some rather large fi nancial institutions are seriously examining the merits of cloud for selected services. In fact there are reports that the Infrastructure as a Service (IaaS) model is already being used to acquire additional computing power, when needed, to manage delicate high-value trading operations. Th is could be the case for a variety of sophisticated transactions in your complex operations. Many of which may require extra CPU capacity to reliably deliver instantaneous analysis for rapid decision-making about varying potential outcomes. Any latency in such a case could cause a missed step in a series of transactions, which could cost millions and It's all about your services One third of Europe's online population access banking services and mobile banking will reach one billion people by 2015. As more sophisticated services, channels, and delivery models proliferate; business services, cloudy or not, must be seamlessly delivered. Forecasts for the future of IT appear to be `cloudy with a chance of services' so the quest for clarity on cloud-derived service management is understandable. Cloud computing with its various derivatives and models presents a number of challenges. For example who will be in charge of and accountable for which bits of the evolved service model? Your business relies on the help of IT to achieve positive business outcomes, which puts the onus squarely upon IT to ensure that customer experiences are consistently good. Th is requires that revenue generating applications and IT infrastructure are highly available and perform, regardless of the degree to which they utilise external resources. As a result, any service providers you engage must have a framework for agreeing and guaranteeing acceptable levels of service so you can focus on enabling your business. In the near to medium term a sliding scale of shared responsibilities is the likely outcome. Ultimate responsibility for the quality of your services still lies with you; but having diligently assured infrastructure and applications for years a large piece of the solution to your service assured future is probably closer to home than you might think. Kobi Korsah is Product Marketing Director at CA, with EMEA responsibility for the company's Service Assurance portfolio; driving adoption and market development for application and infrastructure performance management solutions. His 15 years of product marketing experience is underpinned by a passion for ideas and methods for sustainable business advantage. www.fsteurope.com 101 SYSTEMS MANAGEMENT he most common reason for failing application performance management processes springs from a simple lack of understanding of the application. While people may well have enough know-how to solve the problem, the issue is that they lack sufficient data to grasp what is really happening within the application. To be able to tackle any problem it is essential to know what has happened and when, who has been affected and how, and fi nally exactly why the problem occurred. If you don't possess the data to answer these questions, then it is essential to fi nd it, otherwise everything that follows will be little more than guesswork. Even if you've already got a good idea about exactly what the problem is, you still need to get the data that proves your theory. Many perceive that the major goal of performance management is to resolve production problems, whereas in fact most of the work is around how to avoid problems by measuring what matters most to the management team. While most people are perfectly adequate in measuring technical aspects of their application performance man- T agement system, after speaking with their management they realise that this is not necessarily the information that is required. At this point Business Transaction Management (BTM) is a useful tool to implement as it looks at communicating performance aspects by relating low-level metrics to the context of the application, as opposed to simply the higher-level activities. And as with all activities based on measurement, it is vital that these measurements are right. The basic rule is that measurement results should be the same irrespective of who is measuring them, so it is fundamental that measurements are objectified � this includes the measurement method as well as the tooling. You also have to define how to interpret the measurement, which becomes even more important if you have to work across teams � if you can't agree on how to measure, how can you ever expect to compare results? Indeed, a prerequisite for talking with each other is using a language that all parties understand. Th is requires ensuring that everybody � from management to IT staff � understands what is being said. Th is language is generally referred to as Key Performance Indicators or KPIs. KPIs provide a common means for communications with all stakeholders, providing the necessary detail for coordi- HIGH Improving your application performance practices will undoubtedly impact the way you deal with application operation. FST takes a look at how to enhance your understanding of the function and ensure you are getting the most out of it. 102 www.fsteurope.com 80% of success is through 20% of the effort nation and planning � if not the detail required for daily work. The values you choose for your KPIs depend on your application, however each value should cover aspects like quality-of-service or provisioning information. BTM is a central concept used to collect information at this level, with more detailed measures then used to decide how to influence the KPIs in the direction you need to. For example, if you tell your boss that you cannot serve more than 300 concurrent users and he requests you to serve 1000, you have to figure out how to do that. Th is will then require you to look at memory consumption or CPU usage. Optimisation Performance management has to be a continuous activity, otherwise you cannot make optimal use of your measurements. Many people believe that top 10 reports are the ultimate answer to performance optimisation; by optimising the 10 slowest parts everything will be fi ne and working as efficiently as possible. While this approach may improve performance, it can easily become the wrong option: what if what is shown in the top 10 report is not the cause of the application running slower? By planning the direction in which you want to head, application performance management will allow you to continuously monitor your performance, enable you to understand trends and point out whether you are heading in the right direction. Another way to ensure that your application performance management tools are working efficiently is to look at doing the simple things first. There is no doubt the 80:20 rule applies here � you get 80 percent of the success by investing 20 percent of the effort. However, it seems to be the law of nature that people are much more attracted to getting the fi nal 20 percent of success. Some people for example will try to implement complex high-end caching systems before following simple performance best practices. While these technologies are great from a performance and scalability point of view they also require massive efforts, while an improved web caching strategy requires nearly zero implementation effort. "By planning the direction in which you want to head application performance management will allow you to continuously monitor your performance" A further example is when people decide to start with performance management and attempt to get everything fully automated from their CI environment over testing to production. While this is a good, solid goal and follows the Continuous APM idea to the letter, this endeavour is doomed to fail. It is vital to start with regular manual performance analysis first and then automate processes step by step as knowing what to measure is a prerequisite for automation. Finally, a point many people miss when implementing application performance management tools is to defi ne responsibility. Many people will feel responsible or nobody feels responsible, either way, if it is not clearly defined who is responsible then the result will always be chaos. The vital step to success is to defi ne who is responsible for performance in your company. Th is doesn't mean that they will have all the expertise to solve every problem � most likely they will only be able to get involved with the help of others in the organisation � but the individual's job is to ensure that all the necessary steps will be taken and the right people get involved at the right time. Application performance management should be a part of every company's soft ware processes. While failing to take into consideration some of the most important rules will lead to frustration, waste of resources and failure, there are simple steps that can be taken to ensure that you get the most out of implementing a performance management solution to the benefit of the entire organisation. www.fsteurope.com 103 ASK THE EXPERT Application performance problems Problems with application performance can negatively impact the bottom line of most businesses, says Gibu Mathew. D owntime of business applications affect business processes and causes revenue loss. Most organisations use their web applications as revenue-generating tools for their business. Any issues with these applications such as unexpected downtime will hinder the normal functioning of key business processes. In today's ultra-competitive market scenario, customers expect uninterrupted access to applications. Downtimes that occur during business hours can put them off and thereby result in significant revenue loss. It is therefore imperative for companies that they ensure continuous availability of their mission-critical applications. Poor application performance impacts employee productivity and morale thereby impacting business performance. When employees have to wait for a long time to complete a transaction or gather information, they begin to lose interest and their morale begins to decrease. Recent research indicates that end-users would typically wait between four and six seconds for a page to open before they abandon a session and move on to the next activity. For example, if a CRM application responds slowly, the sales people who use the application will get frustrated and might not keep the leads information up to date, which in turn affects the sales pipeline. Since employee productivity is directly tied to the success of key business processes, any dip in employee productivity can impact business performance. Traditional NSM tools are not good enough, complex IT infrastructure is hard to troubleshoot. Many traditional NSM tools are successful in monitoring uptime and speed of applications, but they are typically ineffective in tying the performance of these applications into the business processes they are supporting. Due to this, organisations are often forced to make decisions about streamlining key business processes without being in possession of all necessary data. It is not enough if you monitor just the network and servers. You need to monitor all applications too in order to understand which component of the infrastructure is experiencing problems. Having this information would allow them to identify the root causes of performance issues and make educated decisions about actions required to resolve performance problems in a timely manner. ManageEngine Applications Manager provides heterogeneous monitoring capability. You need to monitor all Gibu Mathew is currently Product Manager, Application Performance Management Solutions, at ManageEngine. the systems and applications in your network to make educated decisions about resolving performance problems. ManageEngine Applications Manager provides hundreds of performance metrics for monitoring a heterogeneous IT environment in a single console. It provides in-depth monitoring for servers, application servers, databases, ERPs such as SAP, web services, network services and an array of other application management capabilities that help IT administrators manage their resources effectively. Infrastructure performance management and enduser experience monitoring helps ensure application performance. Applications Manager constantly keeps track of resource availability and performance so that end-users are not affected due to poor quality of service. IT operators and administrators can view the critical status of resources and be notified of any problems in real-time. Applications Manager's capabilities allow organisations to monitor the quality of the end-user experience by creating synthetic transactions and measuring application response times and end-user experience for each of these transactions. End user experience monitoring is an invaluable addition to infrastructure performance monitoring because it helps deliver better quality of service to the service users. The ability to translate application performance metrics into business metrics such as employee productivity, customer satisfaction, etc. enables organisations to make educated decisions about the investments they need to make in optimising key business processes. ManageEngine's 90:10 promise gets you 90 percent of the features of the Big 4 at 10 percent of their price. "Poor application performance impacts employee productivity and morale thereby impacting business performance" 104 www.fsteurope.com ANALYSIS Intelligence test Despite tightened IT budgets, business intelligence remains a key industry priority, says Helena Schwenk. T budgets are currently coming under increased scrutiny and pressure. But, while a recession might well be forcing companies to pull back on some IT investments, Ovum believes that any new initiatives will address specific business pain-points and offer quick and visible payback. BI fits into this category � focusing on key issues like securing and increasing revenue from profitable customers, rationalising and reducing operational costs, providing greater visibility into cross-selling opportunities and improving customer satisfaction. Hence, Ovum believes that BI will continue to rank among the top three priorities for CIOs. I tion of BI beyond an elite group of executives and analysts to front-line business users. New models As a result of the economic downturn, customers are becoming more risk averse and are looking for more cost-effective ways of implementing BI. Th is will challenge traditional BI and data warehousing implementation approaches and put new development, deployment and packaging models like open source, soft ware-asa-service (SaaS) and pre-packaged appliances on