Page 1

BF_couv_HS10_BF_couv_HS09.qxd 06.10.10 16:07 Page1



Banque & Finance Banking Solutions 2010


Banking Solutions – October 2010

Special Edition: Banking Solutions Multiplateforme



C2 - C3- C4_Mise en page 1 06.10.10 16:04 Page1

BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page1

EdiTorial Essential strategic decisions


oday the challenges of technology are more numerous than ever for banking applications, and even more so since the recent financial and economic crisis. First of all, systems, solutions, and software must be available at an attractive, competitive price, since banks no longer enjoy unlimited budgets for their IT development, although it still represents a quarter of their operational costs. Yet solutions that help cut costs, boost efficiency, and create income synergies are in high demand, even “at any price”, as a major software supplier confirms. This may seem paradoxical, but the market decides. Secondly, today's banking technologies and applications require maximum security to improve risk control, especially after the shocking incidents involving confidential banking data either stolen or diverted from its original purpose. As for the activities linked to the front, middle and back offices, they will require increasingly sophisticated interactivity and automation processes. Many banks, especially private ones, are still reluctant to adopt standard CRM (Customer Relationship Management) applications designed to improve clientele management, preferring tailor-made software, indicating perhaps that a more detailed explanation of their advantages is necessary. Finally (among other aspects), banking applications must comply with new and stricter regulatory requirements including transparency, especially for banks using innovative financial instruments; reporting, for example with tax declarations specific to each country; and the accounting standards in force.

or not to the functionalities, its conception of operation, etc. He will also highlight file confidentiality, regret the loss of proximity, and recommend that customer management functions be kept in house. Yet another expert, just as well-informed as the first, will swear by outsourcing, declaring that it can help lower costs, lighten up the IT “burden”, simplify processes, allow concentration on purely banking activities, encourage resource flexibility, etc. All of these issues and many others represent strategic IT decisions, that are linked in turn to rigorous technological planning. A large majority of Swiss banks have already conducted or are currently conducting studies and audits on the subject, convinced of their usefulness... or under pressure from clients. To help guide their reflection, the professional authors of the texts in this 2010 edition of Banking Solutions, whom we sincerely thank for their contributions, share their experience and offer expert analyses concerning IT solutions, profession-specific software, Internet platforms, governance, security, reporting, risk management and additional specific applications, among others. The Swiss financial hub must also demonstrate its capacity for excellence, efficiency and open-mindedness when choosing its IT strategies, technologies and applications, to continue to gain market share and provide its banking clients with continuously improved services. This will be its challenge in the near future. ■

In parallel to these challenges, banks must also make a choice, extremely difficult given all of the parameters involved, between maintaining their IT infrastructure and back office internally or outsourcing them, in line with the Business Process Outsourcing philosophy that prevails today. Of course one well-informed advisor may argue that this choice depends upon the business model of the bank in question, its performances linked




BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page2

BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page3

TaBlE oF CoNTENTS Editor-in-Chief: Didier Planche




Contributors to this issue: Didier Assandri, Daniel Bardini, Sinan Baskan, Jean-Marc Belaich, Fabrice Bidard, Ian Blance, Jacques Bourachot, Frédéric Bourla, Philippe Braillard, Olivier Collombin, Marc Croteau, Christoph Erb, Reto Fankhauser, Francisco Fernandez, Sébastien Flaccavento, Dominique Freymond, Hans Martin Graf, Gareth Jones, Joseph Kuettel, Michel Mathys, Eric Mauge, Carlos Moreira, Edouard Owczarczak, David Royston, Alain Rubeli, Pierre-Yves Sacchi, Etienne Saint-Raymond, Henri Schwamm, Jean-Luc Spinardi, Paul Such, Motti TAL, Robert Weiss


46 Independant asset managers have adopted the social network


Essential strategic decisions

Shift your focus from Technology to Technology Management!


P.8 C. Erb – Finnova

Optimum functionality at affordable cost

50 Will Swiss Private Banks Rise to the Challenge?

13 Produce at better cost, or increase the quality of services, or even reduce operational risk

REPORTING 52 IFRS, “Fair value” & evaluated pricing

16 The banking system encourages innovation

55 … Or the paradigm of Total Information Privacy… 58 Critical issues in tax reporting and new IT systems

IT GOVERNANCE 23 IT Services: Bridging the communication gap

Delegated Editor: Roland Ray Marketing: Florence Ray

26 Legal governance versus internal security

Production: Maryse Avidor

28 End-to-end IT Management

Outline: Dominique Berthet

IT SECURITY P.13 M. Mathys, ERI Bancaire

Printing: Atar Roto Presse SA

RISK MANAGEMENT 61 How to reduce the risks involved in financial data management 64 Questioning the role of risk management in the prevention of crisis

32 Protection of company data against malicious IT staff

66 Service provisioning in the banking sector

34 The flip side of modern communication

SPEZIALIZED APPLICATIONS 68 Improvement in Trade Commodity Finance Industry!

36 Improvement by hacking

Web site: Edition and Administration: Banque & Finance 35, rue des Bains Case postale 5615 1211 Genève 11 Tel. +4122 809 94 60 Fax +4122 781 14 14 E-mail: Advertising: Médiapresse Pub SA 3, rue de la Vigie Case postale 1119 1001 Lausanne Tél. +41 21 321 30 77 Fax + 41 21 321 30 69 In charge: Roye Yarden


18 What do we mean by “dematerialisation”?

Publishing: Promoédition SA

Layout: Ursula Brugger

48 The trading cycle, from order initiation to execution confirmation, profits greatly from a coherent technology...

38 The ultimate barrier against data leaks

71 A unique monitoring platform for the banking and finance sector

40 The importance of security awareness in today's businesses

72 Be more competitive: give your users more time for value-added activities


74 Staying ahead with technology solutions

43 Credit Suisse establishes and IT Development Centre at EPFL

P.26 D. Assandri, Solvis


44 An integrated Global Front Office Solutions for Asset Managers - A successful project that leads to more...

Subscriptions: Promoédition SA Case postale 5615 1211 Genève 11 Tel. +4122 809 94 55 E-mail: Ccp: 12-17931-5 1 year subscription (6 issues) CHF 60.2 years subscription (12 issues) CHF 90.Banque & Finance is issued 6 times per year and publishes one special edition. © Promoédition SA, Geneva, 2010


P.44 P.-Y. Sacchi, DeltaConcept

P.58 J. Bourachot, Crédit Agricole

P.72 A. Rubeli, Apia



BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page4

aNalySiS ThE ChallENgE oF TEChNology maNagEmENT iN BaNkiNg

Shift your focus from Technology to Technology Management! Banque & Finance has interviewed Dominique Freymond*, independent board member and partner at management & advisory services, consultant in strategy and corporate governance**. Interview with Didier PLANCHE

The Banking Industry has fierce challenges ahead. ICT is there to support the banks in mastering them. But are we getting what we need? The answer is: It depends on you. Yes, if you have developed a comprehensive project portfolio aligned with your strategy, if you have set clear priorities, and if your focus is on sourcing rather than of technology. Yes, if you have developed a smart, i.e. modular and flexible ICT architecture and roadmap and focused on the end-to-end processes from a customer’s perspective, rather than on that of the bank. What are the challenges today regarding technology to help cope with strategic management in banking? There are three main overriding challenges that the bank has to address. First of all, the strategy cycles are becoming shorter, as in almost all industries and aspects of the economy. This calls for more flexibility and rapid adaptability to new evolutions and requirements. Our planning horizon rarely exceeds three years. Secondly, banking is undergoing an industrialisation process characterised by the breaking up of the value chain, a reduction of manufacturing depth by specialisation, commoditisation and, finally and as a consequence, by a strong pressure on customer retention and acquisition, and on defending the margin.



The third and last overriding challenge, a massive regulatory pressure exists as a result of a number of system malfunctions, generating a multitude of operational measures that have a substantial cost impact. Technology per se is available and can cope with the challenges mentioned. The real issue for the banks is to shift their focus from technology to technology management. Technology is not their core business. There is a vast IT-industry to take care of a bank’s needs, yet what we see in our current practice is a lack of maturity with regards to handling technology management. What exactly do you mean by that? It is about ICT governance. There are several questions that have to be answered: Is my IT optimally aligned on my business strategy? Is the money spent on IT generating the desired added value? What do I get for the money spent? Am I gaining in flexibility? Is my time to market improving? Is my client benefiting from a state of the art IT? In addition to governance, new skills need to be developed. Rather than acquiring best possible IT engineers, banks should develop their skills in sourcing, assembly, and redesigning the product portfolio, to allow a leaner production. A central issue is the skilful management of the project portfolio allowing an effective allocation of limited financial resources, i.e. cost. And what about tomorrow? The challenges definitively don’t stop there! Internet, in conjunction with broadband, is

radically changing our society, and this will not leave banking unaffected. Due to the impressive increase of the use of internet and the behavioural changes of the customer base, we will see two main streams: “Basic Banking” and “Value Added Banking.” As in other industries, e.g. travel industry, the midfield will disappear. While Basic Banking will call for maximum in automation at the lowest possible cost, entailing a further standardisation, Value Added Banking will require a sophisticated approach to customers’ increased maturity and level of information. So, the challenge will be to choose to operate with one business model or two different ones, and to fundamentally review client interaction with the bank. The other issue is regulation: It will become more and more difficult, and not always economically viable, for each bank to develop its own solution to respond to steadily growing requirements. As this is not a field of differentiation, standard approaches are needed, and these are provided by specialised third parties.

The challenges of software How do you see the evolution of banking systems? If we look at the “big patterns” we see three stages. With the exception of large banks, banks have more or less left the proprietary platforms behind them. Standard platforms like Apsys, Avaloq, Finnova, or Olympic, have massively gained ground. Whether costs could be lower or not is a question


BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page5

ChallENgE that can be discussed, but in any case this shift allows banks to concentrate further on the challenges on the client side. Along with the standardisation of platforms, BPO (Business Process Outsourcing) is evolving from an early stage concept to a mature business. In fact a bank still based on a proprietary platform (or on an old standard platform) has today a real choice to directly install a BPO solution instead of migrating to a new standard platform. This is definitively a major strategic sourcing decision. On their side the standard software editors are also facing a challenge: what is really the scope of their core platform and where is the boundary to specialized software solutions? On the market we see more and more specialized offers for specific functional requirements. Our conclusion is, as already mentioned before, that the capability of making smart assemblies will be crucial. It will also be important to invest in solutions that will become market standards provided by companies that will prevail. Any specific requirements from FINMA about outsourcing? FINMA published its requirements in its guideline Nr. 2008/07. It gives clear instructions about outsourcing responsibilities, security, data protection and secrecy, etc. Banks which publish an annual report are now providing, as requested, precise information about their outsourcing activities, its scope, and providers. What about specific offerings for the increasingly important legal reporting? Legal reporting adheres to this pattern. Constant changes in regulations encourage the development of specialised solutions and providers. Exsigno-Deloitte has developed an offer for the German taxation, Broadridge for the American and it definitively no longer makes any sense for a bank to develop these functions internally. These modules, of course, need to be integrated (or ideally hooked-up) to a standard core platform as a standard module. We will certainly see some specific standard modules integrated into different core platforms as they become market leaders. This illustrates what we described earlier as “assembly.” The result will be similar to a production assembly line composed of marketavailable standard modules from different provenience. Specific differentiating func-


Dominique FREYMOND tions will still be homebred or custom-made by specialised software companies. In any case, the classical IT and Back office-setup will substantially change.

They inform can in real time the officer on duty about abnormalities. This being said, there is no 100% guarantee. The volumes that are handled are huge and transactions move through many different systems at the mercy of hacking and fraud. Here again, the best possible protection is to use systems provided by specialised providers and to have a risk management policy that takes a broad view instead of a pure technical sight. What should banks develop themselves and what should they outsource? As said before: a bank’s core business is not software development nor IT operations. There are enough providers in these fields, the market has grown mature. It must be noted, however, that responsibility for software development also means knowing how to manage such resources. Isn’t it the best possible security to know that not only your bank is tracking IT providers, but an entire community? No, we would not recommend that banks stick to their proprietary system. We would instead recommend developing a clear sourcing strategy that takes advantage of the variety of the offering. A bank can outsource IT operations (ITO), can install a standard core platform and have it managed by a specialised provider (applications management) or fully outsource the back-office. Smaller banks have opted for BPO approaches and were able to be up and running rapidly, like NBAD with B-Source, or new banks that wanted to fully focus on the market like Banque Benedict Hentsch with Credit Agricole PBS. Of course there are functionalities that a bank would consider as differentiating factors. To handle these functionalities, a customised development by a specialised software company is appropriate. It is obvious that the core competences in banking logistics shifts from software development to defining smart architectures and roadmaps with an adequate sourcing strategy, including professional SLAs (service level agreements).

Why did banks underestimate the risk of confidential data theft, and is there an efficient way of mitigating this risk? Security is addressed at different technical levels, from hardware to highly sophisticated software. Encrypting techniques, separation of data, firewalls etc. are all quite mature, as well as logging of transactions and infraction attempts. But no IT system can be secure against malevolent intentions of those in charge of the IT system: We advise to include human behaviour in the risk scenario. IT cannot guarantee security against an employee in anger because he was fired or has financial problems. IT cannot be made responsible for all security leaks.

BPO in question

And what about the risk associated with banking transactions? A STP (Straight Through Processing) transaction is very well monitored, and matches Stelink/Stematch from Sterci, for instance. Such systems will report automatically all incomplete or suspicious transactions.

So what does that all mean in terms of IT governance? Do we need an improvement here? Yes, definitively! The problem is not technology. We all use only a fraction of the possibilities provided by the devices we use (mobile phone, PC, GPS, Internet). The real



BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page6



Dominique FREYMOND with Urs Buner, President Finance Forum issue is the change in attitude of the general management towards IT. It’s not primarily a cost factor or a technical issue, but it’s a central enabler for banking. It deserves careful planning, but not from a technical perspective, rather from a business one. It’s not an issue to be left to the head of IT, it’s a central issue for the general management and for the board of directors. Here are where we see large deficits. In other industries, major players have lost the largest part of their business to technology based new entrants, without the Board of Directors even realising it, e.g. advertising industry where Google, eBay and Ricardo were able to gain substantial market share at the cost of the incumbents in no time at all. Top management needs to tackle four main questions here: How do we govern our IT; is our attribution process in good shape? Do we have a flexible and progressive strategy and architecture that allows us to respond in an adequate and rapid way to market changes? Do we source the required functionalities to implement our business strategy in an optimal way to get maximum value for our money? Do we have an appropriate risk management system that includes all risk dimensions, not just the technical ones? Your company, management & advisory services, has just finalised a vast Delphi study on BPO in banking. What are the main conclusions?



The first conclusion is that BPO is getting established as a valid option for the Back office. Like the proliferation of standard core platforms, the front runners are rather smaller banks. They are the first to come to the conclusion that they’d rather invest their efforts on the client front. In many cases they are even aggressively pushing the concept and facing the providers with a clear development of their offering. In these cases, cost reduction is not even the main outsourcing criteria.

Now that the banks seem to have at least accepted BPO as a viable option, the challenge has somewhat shifted to the provider side. They need to develop a business model that allows a substantial cost saving for the mid- and large-sized bank at the same time “make money”. This is only possible if a standardisation leap is made. As we know, the natural tendency of all organisations is to move towards custom solutions. So Bank and provider need to “get allied” to push for the standardisation of the back-office. The bank COO plays here an essential role. He, as the Chief Sourcing Officer, needs to enforce the BPO providers’ standard bank model within the bank and still challenge the provider in the optimisation of the standard bank model to cope with the developing requirements of the bank. In line with the evolution of the BPO concept, we see an increasing need to review the processes, middle office set-up, and of course the product portfolio, in order to take advantage of the economy of scale by outsourcing the back-office functions. Many banks reported difficulties in implementing the calculated case. Once again: systems alone cannot make it happen! ■ D.P. The Delphi Study “BPO in Banking – present state and outlook” is available at: only in German. An English Version will be available by the end of 2010.

Bio * Since 1997 Dominique Freymond has been an independent board member of, among others, Swiss Post, Allianz (Suisse), SolvAxis, Sterci and other SMEs. He focuses on strategy, business intelligence, change management and corporate governance, mainly in the financial market. Prior to mas he was CEO of TKS-Teknosoft, exclusive partner of Tata Consultancy Services, providing offshore and on-site IT services and a banking solution in Europe. Before that, he had an assignment as “Chancellor” of the Canton of Vaud, secretary of the Government, chief of staff and spokesman. At Unisys he held various positions, such as Vice-President Field Operations, Central Europe, Chairman and CEO of Unisys Switzerland, and Customer services manager for Switzerland and Austria. At IBM (Europe) and Switzerland he held various positions in sales, marketing, market analysis, competitive intelligence, large account management and general management, especially in the mainframe area.He is Chairman of the Advisory Board of the Finance-Summit of Geneva ( He is also member of the Executive Committee of the Swiss Institute for Directors and Executives ( MAS ** management & advisory services (mas) has been active over the last seven years in the intersection of banking and IT at strategic level. Our scope includes defining the IT strategy and architecture, establishing appropriated ICT governance, reviewing the sourcing strategy, adapting middle offices to the new value chain. With the upcoming of internet we have advised companies about how to cope with the changes of paradigm, new business models, such as establishing direct banking. We help our clients in the field of m&a and investment advisory in our core


BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page7

BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page8

BaNkiNg plaTForm iNTErNaTioNaliSaTioN STEp-By-STEp

Optimum functionality at affordable cost The Finnova community presently numbers more than 90 Swiss banks with varying strategic orientations. Looking ahead, financial institutions outside Switzerland likewise stand to benefit from the know-how and experience of this software house based in Lenzburg. Christoph Erb is head of Customer Care and Member of the Executive Board Finnova. In this interview he comments on the challenges of expansion, technical and otherwise. Interview with Didier PLANCHE

Why is Finnova now expanding abroad? Switzerland is recognised for its extensive banking know-how and longstanding experience. Our product has become established as a standard in the home market, and we are convinced that the accrued experience and concepts embodied in our banking software stand to provide a great deal of benefit abroad. At the same time, there is a great deal that we can learn from other markets. Customers are in line to benefit from our foreign activities too, with new functionalities being integrated into our bankware package. Generally speaking, internationalisation planning and execution are progressing step-by-step according to our accustomed philosophy. The priority continues to be on existing customers – we shall not be exposing them to any risk. How far have you progressed with internationalisation at Finnova right now? We have analysed a number of markets with a view to involvements outside Switzerland. We are aware of their functional and regulatory differences, as well as country-specific specialities. From there came our decision to focus the initial phase of expansion on Luxembourg and Germany. As a result, we have already established a subsidiary in the Grand Duchy, Finnova S.àr.l. The first people have started work there and are active in this market. As a whole, development is progressing according to plan – we feel confi-



dent that we will celebrate initial successes in the not-too-distant future. Why is Luxembourg a priority in your considerations? We are active in other markets too, like Germany. In many respects, our analysis revealed a great deal of dynamism in the Grand Duchy. Moreover, numerous European and global banks operate subsidiaries there – so we view this location as a hub, or springboard for international growth. In your analysis, where are the greatest challenges? The answer differs depending on the country. There are plenty of parallels between Switzerland and Luxembourg – not only because of the banking secrecy that is practiced at both financial centres, but also in terms of the culture and the people. Then again, because Switzerland is not a EU member country, there are many differences as well, especially in accounting and regulatory matters. Yet there are close resemblances in the way things are done in banking business generally, and private banking in particular. What kinds of bank are at the focus of your involvement abroad? That varies from country to country, so we tailor our offering accordingly. In Germany, we are considering whether modularity is to be a marketing highlight. In Luxembourg, it is our total banking platform that we are pitching, primarily to private banks because they hold the largest market share in the

Grand Duchy. The institutions’ response to changed conditions brought on by the financial crisis will be instructive for us. What roles will onshore and offshore banking take in the future? Will we see multiple business units using centralised processing and service centres? Is client advisers’ mobility increasingly important – and with that, data and application availability? These are all questions of concern to a market that is in flux right now. Whatever directions are taken, we aim to provide efficient and effective support with our products and services. How do you respond to trends like these? We have specific answers on every front. If the market develops toward centralised computing facilities, then our multi-tenant tower concept represents a solution. Furthermore, our experience in Business Process Outsourcing makes it possible to consolidate multiple back offices into a single unit. If client advisers become more mobile, we can respond with our concepts for external mobile banking and external asset managers.

Software brings new perspectives How does Switzerland compare with abroad? We are certainly well advanced when it comes to implementing innovative outsourcing projects in areas such as hosting, computing centres, and application management. Our concepts are generating major interest and leading to intensive discussion.


BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page9

iNTErNaTioNaliSaTioN On the other hand, there is evidently a heated debate in Luxembourg about the idea of central business units doing transnational processing, for example. That comes down to the market structure, with numerous investment companies and global financial groups running their transactions through joint back offices. Here it is important to have transnational processes that are workable from technical as well as regulatory viewpoints. Discussions with national authorities, like Finma in Switzerland, have shown that our concepts meet these requirements too. What does that actually mean? Outsourcing regulations in Luxembourg are stricter in some respects than in Switzerland. Nevertheless, we will be covering all the bases. It could be just one group, or multiple banks that are outsourcing their processes to a central unit. It could be that these service centres are domiciled in the same country as the outsourcer, or elsewhere. As we see it, BPO offers major benefits in terms of cost, functionality and quality. Highly automated, modern software with integrated workflows can open new vistas on process optimisation.

Setting store by strong partnerships Why does your company offer no hosting, implementation or similar services? This is our clear strategy: setting store by strong partnerships. Banking software development is our core competence. Other companies have know-how and experience in implementation, hosting, or operating. This way, we can activate the best available resources in the marketplace and achieve the optimum for our customers. Where do you see the greatest challenges to expansion abroad? Do they concern regulatory matters, the people, or technical aspects? Technical aspects are least of our challenges, because the Finnova software uses contemporary architecture that integrates into any environment. Functionally, it is about implementing European directives in Finnova, accounting standards especially. We have cooperated with prestigious, internationally active audit specialists to this end. Customers can thus be assured of


Christoph ERB, Head of Customer Care and Member of the Executive Board, Finnova usable functions that support them in their work. The big question that remains is how to acquire fresh business in a saturated market where we are a new player. It means persuading banks about the benefits of our solution. What is the main thrust of your argument? We certainly point out the software’s great functional breadth and depth, combined with automation. Repeatedly, banks are surprised at just how much our solution covers already. That minimises the number of neighbouring and third-party systems, which bears positively on efficiency.

Parameterisation, operation with modest hardware and TCO – total cost of ownership – are arguments we put in the balance next to multi-tenant capability and our BPO concept, all of which evoke keen bank interest. Then again in Germany, the market structure with its predominance of larger institutions adds weight to integration in heterogeneous systems – and hence the modularity of our solution. Are the resources for internationalisation indeed available? Yes. Otherwise, we would never have ventured into this expansion.



BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page10

BaNkiNg plaTForm How important are the multilingual capabilities of your solution? That is a key argument, because there is more to it than just translating the software. Think of the handbooks, implementation manuals, technical documentation and support, to mention just a few areas. We practice this multilingualism, and accommodate regional specifics. Here we can profit from years of already being active in French-speaking Switzerland.

other areas, like national bank reporting, we will draw on standard solutions that are established in their respective countries. Technical adaptations to other modules are less extensive, although topics like MiFID do bear on a number of applications. We can address many of the modifications with our far-reaching parameterisation, which eliminates laborious programming. We develop all the bank-specific requirements within a defined process framework, using resources at our headquarters in Lenzburg.

Proven technical concepts What role does the model bank play in internationalisation? The model bank is a starting aid that facilitates immediate entry into working with Finnova. For this reason, we will be joining forces with our initial customers to set up country-specific model banks. These in turn will form the basis for establishing Plug & Bank®, our innovative deployment methodology for private banks.

What are your criteria when opting for thirdparty solutions? The first question is whether to make or buy. Do we have corresponding know-how in-house? Or is there a standard package already available on the market that we can efficiently integrate into the Finnova OPAL® interface concept? Those are the key questions. Our goal was and remains to keep our platform as technically compact as possible.

Which areas of the software require most adaptation? There are two: the overall bank management information system (MIS), and regulations. Where internationalising overall bank management is concerned, we are followingup on cooperation with our existing partners. Here we can benefit from the experience at msg systems and msgGillardon. In

What can you tell us about the Finnova Development Kit (FDK)? The FDK is a development environment that gives larger institutions the option of implementing certain modifications and additions themselves. For internationalisation purposes, we have further developed this tool into the Finnova Localisation Pack (FLP). We will have characteristics specific



to each country, and separate from the core. The FLP enables us to issue releases for each market independently, without affecting the core – or indeed other countries. The FLP quells any fears our existing customers may have about the negative impact of a release change. Meanwhile, with a certification programme for development partners we can activate additional resources where it proves necessary. Which technical aspects require particular attention? To begin with, certification for various platforms needs mentioning in this context – we are flexible here, the choice is up to the customer. System availability is also important in terms of automatic software distribution to national subsidiaries, asset managers, and advisers supporting their clients on the ground. The focus is on providing optimal functionality at lowest cost. What is the Finnova vision for internationalisation? We aim to establish successful footholds in further markets and grow incrementally, along with our customers. My personal vision is to see two-way benefits arise from the know-how that is present in Switzerland and abroad. ■ D.P.


BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page11

BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page12

BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page13

BaNkiNg plaTForm WhaT iS ThE purpoSE oF proCESS maNagEmENT iN BaNkS?

Produce at better cost, or increase the quality of services, or even reduce operational risk How is it possible that such a question can still be asked in 2010, when the answer is obvious for the majority of secondary and tertiary sectors of activity. Is banking such a different sector? Today, almost all banking activity takes place within well-defined processes. Just think about opening an account, requesting a loan, or even handling a stock exchange order: In each case, a required set of tasks must be carried out in a defined sequence. Why then ask this question? The answer lies in the word “management” that comes after the word “process.” Indeed, if activities are governed by process models, then clearly it is rarer to detect traces of management, because management should mean define, operate, control and optimise. Michel MATHYS*


t this level, we should ask the basic question: can banks differentiate themselves by their processes and therefore by their organisation – or must they? Initially, this is not the issue on which companies should base their competitive edge. To push this logic to its extreme, we could imagine that a bank procures a model of banking processes, and then optimises its organisation on the basis of this model. This can occur especially when a new entity is created, and the notion of what is done today, as well as the resistance to change, does not yet exist or only in the case of outsourcing (BPO). In the majority of cases, when it is necessary to define or redefine processes, we have to deal with what is already in place as well as multiple constraints. For this reason, it is generally found that process models are heavily customised. To avoid inventing the wheel all over again, access to models offer ing the best practices has become essential.


Moving to a more practical level, in what form are these ideal models to be found? Two major trends have emerged: first, in the form of written processes that are described with the aim of documentation and/or certification; and secondly, processes in a system that is aimed at automatic execution. In the first case, we are dealing with passive material that can easily be customised because it is not dependent on other systems, but which has a major problem of maintenance. How many collections of processes and procedures today still clog up the libraries of our banks with an obsolete organisational image? The alternative is the tools of BPM – Business Process Management – that contain process models in the form of flow charts and descriptions, which the bank will be able to customise and maintain on a regular basis over time. The most advanced providers of banking software offer material that is already integrated with the required tools, such as certain consulting firms that use it as a support tool in their advisory mission with the bank. If we return to the importance of differentiating processes, we can observe

Michel MATHYS, Head of Sales, ERI BANCAIRE SA that the architecture of information solutions is ultimately quite structured. The more systems there are, the more bridges need to be created, based on different working logic; in short, more systems mean a greater risk of having to modify ideal processes, without a clear added value. On the other hand, integrated banking software that covers the front-, middle-, and back-office in a harmonious whole reduces the need for customisation and lets the bank concentrate on purely organisational



BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page14

BaNkiNg plaTForm aspects. It can thus identify the distinguishing features of its processes, combining manual and automated activities. A practical example: a payment order for a client sent by email to the bank via the e-banking website can require control checks upstream (signature, transaction profile, liquidity, credit, etc.), implying manual tasks for several actors, which can also be incorporated in automatic processes. The aim of customisation would then be to gain a maximum of possibilities for automating processes, managing risk, and optimizing human resources. Looked at from this angle, it becomes clear that the only role of standardised processes is to be a model for customisation.

mation already known to the system is filled in. There is no need anymore to search for an entry point, or to enter redundant data. This provides higher quality processing, and a process that is faster, with reduced financial and operational risk for the bank.

and creates bottlenecks. In another still, the Service Level Agreements that were defined internally or externally are not respected. All these examples are typical of objectives of banks that set up control systems on their processes.

Controlling the process

Optimising the process

In many establishments, control is occasional and random. Occasional, because verification is required to make sure that the people in a department did indeed carry out their tasks, without an overview of the processes themselves; the sum of occasio-

The ultimate objective of every bank, is probably to achieve the highest possible operating margin. Most of them reach it from time to time, but ensuring ongoing optimisation is another story. The first condition: ensure that the objectives of the bank in terms of products and services are updated and formalised by a set of rules, and that the resources provided are appropriate, integrating external and internal constraints. The second condition: dispose of a definition of the processes within a system that bankers and their organisational support teams can understand and offer the facilities required for speedy and complete maintenance. The third condition: be able to simulate the load and service by using extrapolations of current measures, or by simulating the introduction of new products and services, or by modifying the conditions of existing products and services. When these three conditions are met, the bank can optimise its processes by anticipating the results of the changes that were introduced. In short, it is clear that information technology plays a key role in process management. The old way of working on documented procedures and task lists has too many drawbacks. They must not endure. The increased importance of operational and financial risk management argues in favour of automated management in this area. Many banks have already begun, sometimes simply by activating the technology tools supplied with their information systems, sometimes by launching spontaneous projects in critical domains. In either case, the time seems right for action. ■ M.M. *Head of Sales, ERI BANCAIRE SA

Rolling out the process This second step in process management deals with the dynamics: processes are activated within the organisation and make use of the relevant information tools, internal and external. In the past, the process was in fact based on a definition of the work methods, lists of tasks and a flow chart of responsibilities. The employee knows that he has to initialise a certain number of workflows, for which he has the access authorisations and that he must intervene to validate and check on other ongoing processes. In fact, he must have sufficient discipline and training to call up the appropriate IT transactions and thus enable the processes to occur as planned. This state of affairs carries with it a number of risks, such as long queues, omissions, errors in calls and transaction processing, with possible consequences at the level of the bank’s risk exposure. Current tools enable us to do much better. IT technology can be used so that each individual, or each system, having to intervene in the phase of a process, does so at the appropriate time, with minimum risk. Concretely, the person in charge of an activity is notified by an alert or a message informing him that his intervention is required. He has immediately available a list of tasks to do, and with a simple mouse click he can display the matching transaction, in which all the infor-



nal controls does not necessarily mean that the process has been completely carried out. Control is random because it can’t be systematic when it is done manually, otherwise the operational efficiency of the bank would suffer. The solution resides once again in the use of information technology tools. Automatic processes used in the BPM context are monitored individually; any anomaly is identified and can be used for launching processes that deal with anomalies practically in real time. Another dimension of control is that measures are presented as dashboards that make it possible to show indicators of the bank’s performance as a production tool, a commercial enterprise, or even as a source of risk. One process may be dealt with by delay and is closely linked to the volatility of market prices, another one does not handle the planned volume


BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page15

BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page16

BaNkiNg plaTForm iNNovaTioN CulTurE-a produCT FEaTurE

The banking system encourages innovation Nowadays, innovation does not happen in an isolated think tank within the confines of a company. “Open Innovation” integrates a company’s environment – customers, partners and universities – into its innovation processes. The open architecture of the Avaloq Banking System encourages this culture of innovation by creating innovation communities. The Avaloq Community forms a platform for discussions which ultimately leads to new functionality within the system. Francisco FERNANDEZ*


nnovation means “creating something new.” It starts with an idea and an invention. Only when both of these can be implemented in new products, services and processes, which have become established on the market, is it possible to speak of innovation. The most successful of them set standards and ideally become a new reference for excellence. Innovation is often the product of small teams; people who share the pleasure and drive to search for and develop solutions to a problem. This was the situation at Avaloq fifteen years ago. The chaotic growth of system environments in banks represented a real problem. These structures assumed forms that made companies unmanageable and destroyed their flexibility. IT effectively inhibited or, in extreme cases, actually made it impossible to efficiently implement corporate strategy.

Francisco Fernandez, 47, holds a diploma in Information Technology from the Swiss Federal Institute of Technology/School of Management Studies and is an entrepreneur focusing on IT for the financial sector. His two largest shareholdings are in Avaloq and in Adcubum. A passionate pianist (classical and jazz) and horseman, he wants to create and nurture a corporate culture in which every employee enjoys generating the maximum added value for their customers and thus increasing their own market value. ■



IT-An obstruction to innovation Banks invested in IT early on, before the IT sector became aware of modern architectures or of more sophisticated technologies and processes. This new sector, and particularly internal IT departments in banks, appeared (and in some cases still appear) to have a purely implementation function. Business is automated by information technology more or less to order. At best, it was seen as a way to optimise costs. However, this is not the path to true innovation. Those requesting change tend to copy their “old world” in just a slightly more automated form; most people, however, are resistant to real innovation and change. As Henry Ford said in 1910: “If I had asked my customers what they needed, they would have answered: ‘Faster horses!’ I developed the automobile.” Avaloq (still called BZ Informatik at that time) was fortunate: as the autonomous sister company of a bank, it was not subject to the restrictions typically imposed on IT departments in banks, but enjoyed a high degree of entrepreneurial freedom. As a result, version 1.0 of the Avaloq Banking System was the first system with a graphic user interface, full workflow management, general bookkeeping capability, including securities, as well as a mousedriven information browser – years before the Netscape browser revolutionised the world – and many other innovations.

The prerequisites for innovation There are other essential factors that crucial to bringing about to allow an innovation to come about and to prevent it from

sinking into obscurity as a useless invention: an understanding of the problem, pressure, creativity, freedom to act, diversity within the team, dialogue, skills, performance, economic thinking and respect. First and foremost, it takes an understanding of the problem. It is difficult to develop first a product and then find customers with a problem to fit the product. Irrespective of whether it’s a deodorant or a banking system, the solution should therefore begin with an understanding of the problem. However, to provide an intellectual description of the “banking and IT problem” of today is not a trivial issue. On the contrary, it requires intimate knowledge of the banking sector itself. There is an institution in which it is possible to acquire this knowledge and keep permanently up-to-date – the Avaloq Academy. Innovation means not only creating something new, but also implies change. In order to change something, it is first necessary to want to change it and secondly to be able to change it. As humans tend to be “changeaverse,” they need a problem and sufficient pressure to force them out of their comfort zone. It is possible to create pressure in a company by setting ambitious targets. A person’s own ambition can provide considerable incentive. And pressure from competition is always with us.

Intensive dialogue as a prerequisite Seemingly in contradiction with the need for pressure, innovators require time and space to consider the actual situation and to generate and think through different


BF_HS10_BF_HS09.qxd 06.10.10 16:24 Page17

proCESSES & CulTurE options. This is best achieved in an environment that favours intensive dialogue between idea generators and specialists who can examine and assess their ideas, rather than in a laboratory. Avaloq has therefore created forums such as “Techtalk” where ideas can be shared. However, there are other channels such as the “Domain User Groups,” where business specialists meet to discuss selected subjects with customers. Avaloq looks to the “Customer Advisory Group” for opinions and advice from its customers at C-level. Avaloq maintains relationships with leading universities such as the University of St. Gallen and the Swiss Federal Institute of Technology and invests in cooperative ventures with them. Last but not least, it also avails itself of the intelligence of its external partners by systematically asking them for feedback. In this permanent dialogue, it is important to accept that good ideas – in other words, the basis for innovation – can come from anyone, at any time. It is a question of corporate culture whether potential suppliers of ideas are treated with respect and heard out – irrespective of their level of seniority, whether they are bankers or engineers, whether they work for the company or not, or whether they are male or female. On the contrary: innovation thrives on diversity and the confrontation between different perspectives. Avaloq places great reliance on leverage effects by designing its products and services so that third parties can develop and strengthen their innovative abilities on the platforms. The fast-growing Avaloq Community is nurtured with care, as the company has a great deal of faith in the innovative power of Communities.