the radar screens of more BI customers, particularly SMBs. Additionally Microsoft's market entry and BI strategy aim to make BI a commodity technology that customers will expect to implement more easily and for a lot less than complex, premium-priced solutions of the past. These are some of the key BI technology trends that are developing: Open source: Open source BI is still a fledgling market and its evolution is still a far cry from its evolution to free solutions that are advanced by the developer community around the globe. However, it is no coincidence that Linux is now the fastest growing platform for new BI projects. The continued interest in open source BI is a clear counter-reaction against the market dominance of a few vendors due to consolidation. Open source BI pioneers like JasperSoft and Pentaho, which were once considered temporary illegal aliens in the BI market, are establishing themselves as permanent residents, getting funding, issuing new code releases and starting to win over larger non-traditional enterprise customers. Economic forces are also playing directly to open source, particularly for fi rst-time BI buyers. These companies are looking for a cost-effective way to deploy BI without having to fork out a heft y upfront fee for a packaged commercial offering. First-time open source implementations will always be prototypes. But if successful they will evolve into fully productive BI systems that are backed by commercially licensed support services from open source BI vendors. SaaS BI: Providing BI as a hosted online service � is gaining increased market acceptance, especially among smaller, cost-conscious businesses. This will be a decisive make-or-break year for SaaS BI adoption, especially as seemingly similar cloud infrastructure models start to take root. Most of the early adoption thus far has been among SMBs or Recession busting technology While many companies will instinctively use BI as a cost-cutting tool, smart companies will continue to invest in BI solutions to intelligently scale back operations and maximise efficiencies from business processes they already have in place. In a recession, BI allows companies to take a more calculated and informed approach to tightening their belts, making sure that any cost cutting measures don't cut across their top business priorities or cut out the valuable Brazilian rosewood with the deadwood. Moreover, they will increasingly focus on using BI to maximise revenues, optimise operations and grasp new and lucrative business opportunities "BI allows companies to take a more calculated and informed approach to tightening their belts, making sure that any cost cutting measures don't cut across their top business priorities" before their competitors do. While a recession might well force companies to pull back on some IT investments, there's rarely any question of a BI project being pulled or cancelled due to a cut in costs. If anything, an economic downturn could in fact speed up its deployment from a piecemeal departmental deployment to deployment across the wider enterprise. Ovum expects the risk-averse fi nancial services sector to lead the charge in new BI projects over the coming year as they realise the need to analyse their businesses and the market in order to boost revenue performance and to segment (profitable) customers more clearly. However, BI customers are also becoming increasingly cost-conscious. Companies are insisting they do more and more sophisticated types of BI with less money and IT staff. Ovum believes that's a good thing � it will make BI more focused and efficient, which in turn has a better chance of returning tangible benefits. It will also continue to force BI vendors away from their traditional premium pricing models, resulting in broader adop- 106 www.fsteurope.com (EDW) project first. In large enterprises, Ovum expects these SaaS deployments to proliferate by first complementing existing BI tools, applications and infrastructure. Ultimately any spike of SaaS BI adoption rests on the success of SaaS's poster-child application, namely Salesforce and whether it can withstand the economic pressures being put on its slim margins model. However, Ovum expects at least one major breakthrough � the on-demand model will also (fi nally) enable BI vendors and partner channels to offer functionally focused or vertically oriented analytic solutions, without the pain of conventional BI deployment approaches. Ovum believes there is an untapped opportunity for vendors to offer vertically focused SaaS that can quickly plug skill gaps in organisations that are restricting them from doing specialised and advanced analytics like pipeline analysis, predictive analysis and fraud loss prevention. BI in the cloud will also ride on the coattails of steady SaaS BI adoption. Even though the defi nition of cloud computing continues to shift like the clouds in the skies, the notion of hosting BI infrastructure and using BI services will start to gain the attention of CIOs and IT directors. Much of that is due to the noise that major cloud platform players � Google, Microsoft , Amazon, Salesforce.com and others � have made recently. Application form factors: The emergence of new competition from influential vendors like IBM, Oracle, HP, Microsoft and Teradata is helping to reinforce the value of data warehouse appliances and is bringing it into the BI mainstream as an alternative model. The appliance form factor � which gives companies the operational ability to plug and play BI technology without wasting time and money on assembling the hardware and soft ware infrastructure � is catching on fast and threatens to break the traditionally high price-entry barriers for BI. Significantly, it offers mid-sized firms a chance to engage in complex and high-end BI, which can be deployed at a fraction of the cost and time compared to traditional enterprise data warehousing. Ovum expects more BI tools and applications will be increasingly bundled with data warehouse appliances. More data warehouse vendors will also pre-integrate BI tools and applications � either their own and/or those of their partners � into their appliance bundles. These data warehouse/BI appliances will also be increasingly tailored, packaged, and priced for specific vertical market segments and even specific functional application. Helena Schwenk is a Senior Analyst within Ovum's software application team and is based in the UK. She has over 15 years' experience working within the IT industry as both an analyst and IT practitioner. Her areas of focus includes business Intelligence, performance management and data warehousing. Schwenk holds a BA (Hons) in Computing and Information Systems. departments of large organisations. The real test for SaaS BI will be to break into the enterprise market. When SaaS starts to uproot complex enterprise applications, including BI, it will truly have broken into the mainstream. It is probably too early for that to happen. But vendors will start to demonstrate how a small and simple SaaS solution can quickly kick-start an actionable enterprise-wide BI strategy without having to undergo a big and complex customised enterprise data warehouse www.fsteurope.com 107 PROJECT FOCUS Risky business Paul Buelens reveals how ING Direct protects against risk in the financial sector. anonymity, no geographical restrictions and rapid transaction speed. Th is open and high-risk environment requires increased levels of security controls and governance to ensure protection. Solution M ember of the International Netherlands Group ING, ING Direct is a branchless retail bank that offers a convenient online banking service. Its services range from savings, mortgages, payment accounts and investment products to consumer lending. Today, ING Direct has over 22 million customers and operates in nine different countries including the US, Canada, Australia, France, Spain, Italy, the United Kingdom, Germany and Austria. With no physical bank branches, but rather call centres, internet caf�s and web access to ensure consistency of service, ING Direct offers its customers 24/7 internet and telephone banking. Operating solely in an electronic environment, it offers a rapid and easy way to process customer transactions and information. ING Direct uses EastNets' en.SafeWatch Filtering for watchlist screening and fi ltering for its operations across seven countries. en.SafeWatch Filtering takes input from various data sources ensuring real-time checks to fi nd matches against PEPs, suspected money launderers, fraudsters and terrorists. "ING Direct is very pleased with the implementation and results of en.SafeWatch Filtering. With this robust solution in place, we can ensure that our customers and our organisation spanning multiple geographies are well protected against these types of risk," says Henk Meijer, Senior Manager Anti-Fraud & Anti-Money Laundering of ING Direct. "With en.SafeWatch Filtering we can accelerate our internal authentication decisions, reduce the risks associated with user anonymity and comply with the numerous international and local AML and ATF regulations. Today, en.SafeWatch Filtering has successfully helped us achieve a higher level of STP and a quicker time to compliance." To address these challenges, ING Direct uses EastNets' en.SafeWatch Filtering solution across nine countries, for capturing data from various data sources and ensuring real-time checks against regulatory and other black lists, to fi nd matches against PEPs, suspected money launderers, fraudsters and terrorists. ING Direct is currently utilising the following en.Safewatch Filtering capabilities: File Connector is used to scan ING Directs' complete customer database for violations against official sanctions and PEP lists. The File Connector is designed to process large amounts of data and contains optimisations like parallel scanning, which allows multiple scan processes. eName Checker is a simple and easy to use web-based interface that allows quick manual name checks for matches with any blacklisted entity. "This open and high-risk environment requires increased levels of security controls and governance to ensure protection" Key benefits Exceptional scan rates: ING Direct deals with a large number of customers that need to be regularly checked against sanctions and PEP lists. With en.SafeWatch Filtering, ING Direct benefits from an exceptionally high AML fi ltering scan rate of all its new and existing customer database records. The AML fi ltering scan has reached a rate of 6000 records per second at one of ING's installations. Th is fast processing of the scans helps ING increase the speed of operations. Compliance with international and local regulations: en.SafeWatch Filtering manages an unlimited number of official and internal lists easily, and ensures that all relevant ING Direct compliance requirements are being met by scanning data against the official lists that are relevant to each ING Direct operation. The system also integrates seamlessly with lists provided by recognised list providers. Market leading solution: en.SafeWatch Filtering is a market leading watchlist solution used today by over 350 customers in 80 countries, and is fully integrated with en.SafeWatch Profi ling and en.SafeWatch Anti-Fraud solutions for anti-money laundering and anti-fraud protection, prevention and management. Paul Buelens, Head of Compliance Solutions at EastNets, has more than 18 years of experience in financial crime investigations and was previously a security and risk leader for MasterCard Worldwide, coordinating and supporting banks and law enforcement agencies with cross border fraud investigations. The business challenge Complying with numerous international and local AML laws: ING Direct operates in nine countries, each of which must comply not only with international AML and ATF laws and the ING (Direct) policies, but it must also comply with local AML laws, imposed by each country it operates in. Security in an open environment: Operating solely in an electronic environment and using the internet to deliver products and services increases risk, due to user 108 www.fsteurope.com MOBILE TECHNOLOGY FOLLOW THE MONEY 110 www.fsteurope.com FST speaks with Ron van Wezel of Deutsche Bank GTB about the company's big moves in mobile payments. What are Deutsche Bank GTB's current priorities in the mobile banking space? Ron van Wezel. We like to differentiate between mobile banking and mobile payments. Mobile banking is the customer's portal to Deutsche Bank's fi nancial services. The priority there is simply to provide our corporate and fi nancial institution clients with convenient and secure access to their account, anytime and anywhere. Then there is the transactional part: using the mobile to initiate payments and related services, by introducing the mobile channel into the core GTB products that we deliver to our clients. Let me give you an example. We offer corporates a solution that combines e-invoicing with mobile payment initiation, helping them to replace laborious cash and cheque collections and improve their cash management. For fi nancial institution clients we see the opportunity to add the mobile channel to our global remittance service. These FI clients will thus be enabled to offer mobile remittances to their retail customers, adding more convenience and flexibility for them. As a longer term strategic priority, Deutsche Bank is looking to introduce mobile payments to support e-commerce and point-of-sale merchants, as an extension of our existing card acquiring capability. Have you experienced a great deal of interest from your customers in having these kinds of technologies available to them? RvW. Absolutely. Mobile payments are often positioned as a retail play, like you and me making a payment in the shop or transferring money, but there is defi nitely a big opportunity in the corporate space as well. Companies are looking to optimise their payment and supply chain processes, and innovative technologies such as mobile payments fit very well there. The roll out of such services in the B2B market is often more feasible than the introduction of a mobile payment service in the consumer market, as that roll out is confi ned to a company and its trading partners, which is a controlled and trusted environment. Is a great deal of technological development required or does the technology already exist to enable these kinds of payments? RvW. The mobile technology itself is not really the problem, even though a fair amount of integration effort is still required to make it work with the legacy platforms. Yet a bank has to be smart in its choice of technology provider, making sure that it has the technology, footprint and delivery capability to support the bank's solutions in key markets and customer segments. For instance, if you develop mobile payments in markets in Europe or in the US, you're more likely to be dealing with high-end phones. If you develop mobile solutions for developing markets you might be looking at something a little simpler, such as using an SMS-type of messaging interface. Does the wide variety of mobile devices that are in use present any operational problems? RvW. That's where the developers help us to deal with all the different mobile phones and different operating systems that are out there. For instance, there are a number of different solutions for the iPhone, for Blackberry, for the high-end smart phones, but also solutions for the simpler phones too. It makes our lives a little bit more complex sometimes, but that's the reality of the market. 