Finding talent and encouraging innovation The idea or the invention is one thing; implementation is another. The quality of an implementation depends strongly on the abilities, the attitude, and the motivation of the people who work on it (skills). It is therefore one of the most important tasks of management to employ the best, most motivated, and talented candidates that the market can offer. At Avaloq, we look for intrinsically motivated, enthusiastic people eager to effect change. People with a desire to perform well, high-achievers competing in an intellectual sport. These staff mem-


Francisco FERNANDEZ, CEO, Avaloq Evolution AG bers should have an environment available to them, in which they can move things forward and where they can visualise attractive prospects. Success is the greatest reward, as is the motivation to work towards the next objective. Success is when a customer gives praise. Because customers rarely praise IT services, this can be translated to: Success is when a customer is happy to pay. This is an ambitious objective, particularly in the IT sector, where virtual products are developed that rarely evoke a tangible experience or convey emotions. Innovation must be targeted in a company and make economic sense, both for the innovator and the user of the innovation. For this reason, innovation processes have been developed which assess ideas against their future value to the customers as well as they can and allow value-driven investment. For example, Avaloq includes its “Value-based Scoping” process in its product strategy development.

where a corresponding solution establishes itself in the market. That is why Avaloq understands innovation as a standing order. The environment in which innovation can prosper has two dimensions: one is its processes and the other its culture. It is only when both aspects are taken into account by a company’s management and in its strategy that the company becomes an “innovation engine” and achieves sustainable growth through the significant unique selling points of its products and services. ■ F.F. *CEO, Avaloq Evolution AG

Innovation is a standing order Innovation nourishes the sustainable success of a company. Innovation occurs wherever the customer feels an added value and



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page18

BaNkiNg plaTForm ThE riSE oF dEmaTErializaTioN: “CoST rEduCTioN 2.0”

What do we mean by “dematerialisation”? “Dematerialization” is, in essence, doing more with less. And we are seeing it increasingly in the banking sector. No doubt it is a trend that was due to surface, but recent global banking crises have certainly catalysed interest. Gareth JONES*


he last two years has seen 5.5 trillion dollars wiped off capitalisation of the global banking sector, a fall to 60% off peak levels). Many of the gains made to key performance indicators pre-crisis have suffered setbacks: Boston Consulting Group’s global banking database indicates rises in C/I ratios, falling ROA, and soaring loan loss provisions. There is increasing pressure to quickly reinstate improvements, which had taken the best part of this decade to realise. If anything, the outlook is even more challenging: If regulators demand higher Tier 1 capital requirements, this will further squeeze ROE without improved efficiency measures to offset the impact. The tricky thing is that much of the “low hanging fruit” of cost take-out has been implemented in the last year or so. “Never waste the opportunities offered by a good crisis,” an adage often attributed to Machiavelli, has been taken to heart. These quick-fixes, however, have been peoplerelated actions for the most part, and there is some evidence to suggest that staffing cuts without aligned improvements in operational processes are having an adverse effect on customer satisfaction, with potentially severe financial consequences in the long-term.

A new approach – technology and process The next wave of cost take-outs needs to be underpinned by a more calculated and measured approach, but there are significant gains to be achieved in our opinion. Indeed,



Gareth JONES, Retail Banking Business Development Director, Temenos


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page19

morE WiTh lESS smart banks will use these levers to pull away from the crowd. Not surprisingly, most require the exploitation of technology, or demand a re-think on how technology is being used. The elimination of “waste” (resources deployed that do not add value to products or services) from banking processes has more mileage. Techniques such as Lean / Six Sigma can play a role here, since discipline is needed to be able to measure and determine sustainable savings and improvements at the same time. Yet equally important is an underlying technology infrastructure that can support the re-configuration of the business. One step closer is where the technology actually embodies a process model to begin with. Then optimisation of these processes and kaizen (continuous improvement) become more readily accessible. At Temenos, for example, we are finding that our T24 Process Models, and the services offered by our Management Consulting Practice and our partners around these, are increasingly resonating with clients. After all, if processes are documented, they can be easily challenged. If processes are implemented, they can continuously be refined. Focusing on optimisation of existing value chains is important, but one of the major criticisms of methods such as Six Sigma is that they do not do enough to help invent or “disrupt” the future, through new products and services for example. We believe that a process orientation, coupled with technology, is starting to redefine operating models. Consider one example: Banks can rightly claim to not be fully responsible for potential inefficiency or waste related to the authentication and verification process during new customer acquisition. Traditional practice, often as a result of regulator encouragement, usually involves disrupting what could be a straight-through process and insist that potential clients provide physical proof of ID. For a prospective customer seeking to establish an on-line relationship, this either involves inconvenience to the individual through a visit to a branch, or delay and concern if the original documents are posted to a service centre for processing. For a branch walk-in prospect, this invariably means another visit. However regulator-friendly services, reliant on technologies, are emerging that verify the individual electronically.


A final challenge This is game-changing in its own way for internet customer acquisition, but the real trick will be to extend this to the branch – where arguably it is not needed since clients are able to present documents as they have done for years. Now we have common processes re-used across channels, along with greater customer convenience, and a slicker (and lower cost) fulfilment process. Thinking along these lines can start to completely re-define the role of branches – an area where arguably the debate is still raging as to what purpose precisely the customer of the future will use them for. Business re-engineering of this nature will give some institutions a huge advantage. Dematerialisation is a growing trend within the IT function itself too. We are seeing increased focus on addressing the IT cost base, and arguably this is long overdue. Research shows that banking has higher IT costs as a percentage of total costs than practically any other industry. This disparity is not fully explained either by potentially more complex business environments, higher security, lower failure tolerances, and regulation. Simply put, banking technology costs too much! One explanation is that banks have been slower to adopt commercially available packages and components to the

same extent as other industries. By way of comparison, no manufacturer or retailer builds an ERP system today; there is a mature source of proven solutions from specialist vendors. Banking has been slow to buck the trend but we are seeing movement. The shift in thinking is particularly apparent in larger banks; institutions that five years ago would not have contemplated package applications are now either embracing them or at least actively considering them now. Appropriate technology platform choice can offer significant cost reduction opportunities yet can often do more too. This is true of hardware – and increasingly of the core systems too. Core system replacement is a major undertaking, but for many institutions this undertaking may be the next big move to dematerialise the organisation. Dematerialisation presents a final challenge – the likelihood that major investment will be needed to effect a significant, sustainable change in the cost base. The incentive, however, is that the next round of cost takeout is not just harder, it is better. Being able to do more with less makes sense. The investment, carefully calculated, will lead some institutions to the head of the pack. ■ G.J. *Retail Banking Business Development Director, Temenos



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page20

Switzerland on the road to global Information Security leadership owadays information becomes the most critical and valuable asset for business and government. On financial markets rapid and secure access to proper information has become one of the most important elements for success. Traders who have a privileged access to the information make excess profits. At the same time usual wars between countries and governments are being replaced by information wars. The risks of cyber war between countries are being discussed daily by Medias. Today a proper use of information can be more efficient and dangerous than tanks, bombs and soldiers.


For that reason it is very important to protect your Information Capital from enemies, competitors, unauthorized employees, and even governments in some countries. The majority of big companies store their information in digital format, so when we are talking about Information Security - usually we mean “IT security”. Securing your information starts by securing your IT infrastructure. First of all it is necessary to decide where your corporate information and data will be stored. In some countries there is no law for data and privacy protection, thus placing your datacenter there can have dramatic consequences. We had a case with one of our clients, who has recently opened a branch office in Asia, and all his servers were confiscated by local government without any proper reason or justification. After your IT infrastructure is established and secured it is wise to assess and validate security by an independent auditor. It is quite difficult to choose an external company, as you need to find one that you may entrust your confidential information . For example, American companies tend to be very strong in technologies and competitive in pricing, however not everybody trusts them. Today, in the world of globalization, nationality of Information Security business still plays an important role. One of the recent examples in Switzerland is

liquidation of a well known Ethical Hacking company in Geneva, which faced a serious decline in business after it had been purchased by French. So not only the management, but also the ownership of a business is significant for success. Switzerland is one of the most attractive countries in the world to live. Economical and political stability, strong legal base and absolute neutrality are the most important and globally recognized values of Swiss Confederation. People from all the countries trust our banks and financial institutions to manage their capitals and assets. Swiss stability and safety are proven by many years of history, even the recent discussions about banking secrecy were not able change this impeccable reputation. Geneva and Zurich remain the cities where people from all over the world come to place their wealth, because they trust Switzerland, and appreciate a lot “Swiss made” products and services. Information Security market is growing considerably and may become one of the largest markets in the world economy quite soon. On this market Swiss companies have enormous competitive advantage. Businesses from all over the world start realizing that it is unlikely to find a safer place in the world for information storage than Switzerland. For IT security products and services companies also start coming to Switzerland, not only for top quality, but for stability and trust. Today Switzerland is on the road to become the global leader on the Information Security market. It is very important to keep Swiss image and reputation for the future, so we can permanently have our competitive advantage on the international market. Ilia KOLOCHENKO, High-Tech Bridge SA CEO & President

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page21

Ilia KOLOCHENKO, CEO & President of High-Tech Bridge SA

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page22

Look after clients, not IT! At many banks, client advisers are still spending almost two thirds of their time on administrative matters. This is inefficient, because administration is not their core competency. This is therefore detrimental to client relations: private banking clients are demanding - and rightly so. After all, private banking prides itself on its client care, its respectability and discretion, along with its efficiency in processing client transactions. And this is exactly what transaction banking is all about, as provided by InCore Bank AG under the 'SWISS BANKING SERVICES' label. Over the past few years, large companies have had to spend more on their IT operating costs than intended. The causes of this have included increasingly complex infrastructures and application requirements, rising energy costs and compliance obligations. According to surveys, growth and transformation continue to be high on the list of the chief concerns of these companies. However, the IT investments of these large companies are suffering due to increasing IT operating costs. If large companies are facing difficulties in sustaining their high level of investment and coping with rising operating costs, then how do things look for small and medium-sized businesses? The days of the 'standing desk' are long gone, even in private banking. However, the client's need for comprehensive support remains. And this demand for service has increased still further since the financial crisis. The client does not simply want to be treasured and nurtured: he wants performance. He places value on cost-efficient transactions and cost-efficient handling of his orders. He is not afraid of turning to competitors and getting price comparisons. This in turn puts pressure on margins, while IT operating costs and investment outlay in the infrastructure continue to grow. As a

result of this development, the critical mass of private banks is growing, reinforcing the trend towards concentration and ultimately impeding competition. This Gordian knot can be cut by outsourcing comprehensive standardised business processes to a transaction bank that specialises in this area. It takes over the business, processing and reporting from several other banks, dealing with it efficiently and independently, without any conflict of interest. As this is the transaction bank's core business, it ensures the steady ongoing development of its infrastructure and the maintenance of its interfaces at all times. Economies of scale increase with increasing volumes of insourcing, which attenuates the outsourcing costs. The outsourcing bank can then turn its attentions fully to client care once again, and critical mass is no longer an issue. Burdensome investments in continuous renewal of the IT infrastructure cease, as do increasing IT operating costs. This money can once again be invested in client care, client acquisition and in the improvement of the quality of products and services, generating direct added value. The important issue for the transaction bank operating in the B2B sector is, and

remains, its independence. Only an independent bank with its own banking licence can guarantee its clients complete neutrality without any kind of conflict of interest, and can offer them a comprehensive range of services. When it comes to foreign banks, the data protection argument also comes into play. The use of a transaction bank enables certain compliance restrictions to be elegantly outsourced, e.g. with regard to operational risks as defined by the Basel II banking regulations. Any business that concentrates on its core competencies no longer makes mistakes in peripheral areas. In this way, the risk of any damage to the bank's reputation is reduced. An independent transaction bank concentrates on its core business and has no intention of rounding off its product portfolio by taking over client banks. This promotes the client-supplier relationship, good understanding and also efficiency between the outsourcing and insourcing partners.

InCore Bank AG DreikĂśnigstrasse 8 CH-8022 ZuĚˆrich

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page23

iT govErNaNCE


IT Services: Bridging the communication gap Many Chief Information Officers (CIOs) like to focus on high profile activities such as business process reengineering, information management, and innovation. In doing so, they could neglect less glamorous activities that nevertheless allow their companies to operate day after day. As long as such services are not ensured in a consistent and transparent way, it is unlikely that they will be praised for performing well on innovative activities. David ROYSTON*


he bottom line is, whether they like it or not, CIOs have two hats: they are a super IT manager, accountable for IT operations, and, with a bit of luck, also the head of Information systems. Even in companies where IT operates swiftly, how many CIOs can answer these questions: Which services are provided to end-users and within which service levels? How much does IT cost to each end-user department and why? How do IT costs compare with other companies and service provider’s offerings? Which services are provided by the IT department itself, which services are outsourced to service providers and why? How do they ensure that service providers meet quality requirements and interact correctly with internal stakeholders? How do they ensure that criteria used to manage IT on daily basis are really aligned with company policies? To answer to all of these questions, a CIO needs to develop and maintain a set of tools and documents. This is not a trivial matter,

David ROYSTON, Royston Consulting each tool is used to communicate with a specific different stakeholder: too many details will make them unreadable, not enough and they will be useless. Last but not least, they must be written in the following order.

Bio David Royston was the first CIO of Télévision Suisse Romande in Geneva, Switzerland and a Director of a well-known outsourcing firm. While working in the latter position, Mr Royston realized how difficult it is for clients to negotiate with experienced outsourcers. As a result, in 2002, David Royston founded his own consulting firm with the sole aim of helping companies manage their IT service providers. Royston Consulting specialises in IT Policies, Sourcing Strategies, Service Level Agreements and Request for Proposal management. Royston Consulting supports Banks, Pharmaceutical and Chemical groups, Luxury groups, Public administration and UN agencies ( ■


The Service Catalogue A service catalogue explains in a simple way which services are provided by the IT department. The document is meant for endusers and their managers. Forget about technical details: the only thing that really matters is applications. Since users can pick and chose services from the catalogue, it is no use showing them IT Infrastructure that they will have to use anyway! From a service point of view, applications vary enormously. Though a specific service may be essential for a given application, the same service may very well make no sense for another one.

A costing and rebilling model We have seen that end-users are only interested in applications. Therefore, it is neces-



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page24

iT govErNaNCE internally and those supplied by service providers is unclear and rarely defined rationally. Many criteria can be used to decide whether to outsource a specific service. Experience shows that one of them is particularly important and neglected: the ability to simply describe the expected service and control quality. Hence, it is important to cluster services into consistent areas where quality that can be easily be measured using a only a few metrics. A sourcing map provides a simple overview of all IT infrastructure services that are used to deliver applications. It can also be used to help project teams check that all necessary services have been identified, when introducing new applications.

Service Level Agreements

sary to develop a simple and transparent cost model that funnels all internal and external IT costs back to IT applications. A good rebilling model starts by identifying all IT costs and activities and first assigns them to IT infrastructure or end-user applications. IT infrastructure costs are then reassigned to end-user applications using cost drivers. In turn, the full cost of each application is then assigned to end-users using another set of cost drivers. The model can be used to support decisions such as outsourcing a service, upgrading an application, renewing IT infrastructure, or even defining IT job descriptions. It can be useful to introduce the model in two phases: first explain how it works without any figures, then once the model is accepted, use it to calculate the costs charged to users.

The Sourcing Map Frequently, the boundary between IT services provided



Once outsourced services have been defined, all important aspects of the relationship with the provider must be described. Service quality can only be measured over time. Often, a service is not immediately visible, and therefore not measurable. For example, in the case of a support contract, the client must wait until an incident occurs in order to assess how the provider reacts. This is more difficult than it seems: not only the behaviour of the supplier must be well defined, but both parties must also agree on how to measure service levels. This will result in drafting a document called a Service Level Agreement (SLA). As the true cornerstone of any service relationship, often such a document is unfortunately written by the provider alone. This approach yields a highly technical and complex SLA. Most supplier-written

poliCiES SLAs lack structure and cannot be updated or improved over time.

IT Policies All of the efforts described above are useless if not properly communicated to top management. All they will see is that IT staff are very busy with strange internal projects, but none of them will seem to have any use to end-users or to the Board. This problem can be avoided by implementing IT Policies. A Policy is a formalised expectation and intention of high level leadership covering all current and future issues of a given field. The aim of Policy is to influence and guide current and future decision-making in a support function in order to be in line with the philosophy, objectives, and strategic plans established by management. Such high-level tools impact day-to-day work. However, they cannot be defined topdown for they could have no real application. The trick is to use a bottom-up approach by identifying all standards and guidelines used in the field. They are then grouped into similar areas, identifying for each one the underlying Policy. By using this approach, decisions that are made on an operational level can be translated back into management expectations. There are normally 6 to 10 IT Policies. Each Policy should fit on one page. Once Policies have been defined, the board will be able to align them with strategic objectives and alter them if necessary. This in turn will bring on a series of corrective measures in standards and guidelines on the operational level.

Daily IT Governance Governance is a term that is often overused. A governance process can be defined as fol lows: First set goals and expectations, then allocate resources and finally measure the results. Most organisations only consider IT Governance in projects and hence allow daily operations to lead a life of their own. Deploying the tools mentioned above can extend IT Governance into day-to-day business without requiring great expense or effort. â– R.S. *Royston Consulting


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page25

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page26

iT govErNaNCE CompuTEr SECuriTy For BaNkiNg aNd FiNaNCial daTa

Legal governance versus internal security Cases of lost data or excessive rights affecting business transactions are increasingly more numerous, with consequent damage for the affected companies. Effective measures exist but they are not implemented, either by ignorance or due to underestimation of the risks. Didier ASSANDRI*


ecent affairs have drawn the public’s attention to the consequences of data loss, and people have realized that lots of information can now be copied or moved thousands of kilometres away within seconds. But we should not forget that back in 2008, the KfW Bankengruppe in Germany transferred €300 million to Lehman Brothers the same day it declared insolvency; the bank argued at that time it was an accidental transfer, but one could argue that financial transactions are a fundamental element of banking. In another recent case, the Société Générale lost €4.9 billion on uncontrolled trading activities. These affairs are interesting because they force us to be concerned with safety of information and data protection. Indeed companies are often ignorant of the dangers they incur, or in the best case, inefficient against the potential risks. Unfortunately one often needs a consequent disaster, which can reach amazing sums without counting the damage to the company’s image, to set up adequate solutions. But first of all, what are the reasons for these data leakages, which cause so much damage? From the known cases, one can draw the following conclusions: the major part of data losses are due to careless employees or happen by accident; for many leaders, board members and managers, electronical data processing remains an impenetrable and unknown world; the monitoring and control of IT staff is a major element of the risk management; the monitoring and control of Business Processes



Didier ASSANDRI, Managing Director, SOLVIS Ltd. requires continuous attention; the quantity of data which can now be stored on portable media, (PDA included), is such that companies have difficulty controlling their data flow. At the same time, banks and financial companies are so focused on following the letter of the law in order to pass audits (either internal or external), that they lose sense of the original intent of the regulation. They are compliant but data security is still weak, due either to ignorance or resignation.