4.5 billion wireless connections now exist "We feel that the market is leaving the pioneering stage and reaching the next level of maturity" Security is a big issue in any kind of transaction. Does mobile banking present any specific security issues for you and your customers? RvW. Security is of course a very important issue for us and for our clients. Admittedly any new technology presents new risks, and we have to protect ourselves and mitigate those. On the other hand, one could argue that there are certain security benefits from mobile payments. For example, if I were to lose my credit card, it would be relatively easy for someone to use this card, at least in an offl ine environment, even if I blocked that card. If I used my mobile phone for payments and lost it, then I would simply make a call to the service centre and the payment application would be blocked immediately for all use. Even though we haven't seen major fraud with mobile payments yet, we should appreciate that, as the business is growing, it seems likely that criminals will pay more attention to this area. So we have to be careful and make sure that we stay ahead in terms of our security solutions. 3.5 billion mobile data connections now exist There are 800 mobile networks in 200 countries www.fsteurope.com 111 Do you think there are any issues around people accepting this kind of technology? Are organisations a little wary of using mobiles in this kind of way? RvW. Acceptance will come when people see better value from mobile payments than from existing alternatives. People already see their mobile phones as a sort of `Swiss Army knife' to do all sort of things, so why not use them to make payments? If you look at surveys, security is one of the issues that is often mentioned as a barrier to adoption. History may repeat itself here though. When the fi rst ATMs were introduced, the security issue was very prominent, but eventually the greater convenience value prevailed. I believe that will hold for mobile payments too. Th at being said, I want to repeat that banks such as Deutsche Bank will, of course, do everything it can to make its solutions fully secure. Creating the interfaces between the mobile devices and your existing systems � is that a challenge from a technical standpoint or is that comparatively easy? RvW. Technically, it's adding a new channel to access the existing systems. One has to apply proper design principles to shield the legacy systems from the complexity of the mobile device. Specific vendor middleware will deal with the different models, screen sizes, operating systems, java variants, etc. Yet the mobile may require different service levels than other channels due to the fact that customers expect mobile payments to work anytime and anywhere, and to be processed in real time. Th is could have a greater impact on a bank's payment infrastructure if the real value of mobile payments is to be unlocked. Smart phones will represent 56 percent of all European sales by 2012 Does this work on expanding these channels make good financial sense for Deutsche Bank? Is there profit or increased market share at the end of the line? RvW. Innovation is essential to Deutsche Bank. In the competitive payment market, it is key for us to develop value-added solutions that fit our clients' changing needs. Deutsche Bank has always positioned itself as a leader in the industry, and we have won industry awards for our innovative approach and ability to deliver. Only when we continue to meet our clients' expectations will our business be able to grow. Considering the fragmented nature of the mobile space at the moment, do you think there needs to be more standardisation if these channels are really going to catch on? RvW. Standardisation becomes necessary in a multi-bank environment, when a client of bank A is paying a client of bank B. Mobile payments at the point of sale are one example of this � being able to use your phone in a `tap and go' transaction that employs near field communication (NFC) technology. For that to work, the market needs mobile phones with a standardised NFC technology, and PoS terminals that are equipped with the proper device to be able to accept an NFC payment in a standardised way. The way that the payment application is provisioned to the handset, and the way it is securely stored, also need to be standardised. So there's a whole area of standardisation there, involving banks, handset manufacturers, mobile network operators and other parties. The NFC case is, in principle, a very attractive one, replacing the huge amount of residual cash transactions in our societies. However, the standardi- 1.5 billion mobile internet users predicted by 2013 Data traffic set to grow 66 times its 2008 rate by 2013 Analyst speak According to new research by the Swedish consultancy Berg Insight, the worldwide number of users of mobile banking and related services is forecasted to grow from 55 million users in 2009 at a Compound Annual Growth Rate (CAGR) of 59.2 percent to reach 894 million users in 2015. The information is contained in Mobile Banking and Payments � 2nd Edition. Over the past year many of the leading players in both the telecom industry and the financial sector have intensified their efforts to bring financial services to the world's un-banked population. Asia-Pacific is expected to become the most important regional market, accounting for more than half of the total user base. Mobile banking is also anticipated to play a key role in bringing financial services to people in the Middle East and Africa. In Europe and North America, the technology will mainly serve as an extension of existing online banks as mobile handsets become more widely used for internet access. By 2015, Berg Insight forecasts that mobile banking will attract 115 million users in Europe and 86 million users in North America. "The global number of mobile banking users more than doubled between 2008 and 2009, and is expected to almost double again in 2010. Mobile handsets are in an excellent position to become the primary digital channel for providers of banking and related financial services on emerging markets," says Marcus Persson, Telecom Analyst, Berg Insight. In addition to traditional retail banking, the report also identifies international money transfer as an important revenue source for mobile industry players. Berg Insight forecasts that three to 15 percent of the international money transfers currently handled by various formal or informal agent networks will be carried out using a mobile handset by 2015, generating US$1.2 to US$6.2 billion in service revenues. Source: www.developingtelecoms.com 112 www.fsteurope.com sation issues will mean the market takes a few years to reach critical mass. It therefore makes sense for a bank to have a strategy that is focused on mobile services that can be delivered today � linking mobile to its core products. Do you think there is enough cooperation at the moment across the industry to tackle this problem? RvW. It depends where you look. In Europe there's a lot of cooperation in several areas of mobile payments, by industry organisations such as EPC, MobeyForum, GSMA, NFC Forum, and many others. The case for mobile payments has, however, still to be fully made in the region. In the US, mobile banking and payments is considered a highly competitive area and collaboration has been difficult, though the first standardisation initiatives are now being seen (e.g. NACHA). In emerging markets there is hardly any standardisation. New mobile payment networks grow rapidly, trying to dominate the market before competition kicks in. But soon there will be a need for interoperability, for a user of network A to be able to pay to a user of network B � otherwise full market roll-out will never be achieved. Apart from the route of industry standardisation, which is always a long term project, there are alternative routes to interoperability in this case. A major global player such as Deutsche Bank could act as a payment hub 50 billion people will be connected to the mobile network by 2020 to provide interconnectivity and payment clearing and settlement capabilities among emerging networks. Besides that, are there any other major hurdles that you need to get past for mobile banking and all these payment channels to become mainstream? RvW. One hurdle to be dealt with is user acceptance or adoption; making users comfortable with using these new channels and showing their value compared to the instruments they already have today. Th is is a process that can take time, as history has taught us. Then there is the current uncertainty about the economic outlook and, as a consequence, the more risk-averse investment climate. Clients will require payback for investments in a shorter timeframe. But at the same time we feel that the market is leaving the pioneering stage and reaching the next level of maturity. One argument for this is that investors have now understood the opportunity, and mobile payment companies see major capital injections coming their way. Strategic positioning in this space will certainly be required for the success of any payments provider in the next five years. Ron van Wezel is Global Product Manager for emerging payment streams for Deutsche Bank's Global Transaction Banking (GTB) business. He is responsible for Deutsche Bank's mobile and online payments services, and other emerging payment flows serving corporate and FI clients. Mobile phones will overtake PCs as the most common web access device by 2013 www.fsteurope.com 113 ASK THE EXPERT Business on the move Banks are waking up to the B2B opportunities in mobile financial solutions, says Larry Mindel. market. Corporate banks are beginning to offer their corporate customers information � and transactions � on the move. These are integrated into corporate cash management services and others to help improve the efficiency of the customer's fi nancial supply chain � for example in invoice payment and trade fi nance. Th is market has huge potential, not just for its size and innovation, but because transaction fees are relatively inelastic. We are also seeing corporate banks use devices like the iPad for face-to-face client meetings, as relationship management aids. Buy Side (including wealth management) fi rms are beginning to provide their clients with mobile apps, developed in-house and white labelled, for higher net worth clients to review and even act on their portfolio on the move. We can expect increased use of third party technologies that provide aggregation and intelligent display for mobile devices. E veryone who has flown the flag for mobile fi nancial solutions has long focused on the consumer market � in mobile banking and payments. Now we are seeing the emergence of even more attractive propositions in the fi nancial services B2B "Banks are trialling and rolling out smart devices such as iPhones and iPads, and some are already committed to switching" We are seeing an explosion of interest from investment banks, starting with `information out' apps. The business case is still a little uncertain, built to date mostly on a `brand visibility' ticket. The fi rst apps involve the publication of prices and data, both deployed internally and branded to customers. Th is is a fi rst wave of maturity, as technology policies mature to embrace mobile, to manage latency and to overcome security concerns. The next generation will include client-contextual alerts on market movements, dashboards with simple scenario analysis and modelling tools, and limited transaction initiation. The potential applications for capital market players go beyond this. Market analysts can capture, model and share research data on iPads with client-defi ned comparators. Traders on the same virtual desk can share prices instantly on iPhones and Blackberries. Collateral managers can monitor liquidity and portfolios wherever they are. Risk managers can answer questions on exposures to Greece or Toyota � and potential mitigation strategies � in an instant on iPhone and iPad. Middle and back offices can mirror steps in conventional workflow making decisions on the move to increase operational efficiency. We have seen all these applications already � the possibilities are endless. Th is explosion in mobile applications is almost developing virally. In London it is increasingly common for people to have two devices: Blackberry for email and meeting management, iPhone for everything else � and that too is changing. The iPhone may be a private device, but people port much of their professional life on to it, circumventing corporate policies. Th is is only going in one direction � the market rules. Banks are trialling and rolling out smart devices such as iPhones and iPads, and some are already committed to switching. The form factor with immediacy, with the best user experience, which gives them best edge � and which is `cool' � will win. Real life though, is not quite that simple. Systems need to be designed with the user interface and the user experience as top of mind. Native apps on the phone are clearly superior to web apps. These new types of applications also require new web architectures capable of `pushing' price updates and executing transactions securely. Resilient and integrated data warehousing and service management are required. We foresee the emergence of mobile oriented architecture (MOA) principles through which organisations govern the deployment of smart mobile devices, and their relationship with `conventional' technical architectures and business operating models. New skills are required. Th is is an exciting time, much like the advent of the internet, when governance and ownership were unclear � as were the winning business models � when the technology moved on quickly, and when having `proofs of concept' and a flexible strategy across the organisation became necessary to learn and maximise returns. The lessons from this experience are now proving invaluable, with new `disruptive' technology, skills and concepts bringing new potential value in the fi nancial services B2B market. Larry Mindel is Partner for Mobile Financial Solutions at Rule Financial, a technology and business consulting firm based in London and New York. Mindel has a background in building and delivering bank strategies for new business initiatives, including new product launch, post-merger integration, largescale outsourcing, operating model transformation. Photo by Tim Mercer 114 www.fsteurope.com EXECUTIVE INTERVIEW Preparing for SEPA Mats Wikstr�m offers an insight into SEPA and outlines the challenges for the financial industry. What are the key challenges of SEPA for the financial industry? Mats Wikstr�m. SEPA gets to the heart of how business operates, affecting everything from database structures and user interfaces to message formats and business rules. By November 1st 2010, institutions must have systems in place to cope with the new SEPA Direct Debit (DD) and SEPA Credit Transfer (CT) requirements. Banks need to adjust the existing payment systems they use to process their cross-border SEPA CT transactions or implement a new SEPA process to ensure they comply with the Payment Services Directive (PSD). Another key challenge is migrating domestic DD and CT payments to SEPA. Legislation is in the pipeline that will set the deadline by which all Euro countries will have to migrate. Some are well on the way to full compliance, but Europe as a whole needs to keep up the momentum. So over the next few years banks in the euro zone face a largescale migration of domestic payment processing from systems based on national schemes to SEPA-compliant ones. What new services will customers demand? MW. Customer requirements under SEPA will impact every part of the banking business. They include providing eMandate services; initiating SEPA CTs and DDs via a range of message formats; providing real-time payment status updates; and enabling R-transactions such as request for cancellation, revocation, reversal and refund via fi le/ message exchange, as well as internet banking channels. Customers also want account statements and credit/ debit advice that complies with relevant ISO standards. Th is enables corporate customers to benefit from the `new' data elements now available under SEPA, such as enhanced referencing and remittance information and exchange rates that have been applied by the bank. They're also demanding conversion services to help migration from national to SEPA payment instruments for domestic payments. How can banks improve their services in response to these demands? MW. SEPA will encourage systems rationalisation and consolidation, helping banks to slash costs, improve flexibility and deliver a better payments service. It could also lead to more outsourcing as they focus on the cost effectiveness of their core payments business. Many will implement a centralised middle office component offering payment and data functions to all channels via a service-oriented interface, which will cut costs and improve back office processing feedback to the customer. Banks could also replace existing cross-border and domestic payment systems as soon as a country migrates to SEPA and implement a centralised back office system to consolidate the processing of SEPA payments. How can the challenge of meeting customer demands be made easier as national borders disappear? MW. Convergence of national payment instruments will enable corporates to initiate and receive CTs and DDs in all SEPA countries by using a single account held in one country. Th is will simplify processes and cut the costs associated with supporting multiple country-specific payment formats. Most banks involved in multiple SEPA countries use different systems in each to comply with the specific payment instruments and infrastructures. Convergence means banks can start using one consolidated platform to process all their SEPA payments. Tieto's expertise in the payment industry allows the company to provide a number of professional services, including: � Management and business consultancy � Business and IT analysis � System integration � Testing � Programme/project management "SEPA will encourage systems rationalisation and consolidation, helping banks to slash costs, improve flexibility and deliver a better payments service" What do you offer to help financial services customers compete better under SEPA? MW. Tieto's integrated modular payment solution enables banks to rationalise and consolidate their end-to-end payment processes and related operations. It offers a wide range of flexible features that enable payment processing consolidation and permit many different configurations per bank, payment product, processing flows and so on. Its middle office module eliminates the duplication of payment-related functionality and data currently embedded in the various channels. And its payment back office processing modules include out-of-the-box interfaces to multiple Clearing and Settlement Mechanisms (CSMs). Mats Wikstr�m currently holds the position of Director of Transaction Banking in Tieto Financial Services unit. He has been in several managerial positions within Tieto and its predecessors for about 15 years. He has been heavily involved in the digitalisation of customer core business processes with a strong focus on the financial industry and transaction banking. 116 www.fsteurope.com ANALYST VIEWPOINT Banking intelligence Trevor LeFleche outlines IDC's 2010 banking predictions and explains the long-range impact on the sector. fter being battered by a storm of economic uncertainty for more than 18 months, the IT industry is beginning to see some rays of light. Every year IDC predicts the top 10 banking and fi nancial services trends looking at the year ahead, focusing on the emerging trends, and this year fi nally foresee a positive outlook for the industry. Looking at the banking sector specifically, Trevor LeFleche, Senior Analyst of EMEA Banking for IDC, sees three poles driving 2010: transparency and audit, operational efficiency and increased competition. "Transparency and audit is around ensuring that information is available in a timely, accurate, relevant and summarised manner. Th is is something that has been the holy grail of banks for a while, and they just never put enough effort or information into it. And we can even see this right down to the customer level that no bank had a good view of their overall customer exposure � they didn't know how much they were lending to a particular customer or that particular customer's level of indebtedness. Th is focus has become more and more important right across from the retail to the wholesale level and any of their securities operations," explains LeFleche. While business was good, it didn't matter how many processes were inefficient; it was possible to lose money without anyone fi xing anything. Today, operational efficiency is imperative and the second pole driving the industry in 2010. LeFleche highlights a great example of futility in the industry today: 75 percent of financial products still require a cheque to open an account, which is a costly process. Banks have started looking at these processes and asking how it is possible to make it more streamlined by eliminating the cost in handling paper and using systems more efficiently. "One bank I was talking to had 16 different loan-origination systems when one is more than enough," says LeFleche. "They're starting to look at this right across the organisation � from the processes to the systems � and really trying to drive costs out." A Finally, with new banks like Metro and Virgin hitting the high street in the UK, and other European retailers getting involved in fi nancial services, traditional institutions are seeing increased competition. The IDC predicts this will be a continuing trend as governments across Europe want to pursue the concept of competition being good for business. Indeed, LeFleche points to the fact that Svenska Handels Bank and the Bank of China have both moved into the UK mortgage market recently, and he predicts that both are planning to expand their retail presence. "We have new entrants in different markets coming to bear the business that the incumbents are basically giving away. And that's quite a big factor in how banks are going forward. You have to be uncompetitive in some ways to let other people pick up the business, so we think that this increasing competition will spur banks on to do things in different ways," says LeFleche. Looking ahead, LeFleche talks about 2010 being a year of intelligence for the fi nancial services industry. "Basically it's about putting heads together, getting data and using it intelligently," he sums up. "Whether it be spending on your risk systems so you have a better view of your exposures, or spending on your consumer systems so you have a better view of your customers. Lloyd's are doing a real-time analysis of company fi nancial statement: month on month having validated fi nancial statements from their business customers; and there's a company providing that service to them so they can monitor their risks in real-time, seeing the company's balance sheet and fi nancial statements changing month by month and comparing that to the exposure they have to that customer. It is this type of information that more accurately monitors the bank's exposure and making more intelligent decisions that we predict seeing more of over the next year." Indeed, the banks that survived and were successful through the downturn laid these foundations three or 75% of financial products still require a cheque to open an account 118 www.fsteurope.com "There are advertisements suggesting banks are your best friend and this needs to become the case if they wish to be successful" four years ago. Getting to grips with this now and putting intelligent systems in place to analyse information and decisions will enable banks to become more profitable in the coming years and as the upturn kicks in. It is vital that businesses recognise the level of information and detail they have about their customers enables to manage them as opposed to dealing with problems later � it is a much more efficient way of running an organisation. And it will have an impact on the bottom line: "It will take a lot of work � and a lot of knowledge about internal systems � to be able to create an efficient system, but if you don't do it in 2010, you're going to be at a disadvantage, where you're going to be attracting the wrong customers or lending to the wrong groups and that's going to be a problem for banks," explains LeFleche. Simultaneously, there is a traditional focus going on, ensuring the customer is at the centre of what the bank is trying to achieve. "You have to be better than your competitor and at the end of the day that requires that you service your customer better to ensure they don't move to the competitor. There needs to be a lot more customer intimacy by providing more interactive tools and offering services that no other bank is offering. And we see that in some of the Spanish banks. BBVA has introduced a service called `T� Cuentas', which has enabled people to do budgeting online through online banking. So, for example, you could be putting in how much you want to spend on restaurants, and it would be able to track those through the months and so you could benchmark that against your own targets." By building a deeper relationship with a customer, banks become much more of their financial life by building up that trust, with that focus continuing as customers become more and more important. "There needs to be a lot more work done in the industry at the moment � there are advertisements suggesting they banks your best friend and this needs to become the case if they wish to be successful. They undoubtedly still have a long way to go in achieving that, but some of the tools coming out will alleviate that," says LeFleche. In Western Europe, internet and mobile banking will be crucial tools moving forward. While internet banking was introduced some time ago, it hasn't moved beyond the display of information. Today, there are shifts towards a personal fi nancial manager within internet banking, adding more functionality in the payment space and making people more comfortable with internet payments. Mobile banking, particularly in Western Europe, is also taking off. "At IDC we have a telecoms group that looks at the types of phones being delivered," says LeFleche. "It won't be long before the vast majority of people have smartphones or internet-enabled phones and are able to deploy even a re-skinned version of internet banking, much like First Direct. While there isn't an application that is dedicated to the iPhone, the site can tell if you're browsing from a smartphone and then display the page appropriately. It's those types of services that banks need to get up on because they allow people more convenience when accessing information." Top 10 The IDC top 10 predictions for EMEA banking in 2010 are: 1 2 Risk spending will be a highlight in otherwise flat IT spending priorities. Banks in 2010 will no longer be able to afford tactical regulatory compliance as compliance IT budgets grow to 25 percent. Banks will be challenged to take out 10 percent of IT costs to survive. 3 4 5 Independent risk control will become integrated risk control as risk management moves closer to the point of origination. Data management strategy will be revised to deliver control back to the business and the end user as silo infrastructure is leveraged. In 2010 mobile banking will gain critical momentum, contactless payments will not achieve critical mass, and mobile payments will continue to fail. 6 7 8 9 10 Two more big banks will fail in Europe, while many small institutions will be forced to merge. New government and regulatory requirements will open the market to more nimble competitors. The banking industry may finally tackle the single customer view. Better business intelligence will allow banks to battle for SMEs in 2010. www.fsteurope.com 119 MOBILE BANKING NO ATTACHED STRINGS With mobile banking predicted to be one of the defining trends of the next decade, FST speaks with MoBank CEO Steve Townend to find out how his company is getting in on the ground floor. 