Separate the legislature from the executive There is one step, however, which is valid for either internal or legal compliance: the segregation of duties. This could be com-

pared to the separation between the legislature and the executive in politics. An administrator should not be able to give access to whomever he wants, and at the same time a trader should not initiate a transaction and being able to authorize it by himself. But besides the human factor that people normally do not like to be controlled, the main difficulty remains to reconcile business and IT: to make financial transactions, banking secrecy, discretion and business agility rhyme with active directory, groups, forests and user permissions. There is no magic here; we have two different worlds that need to communicate and this might well turn out to be an opportunity for RBAC solutions. What is RBAC? Role Based Access Control, sometimes spelled ABAC for Attribute Based Access Control, is a technology which speaks business language in the User Interface (UI), and which is able to deploy all the necessary information to the technical systems for authorization of access. The most sophisticated systems are able to display in real-time who has access to what, either for data access or business transaction authorization. Such a system can even be proactive by automatically blocking all transactions when it detects an anomaly between the current status and the desired status of rights and accesses.

Why is RBAC essential for banks and financial institutes? RBAC, or whatever name this technology will have in the future, is essential because it bridges the gap between legal governance, what is needed to be compliant with regulations, and internal governance, where business, ethical and security rules are defined. With RBAC companies will not only


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page27

BuSiNESS TraNSaCTioNS be compliant, but they are then able to verify this anytime by accessing reports which reflect the current situation. It also removes the complexity of IT access rights for the business, leaving a clear picture which should reflect the desired state. I want to illustrate this with two pictures. In the first figure, you have a representation of access rights for a given department. It does not matter what “A, B and so on” are; assume these are the rights to certain activities. As you can see, it is quite difficult to find out exactly who has access to what. Now, the next picture represents the same organisation where the access and permissions rights have been consolidated with an RBAC approach. As you can see, the picture looks quite different. It is now obvious that any member of the “Accounts Payable” group will have access or rights to D, E, F and G; those members where the title is “Accounts Payable Clerk” will have access to A and those where the title is “Sr. Accounts Payable Clerk” will have access to B and H. The three employees which show additional rights have then either supplementary rights to their current function or … it is a mistake, in which case a corrective action needs to take place. Now rename A, B, C, D and the like with Ledger accesses, Clearing authorisation, Marketing or HR files and the picture becomes even more complete. More important, the corrective action can be taken directly by the Manager of the Accounts Payable group. He doesn’t need IT to do the changes. He has full control over persons having access to his area of responsibilities. He is compliant and access to his department’s data is under control.

Why is RBAC not commonly used? RBAC, as such, is relatively new and has greatly improved over the years. Some auditors already make use of some functionalities of such a solution to perform their controls but they take it back with them after the audit. Banks and financials institutes could greatly improve their data security by implementing a fully-fledged RBAC solution and using it on a daily basis, but such projects require 3 major conditions to succeed: First, management attention: if the board itself doesn’t push for such a protection, little will happen. It is the board’s responsibility to ensure that the intellectual


Figure 1 - A typical company access rights landscape

Figure 2 – The same company with an RBAC implementation

property of a company is protected, in order to ensure the sustainability of the activities, but how many board members have a technical background? Second, make sure the business managers sit at the same table as the technicians. You cannot offer a business solution which has only been thought through by technicians. In the best case, it will not be used; in the worst case it will endanger the business. Third, you need a project manager who really understands what RBAC is and how it works: sometimes it is even better to use the services of a person external to the organisation, even if the rest of the project is done internally. This person will tend to be neutral to all parties and prevent the pitfalls of such a project driven by just one person’s experience. Finally leaders and managers should remember that governance has to be a means to increase data security within a company, but it should not define the whole

of the enterprise security, because often governance recommendations are only the minimum standards and some industries require higher level of protection; banks and financial institutes belong to this category. This level of protection has become even more critical now, since the risk of criminal indictment from any bank employees willingly breaching bank secrecy laws is largely compensated by the financial incentives and the protection offered by some sovereign nations in exchange of sensitive client information. Opportunity makes the thief, and if these opportunities are made more difficult by establishing effective structural solutions, the bank and financial institutes will have completed the duty of due diligence they have towards their customers. ■ D.A. *Managing Director, SOLVIS Ltd.



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page28

iT govErNaNCE BTm aSSurES ThaT BuSiNESS TraNSaCTioNS FloW SmooThly aCroSS appliCaTioNS aNd iNFraSTruCTurE

End-to-end IT Management Business transactions are expected to be completed successfully and in a timely fashion in order to meet customer satisfaction. Given the complex path any transactions take, application owners and IT management professionals understand that IT has to have visibility from the end-user, or customer, to the datacenter backend. long before they turn into a critical problem. So, for the first time, IT can proactively manage application performance rather than react to crises.

Motti TAL*


roviding end-to-end visibility to the end-user experience and business transaction flow is critical because most critical applications span distributed and mainframe environments. Fund transfers and stock trades are examples of business transactions that touch different areas of the IT environment. Without end-to-end application performance management, no technology group, within either the distributed technology tiers (network, servers, databases, etc.) or mainframe, truly understands how they contribute to business success. As a result, IT operations staff take longer to solve problems, which in turn impacts customers and the business. To ensure that business transactions run smoothly, a number of Business Transaction Management (BTM) solutions exist in the market that monitor transactions endto-end. With around-the-clock business transaction visibility, BTM helps improve end-user experience by enabling business application owners to avoid outages proactively, isolate and resolve performance issues rapidly, with far fewer resources, optimize capacity planning and activitybased costing, ensure that changes do not impact service delivery, and view and manage all business transactions, across all tiers, all the time, in production. To meet these challenges more effectively, IT organisations need the ability to proactively manage applications and resources according to business priorities. But the plethora of IT monitoring systems does not adequately meet this goal. By definition, the



Monitor transactions across multiple tiers BTM provides around-the-clock, cross-tier transaction visibility from both the business and IT perspectives. BTM presents a complete picture of which services are being consumed, by whom, how quickly, and using which components. Application owners can see which business transactions are being processed by each and every server and tier in their domain.

Avoid outages and pinpoint production problems Motti TAL Executive VP, Marketing, Product & Corporate Development, OpTier silo approach of monitoring applications and infrastructure components individually does not adequately reflect the critical business transactions and the end-users experience. Synthetic transactions can only paint a partial and inherently artificial picture, while real end-user experience monitoring paints only the user side of the story – leaving the complex questions of transaction flow across the IT environment unresolved. BTM solutions guarantee service quality for critical applications while simultaneously optimising the underlying IT infrastructure. BTM gives IT and business managers a coherent view of how their applications are behaving and what their users are experiencing. By continuously tracking real user transactions, BTM solutions can alert managers to any deterioration in service levels

In real time, BTM continually monitors service levels and benchmarks transaction performance, alerting about service degradation well before an SLA is breached or conventional monitors identify a problem. Since BTM benchmarks each tier, IT can rapidly isolate issues and resolve them before outages occur. BTM keeps a full history record of every executed transaction, and provides IT managers with actionable intelligence for application and infrastructure tuning.

Reduce transaction latency BTM automatically calculates the “chattiness” of each individual transaction and pinpoints scalability hotspots. It correlates each transaction’s performance with its resource consumption and helps to identify resource hogs. BTM automatically maintains a dynamic topology map for every transaction type, illustrating precisely where every transaction spends its time.


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page29


This unique visibility enables IT to reduce transaction latency by an order of magnitude.

Gain visibility into complex environments In complex environments (e.g. SOA, cloud, virtualization, grid), BTM monitors all transaction components and provides visibility into SLA compliance, resource consumption and usage trends. Organisations can adopt shared-services hosting models with confidence. BTM enables activity-based costing, and supports workload and capacity planning to help align service operations with business objectives.

formance. With comprehensive insight into how applications execute across every tier, BTM drives effective, accurate capacity planning.

How BTM complements existing IT initiatives BTM is a vital part of strategic IT service management initiatives including Change Management, Configuration Management Databases (CMDB)/Configuration Management Systems. BTM is also an asset for service catalogue management projects based upon Information Technology Infrastructure Library (ITIL) v3 principles. By providing a cross-tier transactional view of application behaviour and performance,

BTM complements the array of focused monitoring and analysis tools in use throughout the organisation today, providing IT management with a meaningful business context.

Information and collaboration throughout the organisation In addition BTM benefits a wide variety of stakeholders throughout the organisation. It provides them with the information required to collaborate effectively and deliver high-quality applications in accordance with service-level objectives. â– M.T. *Executive VP, Marketing, Product & Corporate Development, OpTier

Achieve significant return on investment BTM delivers a quantifiable return on investment, often within weeks of deployment. Through a combination of early detection and rapid isolation, BTM significantly reduces outages and service degradation incidents that lead to lost revenue and productivity. By pinpointing the location of errors, bottlenecks, and resource hogs, BTM slashes problem resolution times (MTTR), and enables tuning IT infrastructure to maximize throughput and per-


BTM automatically discovers the full transaction flow to visualize transaction behavior and identify bottlenecks



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page30


TELEINVEST group: 20 years of proud existence! Birth of a new trading technology If you look at today’s dealing rooms in financial institutions, you find working tools in the form of computer infrastructure with elaborate functionalities and high performance software modules. Most of these features are the pride of big and profitable, internationally renowned suppliers whose clients depend on them to execute their market strategies. TELEINVEST group pioneered exactly such a platform back in the early 1990ies, being an untypically small software house to have developed the next generation trading environment, imagined and built on 100% proprietary technology. By doing so, it invented some of the most commonly used functions today, like the COB (central order book in 2001), the first multi-market OMS/EMS (1999) or the bus structure used to distribute information with the help of extremely efficient broadcasting protocols (1995). This technology base, completely in-house built and constantly enlarged, is able to compete with the best of breed, proving daily that with smart ideas niche players can succeed in very challenging markets.

Independence a strong trump card When renowned private banks started to trust TELEINVEST group, an unlikely success story unfolded and continues today, 20 years after the company was founded with no cash but a lot of



brains. The reasons for convincing well known customers to rely on an independent software vendor for crucially important business units, like dealing platforms, are many-fold. Only the biggest players can afford to assemble and maintain heavy IT units capable of building systems comparable to what industry specialists offer out of the box. But even they periodically confront the make-or-buy question, increasingly opting for the latter. The deciding factors when choosing what to buy are based on security aspects like reliability, stability and performance of the system. These attributes are closely linked to the corresponding human qualities, which in turn influence the strength of a company. In this context, small is beautiful, as big organizations have a tendency to underperform when it comes to flexibility, customer support or speed of individual adaptations. Being an independent, privately owned group, is more reassuring to clients than changing the name, the management and short term profitability targets every time the company is bought or sold and cut to pieces or re-organized, as it happens all too often in our industry.

Predator – The Fatal Weapon Just only transporting or routing a buy or sell order from the bank to the electronic exchange is a sub-minimal requirement for professional trading, like

using a rickshaw instead of a modern car. Trading high volumes on different markets, involving various types of financial instruments quoted in different currencies is a complex task. To manage it with the help of multiple users (traders who can be in different departments and locations), you need a reliable working tool, a coherent system which integrates a maximum of functionalities. PREDATOR – The Fatal Weapon, delivers it, since 1995, allowing TELEINVEST group to boast world class experience in electronic trading. PREDATOR is a comprehensive platform for buy-side, sell-side, proprietary trading and offers plug-ins like marketmaking, program trading, algorithms, position keeping, audit trail, MiFID compliance, as well as different market specific FIX- connections already integrated in the user application.


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page31


Securities master file – the smart link to the back-office Parallel to the development of the trading platform, the company forged itself a name by acting as integrator of securities related data from vendors like Telekurs, Reuters or Bloomberg. Thus it acquired a profound knowledge of the relevant securities information, static and dynamic, the key to understanding trading techniques. Nowadays, the number of electronically traded financial instruments and its trade related data grows constantly. To take just one example, short lived derivatives are created and extinguished by the hundreds every month, forcing market participants to keep pace by making it possible to distinctly identify every instrument instantly. Access to this information is only possible by automating to a great extent the whole process. A centralized database and a “securities master file” provide an efficient basis for front- and back-office applications.

The corporate plane as a marketing tool Today, TELEINVEST group is operational not only in Switzerland but as well abroad, in places like Canada, Luxemburg or Singapore. To stay as close as possible to the customers, the company uses a corporate plane, thanks to its founder and president who happens to be a passionate pilot. First just used for practical reasons, it became a marketing tool and now part of the company image, as the picture shows. A customs officer at the Biggin Hill airport outside London once asked whether TELEINVEST group was a Swiss arms dealer, when he spotted the slogan PREDATOR – The Fatal Weapon. This person, like many others, may forget our company name but he is likely to remember the brand name PREDATOR – The Fatal Weapon.

Strong bonds with faithful clients and partners Looking back at 20 years of history is impossible without mentioning the special partnership existing from the beginning with two of our most faithful clients: PICTET & CIE and Banque Privée Edmond de Rothschild S.A. They are important not only as clients of reference but also for the constant evolution and enrichment of our platform. Equally, a very special long term collaboration with the SIX Telekurs group goes back to the very beginning of our existence, in particular regarding the feed integration at various client sites.


Taking clients for a ride? As part of the 20th anniversary celebrations, TELEINVEST group is taking some of its clients for a ride – albeit a very special free ride. Some of our most faithful customers are going to be invited to a panoramic flight in the corporate plane, our way to extend a special “THANK YOU” to them. ■ Monsieur Aurel Dan

Landstrasse 402, LI-9491 Ruggell Phone: + 423 377 36 60 E-mail: Web:



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page32

iT SECuriTy hoW To proTECT daTa From NimBlE-FiNgErEd STaFF

Protection of company data against malicious IT staff In the age of data digitisation, the threat of data being misused by your own employees should not be treated lightly: the consequences are incalculable and potentially devastating. Even the latest technology cannot provide complete protection against data misuse. There are, however, two possible approaches to data encryption that can mitigate this risk. employees entirely, it can be reduced. Below, we take a closer look at two procedures to encrypt data that is stored in a structured way, with an emphasis on potential misuse of this data by IT employees.



n recent times there has been an increase in incidents involving theft of critical information, such as bank account details, and sale of the information to criminals or authorities. Such incidents have received a lot of media attention and there is now a general level of awareness that banking data can be a valuable target for theft. Data theft by employees is not restricted to the world of finance, however, and a common feature of most of the incidents uncovered recently is that the information was stolen by internal IT staff. KPMG’s Data Loss Barometer1 explains the potential risk to an organisation from its employees as follows: “A combination of economic pressure and temptation in the form of offers from criminal organisations let certain employees perceive theft as a viable option.” The motivation for data theft may be financial gain, competitive advantage or even sabotage.

IT employees as a potential risk Depending on their function, IT employees have privileged access to the various IT systems within an organisation. Two roles are of particular relevance when assessing the potential risk associated with IT operations. For database administrators (DBAs): As the managers of the company’s data-



Encrypting data in the database

Reto FANKHAUSER, Senior Architect and Security Expert, ELCA Informatik AG bases, they have access to the data stored in the databases for which they are responsible. For system administrators: As they install (and modify) applications, they have access to the configuration parameters of the applications, including credentials for technical database accounts. In addition, they are often able to eavesdrop on network communications (in the same way that network administrators can). While physical “on paper” data used to be stored in secure, lockable data cabinets, ensuring the security of digitised data raises complex issues and although it is impossible to eliminate the risk posed by IT

Almost all popular storage solutions (including databases) offer the possibility to encrypt the data at rest. Manufacturers highlight the fact that encryption can be performed without the need to adapt existing applications. The data model can be retained, and the encryption is transparent to peripheral systems. Vendors promise conformity with current legislation and policies on data protection at the touch of a button. While hackers may still be able to get hold of a “raw” database file, they will find it worthless because they are unable to decrypt it. No such built-in mechanism, however, offers adequate protection against misuse by IT employees, who are able to control and manipulate mechanisms such as transparent data encryption. A DBA, for example, possesses the necessary authorisations and tools to decrypt all of the data. System administrators also pose a threat, as they are often authorised to install all kinds of applications, including database tools. All a malicious system administrator requires are credentials as a legitimate database account in order to see the unencrypted



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page33

approaChES Encryption in the database Advantages - The applications need not be modified - Data model need not be modified - Functionality provided out of the box by many databases

Disadvantages - Data outside the database is not protected - Standard: no separation of data and keys (keys in the database), a hardware security model is normally required for such separation - Additional database overhead (reduces performance) - Limited support for encryption algorithms

Encryption in the application - Allows improved separation of adminstrator roles - Encrypted data and keys are stored separately - Data is also encrypted outside the database: transfer, migration and archiving are simpler - Database has no encryption overhead - Scalability: encryption infrastructure can assume the work for multiple applications / databases - Any desired encryption algorithms can be used - No vendor lock-in: data can be migrated easily from one database system to another, irrespective of whether the database system supports encryption - Additional communications between the systems - Encryption server requires additional administration - Data models need to be modified - Applications need to be modified

The two encryption approaches compared: advantages and disadvantages data. Usually a person in this role has access to configuration files from server applications, which need to connect with the database. Since login information is stored within a configuration file, obtaining valid credentials is an easy task. Further analysis also reveals the technical limits of such “transparent” encryption. Depending on the product, only a limited set of encryption algorithms are available and it is not always possible to encrypt individual tables or columns selectively: some products encrypt all or nothing. If everything is encrypted, all potentially matching data must be decrypted for each query. Given that encryption demands additional resources, it is not practical to encrypt every piece of data, so selective encryption of individual data fields is essential. An additional drawback to this approach is that data is no longer encrypted when it leaves the database, so it is also necessary to encrypt data in transit, e.g. on the network or on portable storage media. Given these facts, “compliance at the touch of a button” is revealed as an impractical ideal. Yet the need to deal with the peculiarities of individual data and applications cannot be circumvented.