120 www.fsteurope.com obile banking has been the next big thing for what seems like years. For today's busy, always connected consumers the ability to manage money on the move should be irresistible. However, adoption has struggled to match the hype, with only a small number of European banks offering mobile solutions to their customers. Now, as increasingly powerful smartphones flood into the market, there is a real feeling that mobile's time has come. According to figures from market intelligence company ABI Research, mobile fi nancial services are fi nally poised to enter the big time. The global number of subscribers more than doubled between 2008 and 2009, and is expected to almost double again by the end of 2010. The latest forecasts indicate that in 2015 about 407 million people worldwide will carry out fi nancial transactions with their banks using their mobile phones. Banking by mobile phone is certainly growing in popularity but banks will need to further develop their mobile applications in order to engage and retain customers that are part of the so-called `Generation Y' or the `Millennial Generation' � young adults, 18 to 25-year-olds who grew up with computers and do everything from their phones. However, the next innovation in mobile banking technology may be just around the corner. MoBank, a UK-based company, has recently launched the first fully mobile fi nancial services company in Europe. The comprehensive mobile banking service combines the functions of bill payment services, mobile banking applications and account aggregators, all into a one-stop-shop that is currently available on the iPhone, iPod touch or Palm Pre. The reason why MoBank has created such a stir is because it is the fi rst payment servicing company that has been created specifically for mobile devices. And because of this it is able to offer a much broader range of services, not all of which are directly related to banking. For example users of MoBank can buy tickets for the cinema or their favourite gigs using their phone, they can also order fast food, pay for and send gift s or even book travel tickets or buy travel insurance. Steve Townend is MoBank's CEO and he has some loft y aspirations for his latest venture including taking it stateside. "We're already incorporated in the states and although we haven't invested there yet, there is a pull for us to go there," says Townend. "We want to get it right in the UK fi rst, but actually it's very transportable, particularly with the iPhone. You could use it in the States now if we allowed it." Townend admits that he has plans to roll MoBank out on a larger scale although he says that his initial intention was to only expand to Englishspeaking countries. Th is is something that he has since reconsidered however, after receiving calls from as far afield as Hong Kong asking if it can be licensed in China. Townend originally declined such offers but when inquirers pointed out to him that in the near future there could potentially be more English speakers in China than in the States he wisely decided that China may be a market that MoBank will consider exploring. One of the main advantages of MoBank that will help to facilitate its global expansion is the fact that it is relatively universal. "I think one of our greatest assets, in terms of competitive edge, is the ubiquity. We're not tied to anybody so whether you bank with Lloyds or HSBC it doesn't matter to us," explains Townend. "We don't mind what mobile telephone company you're with. We don't care what bank you're with. And in some respects, we don't mind what platform you're on," he says nonchalantly. M In fact, MoBank only operates on the iPhone, iPod touch andPalm Pre platforms at the moment, but Townend stresses that if he had the funding required � an amount he puts at about UK�10 million � MoBank would be available on all platforms. However, developing the technology to make this a reality is not cheap. Townend estimates that it costs about UK�20,000 and takes about six weeks to put MoBank on a new platform. However, he does have plans to go for Android � Google's mobile operating system � as many of the new smart phones are using this platform now. But one thing Townend is adamant about is the fact that MoBank will only ever be available on smart phones. "To be frank, it doesn't look good on anything that's not a smart phone," he says. After all the effort that MoBank has invested in the interface this is not surprising. "Our expertise has always been on the customer interface. We make the experience as good as any experience you would get on the internet." Th is interface obviously helps to differentiate MoBank from other forms of mobile banking, many of which are still using SMS as the main form of transaction. But Townend always aimed to go beyond this. "What we want to be known for is integrating, deploying, making relevant and designing technology for our customer base," he says. "We've had to invent things, because they didn't exist, but generally it's about integration and that's where we concentrate our effort and technology." Whilst integration is something that may go unnoticed by all but the most trained eyes, relevance and the design of technology for the customer base is blindingly obvious as MoBank leads the way in mobile applications that are relevant to Generation Y. "One of the reasons we did this was because we thought that the youngsters � anyone born after 1980 � are profoundly different to any group that had come before them, especially in the way that they interact with one another and the way that they use media. They've grown up with the technology and they are confident with it. "Another thing is, they actually adopt before they research so they give you a chance, whereas some of the older generation probably wouldn't do that," explains Townend. He believes that iPhone defines this segment quite well as most of those who have adopted it are 20-35 year olds. But he points out that their research has also shown that there is another segment that has become part of their target market. He calls this segment "BlackBerry Dads" and defi nes them as users who like to get everything done on the train or on the go as they resent going home and having to log on to a computer to get their internet banking done. With this target market in mind, Townend has also adopted a relevant way of marketing MoBank, which has involved very little, if any, spending on branding and advertising. "Viral is a new marketing tool so we are experimenting with that," he says. "We use Twitter, Facebook, YouTube, and all those sorts of things that are cheap and free. We also use Google AdWords. We do as many viral things as we possibly can." One thing that proved a big success was when MoBank was flagged on the iPhone as a featured app. It was downloaded 20,000 times and MoBank didn't pay a penny for that. But Townend realises that using viral as a sole means of promotion can only go so far before it reaches saturation point and he will have to start spending money on branding and advertising to raise both awareness of and the profi le of MoBank. Townend himself admits that awareness is one of the main challenges that MoBank faces at the moment. With no links to major UK or international banks, MoBank doesn't have an already established reputation and will need to work hard to gain people's confidence, especially with regard www.fsteurope.com 121 Then and now Mobile phones have come a long way since they appeared less than 30 years ago THEN D: 1983 RELEASE S$8600 in $4000 (U COST: US oney) today 's m 79 4 g WEIGHT: E: 1 hour TALK TIM (H) x NS: 33cm DIMENSIO cm (D) ) x 8.9 4 .5cm (W ice calls ITIES: Vo CAPABIL Motorola00X 80 DynaTAC to security. But Townend is adamant that MoBank is totally secure as no important information is held on the phone itself and everything is encrypted. Another challenge that the company expects to come up against in the near future is compliance. Currently, as a small business, MoBank is able to self-regulate, but as it continues to grow it will have to be PCI compliant and Townend assures us that this is something he takes very seriously. And there is no reason why MoBank shouldn't continue to gain in popularity, especially if the trend towards mobile banking in general is anything to go by. Even the recession hasn't managed to dampen the popularity of mobile banking. In fact the opposite may be true. As people are feeling the pinch of the economic downturn they are increasingly looking to micro-manage their money and MoBank provides the perfect means to enable this. "People are wanting to control their money more so now than they ever have. And the way we see it is that MoBank is almost like a digital chequebook, only much more clever," says Townend. "You can fi nd out what your balance is, what you spent and what you've got left , but you can also buy stuff with the phone. But in addition to doing that we allow you to transfer money dynamically between accounts and pay bills. You'll eventually be able to pay person-to-person. What we want to do is enable you to manage your money like a balance sheet," he explains. Mobile banking is therefore more about managing money than actually spending it although � as the technology develops further shopping � is something that will be made infi nitely more simple. Townend is already planning to integrate Near Field Communication chips into smart phones turning them into virtual payment cards so that shoppers will merely have to wave their cell phone over a reader to make payment. "I want to change the way people think about banks and what banks can do. It's not about retiring with millions in the bank, it's more about leaving a mark" According to research from Forrester, only around one in eight European internet users take advantage of mobile banking services, despite the fact that many have been available for about a decade. In addition, just a handful of European banks offer dedicated apps, meaning that less than one percent of internet users in the region are banking with their mobile. However, Forrester also predict that 39 percent of mobile phone users will be surfi ng the web from their handsets by 2014, giving solutions like MoBank plenty of scope to occupy the territory that traditional fi nancial players seem reluctant to move into. "The opportunity is massive, but there are risks as well," says Townend. "Nobody is really transacting on the phone yet. It's all new. It's all invention. But the intellectual capital we're building up because we are new into this is massive. It's all about risks and rewards," he says. The biggest reward for Townend on a personal level though will be if he manages to disrupt the market with MoBank. "I want to change the way people think about banks and what banks can do. It's not about retiring with millions in the bank, it's more about leaving a mark. And I want to leave a legacy," he says. "So I've got a fair few aspirations and then I'd like to move on and maybe start again on something else." NOW :2 RELEASED S$499 US$299-U COST: 7g 13 WEIGHT: hours TIME: 7-14 TALK .5cm (H) x NS: 11 DIMENSIO (D) (W) x 9cm 5 .9cm oice calls, IES: V CAPABILIT rowsing, lls, web b video ca era GPS, cam one 4 Apple iPh 010 122 www.fsteurope.com MeetTheBoss TV is incredible access to the world's business leaders � so you can learn their winning strategies and attitudes first hand REGISTER NOW the corporate ladder with exceptional executive learning: anytime, anywhere Find out more at www.MeetTheBoss.tv Where Future Leaders Learn PAYMENTS A new payments landscape Much has changed in the payments landscape in recent years. Andy Brown of ACI Worldwide looks at the payment issues currently facing UK banks and advises on how, post-recession, they should adapt their payments infrastructures. F igures from the UK Cards Association show that fraud losses from online banking, cheque and plastic card fraud, cost the country UK�529.8 million in 2009. While banks are continually reviewing and updating their security processes, it's clear that payment fraud remains a problem with fraudsters seeking out the weakest link. The introduction of the UK's Faster Payment Service (FPS) in 2008 has further complicated the fraud problem with many banks fearing that criminals will exploit the near real-time transfer of funds to commit fraudulent transactions that are harder for banks to detect within such a short space of time. In order to combat the risk of fraud associated with Faster Payments, coupled with the growth in `card not present' transactions, such as over the internet, many UK banks are using real-time risk monitoring methods. These can stop fraud attacks immediately, regardless of the payment channel. Banks taking this approach can help prevent fraud losses from occurring in the first place, meaning that there is no need for time-consuming calls with contact centres or managing charge-backs. Banks are also using their customer data more intelligently in the fight against fraud, monitoring and managing all customer interactions with the bank, both fi nancial and non-fi nancial, to identify potential fraud at the earliest possible opportunity. Some even go so far as to track which IP addresses customers use when logging on to online bank accounts, to flag possible victims of phishing attacks or account takeover the first time the fraudster attempts to access the account. SEPA, is high on the banks' agendas. The latest phase of the project introduced SEPA Direct Debits (SDDs) in November 2009 as a way to harmonise domestic and cross-border Euro direct debit services. Despite the fact that the SEPA debate has dominated the payments industry in both the UK and Europe for a long time, seemingly little progress has been made to date. Critics of the project are now asking whether SEPA has completely stalled and are calling for an end-date for the switch off of legacy payment systems to ensure more focus on the migration to SEPA instruments. Th is is expected to be announced later this year and many believe that only an end-date will push the overall percentage of SEPA payments any further up the scale. European payments to become a reality, a clear and effective leadership to prevent a fragmented approach to SEPA is necessary. Furthermore, banks' customers, in particular their corporate customers, need to be presented with a clearer business case to encourage migration and ensure SEPA becomes a successful initiative. Increased competition While SEPA provides the framework for a harmonised payments landscape, the Payment Services Directive (PSD) forms the legal foundation that will make payments across Europe more efficient and more transparent. Introduced in November 2009, the PSD is opening up