What about application-level encryption? Data can also be encrypted at the application level before it is written to the database, and decrypted after it is retrieved from the database. The encryption may take place in the application itself, or preferably


the application delegates this task to a “central encryption service.” A centralised service is available for all applications and it scales better as needs increase. If the data is decrypted on the application layer, it is not necessary to take additional measures to secure the data in transit between the database and the application, as records are transmitted in an encrypted state. Thus, in the event of any sniffing of data traffic on the network, sensitive data remains unreadable. It also means that data can be migrated and transported easily between systems without the need for decryption and subsequent re-encryption. In contrast to the “transparent” in-database encryption approach, the data remains encrypted during the entire migration process. Compared with database encryption, application-level encryption offers the advantage of making data less susceptible to theft, especially when the potential culprits are employees. Neither DBAs nor system administrators are able to view the data in plain text and even if they have access to a legitimate database account and run queries against the database, all they will see are encrypted records. This approach is more labour-intensive than database encryption and it influences the data model since current standard encryption algorithms do not retain the input data type. The data model must therefore use the resulting data type for any encrypted columns, rather than the original. The applications must also be adopted so that encryption and decryption are incorporated. Addi-

tional resources are required for ciphering, but this occurs on the application level rather than the database level, the better to suit scalability needs.

There is no silver bullet! There is currently no magic armour that can protect a company’s data at the flick of a switch against the danger of internal or external data theft. Both of the systems that we have examined offer various advantages and disadvantages. The database approach requires less effort to implement, but an “all or nothing” strategy carries disadvantages in terms of perfor mance. Data is still vulnerable to disclosure by IT administrators and additional measures are required for securing data in transit. The application level approach cannot be implemented without a detailed understanding of the data and applications involved and its introduction also affects the data models. A significant advantage to this approach is that it mitigates the risk of data theft by IT employees effectively and it also removes the need for securing data during migrations. Selecting the appropriate approach for a particular situation requires analysing the data and systems involved, and assessing the effective threats that are present. This minimises the risk of any unpleasant surprises in terms of performance, cost, and level of security. ■ R.F. *Senior Architect and Security Expert, ELCA Informatik AG (Zurich)



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page34

iT SECuriTy oNliNE SECuriTy

The flip side of modern communication It is impossible today to imagine our professional life without the Internet. But constant networking also offers the perfect target for Internet crime, espionage and cyberterrorism. Above all, growing attacks on on-line transactions, based on the browser application, affect each of us personally. On the one hand, we must bear the loss ourselves, and on the other, our confidence in modern technologies falters. How do we protect ourselves? Are there any effective countermeasures at all, and if so, how do we implement them? dimensions; with the increasing networking of systems and users, a growing number of participants in these processes are inescapably tied to them; the often problem-free access to ever more valuable information has been greatly simplified. As a result of these facts, there is: an expansion of possibilities for fraud, espionage and extortion; the appearance of entirely new actors (e.g. organised crime, governments); the adaptation of the motives and methods of existing actors: commercial profit or knowhow transfers.

Robert WEISS*


e live, often without realising it, with a disagreeable shift in crime and threats via the Internet. According to experts, the Cybermafia already generates more revenue than the drug Mafia. It is just as well organised, but remains in the shadows and doesn't provide any spectacular news for the media. The fact is, we are highly vulnerable to hacker attacks. We are flying almost blind and depend too heavily on firewalls, anti-virus products and authentication procedures. It must also be pointed out that the cyber-underground market is constantly developing. The global cost of protection measures against these threats – to companies as well as private individuals – already runs in the tens of billions of Euros. To master the problem, the focus of the discussion on safety must be changed. In the battle against the malware epidemic, it is becoming necessary to shift away from the defensive improvement of authentication (the old safety) towards the proactive safeguarding of the entire PC environment (the new safety). This is the only thing which forces hackers to go back to work for each new attack.

Today's situation Attacks on computers with increasingly successful and sophisticated methods and



Products of the Cybermafia

Robert WEISS, Computer Expert and Author of the “Weissbuch”, CREALOGIX concepts unfortunately now form part of daily life. Insidious trojans support attack variants, such as “Man in The Middle” (attack on communications connections), “Man in the Browser” (manipulation of browser functions) or “Man in the PC” (impairment of PC functions), where on-line business security is questioned with increasing frequency. This is affirmed over and over again by all companies concerned with the observation, analysis and development of countermeasures in the security environment. This scenario is supported by a few very simple facts: the importance of information technology in business processes and financial transactions has reached unparalleled

Purchasable products offered by cybercriminals consist of hacker tools (building sets for trojans, provision of services and support), hacker services (“Rent a BotNet”, “Spam the World”) and free trade in information (passwords, bank accounts, credit cards, e-mail addresses, etc.). Attackers are very well organised and networked, with markets existing for virtually anything. The common denominator remains financial gain through fraudulent means. Modus operandi include the detection of unknown safety loopholes, writing and disseminating malware, obtaining information, construction of necessary infrastructure and also the operation of Bot networks with contaminated PCs, which are controlled remotely by attackers without being detected. The distribution of harmful software via e-mail (malware), websites which are hacked, often only temporarily (drive-by infections), storage media (e.g. USB storage media), local installations (e.g.


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page35

oNliNE inadequately protected wireless LANs) are part of a major business today. The seller of criminal services via the Internet provides qualified support over the Web, bears no liability for the loss of data, shutdowns of servers or communications costs, and shows great willingness to correct errors immediately or to build in meaningful extensions. On the other hand, the customer, who shows more of an interest in such services than we would like to think, has no rights of his own and is immediately excluded if he takes any measures which reduce business volumes. This is bought and paid for in the anonymous “Liberty Reserve” internet currency, which today can be converted into genuine money without any problems.

The user is mostly very credulous The user is largely unaware that once a machine has been infected, an attacker has the same opportunities as the user himself. He has access to the same data and files, regardless of whether these are stored locally or networked, as well as the same e-mail contacts, user names, passwords and credit card numbers. This is extremely disagreeable in both a professional and in a private environment, above all when it must be assumed that four out of five computers are already contaminated with malware. In dealing with financial on-line transactions, the user now assumes that his applied authentication procedures, from simple cross-off lists to challenge-response with chip cards, but also innovative verification procedures, provide adequate protection, since these are already offered to him by financial institutions. This is far from true, since modern attacks easily circumvent these measures.

How can you protect yourself? Unfortunately, you cannot protect yourself completely. You can, however, reduce the risk to a minimum by offering as little latitude for attacks as possible. Regular updating of software (operating system, virus protection, browsers, plug-ins, etc.) indeed represents an important aspect of a defence mechanism, but does not prevent attacks with trojans. The best possible safety can be offered if you uncouple the browser from the PC and operating system (“hardened Brow ser”) and also combine this with internal


and external cryptographic subsystems. A number of products have already appeared in the market over the last year, but these do not always meet all of the necessary security criteria. It is very important to understand here that it is entirely unrealistic to arrive at defence mechanisms, which rely on a proactive participation by the user to achieve a reasonable degree of safety. The user does not want to change comfortable and familiar procedures, and does not necessarily want to enter additional information. Or in other words: “Theoretical security” is not worth much if the user has to carry out additional checks, verifications or confirmations on data in order to guarantee this 'security'. He simply will not do it. Unfor tunately, usability tests show this very clearly. This also calls into question procedures that are based on additional verification of individual transactions.

which can match the range and strength of the CLX.Sentinel protection mechanisms implemented to safeguard Internet-based e-banking transactions.” ■ R.W. *Computer Expert and Author of the “Weissbuch”, CREALOGIX

Secure e-banking with CLX.Sentinel With CLX.Sentinel, CREALOGIX provides a product which has been developed entirely from scratch on the basis of the focus shift mentioned above, and which does not restrict the user's freedom. Plug-ins and globally secure e-banking, with no installation of software, drivers or supplementary configurations required. The CLX.Sentinel is the first “security on a stick” based on a comprehensive security application with an integrated “hardened” browser. It was successfully launched into the market in September 2009. CREALOGIX is constantly working on improvements, as well as on future products which improve on-line security. Tested by Compass Security AG: The security functionality of CLX.Sentinel has been tested by Compass Security AG, an established Swiss supplier for penetration testing and ethical hacking. An extract from the test report stated that: “To the best of its knowledge, Compass is not aware to this date of alternative solutions and products

CLX.Sentinel, the safest access to E-Banking



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page36

iT SECuriTy


EThiCal haCkiNg iSSuES iN ThE FiNaNCial SECTor

Improvement by hacking When a person is identified as a hacker, they are automatically labelled as a threat. In the hacking world, however, there is a major distinction between a malicious (black-hat) and an ethical (white-hat) hacker. Even though their tools and methods are similar, their ultimate goal is significantly different. Where a malicious hacker will exploit a flaw to gain access to confidential information in order to steal or destroy it, the ethical hacker will identify the vulnerability, explore the impact of a successful exploitation and report it. Paul SUCH*


company that hires white-hat hackers can identify a weakness, patch the flaw, and secure their assets by ensuring that a malicious person will no longer be able to exploit it. By using the same methods as black-hat hackers, it is possible to produce relevant results that can be used to protect an information system from realistic threats. A single test, however, can only provide a view of the current vulnerabilities of a system. Because any modification to a system can bring a new set of flaws, security audits are generally performed on a regular basis.

Goals and targets Ethical hackers are always hired by a company and given specific targets within a well-defined perimeter. This can range from gaining access to a given application, recovering confidential information on a specific system, or compromising an entire network. This is often referred to as a security audit or penetration test (“pen test”), and can be performed from outside the targeted company or from within its walls. While external pen tests provide a client with a good understanding of how secure their systems are when connected to the Internet, internal pen tests demonstrate what a malicious employee would be capable of doing during a given period of time. This threat has often been underestimated in the past, but recent events have brought to light the dangers of giving access



Paul Such, CEO, SCRT

to a system to an untrustworthy person. The underlying goal of an audit is to produce a listing of all discovered vulnerabilities rated by their risk level. For each one of them, the ethical hacker will have determined the cause of the flaw and present one or several solutions to mitigate or remove the risk completely.

Specificities of the finance sector During a security audit, an ethical hacker regularly discovers highly sensitive or confidential information, such as salaries or customer lists, which emphasizes the importance of ensuring he does his job ethically. While a high level of confidence in a contracted security information company is critical when planning and conducting a penetration test, this appears to be even more so in the banking industry, where trust and proximity are of utmost importance. Not only can the data being exposed to ethical hackers carry a high level of inter-

est for other financial companies, but the simple fact of this data being leaked in some way would have dramatic consequences on the customers’ trust. Information security firms must therefore be able to guarantee the confidentiality of their customers’ data, and strong proof of this guaranty is always required prior to any collaboration. In order o respond to these confidentiality expectations security companies – on their side – tend to apply strict recruitment policies, and require that their employees reside exclusively within Swiss borders. Moreover, as an ultimate guarantee, these companies may consider getting ISO 27001 certified in order to prove the existence of proper processes aimed at protecting their customers’ data. In addition to these increased confidentiality requirements, banks also have heavy constraints relative to mobile equipment and data externalisation. Due to the potential consequences of the loss or theft of mobile equipment, extreme care must be taken to avoid storing sensitive data on them. From an ethical hacking point of view, the strict mobile computing policies of most banking companies generally imply that the whole penetration test has to be performed inside the walls of the company – even the external parts of it – without having any data stored on the hacker’s laptop. ■ P.S. *CEO, SCRT Sàrl (Préverenges)


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page37

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page38

iT SECuriTy digiTal idENTiFiCaTioN

The ultimate barrier against data leaks For digital identity specialist WISeKey, only PKI technologies combined with biometric data provide the legal framework necessary for the identification of people and objects. encoding or encryption, which regulates who can have access to what (the destination). The principle of a digital identity is comparable to that which governs your bank card and its pin code. If you have lost your wallet and you kept your pin code in it, the bank will not reimburse you if your account is debited. Personal responsibility is handled in the same way within the framework of PKI. Each exchange of information constitutes a formal contract, on the behalf of the sender as well as the receiver. “Other technologies that compete with PKI have neither the legal framework nor the guarantee of identifying the person (or the object) to whom the digital identity is delivered,” added Kevin Blackman.



heft of bank data, misappropriation of identities on social networks, phishing, account piracy, blackmailing, counterfeiting, etc.: the problems of identity and authenticity have never been as virulent and widespread as they are today. However, digital identification combined with biometrics already has a good head start on the Falcianis and the other Arsène Lupins of the Web, technologically and conceptually. Whereas traditional approaches to IT security concentrate their efforts on the reinforcement of infrastructures (physical access to servers and networks), digital certification makes a point of protecting the actual data, the nerve center of this war, and, by extension, protecting its integrity. “Of course, absolute security does not exist, nor does zero risk, but it can be greatly reduced with these technologies. Securing data and electronic transactions is at the top of the list of risk management measures. Confidentiality is a sine qua non condition for the establishment of fruitful partnerships, especially in the banking sector,” stated WISeKey CEO & founder, Carlos Moreira.

Every individual is a risk The digital identification and electronic transactions specialist, WISeKey, is not a traditional IT security firm. Its business model does not consist of setting up infrastructure fortresses to protect their clients merely from outside attacks. “WISeKey’s mission is to digitally secure the individual and his or her transactions, and not to build



Authenticating confirmed identities Carlos MOREIRA, Founder & CEO, WISeKey firewalls!” said Kevin Blackman, CTO WISeKey. As many studies have already revealed, the risk of theft, falsification or manipulation of data is mainly the result of internal actions, and is more often than not due to ignorance. The gap in security occurs precisely between the physical person and the digital identity, or “virtual avatar”, that has access to information such as online accounts or emails. This has to be filled by high-grade authentication, for the individual as well as for the virtual alter ego. Digital certification, known as PKI (Public Key Infrastructure), is the only way to do this. Put simply, it allows data to be secured independently from the infrastructures in place, through the use of electronic signatures, which guarantee the origin (source) of the data, and also through

The renewed interest of banks and governments in identity management has pushed PKI technologies to the front of the stage, as it is not an identification system but a system for the authentication of confirmed identities. This means that attributes such as surname, name, year of birth, place of birth, profession, registration in the commercial register, serial number, etc. have been previously confirmed and legally certified beforehand in the real world by a trusted third party (administrations or governments). “It is the ultimate barrier against leaks or improper usage of data. This process allows the hierarchical organisation of access to the data, and the immediate withdrawal of access should there be any doubt (for example in the case of theft or manipulation of data). Also, only the members of the management of a business have access to all the information,” added Carlos Moreira.


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page39


SpECializaTioN These principles of digital identification are adaptable to the protection of data and/or individuals within almost any preexisting IT system in any sector in need of strong authentication: health, watch making, public sector, mobile communications (by integration of certificates in the SIM cards), banking (Norwegian and American institutes, for example, base their secure transaction system, BankID, on PKI). This technology is also widely used in the framework of eGovernment projects: the system of electronic tax declarations is one of the most important large scale uses of PKI. Credit card issuance companies and digital passport projects can also be given as examples of those that trust this infrastructure. ■ C.M. *Founder & CEO, WISeKey (Translated from the French article edited by Sylvie Gardel)




BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page40

iT SECuriTy ENd-uSErS oFTEN BEComE a TargET oF haCkErS

The importance of security awareness in today’s businesses It is wise to ensure that employees do not become a threat to the company, especially on the eve of HTML 5, which should partially revolutionize the world of Internet, but also engenders new attack vectors. hard drives, or relying on false virus alerts to encourage victims to deploy many unpleasant remedies. However, the most pernicious threat this year is probably a malicious code, which takes advantage of the Autorun feature of removable devices, such as external hard drives, memory sticks, or cards for cameras. These past months have been marked by such threats, with nearly 20% of malware exploiting this propagation vector.

Frédéric BOURLA Head of Ethical Hacking Department


ompanies now operate in a hostile environment. Industrial espionage, cyber-terrorism, and greed have allowed hackers to grow, specialise, and create fearsome gangs. Hackers are no longer isolated within just passionate personal and technological challenges; they are now frequently engaged in organised criminal networks for their own benefit or that of powerful sleeping partners. Recent years have witnessed a rapid professionalisation of cyber crime. Infrastructure complexity, interconnection applications, the interdependence of components, and market deadlines are all factors that increase significantly the risk of a cyber attack. Notwithstanding, users are usually the main weakness of complex systems and, as such, remain the preferred target of cyber criminals. The first half of 2010 is no exception to this observation, and has seen an explosion of attacks targeting the end-user.

Client-side attack threats The extent of the digital scope and everchanging threats makes it very difficult to protect the systems. The perimeter itself is no longer clearly defined. It is not enough to protect the infrastructure with a perimeter firewall, which would remain blind to any threats within the internal network. Yet nearly one in five attacks is linked to an



More sophisticated attacks

Frédéric BOURLA, Head of Ethical Hacking Department, High-Tech Bridge internal embezzlement, and most contemporary external attacks – such as Trojans and other attacks that could exploit the trust relationship between a system and privileged users by forcing them to execute commands without their knowledge – bypass the perimeter defences of the company, by directly targeting users’ computers and final users. In this context, 2010 has seen a renewed interest in old computer attacks, such as Ramsomware, Malware MBR and fake anti-viruses, respectively taking the user data hostage, propagating through the master boot record area of

Indeed, these attacks are not really new. A similar malicious application left the planet in 2008 and infected the computer equipment of a NASA International Space Station because of an astronaut’s contaminated USB device. But such attacks have evolved to achieve an unparalleled level of sophistication. Hackers now show unprecedented professionalism. Their code includes increasingly effective protection, especially encryption layers and complex anti-reverse engineering functions in order to conceal the operation. Conversely, hackers are trying to improve the productivity of their attacks, and therefore infect the most victims in a short amount of time. During the month of April, a major attack against Content Management Systems permitted the compromise of thousands of websites in record time. Altered PHP pages redirected visitors from search engines to malicious websites, thus remaining undetectable by the owners who were accessing their systems through a URL without seeking the services of a search engine. Moreover, the first nine months of the year also showed a considerable evolu-


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page41

FiNal uSErS Security awareness in Banking Sector Sebastian Flaccavento, Security Project Manager at High Tech Bridge: “The importance and value of information in our society increases daily, making it more and more difficult for companies and governments to use information technologies and communications. As a response to modern IT risks and threats High-Tech Bridge offers security awareness and training for enterprises. The main purpose of them is to define corporate information assets, find out potential risks by examples of other companies and various cases studies, and finally to work out the most efficient model of risks prevention. Today we have more and more demand for security training for “non-IT” employees, in finance and banking sector, which more often become victims of “social Sébastien FLACCAVENTO, engineering” (various psychological - and human-based compuSecurity Project Manager, ter attacks) and other types of cyber-frauds. High-Tech Bridge After 8 years of work in IT security for banking sector, I am convinced that financial industry requires that every employee, who has access to any confidential information, clearly understands the risks related to the usage of information technologies in order to be able to prevent them.” ■

tion in the number of codes exploiting application vulnerabilities, or taking advantage of user’s inattention, such as Tabnabbing. The latter is a new type of Phishing attack which permits a malicious webpage previously loaded in a browser’s tab to wait until the surfer turns his attention to another tab to change its content and appearance in order to steal the identity of another site, thereby encouraging the spread of Trojans and the massive development of increasingly complex zombie networks. The largest Botnet ever made was also dismantled by the FBI in March 2010. It allowed hackers to control more than 13 million infected computers in nearly 190 countries.

vectors for malware. A specific Trojan horse targeting Android cell phones has already infected several million victims among mobile phone users, thus stealing all kinds of confidential information, such as SMS, email, voicemail password and contacts. And with nearly 22,000 Androids sold every day, it is a safe bet that this particular cyber criminal trend is still in its infancy.

example, be catastrophic in the event of hacking into hospital systems, air and road traffic management, telecommunications, and power distribution. Nowadays, the United States fear the consequences of a new Worm-like Stuxnet which, according to the Financial Times, has already infected an unknown number of power plants, pipelines, and American factories, as well as a potential Iranian nuclear plant. This type of malware also spreads through removable storage devices, including USB keys, before compromising hosting systems. Without considering such catastrophic scenarios, companies also remain vulnerable. The key in cyber war remains information, therefore computer data is often coveted by competitors. Unfortunately, man is the weakest link in the long chain required to secure information. It is therefore wise to ensure that employees do not become a threat to the company, especially on the eve of HTML 5, which should partially revolutionize the world of Internet, but could also engender new attack vectors. ■ F.B.

Final users are exposed Attacks targeting businesses are seldom without consequences. These could, for

An interconnected world In most cases, the information does not have value unless it circulates. Enterprise networks have therefore turned to the outside world. Today, employees have laptops, wireless PDAs, Smartphones, and portable storage devices, while accessing corporate resources via the Internet and remaining connected to personal networks, which are beyond the employer’s control. Computer security consists of solving the paradox of exposing information and opening the network, while ensuring that data cannot be found just anywhere and cannot be used by just anyone. This growing interconnection creates a far more complicated risk assessment. The sharp increase in Smartphone sales, the craze for social networking and democratization of Peer to Peer are important propagation




BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page42

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page43


TEChNologiCal huB

ThE lakE gENEva rEgioN: a huB oF TEChNologiCal ExpErTiSE

Credit Suisse establishes an IT Development Centre at EPFL In July 2010, Credit Suisse announced plans to launch an IT Development Centre at EPFL in Lausanne to create a meeting place for specialists from the worlds of science and industry. “Our aim is to develop future-oriented solutions that will allow our business partners to respond effectively to changing client needs,” says Hans Martin Graf, Head of the IT Development Centre. Interview with Didier PLANCHE


hat is the strategic rationale for Credit Suisse’s decision to establish the IT Development Centre and how is this centre positioned in the bank’s IT landscape? Information technology plays a key role at Credit Suisse. It is vital to the bank’s development and to our vision to become the world’s most admired bank. With more than 6,000 IT employees and contractors in Switzerland alone, we are one of the largest employers in this field. IT resources are scarce, however. To maintain our leading position in IT and to meet the increasingly demanding expectations of our clients, we need to be able to access every labour market in order to recruit top talent. The IT Development Centre broadens our range of activities in Western Switzerland and demonstrates our commitment to Switzerland as a centre of research and industry. With its focus on innovation, software and capability development, the centre complements existing IT expertise in home market sites, near-shore and off-shore locations. Why is the IT Development Centre located on the campus of EPFL? Credit Suisse has worked successfully with Swiss universities and institutes specializing in IT for many years. Our IT Development Centre at EPFL enables us to continue this tradition and will lay the foundations for innovative projects and solutions that


will set us apart from the competition. At the same time, the centre allows us to strengthen our role in the French-speaking part of Switzerland. Traditionally, the “Arc Lémanique” - the Lake Geneva region – is a hub of technological expertise with top universities and a number of start-ups. Our evaluations have shown that the EPFL Innovation Park combines proximity to world-class research with ease of access for employees and students, as well as an excellent infrastructure and close ties to our successful business in the region. We are proud to be the first financial institution to establish a presence in the park.

will create a unique testing ground where practitioners meet academics and where our software developers can create and develop new ideas. Credit Suisse is committed to improving professional IT training in Switzerland and we are a very active player in the field of information and communication technology (ICT). The establishment of the centre represents another substantial contribution to IT education in addition to our existing commitment to double the number of young IT talents within the bank and to invest of up to 10 million Swiss francs in IT education over the next five years.

In which areas of research will the centre specialize? The centre will combine software development for our businesses with innovative research-oriented projects. Areas of interest for innovation are mobile banking, software engineering, data mining and energy-efficient computing. We are also planning a variety of scientific cooperation projects with EPFL such as in the area of cloud computing. The IT Development Centre reaffirms Credit Suisse’s appeal as an employer of choice in the region - both for university graduates and senior IT professionals.

Will the centre be at the cutting edge of the bank’s IT and on which areas of technology will it focus? We definitely think so: the advantages offered by the location, the emerging spirit of the centre and the planned project portfolio have all laid the foundations for an innovative, high-performance organization. This should enable us to leverage the technical expertise in the areas of security, communication and software engineering that can be found within the EPFL and in the region. In spring 2010, Credit Suisse established a “branch of the future” in the worldfamous Rolex Centre on the EPFL campus where new, client-facing technologies are deployed. The adjacent IT Development Centre represents another concrete commitment to supporting our client-focused strategy. ■

How will the centre benefit Credit Suisse’s IT organization? As a global, innovative IT organization, we are constantly looking for new ways to do business: with its novel combination of development and innovation projects, the centre will give us recruiting opportunities and insights into leading-edge research. We




BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page44

laTEST NEWS BuSiNESS CaSE: BaNquE privéE ESpiriTo SaNTo – dElTaCoNCEpT

An integrated Global Front Office Solution for Asset Managers - A successful project that leads to more… In 2004, Banque Privée Espirito Santo took the decision to implement Equalizer by DeltaConcept. The aim of this investment was to provide Asset Managers, the Advisory department, and Risk managers, with an attractive, efficient, and user friendly tool. The success of this project has led the bank to consider a wider deployment of Equalizer within other key projects in its development strategy. The total number of licences at the Banque Privée Espirito Santo has doubled since the first implementation. Interview with Pierre-Yves SACCHI*

What do you think of the Equalizer implementation, and of the solution? FRANCIS MATEESON RONCORONI, SENIOR VICE PRESIDENT, IN CHARGE OF STRATEGIC PROJECTS, IT, SUPPORT&LOGISTICS, PRIVATE BANKING SERVICES, BANQUE PRIVÉE ESPIRITO SANTO: We are very satisfied with our choice of the Equalizer solution. Our goal of providing the asset management, advisory, and risk management departments with a user-friendly and functionally quite comprehensive tool was a great success. This project fulfilled the requirements and the tool is highly appreciated by users. The most positive item is its ability to support our risk analysis and management process. The team appreciates the autonomy and independence that it has in the presentation and manipulation of the data used for analyses.

M. Francis Mateeson

LEANNE JOHNSTON, HEAD OF STRATEGIC PROBANQUE PRIVÉE ESPIRITO SANTO: The advantages of Equalizer II that come up regularly are its flexibility, user-friendliness and the attractive graphic interface. The

ability to provide daily performance calculations was a key element in the solution selection process. Fast access to reliable calculations, in an efficient format, is crucial for our internal processes.




You seem to be satisfied with Equalizer functionalities for business teams. Do you have the same feeling when it comes to IT? PASCAL STEGMANN, HEAD OF INFORMATION TECHNOLOGY, BANQUE PRIVÉE ESPIRITO SANTO:


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page45

rEporTiNg BPES Institutional speech Established in Switzerland in 1977, Banque Privée Espirito Santo traces its history back to 1884, when José Maria Espírito Santo established a currency trading business in Lisbon. Banque Privée Espírito Santo is the Swiss private banking wing of the Espírito Santo Financial Group (ESFG), a fully integrated family-owned financial services holding company, and leader in the banking and insurance markets in Portugal through its principal banking subsidiary Banco Espírito Santo (BES), and Tranquilidade insurance company. Banque Privée Espírito Santo is the Swiss hub of ESFG’s broad geographic reach, with a shared goal of supporting entrepreneurs in countries with cultural affinities to Portugal, and with a particular emphasis towards South America and Africa. Exclusively focused on wealth management, Banque Privée Espírito Santo has more than CHF 10 billion in assets under management and employs a staff of 156 at its Pully head office and Banque Privée Espirito Santo abroad. ■

One major strength of Equalizer as a solution is its integration – the way it interfaces easily with our banking system. The project

demonstrated how much the product’s architecture supports its integration. We have been involved both functionally and financially in the definition of the system interfaces for positions, movements, performance measurement, and order confirmations (Securities, Cash, Spot, Forwards, Options…). It is quite natural that our teams acquired technical and functional expertise on the application. The independence of operational teams from the software editor is a reality; this is one of the aspects most appreciated by our users. The autonomy to create specific views, to control investment processes, allocations,

deviations, and performances is of the utmost importance and one of the real benefits of this solution. The IT team is independent from DeltaConcept when it comes to operating the system. A successful project that will lead to others – what is your vision for near future? FRANCIS MATEESON RONCORONI, BANQUE PRIVÉE ESPIRITO SANTO: We are pleased with the Equalizer solution, and our collaboration with DeltaConcept was a definite success. In addition, the total cost of ownership is reasonable. These are very positive points and we are considering increasing our use of Equalizer. We might deploy its functionalities to other departments of the bank. Our continuing development ensures that we will have lots to do in the coming years. The group Espírito Santo’s financial participation (shareholding) in the company Altius Finance SA highlights the commitment to expand our presence in wealth management and in particular towards independent asset managers. Based on an innovative business model, we have developed an offer targeted specifically at this segment of the market. Equalizer II is quite naturally the software solution we intend to provide to external asset managers in the context of this model. Moreover, in this perspective, the new functionality of data consolidation from other banks is very interesting. ■ P.-Y.S. *Managing Director, DeltaConcept

DeltaConcept speech Integration concepts, product philosophy, and the flexibility of the Global Front Office Solution «Equalizer II» highlight with each project that implementing a front office software on time, efficiently, and in a satisfactory manner for everyone is a reality! These concepts do not impact the central system architecture (Master / Slave Relationship) and offer great value to most departments. Easy to use, easy to customise, Equalizer II is one of the most user friendly tools of the market and its functional scope makes it one of the most comprehensive application. Integrated and ergonomic, Equalizer II is the Global Front Office solution that replaces previous generations products. It is used virtually in all departments: Portfolio and asset management, Advisory, Risk, Compliance and Management. Such an attractive tool in your bank ensures a high return on investment, a quality and effectiveness message towards clients and users subscription. Outstanding Reporting, eBanking, navigation and orders capture are key decision making points for asset managers. The productivity of Banque Privée Espírito Santo was notably improved thanks in particular to the production of Pierre-Yves SACCHI, Managing Director, Deltareliable and fast performance calculations. Concept Project teams and DeltaConcept management would like to thank everybody at Banque Privée Espírito Santo, who made it possible to bring another prestigious name to the list of more than 50 Equalizer references worldwide. Pierre-Yves Sacchi, Managing Director of DeltaConcept: “Our software has helped improve the productivity and image of the bank”. ■




BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page46

NEW TEChNologiES “E-mErgiNg” aSSESSES iTS progrESS aFTEr 18 moNThS iN opEraTioN

Independent asset managers have adopted the social network By allowing independent asset managers to use the Internet in developing their business, the “e-merging” social network has filled a niche in the market that will continue growing in the future. range of proven skills and expertise in this area. We operate on two physically separate servers. Member profiles are recorded on one, while their identity is encrypted on the other. Five of our administrators have simultaneous access to the two servers. They are the only people who can put two members in contact with one another, pending the agreement of the two parties. Establishing contacts is at the heart of our business model. Therefore, every new member is able to use the search engine to gain access to a profile corresponding to his or her search criteria. In order to protect members’ identities, a code is connected to each individual member profile. If a contact request is submitted to the system administrators, it is then forwarded to the member in question who decides whether or not to agree to have his or her identity disclosed, in order to allow contact.



hen Lombard Odier decided to launch the e-merging social network for independent asset managers, family offices, and financial services platforms in March 2009, we believed that we were responding to a genuine need existing in the market. Eighteen months later, we have been proven right in this regard – even beyond what we had hoped. Our initial objective was clear: offer professionals working in independent asset management the first social network able to provide them with the means to identify, on an anonymous basis, potential partners for developing their business or preparing for their eventual succession. Our ambition has now taken on an entirely different dimension in light of e-merging’s success. In 18 months, we have registered more than 200 members from among the largest Swiss financial management companies. These members represent over CHF 85 billion in assets, which is equivalent to roughly 20% of the assets under management by independent managers in Switzerland. There have been 32,000 visits to the site since the start of the year and we have responded to more than 560 contact requests.

Fully secure social media These figures speak for themselves. E-merging is responding to a genuine need



Olivier COLLOMBIN, Head of the Independent Asset Managers Department, Lombard Odier despite its membership conditions, which some may find restrictive but which ensure the trustworthiness and credibility of the network. To be accepted, candidates have to answer 50 questions that are necessary to properly determine the profile of the prospective member, and his or her professional legitimacy. It takes fifteen minutes to complete the questionnaire, and the data provided remains totally anonymous. In order to guarantee the security of this data, we benefit from Lombard Odier’s full

Three access levels Today, e-merging is reaching a new stage in its development. In order to adapt to demand and demonstrate greater flexibility, we will create two additional access levels that use shorter questionnaires containing 25 and five questions. This will involve establishing three categories for members, according to their identification level. It is important to note that the category requiring the most identity data will have access to all of the other membership levels, while the reverse is not possible. For the majority of asset managers, using the Internet to develop business truly represents a cultural revolution. While some


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page47

CulTural rEvoluTioN have made the change without difficulty, others remain reluctant to a certain extent. It is for the latter group, and for those who only partially completed our questionnaire, that we have made our criteria more flexible to encourage them to become gradually familiar with e-merging. Moreover, most of the information requested on the simplified questionnaires is the same as information that is available by consulting the commercial register. We have also developed functionality for future independent asset managers who wish to establish their business. Thanks to e-merging, they can identify and make contact with potential partners.

Becoming THE international benchmark This adaptation in response to the reaction of the market is fully in keeping with our objective. As the only players to have developed a platform of this kind, we want to be


THE networking site for independent managers and family officers, not only in Switzerland but also at a European and even at a global level. To date, 20% of our membership is already located outside Switzerland. Our international development has been facilitated by the agreements we have concluded, and continue to negotiate, with various professional organisations in Europe such as CIFA (Convention of Independent Financial Advisors), which recommends the use of e-merging to its members. Specifically, this cross-border reach has already allowed some members to benefit from international business opportunities by identifying prospective partners in places such as Singapore or London via the e-merging search engine, and then establishing contact with complete discretion. To facilitate our members’ work, we will also ask them to evaluate the services at their custodian bank by indicating the diffe-

rent services available to them: administration, reporting, advice, access, etc. This will enable the creation of a bank guide sustained by input from the users themselves. We also hope that in the near future e-merging will offer a platform for exchanging funds as well as an instant messaging system. In response to our members’ requests, we also wanted to create a more concrete extension to e-merging by giving members and other like-minded people a chance to meet. Every month, since the start of the year, we have organised successful “afterwork e-merging” events in art galleries in Geneva and Zurich, which provide a platform for networking in an artistic environment. We aim to export this concept to other European cities. ■ O.C. * Head of the Independent Asset Managers Department, Lombard Odier



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page48

NEW TEChNologiES ThE ChallENgE oF ToTal TradiNg SySTEm iNTEgraTioN

The trading cycle, from order initiation to execution confirmation, profits greatly from a coherent technology... Why do integrated OMS/EMS platforms make sense, for big and small financial institutions alike? The power is shifting from traders toward risk and back-office managers, resulting in a quest for consolidation. The simplest and most cost effective way to system consolidation is a single owner technology. to a report from TABB group, enhancing performance and consolidating systems are high priorities for the more savvy firms who reinvent processes and workflows in order to stay ahead of the curve.



uropean traders working with ever more diversified financial instruments need to find cost effective ways to overcome several challenges: how to best access fragmented markets and liquidity pools, dealing with reduced trading volumes and increased competition, responding to transparency concerns from investors and regulators, and juggle frozen IT budgets and the desire to keep pace with rapid technological developments.

Expert views When listening recently to industry experts, interesting statements relate to the subject outlined above. Here are two examples, one from the vendor side and another from the client side. Asked about the major trends in the markets, the head of product management at one of the big competitors said: “It’s all about consolidation, at the corporate level by mergers and acquisitions, at the risk management front and at the trading technology front, as customers try to concentrate on fewer systems and vendors.” I am tempted to add that, even before banks merged and new entities were created, there was a wasteful and amazing fragmen-



Fragmented liquidity or fragmented technology?