the payments world and delivering enhanced regulation and protection even if consumers are not using a traditional bank to make payments or transfer money. As a result of the PSD, organisations like Western Union and PayPal will have more freedom to offer payment services in Europe. While this will increase consumer confidence and choice, it can pose a threat for banks. If consumers are happier using the new payment institutions authorised under the PSD, they may start to move away from traditional banks. The UK banking industry is also undergoing a period of change, as several new banks, namely Tesco, Virgin and Metro Bank attempt to crack the sector. Traditionally a stronghold of the `Big Four' (HSBC, Barclays, Lloyds TSB, NatWest), these new movers and shakers have "It's clear the payments landscape is set for further upheaval, with major regulatory changes on the horizon and cost-cutting initiatives well under way" Some countries, however, are already taking matters into their own hands and have begun to migrate their domestic payment schemes to the new payment instruments. According to the European Commission's Second Annual Progress Report on the State of SEPA migration (November 2009), there were three member states where public administrations beat the general average SEPA Credit Transfer (SCT) migration trend by a large margin, namely Luxembourg, Slovenia and Belgium, with SCT rates of 100 percent, 60 percent and 18 percent respectively. It seems that where there's a will, there's a way. However, in order for the vision of harmonised Regulatory changes In addition to combating payment fraud, complying with regulatory initiatives, such as 124 www.fsteurope.com a great opportunity to leapfrog the competition through the use of more sophisticated and agile technology. The ability to implement systems and processes with a technological `clean slate' gives these banking start-ups a huge potential advantage � if they can capitalise on it. While the Big Four are likely to retain their dominance the UK retail banking market in the short-term, any increase in competition will certainly cause concern for banks that are dealing with dissatisfied customers and public anger at recent scandals surrounding the fi nancial crisis and bankers' bonuses. These smaller, more reactive competitors could certainly shake things up through the use of innovative and agile technologies, and this in turn can only be beneficial for customers. tory following the recent credit crisis. The Bank of England, the Financial Services Authority and the Treasury are working together to identify and resolve weaknesses in the current UK regulatory framework. Under the new regulation, banks will need to enhance systems and controls. However, they often have to address this challenge within a siloed and disparate IT infrastructure containing massive duplication of processes and resources from years of organic growth and mergers and acquisitions. While all banks currently have some way of measuring liquidity, the systems responsible have typically grown organically over the years. These old legacy systems are naturally complex and difficult to maintain. Agile payment systems Managing liquidity As new players encroach on their market, traditional banks, face the additional pressure of ensuring payments liquidity. While this has always been best practice, good liquidity management has now become mandaThere are many more challenges facing the banks such as how to provide practical alternatives for cheque payments. In order to face and successfully manage the current and future challenges in the UK payments land- scape, fi nancial institutions need to improve and update their payments systems to ensure greater agility. They need integrated systems that handle payments from any channel, whether consumer or corporate, from start to fi nish � with no redundancy of technology, or duplication of processes and labour. They need the ability to manage transactions quickly and effectively, to decrease the need for manual intervention and costly interfaces between different systems, and to quickly roll out new products to meet the changing needs of customers. It's clear the UK payments landscape is set for further upheaval with major regulatory changes on the horizon and cost cutting initiatives well under way. Within this environment, the importance of a modern and flexible payments infrastructure cannot be overlooked. While this cannot be achieved overnight, banks need to start looking at how they can make their systems more agile and remove silos. This approach will help banks deal with the current challenges of fraud, regulation and market competition, as well as providing a solid basis for the further industry changes and challenges of the future. www.fsteurope.com 125 COMMUNICATION Waking up to social media With social media here to stay, banks should be fully exploring the possibilities this medium brings... but what is the best strategy to adopt in order to stay ahead? Ian Clover investigates. T he rise of social media is a phenomenon that has swept through every sector of commerce in the past couple of years, slowly but surely transforming the manner in which companies deal with their customers, who now not only have a voice, but a terrifyingly far-reaching soapbox upon which to spout their various ills or thrills. Poor social media strategies have had a deleterious impact upon a number of global giants, including perennial fall guys Nestl� and new bad-kid-on-the-block, BP. There is little a company can do to smother bad publicity in the social media sphere, but they can assuage it so long as they adopt a proactive, positive approach. Banks, in particular, are precariously positioned as we enter an age where the customer is now not only always right, but always online and connected. With confidence in the banking industry lower than the opening box office figures for a Ben Affleck movie, bridges need to be built, and social media � for all its potential pitfalls � must be embraced. "The first question I would ask a CIO or a CEO of a large bank is: `Are you more or less likely to have to deal with this issue in the future?'", says Brett King, author of Bank 2.0 and renowned banking sector advisor. "`Is there a chance that this is going to go away, or is there a chance that you are going to have to deal with this at some point?' I think we all know the answer to that. So the sooner banks learn about the challenges of integrating social media strategies into their business, the better off they are going to be." The banking sector has been slow to pick up on the possibilities of social media, and perhaps with good reason. Security and fraud issues are obvious concerns, as results from a recent survey revealed. Technology analysts Forrester Research conducted a study on this very issue and found that � of the 5000 US adults they surveyed (online, naturally) � 71 percent had little or no interest in accessing their bank accounts through social media channels like Facebook. Their main worries were the threat of hackers (60 percent) and the issue of privacy (59 percent), while 126 www.fsteurope.com 88% of Swedish bank customers never visit a branch more than half wanted to keep their social and fi nancial lives separate (56 percent), or did not trust social networks' security (43 percent). A mere 17 percent said that they were interested in banking through social media sites. "We can see that people are growing more comfortable with social media but they do not yet see a direct connection between social media and banking," says Mark Schwanhausser, Senior Analyst for Javelin Strategy & Research. "There is a disconnect for them there � they do not see social media as a place for conducting banking activities." King, however, disagrees. "We are certainly more reliant upon interacting with the bank via technology these days. The metrics have changed. Traditionally banks made strategic decisions around how convenient it was for customers to get to their branch. Today, that convenience element is shift ing towards electronic interaction. "There have been three phases to this shift. The first was the introduction of the internet, which produced a shift in transactional behaviour. Essentially customers began undertaking day-to-day transactions and transfers, balance checking, bill payments and the like, so much so that internet banking is fairly well accepted now. Indeed, in Sweden in 2009, 88 percent of retail banking customers never even set foot inside a branch. The second phase was the mobility shift, the fact that we realised, with the introduction of smart phones, that we had the capability to do everything online, on the move. "The third phase is mobile payments technology, conducting person-to-person or person-to-business payments through the mobile device, which further reduces the reliance on banks cashing your checks and conducting your transactions." Mobile payments are relatively well established in the banking sector, and the practice of making transactions via a social media forum is something that is edging ever closer to becoming widely accepted. Schwanhausser believes that neither the consumers, nor the banks, are quite ready to take this step just yet. "It is a rarity at this stage. There are one or two examples of transactions taking place through these forums, but it is not something that has been fully embraced yet." So if banks and consumers are not using social media to conduct actual banking, how is the medium being utilised? "Right now," continues Schwanhausser, "banks are primarily looking at branding and communication. Some are branching out into Twitter and building a presence on Facebook, getting comfortable with these mediums and protecting their own turf, while other banks are being more proactive and using LinkedIn, YouTube and their own specially created forums for aggressive marketing strategies." One such bank that has fully embraced the potential of social media is Wells Fargo, which has developed a sizeable presence on Twitter and through a number of specialist blogs. "We started our online channels in 2006 and I think that we were the first major bank with a dedicated social media team," says Ed Terpening, VP of Social Media Marketing at Wells Fargo. "We have launched six blogs to date and if there is an idea for a new blog we give it careful consid- eration, asking ourselves questions such as: `Is it sustainable? Do we really have a long-term conversation here? How is it going to help our customers?' We see it as a long-term commitment to our customers." Creating a social media presence is merely the first step. It needs to be augmented, managed and tailored to suit the audience it is trying to attract, converse with and serve. A silent presence could be more damaging for a bank's reputation than no presence at all. "Banks, like Wells Fargo, need to have a plan before diving in," warns Schwanhausser. "I think there are some banks and companies out there thinking that they have to do something, anything, just get involved. There is no downside to listening to your consumers, whether on a street corner, in a survey, at the teller, or on Twitter. The danger comes if you are unresponsive. Being part of the conversation, starting the conversation, showing that it goes somewhere, being responsive, committing to your social media agenda � this is what banks should be doing." Indeed, listening to what your customers want is an ageold strategy for large companies, banks included. Consumer feedback is undoubtedly more instantaneous, far-reaching and potentially damaging today than it has ever been. Social media platforms give consumers a potent voice and these voices should not be ignored. There is, however, a danger in listening too intently to what your customers are saying, particularly if it detracts from the overriding focus and strategy of a company. Online revolution Traditional banks need to recognise the value of social media if they are to keep their grip on customers in the thawing economic climate, according to Datamonitor. The independent market analyst believes the rise of social media has facilitated a fundamental shift in power from banks to consumers. The research reveals how UK consumers are leading the way, as 50 percent are using a variety of online tools to make their financial decision compared to 41 percent globally. According to the Datamonitor findings, `online media' is most popular amongst the 25-34 year old segment in all regions except APAC (Australia, Singapore and Japan). www.fsteurope.com 127 INDUSTRY INSIGHT The permeable enterprise Managing information flows could be the next strategic challenge, says Michael Schuster. A while ago it was perfectly sufficient for enterprises to focus on managing the internal information flow, how departments worked together, why and where decision processes needed up-to-date information in order to work or what upcoming trends and developments might influence the strategic decisions taken. Only PR and communications departments tried to listen to the ongoing conversations in the market and gather outside information to feed back into the organisations. However the landscape has changed dramatically in the last few years, due to the advent of regular use of public or semi-public communication platforms by employees, clients and partners. Today it is more likely that one of your employees will use a blog, Facebook or Twitter to publish valuable information and most of the insights retrieved are from close monitoring of public information streams full of knowledge. You probably heard of one or two PR disasters, where international companies lost not only trust from clients or partners, but stock prices dropped due to bad publicity spread through social media. That is only the bad side of modern information markets, but what you might not have heard of are all those examples where those online conversations helped to make better or faster decisions. That is most likely due to the fact that hardly any organisations have a structured approach to monitoring these conversations. A recent survey by McCann Erickson found that 45 percent of communication managers don't have a monitoring strategy and just use Google Alerts tracking the organisations name or brands. The firehose of Google Alerts controlled centrally can't be viewed as a viable strategy, nor can a pure demand and search based approach. Some employees might already be using other tools such as Google Reader to build a diverse and manageable information inflow. What are the alternatives? At fi rst, you might consider training your employees to bring the social media monitoring topic to