Joseph KUETTEL, International Sales and Marketing Responsible tation of systems and practices. The power is shifting from traders toward risk and back-office managers, resulting in the quest for consolidation. The simplest and most cost effective way to do that is a single, robust platform, developed from A to Z by only one technology owner. The chief investment officer at one of the biggest asset management companies globally (close to 2 trillion dollars) was talking about the benefits of establishing a single trading entity: “Being able to share technological skills across the dealing desks is important because investment in this area is greater than for any other area. Our combined trading component is now an important weapon in generating alpha.” According

In Europe, there has been much talk in recent years about the problem of accessing fragmented liquidity, both for buy-side and sell-side market participants. It is true that harnessing the technology cost of connecting to all the relevant markets and routing your order flow smartly, while staying in touch with low latency execution benchmarks, gets very tricky. But having heard enough about that, let’s examine the following question: how about fragmented technology? A case can be made for important gains in efficiency, control, and spending on systems by centralizing trading on a single platform. Historically, most trading technologies have been adopted in a fragmented way, following the expansion of activities into different asset classes and therefore resulting in standalone systems, existing side by side, but not being integrated or even connected for that matter. In addition, vendors and technology providers often proceed by external growth, meaning that specialist solutions are added without being organically developed on the basis of a single


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page49

CoNSTaNT EvoluTioN tion to execution confirmation, profits greatly from a coherent technology, itself properly connected to back-office systems on the one side and market venues on the other. Qualities like scalability and flexibility permit accelerating business processes, reactivity to client and market changes through consistent and secure handling of markets and instruments.

owner technology. No need here to describe the difficulties of getting to work properly together two or more 3rd party libraries into a coherent, reliable solution for the client.

Major advantages of integrated, single owner technology platforms Let’s have a quick look at the obvious pluses of a single trading platform, like PREDATOR – The Fatal Weapon, Teleinvest’s system serving buy-side needs as well as sellside functionalities, capable of treating multiple asset classes, offering connections to the relevant exchanges and broker networks, and also featuring modules for best execution, algorithmic trading, position keeping, transaction cost analyses, internalization of orders, STP, DMA, etc.

Staying in the race with the best

In order to gain strong control over dispersed trading desks, meaningful surveillance of overall trading activity, real-time position at risk, and streamlining of transparency and accurateness of risk calculations, an integrated platform obviously greatly facilitates the manager’s tasks.

Cost savings There are big savings to be achieved by investing in a single, consolidated platform. The client negotiates the up-front investment, the maintenance and support service with only one company. The customer concentrates the necessary internal knowhow and resources on only one technology and working relationship, another potential for sizeable cost reductions. Energy and time is saved in the case of contract renewals, increasing also the negotiating power and facilitating legal protractions. Internal IT teams can be downsized together with corresponding budgets. Any redundant features, as they necessarily exist on different systems, are eliminated, thereby reducing the bill.

Better risk and management control Seamless order management from back to front and execution management from front to back results in better performance, time savings, error exclusion, increased control and better client service. How many banks still process client orders via separate systems or handle important order volumes by phone? How many traders still keep track of order execution on a bit of paper, handed down to the back-office?


User comfort A single platform, installed in multiple locations across legally and geographically dispersed units, including partners like independent wealth managers or investment vehicles allows for optimal and flexible resource planning. Trader mobility is made easier by putting the right man at the right desk according to many different criteria that correspond to the changing business strategies. Mixing cultures and specialist know-how for the various asset classes allows for swift adaptation to market changes, without being forced to move systems together with traders, or run cumbersome user training programs, when a European trader is assigned to an Asian trading desk running on completely different working tools.

Intrinsic system quality The most sophisticated trading tool is not worth its cost if not 100% reliable, fault tolerant, and easy to use. Trading platforms are not allowed to break down. It is much easier to guarantee a certain performance or development capacity based on single owner technology than by trying to achieve it with different products from different suppliers. The trading cycle, from order initia-

Teleinvest International AG has developed and promoted electronic trading and securities management for more than 15 years, gaining experience and recognition based on its proprietary technology with the PREDATOR platform. Hundreds of individual user licenses in Swiss and international banks and financial institutions testify to the quality of our software. In our opinion, this and the fact that even as a relatively small group of companies we have managed to stay completely independent, reflects greatly on the trust important clients have granted us for many years. Trading technology is in constant evolution, some advances are major achievements and change the industry permanently; other features represent more of a fashionable trend until market forces or regulatory interventions make them obsolete. However, there remain some indispensable qualities for trading platforms, like reliability, robustness, performance, scalability or modularity and above all the guarantee of true and entire ownership of the underlying technology. Teleinvest has invested roughly 1’000 man-years of software development, representing something like ten million lines of code for PREDATOR – The Fatal Weapon! ■ J.K. *International Sales and Marketing Responsible, Liechtenstein



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page50

ouTSourCiNg privaTE BaNkiNg: CaughT BETWEEN CoST prESSurES aNd ChaNgiNg CuSTomEr ExpECTaTioNS

Will Swiss Private Banks Rise to the Challenge? The Swiss financial sector, particularly the private banking sector, is of major international importance. Switzerland ranks third behind the USA and the UK in terms of global assets under management, with a market share of 9%. It is also a market leader in cross-border private banking, with a market share of 28% . The headline reason why Switzerland is such an important global hub for private banking is very simple: It provides an unmatched excellence in service, of which Swiss private bankers are justifiably proud. Although this is true even today, there are some interesting trends behind this, which are becoming increasingly important and which are causing some important shifts in this well-established industry. Daniel BARDINI*


istorically, the critical element of the Swiss private banking industry that led to its unparalleled success was the confidentiality of client identity. Under the Swiss principle of bank secrecy, privacy is statutorily enforced, with Swiss law strictly limiting any information sharing with third parties, including tax authorities, foreign governments or even Swiss authorities, except when requested by a Swiss judge’s subpoena. At the time the law was enacted, the circumstances in the world were such that secrecy and confidentiality of information were important for the protection of the client as well as his wealth. These circumstances included political conflicts, revolutions, unstable economic policies, unreasonable taxation, difficult relations with neighbouring countries and even wars. The ultimate aim of the Swiss Private Banks was to provide their customers with the means to hand down their assets from generation to generation. This idea of the protection and preservation of wealth for the future generation meant that the investments were made with the objective of maximizing long-term returns. Traditionally, all Swiss banking asset classes have



Daniel BARDINI, President SunGard Ambit Private Banking had long maturities with particular focus on long equity and fixed income instruments.

The changing world In the aftermath of the recent financial crisis, however, two things have happened that are challenging the traditional model of the Swiss private banking industry. International pressures are rising due to popular belief that client secrecy is being misused

for underground activities, tax evasion, and even organised crime. As a result, the government has started to change the secrecy law, an example of which is the UBS Bill, which would amend the Swiss laws to allow UBS Bank to provide names of 4,450 American account holders to the US Internal Revenue Service. This has the effect of weakening one of the major value points of the Swiss private banking indus-


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page51

ChaNgiNg World pricing of the investment through its try, thus reducing the ability to life cycle so that portfolio managers charge premium fees. This has an can better manage the portfolio and obvious knock on effect overall make well-informed decisions. This profit margins for the banks. capacity would then need to be comThe other change is in client expecplemented with risk management tations. Clients today are looking at capabilities to evaluate all the asset private banks to provide higher classes under management, thus returns over shorter periods of providing Swiss private banks with a time. Swiss private banks have had comprehensive armoury to capitatherefore to incorporate new asset lize on the opportunity of a global classes such as structured proapproach and maintain their excelducts, hedge funds, and real-estate lent tradition as world leaders in funds in order to compete. This Private Banking Ecosystem private banking. creates a challenge for them To summarize, changes in the because they need to build infraglobal financial services industry are chalIn order to maximize their income, the structure to provide investment managelenging the traditional model of the Swiss banks need to be able to measure income ment capacity around these new asset private banks. Swiss private banks need to and profitability in appropriate granular classes. adapt their existing model in order to overways; most usefully at the level of relationNot only is the industry experiencing come the threats posed by the emerging ship manager. This would provide the challenges to its traditional competitive players in Asia as well as the Middle East. senior executives a clear understanding of advantages, it is also facing rising global An ASP model along with tools for profitabithe income and expenses and would allow competition; examples of this would be the lity management, pricing of structured prothem to build transparency in the organizaincreasing trend for Asian and Middle ducts and risk management can help to tion. Together the ASP model and the profiEastern banks to provide private banking setup the necessary infrastructure with tability analysis solution can help to build and asset management services. Singapore, minimal additional costs. This will prepare competency around operational efficiency. for instance, is becoming an important the banks to rise to the challenge and Additionally, Swiss private banks need to custody hub for the wealthy of Asia. With secure their position in the global market. address the challenge of how to include new margins on a downward trend, changes are asset classes into their investment managenecessary and IT expenditures are coming ment strategy. In order to do that, they need under scrutiny, especially for smaller banks How SunGard can help to understand the costs and the risks assothat will need to change their model in Daniel Bardini, president of SunGard’s Ambit ciated with them. There have been worries order to survive in their current form, since Private Banking business, said: “SunGard about an apparent conflict of interest in the excellent service alone would now perhaps responded to this changing landscape and pricing of structured products, because the not be sufficient for success in the increalaunched its Ambit Private Banking solutions manufacturer and ultimate counterparty for singly competitive and challenging world of suite, which consists of solutions for core these products is also the price setter. If international banking. banking, portfolio management, client inforbanks want to advise clients regarding strucmation management, analysis and control, tured products, they need a mechanism to asset management, and alternative investHow can banks respond? validate the price. A third party price valuament management via an ASP model. This For the first time, Swiss private banks will tion would firstly help to confirm if the price new deployment alternative provides private need to seriously consider the notion of outis right. It would also imply that relationship banks here in Switzerland with the security sourcing their IT infrastructure and core managers could use this validation mechaof an established core banking system along financial and banking systems. An Applinism as a selling point to clients who are with the cost benefit of outsourcing the IT cation Service Provider (ASP) model can interested in investing in structured proinfrastructure.” ■ provide private banks with a way to reduce D.B. ducts. Finally, it would help to track the costs and have confidence in their mission*President SunGard Ambit Private Banking critical systems. It will also enable them to harness IT services for processes beyond their core solutions and reap the cost Bio rewards of a hosted solution. Another Daniel Bardini, president of Ambit Private Banking, is based in Geneva, Switzerland, and is advantage of the ASP model is that it can responsible for helping SunGard’s customers in private banking and wealth management achieve their business objectives. Mr. Bardini commenced his financial IT career in 1987 in help to convert the traditionally fixed costs Switzerland working for Digital Equipment Corporation (DEC) as the sales manager for partnerof infrastructure into the smaller variable ship development with independent software houses. In 1991, he became the sales manager costs of only the services required at any for the financial market segment before taking on the role of European marketing director at given time. In a challenging market with net DEC European headquarters for ISV solution programs in 1995. Mr. Bardini joined SunGard in income under threat, banks can proportio1997 as COO and Deputy Managing Director for the Ambit Apsys business and was promoted to nately adjust their costs by only paying for the position of president for Ambit Private Banking in 2001. ■ the services they are using.




BF_HS10_BF_HS09.qxd 08.10.10 15:33 Page52

RePoRTinG The classificaTion of financial asseT valuaTions

IFRS, “Fair value” & evaluated pricing As of 2005, major firms quoted on the Swiss Stock Exchange have been required to prepare their financial statements using IFRS (International Financial Reporting Standard) or US GAAP. The only exception are firms whose business is primarily conducted in Switzerland, and these may continue to use domestic accounting standards published by the ARR/FER. Ian BLANCE*


he application of IFRS means that the valuation of financial assets must match the standards outlined in IFRS7, with specific reference to a valuation hierarchy, which is based on the type and quality of the inputs used to arrive at the valuation. This area is heavily scrutinised by regulators overseeing the reporting process. The Swiss Stock Exchange, for instance, consistently highlights this as an area of focus when reviewing financial statements (most recently in its Communique on 2009 annual accounts). IFRS (and its equivalent standards in the US) classify financial asset valuations on three different levels: Level 1: inputs at this level are quoted prices (unadjusted) in active markets for identical assets or liabilities, which the reporting entity has the ability to access at the date of measurement. Level 2: this level values inputs other than those quoted prices included within Level 1,which are observable for the asset or liability, either directly or indirectly. Level 2 inputs include: quoted prices for similar assets or liabilities in active markets; quoted prices for identical or similar assets or liabilities in markets that are not active, that is, markets in which there are few transactions for the asset or liability, the prices are not current, or price quotations vary substantially either over time or among market makers (for example, some broke-



Ian BLANCE, Head Evaluated Pricing Business, SIX Telekurs red markets), or in which little information is released publicly (for example, a principal-to principal market); inputs other than quoted prices that are observable for the asset or liability (for example, interest rates and yield curves observable at commonly quoted intervals, volatilities, prepayment speeds, loss severities, credit risks, and default rates) and inputs that are derived principally from or corroborated by observable market data by correlation or other means (market-corroborated inputs). Level 3: inputs at this level are unobservable inputs for the asset or liability. Unobservable inputs are used when observable inputs are not available, thereby allowing for situations in which there is little, if any, market activity for the asset or liability

at the measurement date; the fair value measurement objective remains the same, that is, an exit price from the perspective of a market participant; unobservable inputs reflect the reporting entity’s own views about the assumptions that market participants would use in pricing the asset or liability (including assumptions about risk); unobservable inputs are developed on the basis of the best information available in the circumstances, which might include the reporting entity’s own data though the reporting entity need not undertake all possible efforts to obtain information about market participant assumptions; the reporting entity should not ignore information about market participant assumptions that are reasonably available without undue cost and effort.


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page53

STaNdardS In practice, the use of Level 1 inputs is relatively straightforward. Observed and reported trades are available from a wide number of exchanges and trade platforms, and SIX Telekurs carries a large number of these sources as price contributors. Whenever active market prices are unavailable, though, a firm must use a reliable valuation method, making maximum use of observable, current market inputs, and relying as little as possible on internal estimate or counterparty prices. For a large number of asset classes – especially OTC fixed income and derivative instruments – reliable and up to date ‘market’ prices that fit the Level 1 criteria are simply not readily available. Many of these instruments do not trade on a regular basis, if at all, and even if they do the trades are rarely reported in a timely and consistent manner. This situation presents a huge challenge to companies that are required to produce a Level 2 or Level 3 ‘fair values’ for their holdings. In these circumstances an evaluated


price is frequently used to ensure compliance with accounting and other regulatory or operational requirements and SIX Telekurs has developed a service to provide their clients with this data alongside Level 1 quotes. SIX Telekurs Evaluated Pricing consists of evaluations produced using our own capabilities supplemented by prices from third party providers. Our proprietary service offers highly transparent valuations for a wide range of fixed income securities and derivatives, as well as for complex or otherwise hard-to-price securities.

What are the benefits? Using an SIX Telekurs Evaluated Price offers a number of benefits to anyone who requires a regularly and consistently updated valuation of their financial instruments for use in ‘mark-to-market’ and ‘fair value’ applications. These benefits include independence: inputs and outputs are independent of user assumptions or estimates; transparency: there is comprehensive tech-

nical documentation and background data; consistency: evaluations are based on standard procedures delivered in consistent fashion; methodology: transparent, patented valuation methods are used with maximum consideration of market inputs and Support: There is local support in the local time zone and language and we incorporate local market requirements. Operational functions which would benefit from this approach include: product control, collateral management, fund accounting, risk management, capital and margin calculations, and client reporting. This valuation method is already extensively used in Switzerland. With the wider use of IFRS, we expect this to become an increasing trend over the coming years. SIX Telekurs will continue to provide a full range of price and reference data sources to support clients in adhering to IFRS standards. ■ I.B. *Head Evaluated Pricing Business Development, SIX Telekurs



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page54

Quartal Financial Solutions AG Innovative Commission & Fee Management In 1999, an experienced IT team with in-depth knowledge of the financial industry envisioned a company that delivers innovative, sustainable and tailored business process solutions. Eleven years later, Quartal Financial Solutions takes pride in fulfilling this mission and being internationally recognized as the leading software provider for commission and fee management as well as fund reporting. Quartal Financial Solutions currently offers three major products: – Quartal FEE MANAGER is a professional solution for managing, invoicing and controlling all kinds of service fees in the financial services and insurance industry. The solution maximizes the efficiency of fee management processes and enables accurate and flexible invoicing of all types of service fees. Quartal FEE MANAGER supports you in setting up a professional B2B and B2C fee management. The functionally advanced system enables for example banks and asset managers to create and use a wide range of price models for client portfolios based on user-definable calculation criteria. CEO Thierry Zuppinger Depository banks and fund administrators benefit from the solution’s capacity to map highly complex fee structures, which allows them to invoice service fees, transaction fees and regulatory fees transparently. Additionally, Quartal FEE MANAGER can be used to manage even the most complex performance fee calculations efficiently. It comes with an extensive range of performance fee calculation algorithms, equalization methods and benchmarks that offer you greater flexibility and freedom. Thanks to its modular structure, Quartal FEE MANAGER always meets individual requirements and represents a secure, future-proof and scalable investment. – Quartal COMMISSION is Europe’s leading commission management and sales controlling solution in the B2B sector for the distribution of fund and bank products and for processing asset management fees. Quartal COMMISSION covers all types of distribution fees for funds and other financial products and services. The solution calculates various types of commissions and distribution related fees. Thanks to the wide ranging business connections of our prestigious European client base, Quartal COMMISSION is now used to manage more than 90% of all the fund distribution contracts concluded in Europe. By using our professional commission management solution, more than 35 clients have managed to greatly increase their efficiency, reduce their costs, support their sales controlling process more effectively and significantly enhance the service quality for their sales and distribution partners. Thanks to its modular structure, Quartal COMMISION always meets individual requirements and represents a secure, future-proof and scalable investment.