everyone's agenda. Then you might consider specialised tools that help manage all the sources, be it printed news, web news or social media. For US companies Radian6 or Sysomos offer comprehensive solutions, exclusively targeted to social media and with a clear US focus. System One Radar is a integrated solution, covering print, web and social media news, especially for Europe. It seems that this approach is not just a necessary step to better control the information inflow into the organisa- Michael Schuster is Head of Products and Services at System One, a semantic technology company from Vienna. He has been working in social media, strategic consulting and software development for over 10 years, helping companies adapt to the changing media landscape. tion, but a true game changer when it comes to information use. Th rough social collaboration tools that span partners and clients outside the organisation, many companies have already opened up the knowledge space and let others take advantage of the many insights within the company, creating a vibrant ecosystem that sometimes makes it hard to distinguish between inside and outside of the organisation. Monitoring public information streams is just the other part of the equation, letting more outside information in by actively exposing the organisation to the wealth of data without letting it drown in it. The key to this, looking at best practice solutions, is the semantic analysis of content and semantic search in general to minimise the noise and fi lter out the signal that is hidden in all that information. Most likely many of your employees will already use public information and their own `semantic' algorithms to harvest public information sources, be it through following the right Twitter users or sift ing through industry insight blogs. The permeable enterprise accepts that fact and offers tools and strategies to manage the barrier, or as Mark Plakias, VP Strategy from the Orange Labs SF puts it in his strategy paper on the porous enterprise: "The toppling of the Berlin Wall marked a dramatic transition from a structured, command-and-control regime, to a more vibrant, democratic and market-driven society � a triumph of dynamic over static. Today's managers have the opportunity to stage their own revolutions, unleashing new levels of prosperity. One thing is for certain, if the leaders don't stage this revolution, the workers will." "Today's managers have the opportunity to stage their own revolutions, unleashing new levels of prosperity" 128 www.fsteurope.com Your World. COVERED From the people you hire to the products you sell, if you're in business, we've got it t covered... Financial Services Technology Providing for its customer's needs and demands is the goal of financial institutions now more than ever. But it is a tricky remit to fulfill. You customers want it all � security, cost-efficiency, speed, added functionality and, most of all, convenience. Can it be done? Read FST to find out... ALSO AVAILABLE FOR: US US Edition Find out more: www.fsteurope.com Next Generation Pharmaceutical Approximately 50 percent of new drug development fails in the late stages of phase ||| � while the cost of getting a drug to market continues to rise. NGP features interviews with pharmaceutical experts from the discovery, technology, business, outsourcing and manufacturing sectors. Available for: EU, US CXO Technology leadership is merging with strategic and financial leadership, and senior management is being called into a partnership for the future. CXO brings together a range of voices with one shared vision: to develop a strategy that considers business needs and technology's role in moving your company forward. Available for: EU Find out more: www.ngpharma.eu.com Find out more: www.cxo.eu.com Next Generation Food NGF gives food solutions experts the opportunity to learn how retailers and manufacturers manage food safety issues around the world and to debate on the latest trends and developments in food. Available for: EU, US Infrastructure Infrastructure provides insight on how developers can achieve critical objectives by integrating leading-edge solutions across their operations � helping them to make informed decisions about technology and operations solutions for all of their areas of responsibility. Available for: EU, MENA, US Find out more: www.nextgenerationfood.com Find out more: www.euinfrastructure.com Travel p134 36 hours in Paris Gadgets p136 A look in the executive toy box Agenda p140 Our pick of the top events across Europe Books p142 The best business reads of Q3 Details. Swiss spas When it's time to recharge the batteries, there's only one place to go for the ultimate in luxury, discretion and top-of-the-line spa treatments: Switzerland. 132 DETAILS DOWNTIME Let off some steam Grand Hotel Kempinski, Geneva This luxury hotel sits right on the edge of Lake Geneva, with a view of the Jet d'Eau and Mont Blanc sprawling to the front, and modern elegance contained within. The comfortable rooms are lined in soft fabrics and plush furnishings in natural blues and neutrals, playing to the floor-to-ceiling windows framing the lake. Though the hotel boasts a large swimming pool and well-equipped fitness facility, Le Spa will be the final stroke on a masterpiece of a property. Centred around three to five-day experiences taking place in the luxurious interior, the spa combines authentic, healing Ayurvedic therapies from India and globally-sourced, beautifying treatments in calming, natural, contemporary Asian and Arabian interior surroundings. S wiss spas are some of the best. While every hotel with a spare star to its name boasts a spa these days, we're talking about more than mere massage � more like holistic treatment plans, considering everything from vitamin supplements to plastic surgery. From the famed hot springs to the latest in cutting edge science, take the five-star route to wellness at these legendary spas. Clinique La Prairie, Montreux Luxuriously appointed guest rooms and spacious bathrooms, with terraces overlooking the garden and Rodin's Cyb�le sculpture, to the majestic Swiss Alps in the background, are complemented by the on-site hospital with access to more than 60 medical specialists in over 25 fields. Clients have the option of indulging in specialised medical consultations and procedures, from dental to dermatology, general to plastic surgery. The nutrition and dietary consultants are top notch, beginning each stay by creating a customised plan to be carried out by the talented executive chef. Diet-focused clients take a minimum two-week stay to ensure they're fully absorbed in their new diet and exercise regime by the time they head home. DOWNTIME DETAILS 133 Hotel Les Sources des Alpes, Leukerbad This expansive property on the southern shores of the Swiss Alps stands as a paragon of relaxation and well-being. Leukerbad is one of Switzerland's famous thermal towns, and the hotel takes full advantage of being right at the source. They begin the experience of calming and healing from the moment you arrive, with spacious, serene, lightfilled rooms in calm, neutral tones, and a stunning view of the natural beauty outside. The thermal spa experience is based out of the Aquawell Centre, where specialists create a course of personalised treatments: specific massages or hydro-massage, mud treatments and stimulating baths. The Dolder Grand, Zurich One of Switzerland's legendary spa hotels, this palatial property overlooking the city of Zurich is actually part of the larger Dolder Resort, which includes a business-oriented hotel for travellers, the Dolder Waldhaus, and Dolder Sports, an athletic complex popular with visitors and locals alike. However, the classically elegant Dolder Grand takes the visual and sensual award with no contest. Ladies and men's spas are separate for the comfort of their guests, and exercise facilities are located in the spa area along with 19 treatment rooms and two spa suites for the many couples that visit to escape the city. Cinq Mondes Spa, BeauRivage Hotel, Lausanne One of Europe's true palace hotels, the BeauRivage sits on a manicured 10-acre garden overlooking the bright blue expanse of Lac Leman. Its luxurious rooms and gourmet restaurant have played host to everyone, from Coco Chanel to Nelson Mandela. For many years, surprising for a hotel of this stature, there was no spa at all � but finally, the experts at Cinq Mondes created a facility befitting such a setting. The 15,000 square foot contemporary facility boasts an indoor and outdoor pool complex and Jacuzzi with floor-to-ceiling windows facing the mountains, as well as a sauna and a traditional hammam steam room. 134 DETAILS AWAY ON BUSINESS 36 hours in...Paris Time: CET (UTC+1) | Area code: +33 | Currency: Euro | Population: 2.2 million (city) In the know With over 650,000 companies based in the Paris region, an enviably efficient infrastructure and a reputation as the world capital for trade fairs, conferences and exhibitions, Paris is an enchanting city and the most visited region in the world with 45 million tourists annually. Dubbed the City of Light and the Capital of Fashion, Paris has a reputation for being the most beautiful and romantic of cities and remains vastly influential in the realms of culture, art, fashion, food and design. Time off Drink You can't go wrong when looking for a post-meeting drink or a nightcap, but one of the best places is Le Fumoir. A handsome bar this has a definite `smoking room' feel and is a great place for an excellent cocktail or two, while the chic leather chairs are great to unwind in after a tough day. An iconic city, Paris has much to offer and many sites to see � and no trip to the city could be complete without taking a trip to the top of the Eiffel Tower and a visit to the Jules Verne restaurant, where the scallops are legendary. If staying on the ground is more your style, grab a bottle of wine and head to the grassy area beneath the tower. If you are looking for culture than the Louvre is definitely top of your list. With almost 35,000 works of art on display, from Greek and Roman antiquities to Egyptian objects and Renaissance paintings, the museum covers a vast spectrum of civilisation. Must-sees include the Marly horses, Vermeer's Lacemaker and Da Vinci's Mona Lisa. Beware that the crowds can get pretty unbearable. AWAY ON BUSINESS DETAILS 135 Sleep Old-world opulence will draw you to the palatial Ritz, quite possibly Paris's most famous hotel. With European aristocrats, prices of finance, political elites and famous artistes among the many famous guests, you'll be in good company. If you can afford the super expensive rate, from 550 to 13,650, a martini in the Hemingway Bar, voted the best bar in the world by Forbes, is a must. The Hotel Plaza Ath�n�e mingles glamour and tradition with state-ofthe-art technology and is a great venue for meetings or business conferences. Windows open onto either the Avenue Montaigne, lined with magnificent chestnut trees, the peaceful Cour Jardin, the rooftops of Montmartre or even a side view of the Eiffel Tower. Located by the Seine on Avenue Montaigne, there are more than 50 luxury boutiques on the same street. FAST FACTS Rigid organisational hierarchy still reigns in France, so do your homework and check who's who before you meet them Do as Parisians do and take time to socialise over a meal According to the 2010 survey from Economist Intelligence Unit, Paris is the world's most expensive city to live in. Eat Les Ombres is set in an impressive location at the Branly Museum's quirky rooftop restaurant, where Jean Nouvel's interior design reflects the shadow cast by the Eiffel Tower. If you're looking for somewhere glitzy to do business, head to the Restaurant Alain Ducasse au Plaza Ath�n�e, where the ceiling drips with 10,000 crystals and the menu is Michelin-starred. A popular venue with politicians, celebrities and business leaders, ensure you book at least two months ahead. Restaurant Victor in the charming Trocaderi are of Paris' 16th arrondissement is a large French bistro, popular with local business people for great food, friendly service and bustling atmosphere. The dining room sums up Parisian chic with shiny wooden flooring, large tables and grand high ceilings, while the most popular dishes are the rack of lamb and beef tartar. For a unique business meeting or a VIP celebration, try Le Showcase. A converted hangar under the Alexandre III bridge this chic disco venue has credibility, atmosphere and space for over 1000 people, plus it's right in the city centre, just off Avenue des Champs-Elysees. Shopping And, with Parisian shops an integral part of the city's cultural identity, a trip around the main shopping areas is a must. The boulevard Champs-Elys�es, formerly the bastion of fashion and now sadly aimed squarely at tourists, should be visited for Guerlain Parfumerie alone. Haute couture is to be found on Rue du Faubourg Saint-Honor� and Avenue Montaigne in the eighth arrondissement and the three main flea markets with bargain treasures are situated around the old gates of the city. Paris-headquartered firms: Air France; Alcatel-Lucent; Chanel; Euronext; L'Oreal; Soci�t�-G�n�rale; Total; Veolia 136 DETAILS EXECUTIVE TOYBOX Fore sight With the 2010 Ryder Cup fast approaching, FST takes a look at some gadgets no keen golfer will want to be without. Garia Soleil de Minuit Golf Car If you want to really turn some heads on the links, there can be few better status symbols than a bespoke golf car built in the same factory that produces the Porsche Boxster. Hand-crafted to the most exacting specifications, Garia's golf car is the Bugatti Veyron of on-course transportation. While the full-spec version costing US$52,000 it might be a little outside the price range of the average golfer, a base model can be picked up for a paltry US$17,499. Golf Bag Alarm System Even when you're on the fairway, you aren't safe from crime. A golf bag left unattended for even just a few moments is a juicy prize for the opportunistic thief who might be lurking in the rough. Cunningly disguised to sit unnoticed amongst your golf balls, this alarm emits a powerful tone if it detects motion or if it is moved more than 30 metres from the key fob, which then bursts into life in your pocket. Just don't tee off with it by mistake. r Shadow Caddy If the pleasure of a round of golf is hampered by having to lug your own clubs around, the Shadow Caddy could be for you. Simply clip a small transmitter to your belt and this fully automated carrier will follow you around the course for hours without a word of complaint. With the heavy lifting taken care of by your mechanised assistant, you're free to concentrate on perfecting your swing. As an added advantage, it won't laugh at you if you miss an easy putt. Garmin GolfLogix GPS-8 How can you be sure you've picked the right club to get you to the green, without an unnecessary stopover in a bunker? Sometimes human senses just aren't enough, so it seems only fair that you would seek a little help. This handy gizmo will give the exact distance from your location to the pin, enabling you to find your range much more easily. You'll still have to hit the ball yourself, but it's better than nothing. r r r 138 DETAILS INTELLIGENCE Banking on the brand Financial institutions need to take their corporate identities seriously if they are to truly differentiate themselves from the competition, says Malcolm McDonald. 10 4 HSBC (UK) US$10,645m Top 10 European banking brands 2010 6 Barclays (UK) US$8172m A t least some financial service companies are at last taking branding seriously � not before time! In the financial and insurance sectors, very few brands have managed to create a complete set of perceptions in people's minds. A question such as "What does Barclays offer which is different from Lloyds TSB?" would probably lead to a puzzled silence. The large majority of consumers cannot differentiate significantly between the brands of major banks and insurance companies, in spite of the billions of pounds spent each year on advertising. Exceptions such as First Direct are rare, whereas in the airline industry, there is a clear differentiation between Virgin, Lufthansa and Singapore Airlines. The infamous British Airways advert "We take more care of you" failed precisely because they forgot to tell their staff. The challenges marketers face when establishing service brands is illustrated by the history of the UK insurance sector during the last 25 years. Characterised by complex products, pushy salespeople and little understanding of the role of marketing, this translated into a low degree of brand differentiation. Most companies appointed advertising agencies with a fast-moving consumer goods (FMCG) background, which led to name awareness adverts rather than communicating the benefits of the different insurance brands. The result was that consumers regarded the products as commodities and intermediaries could therefore easily eliminate a brand from their product portfolio because no one really cared. Just imagine what would happen if Tesco tried to eliminate Heinz, Kellogg's, Mars and Persil from their portfolio. The deregulation of the UK financial services market in 1986 increased the degree of competition in the insurance sector, allowing other players such as banks to enter the market. This decreased the importance of insurance brokers and responsibility for choosing insurance products moved inexorably towards the consumer. Insurance companies, however, failed to adapt their communication strategies, their point-of-sale material, or their follow-up literature in response to this new consumer power, which 1 Santander (Spain) US$ 16,116m 3 BNP Paribas (France) US$10,654m 5 Soci�t� G�n�rale (France) US$9879m INTELLIGENCE DETAILS 139 Using a royalty relief methodology that determines the value of the brand based on the royalty rate that would be payable were it to be used by a third party, analysts Brand Finance have rated which EU banks have the most admired corporate identity. 2 Sberbank (Russia) US$11,729m 9 Deutsche Bank (Germany) US$7051m 8 Credit Suisse (Switzerland) US$7371m 10 7 Unicredit (Italy) US$8172m UBS (Switzerland) US$7022m positioned the product's generic features in largely technical language at the expense of any competitive brand positioning. With consumers' ever increasing demand for better quality, enhanced service and greater convenience, banks and other financial services providers need to learn from companies like Tesco how to transform a commodity into a strong brand. This raises the question about what constitutes a powerful brand and why the financial services sector needs to move away from the traditional FMCG model. Firstly, a brand is a name, symbol or design on a product, service, person or place. A successful brand, however, creates sustainable competitive advantage for its owner through superior market performance because users perceive unique, relevant added values which match their needs most closely. As Tim Mason, the former Tesco UK Marketing Director said: "Pseudo brands are not brands. They are manufacturers' labels. They are `me too' and have poor positioning, quality and support." IBM, Cadbury's and Tesco are excellent examples of successful corporate brand names, whilst Persil, Nescaf�, Dulux, Castrol GTX and Intel are excellent examples of product brand names. Secondly, financial service companies need to realise that the brand is more important than the products they sell. Like the grocery market, banks lack a physical product. A service brand, therefore, is based entirely on the way the company does things and on its values and culture. This is because a customer's perception of the brand depends on individual interactions with the staff of the company. So brand building needs to be undertaken from the bottom up and involves a profound analysis of every aspect of the interaction between the customer and the company. Aviva, formerly Norwich Union, subtly and gradually changed its logo to replace lots of regional brands. But it also undertook top to bottom development training at Cranfield to underpin its rebranding with company-wide customer orientation. The current lack of differentiated powerful brands in the financial services sector clearly illustrates the overall challenges associated with services branding and the need for a new mindset. A successful service brand has to be based on a clear competitive position, requiring the involvement of the entire company. The brand's positioning and benefits should then be communicated to target market segments, taking account of the differing preferences of the members of these segments. This is precisely what differentiates Tesco from ASDA and which accounts for their phenomenal success. Malcolm McDonald is Emeritus Professor of Marketing at the Cranfield School of Marketing. A version of this article first appeared in Management Focus, the School's bi-annual thought leadership magazine. Source: Brand Finance 140 DETAILS AGENDA Coming up... Sport, music, art and tomatoes: it's all happening in the next few months. r r Revellers fight with tomato pulp during the annual Tomatina 25.08 Tomatina A food fight festival held on the last Wednesday of August each year in the town of Bu�ol in the Valencia region of Spain, tens of metric tons of over-ripe tomatoes are thrown in the streets in exactly one hour. The week-long festival features music, parades, dancing and fireworks and on the night before, participants of the festival compete in a paella cooking contest. 11.08-16.08 Sziget Festival One of the largest music and cultural festivals in Europe. Taking place on leafy Old-Buda Island on the Danube, the week-long event is one of the definitive European rock festivals with 390,000 visitors in 2009. As well as the typical rock acts, there is a blues stage, jazz tent and a world music stage. Total Gallery ridden by Jonny Murtagh wins in 2009 r 03.10 Prix De L'Arc De Triomphe Popularly referred to as the "Arc", this is the most prestigious horse race in Europe and one of the most important horse race meetings on the European calendar. The richest race in Europe, it attracts the winners from the biggest races in England, Ireland, France, Germany and Italy. Mike Patton of US alternative metal band `Faith No More' performs on the main stage of Sziget Festival in August 2009 AGENDA DETAILS 141 r Entering it's final week street performers, musicians, actions, magicians and theatre groups all flock to the Royal Mile to demonstrate their special talents 13.08-05.09 Edinburgh International Festival For three weeks every August, the Edinburgh International Festival brings the Scottish city alive with the best classical music, theatre, opera, dance and visual art from around the globe. r 03.10 The Ryder Cup This year the competition takes place at the Celtic Manor Resort, in the heart of the rolling Welsh countryside. Corey Pavin and his team look to once again conquer over Europe and remain champions of this prestigious event. Corey Pavin in action last year A dress rehearsal for Armida at 2009's Salzburg Festival r 25.07-30.08 Salzburg Festival A prominent festival celebrating music and drama, the Salzburg Festival is held each summer within the Austrian birthplace of Wolfgang Amadeus Mozart. Divided into three components (Opera, Drama and Concert) there are at least a couple of different performances taking place every day. One of the highlights of the 2010 festival is Shakespeare's A Midsummer Night's Dream. 142 DETAILS BOOKS Hot off the press FST takes a look this quarter's most important financial books. Wall Street at War: The Secret Struggle of the Global Economy By Alexandra Ouroussoff Many of the problems that lie at the heart of the current financial crisis stem from a significant but little-known conflict that began in the early 1980s: Western credit agencies acquired much greater power due to investors shifting priorities, and so controlled the ability of corporations to gain access to capital. Exploiting more than six years of fieldwork on Wall Street, this book describes, for the first time, the unspoken conflict between corporate executives and the credit agencies responsible for assessing the financial risk their investments posed. FST says: An in-depth and fascinating look about how corporate greed and risky business strategies brought the financial industry to its knees. The true cause of the financial crisis is still up for debate. Myriad suspects have been identified, from greedy investment bankers to governments encouraging home ownership, through feckless borrowers, dilatory regulators and myopic central bankers to violent video games and high levels of testosterone on the trading floors. Howard Davies inspects the evidence for these arguments, inviting the reader to assess each, and the likely effectiveness of the proposed remedies. FST says: An interesting look at the factors that might have been behind the global financial crisis. Hopefully lessons can be learnt for the future. The Financial Crisis: Who Is To Blame? By Howard Davis Why Iceland? How One of the World's Smallest Countries Became the Meltdown's Biggest Casualty By �sgeir J�nsson Even 12 months on from the breakdown of Iceland's economy, the scale of this tiny nation's downfall is still hard to comprehend. This is a country with a population of just 300,000 that up until the 1980s was heavily reliant upon the cod fishing industry. However, by the end of the century it had transformed itself into a major player in world finance, building an international banking empire worth 12 times its GDP. J�nsson examines the country's implosion in painstaking detail, where it all went wrong and the pivotal role the UK played. FST says: A well-written and in-depth account of the chain of events leading to Iceland's collapse from an expert behind the scenes. This is a real lesson in how not to run a nation's economy. Lords of Finance: 1929, the Great Depression, and the Bankers Who Broke the World By Liaquat Ahamed The current financial crisis has only one parallel: the Wall Street Crash of 1929 and subsequent Great Depression of the 1930s, which crippled the future of an entire generation and set the stage for the horrors of the Second World War. Yet the economic meltdown could have been avoided, had it not been for the decisions taken by a small number of central bankers. In Lords of Finance, we meet these men, the four bankers who truly broke the world. Liaquat Ahamed tells their story in vivid and gripping detail, in a timely and arresting reminder that individuals � their ambitions, limitations and human nature � lie at the very heart of global catastrophe. FST says: A compelling account of the greatest financial crisis ever, this book uses great insight to tell the personal story of the men behind it. Genuinely enlightening. iStrategy Europe 5-6 October 2010 The Millennium Gloucester Hotel, London Transforming the Enterprise with Digital Expertise Participation in Social Media and Interactive Marketing is no longer revolutionary. it's crucial. � The top 10 most important factors in your social media strategy � How to measure your social capital and monetize your efforts � Hot buttons to bring people to your web store front � How to find your best fit in integrating email and social media � How to deliver a response-driven, relevant message The simple truth is that there is no magic one-sizefits-all marketing mix. iStrategy will arm you with the deep understanding of aligning social media and digital strategy according to your organization's processes and operations to achieve the objectives you're after. Join us to network, share ideas, and most importantly find out how to build your marketing strategy to its fullest potential. In 2009, companies with dedicated social media activity boosted sales by over 18%, while those with minimal or no presence saw a 6% decrease. As 2010 marks a shift in consumer mentality from recession to recovery, companies must adjust their strategies according to how customers make purchasing decisions. Brand differentiation will be key, and companies must be at the forefront in areas like social web, mobile apps and SEO in order to create a distinguished customer experience. iStrategy 2010 marks the next step in your marketing strategy. Here, you will learn: � The biggest trends in consumer spending online � Innovative technologies for communicating with customers and how to best implement them For More Information, Please Call: Max Ford, Global Event Director. Tel: +44 (0) 117 915 4753. Mobile: + 44 (0) 7798 820 711 144 DETAILS PHOTOFINISH Reasons to be cheerful? British Prime Minister David Cameron and French President Nicolas Sarkozy share a joke at the G20 meeting in Toronto on June 27 2010. At the gathering, plans were put in place to overhaul banking regulation to prevent a repeat of the recent financial crisis and help speed economic recovery. There were agreements on a number of key points, such as compelling banks to hold more Tier 1 capital, increasing transparency and a commitment to the complete adoption of Basel II. However, criticisms have been levelled that the meeting didn't go far enough, particularly in allowing different countries to effectively set their own timetables for complying with the rules.