– Quartal FLOW is a web based fund reporting platform designed for the marketing environment of the financial industry with a special focus on factsheet production, prospectus, KID reporting and financial reporting. Enabling high level control and guidance throughout the creation process, Quartal FLOW provides seamless integration of relevant data and business processes, as well as tailored, precise and flexible reporting options. Quartal FLOW’s object based approach allows for efficient reuse of data while at all times ensuring separation of style and content. Our success is based on our ability to adapt to the requirements of our clients and to support them in their growth creation strategies. Some of the main competitive advantages they are able to achieve by working with us include: – A reduction of production and operational costs due to the automation of process workflows – Higher performance – A quick return on investment – State of the art technology – Fulfilling the highest security, compliance and audit standards – Transparency and accuracy relating to both current and historic data In addition to high-end software solutions, our advantage lies in our team of experienced business consultants and software engineers. Finance & IT expertise, excellent customer relations and a high level of service orientation are just some of our core competencies.

For more information about Quartal and our offering please contact Mirco Leuzinger at

Quartal Financial Solutions AG Technoparkstrasse 1 8005 Zürich CH – Switzerland +41 44 445 30 30

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page55



ThE daNaidS’ BarrEl...

...Or the paradigm of Total Information Privacy… In Greek mythology, the Danaids were condemned to fill a bottomless barrel with water. An analogous challenge for IT is in the private banking sector, to define information protection requirements granular enough to see them implemented before new threats arise. systems from all possible external risks now have to move to protect themselves better against their own personnel. Finally, governance and discipline in IT system evolution is essential, as too often, time-to-market pressures lead to disorganised application development.



ontrol of financial operations demands increasing internal and external transparency. For instance, simple operations such as international cash transfers require the inclusion of sensitive information as part of each operation at a specific point of time. Banking secrecy itself might face situations where partial or total disclosure of a client’s personal information is required by law. There are numerous exceptions to banking secrecy within civil, bankruptcy, criminal and fiscal law, debt collection, and mutual assistance between states in criminal matters. Private banks strive to establish and strengthen customer relationships, to keep up with the pace of competition in a more rationalised and innovative manner. To achieve this, Swiss banks aim to differentiate themselves from international competitors by highlighting the quality of their Customer Relationship Management (CRM) as well as the competence and relevance of their financial advisory services. There are clear consequences for IT. Specifically, highly sensitive and sophisticated CRM systems must organise more than just front office operations by offering greater clientrelated value to relationship managers. It is often necessary to deal with existing environments such as legacy core banking systems. Most of these systems are designed to represent the business relationship between a client and the bank at the account-level only, which is very different from the client relationships handled by front-office staff. Although less visibility is


What’s relevant for Information Privacy?

Eric MAUGE, Managing Consultant, IBM Global Business Services

seen as a safeguard from a security perspective, most of the managers dealing daily with these “non-represented” client relationships may simply store them separately from the managed company data (separate spreadsheet, personal notes, etc.), thus making highly sensitive information more vulnerable to leakage. This generates strong data quality issues at the IT back-office system level, and drastically increases the total cost of ownership of the information system. All of the above lead to an increased threat of internal fraud, for example, or unauthorised disclosure of highly sensitive information by bank insiders. Consequently, banks that have spent years protecting their

Under established Swiss laws, private information can be interpreted as personal details like identity (name, pseudonym, physical characteristics such as height/ weight/ biometrics, public registry IDs, as well as any other related account holder IDs), personal life (place and date of birth, cultural background, ethnicity, languages, residential address, academic qualifications, family situation, health, interests and hobbies, etc.), and civil life (military and marital status, etc.). In some cases, the private information concept can be extended to professional life (company, job, skills, industry, career path and level, person to person and person to company business relationships,etc.), and financial life (personal wealth, revenue, collateral, assets, liabilities, investment profile, person to person and person to account role relationships, etc.). Swiss banking secrecy, a tradition dating back to the Middle Ages, legally extends the protection of such private information to the level of a professional secret. This means that bank customers’ private information protection is similar to doctor/ patient or lawyer/client confidentiality. The 2008/7 CFB (Bank Federal Commission) bulletin also covers specific working conditions such as outsourcing and offshoring, as Swiss banking secrecy must be ensured



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page56

rEporTiNg at all times. The jurisprudence in applying Private Banking Industry law is to limit accessing, storing, or processing unencrypted private information only within the Swiss national borders. So any outsourcing scenario (Business or IT) must determine whether the outsourced activity requires private information access from inside (outsourcing) or from outside (offshoring) the Swiss border.

Locking down systems to achieve Total Information Privacy Total Information Privacy requires all feasible measures to protect the bank from unwanted disclosure of private information being implemented perfectly. Total Information Privacy assumes that a bank employs its IT systems for protection from data leaks, as well as establishing the required policies, procedures, and processes to enforce and demonstrate that repeatable and strong trust-based relationships between users and the information system are in place and controlled. The four key success factors for achieving this are as follows. The setup of a robust policy framework: Classify the definition of internal regulation documents according to baselines, policies, standards, guidelines

and procedures; develop a shareable content breakdown structure and assign the appropriate subject matter experts to each knowledge area; establish the proper communication plan for interaction between subject matter experts and reviewers; and implement a change management structure supervising and addressing the impact of changes throughout the entire organization; Policy definition: A top-down perspective, progressively increasing the granularity of the specifications, using established baselines and proof of concepts to demonstrate feasibility, and to assess the impact, is highly recommended here; confirm the revisited policies from a bottom-up perspective; develop pilot implementations in strategic areas only, with a reduced and manageable scope; roll out policies on a larger scale, producing detailed standards and procedures from the results of successful pilot implementations, and applying/enforcing all required changes (organisational and/or technical). Unfortunately, performing these steps at the most granular level would just demonstrate that the to-be state is practically achievable. Fixing the gaps between this tobe state and the as-is state (the existing situation) with the appropriate technologies and procedures is another challenge

BaNkiNg SECrECy which is by far more complex to address in a timely manner. Therefore the bank has to face situations where the cost of preventing the risks could be more prohibitive than the cost of the risk being materialised, even when damages are significant enough to engage the bank’s corporate reputation.

Closing the paradigm Doing nothing is not an option. Challenges from ever-increasing client requests and legislation must be confronted. So banks must master the storage, reliability of access, and usage of their data, whereby the bank’s security framework must reflect the IT system’s evolution and allow for decision-making processes. The security framework must incorporate a business view of the security framework in order to allow business executives to take appropriate measures on time, and must also develop details up to the granularity level mandatory for successful IT delivery execution and control. This ability to maintain over time a high-level business view with highly detailed and up-to-date IT functional data and application maps cannot be achieved without a proper level of recurring investments in both IT systems and software, and more specifically in the relevant organization and banking content experts. Therefore the ultimate goal is more to achieve resiliency over time (e.g. having fewer holes in the barrel) than to rush headlong at each every major information protection incident to address (e.g. putting more and more water into the barrel). The hunt for specialists able to combine business regulations with technical constraints, laying down the real criteria that must be followed in order to achieve Total Infor mation Privacy at a strategic scale, has just begun. It will be fierce – a direct reflection of the ever-increasing competition in private banking. ■ E.M. *Managing Consultant, IBM Global Business Services




BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page57

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page58

rEporTiNg addEd valuE oN Tax iSSuES

Critical issues in tax reporting and new IT systems In the field of international private banking, tax reporting becomes critically important. Given the recent changes in the regulatory environment and the likelihood of further changes in future, multi-country tax reporting will soon be less of a “necessary evil” and more of a genuine competitive advantage for institutions committed to private banking. clients and financial products depend on national tax laws, be it that of Switzerland, France, Germany or another country. Furthermore, a bank has to have the operational data needed to determine the tax base and applicable tax rates, for example in the case of securities purchases and sales (dates, market side, context etc.) or for corporate events such as coupons and dividend payments. All these data may vary over time, in accordance with the country’s tax rules concerning the classification of financial products, calculation of tax liability, exemptions, tax rates and other factors. The bank must be capable of managing such data across the entire value chain, using a coherent IT system, so that they can be collated as automatically as possible in order to deliver reliable, detailed, and corroborated information at a cost acceptable to both the bank and its clients.



t must first be noted that a distinction should be made between “domestic” tax reporting for clients whose tax residence is in the country where the bank is located, and “foreign” tax reporting for clients whose tax residence differs from the bank’s (a frequent occurrence in Switzerland and Luxembourg, for example). Handling clients’ tax affairs does not consist “only” in supplying them with a tax return, such as the Imprimé Fiscal Unique in France; it is a service in its own right. It involves a range of tasks and responsibilities for the bank, which can sometimes be very extensive depending on the match between the bank’s country and the client’s tax residence. This service includes: supplying clients with the information they need to declare their income, capital gains, wealth etc.; supplying clients with any documentation required to corroborate their tax returns, often in a regulated format; fulfilling the role of tax collection agent for some types of client income or capital gains, and subsequently transferring the monies to local or foreign tax authorities; supplying tax authorities with supporting documentation; and, in some cases, providing clients with tools to simulate the tax impact of different investment management choices. The most advanced banks will offer clients top-quality tax advisory services.



Jacques BOURACHOT, Chief Operating Officer, Crédit Agricole (Suisse) SA In order to carry out these tax-related operations, the bank must have all the information needed to produce the requisite data. This consists, firstly, of information about the clients themselves (nationality, residence, composition of the taxable household, type of taxation, choice of tax regime in any given country, etc.), and the financial products involved (product category for each type of taxation, income and capital gains components, etc.). Obviously, classifications of

The importance of tax reporting for foreign banks operating in Switzerland In the very near future, institutions intending to expand their private banking operations will have to respond to demands, which used to be mere wishes, for domestic or foreign tax reporting services corresponding to the tax residence of their clients, most of whom will have chosen to declare their assets. Foreign banks operating in Switzerland have a straightforward local tax environment compared to those in many neighbouring countries. They have long focused on off-


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page59

rEgulaTioN shore private banking, which simply requires the submission of a fairly concise foreign tax return. In consequence, they have often only limited knowledge of the tax systems in neighbouring countries such as Italy, France, Germany, Belgium and Spain, even though they already know how to deal with US taxation (for those with QI status) and the European directive on the taxation of savings income. That said, foreign banks operating in Switzerland have advantages over domestic banks that stem from their expertise in international private banking. The largest usually have experience in managing booking centres established in several countries and serviced with centralised IT and back-office platforms. Accordingly, they usually have some understanding of the tax rules in different countries. While banks in neighbouring countries are experts in their own domestic tax rules, this does not necessarily extend to other countries, and their IT systems are typically unable to handle other tax systems. Foreign banks operating in Switzerland therefore face a stiff challenge in competing with domestic banks when it comes to handling tax affairs in the country. But they also have undeniable strengths relative to other offshore financial centres in terms of multi-booking and managing several sets of tax rules simultaneously.

The implications for IT systems in Switzerland The main software packages for banks in Switzerland are capable of producing Swiss

tax returns. Some software houses offer specific versions adapted to other countries that can generate some or all of what their domestic tax laws require. The real problems arise when the software in a given bank is asked to simultaneously produce domestic and foreign tax returns – often for several jurisdictions – in response to clients’ needs and tax residences. The software must be flexible enough to manage, for different data structures, a whole range of features whose execution will depend on the country where the bank is operating and the client tax residence (which can sometimes be specified at regional level within a country). Thus the Securities master file has to be able to manage classifications of financial products that differ between tax jurisdictions, with automated updates from financial data vendors. In the case of coupons, for example, this means obtaining a breakdown between their “income” and “capital gain” components. For mutual funds, some tax authorities require investment income to be broken down into various categories (income from equities, income from bonds, etc.) that are treated differently. Securities purchases and sales have to give rise to running tax estimates related to such transactions, the client’s securities position or a combination of the two. Moreover, the software must be capable of functioning on the basis of average purchase price, FIFO or LIFO, according to the client’s tax residence. Tax or withholding tax rates, and even whether tax is withheld at source, are also part of the tax information that clients want.

Etienne SAINT-RAYMOND, Secretary-General, Crédit Agricole Private Banking Services (CAPBS)

Tax management is therefore not limited to producing sophisticated schedules and returns; it has a profound impact on IT systems, not only databases of securities and clients but also the complete processing of different banking transactions. Ideally, the software – notably in the context of platforms supporting multiple booking centres – should be able to handle different tax environments, thereby enabling domestic tax rules to coexist with several foreign tax systems within a given banking entity. Apart coping with inherently complex IT systems, banks need back offices that have the expertise to deal with these diverse tax rules. The back office is key player that must be able to handle all the operations involved in domestic or foreign tax reporting throughout the client’s investment cycle (purchases, sales, coupons, corporate events etc.). Here too, existing multicountry IT and back offices platforms have a competitive edge that they intend to exploit in the near future. ■ J.B. & E.S.-R. *Chief Operating Officer, Crédit Agricole (Suisse) SA *Secretary-General, Crédit Agricole Private Banking Services (CAPBS)




BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page60

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page61

riSk maNagEmENT


daTa maNagEmENT, a kEy iSSuE For BaNkS aNd FiNaNCial iNSTiTuTioNS

How to reduce the risks involved in financial data management In Asset Management and Private Banking the quality of financial data plays a key role. Many feeds (internal and external) have to be cleansed, integrated and reconciled in heterogeneous referential systems at front-, middle-, and back-office levels. Jean-Marc BELAICH*


he security master file and the client file are the two primary reference data elements in financial institutions. While the client file principally handles information resulting from manual entry, the security master file automatically integrates a quantity of data coming from internal and external providers. The most common data sources consist of security prices, currency rates, ratings, issuers characteristics, funds data (cut-offs, asset allotment, Net Asset Value frequency), sectorial classification, index composition, instrument identifiers (ISIN, SEDOL, CUSIP, national codes) and calendar information (market opening and closing days). Several providers exist for each type of data feed. Providers for instrument prices include SIX Telekurs, Bloomberg, Thomson Reuters and Interactive Data among others. Providers for ratings include Standard & Poors, Moody’s and Fitch and others. Some other providers or data flows may have also to be added for Corporate Actions such as SWIFT. Dealing with such a diversity of data feeds requires both manual and automated control processes in order to ensure the intrinsic quality of data as well as the correct integration of the data before making it available to various applications (trading, portfolio, funds, back-office)..


Data quality in the security master file has a direct impact on risk management on a number of levels. Accuracy of security prices is fundamental for customer portfolio valuation, nostro account valuation, funds net asset value, as well as margin calls for clients exposed to future markets. Company and debt ratings are used to define a risk profile for the client portfolio, as well as estimating the maximum credit amount in Lombard loans (valuation of collateral). While the data for a given security is reasonably static, the first issue in managing the security master file is the quantity and variety of securities on the market. Very few individuals or organisations have the resources to research every security traded in the world, and this is complicated by the fact that new securities are generated every day. Keeping on top of securities presents a real challenge. This is particularly true given that there is no single data source that holds information on every security, meaning that one must typically have multiple data sources for security information.

How to maintain data consistency with multiple data sources and very specialised applications? Having multiple data sources for securities leads to a second major issue regarding the maintenance of a Security Master file: the identification of new securities or instruments that come in to the system. New securities frequently contain unclear identifiers, or identifiers that exist in a different

Jean-Marc BELAICH, Senior Consultant in Data Management, Sterci SA scheme, e.g. ISIN vs CUSIP. Alternatively, they return no information when queried on data sources. Correctly identifying a new security and subsequently retrieving the correct corresponding information can be a complex and time consuming task. This is particularly true in the case of illiquid papers or funds. The various market data feeds are usually plugged to very specialised applications (trading, portfolio, funds, back-office, ‌). Each application has its own feed integrator, decoding engine, control rules and storage tables. Both the risk and cost of maintaining market data in heterogeneous systems are very high due to the necessity to deal with many technical interfaces



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page62

riSk maNagEmENT plugged to each banking system, the necessity to reconcile the data between the various systems and the necessity to replicate the information (for example, a security price integrated in the back-office system has to be replicated in the frontoffice system to be made available for client portfolio valuations). The centralised back-office model, which serves different geographic entities of the same group (subsidiaries or branches), or which offers security services to other companies, is developing very fast. This model necessitates the control of market data feeds dedicated to each entity along with their local specificities due to particular regulations and tax rules. In order to limit risks and to reduce operational costs as well as market data and IT costs, the centralisation of feeds into a single tool which loads, controls, decodes, stores and dispatches data to all the serviced banking systems (hub architecture) appears as a natural solution. This architecture limits the redundancy of information as the central data repository, and acts as master in a master/slave model with other banking systems. Such a tool must also be able to deal with the business rules and constraints of every slave system, in order to avoid the rejection of data at integration level. Migrating from a deported architecture to a hub architecture (creation of a centralised instrument master file) involves several steps: analysis of the business rules and requirements of every system in order to deport all controls to the centralised master file level; pre-migration reconciliation of data stocks in the various systems in order to detect and fix any discrepancies before initialising the centralised master file; creation of interfaces to link the centralised master file to the remote systems in order to replace the direct links between the data



feeds and these systems; configuration of Graphical User Interfaces in order to make the consultation and the manual entry in the master file user friendly; definition of priority rules in the case where the same type of information is available on several feeds (i.e. If Bloomberg and Telekurs provide different prices for the same instrument, what price should be broadcasted to the systems linked to the master file?); and finally, consideration of performance issues due the considerable quantity of data processed by a centralised master file.

Enterprise-wide data management with a centralised master file

JuNglE include dynamic data such as corporate action feeds since this requires multiple information sources: SWIFT ISO 15022 from the custodians, on-line newspapers, SIX Telekurs, Bloomberg or Thomson Reuters announcements, faxes, e-mails. Internal front-office information on optional events could also be integrated and processed. Sterci has developed a suite of products to help banks or financial institutions to better manage their data and reduce their risks. KEYdata allows your organisation to build a centralised master file for financial data management. This master file can select, filter and cleanse data according pre-configured business rules. The master file is automatically updated by the data provider and can distribute a golden copy internally to the various back end systems. Furthermore KEYdata can assist corporate actions processing by providing validated data across multiple sources. Data standard are always evolving and the business logic of internal applications is not aligned with the international standards as SWIFT. Sterci is providing with STEFORM a nice tool to map external standards with internal data formats without developing costly intrusive interface. With over 15 years of experience in data management projects, Sterci’s specialised consultant can help you trace your path in the jungle of data management and build efficient robust systems thereby reducing costs and risks. ■J.-M.B. *Senior Consultant in Data Management, Sterci SA (Genève)

Having brought a centralised instrument master file live, one may consider the further step of extending the inputs to


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page63

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page64

riSk maNagEmENT doES good TimiNg makE riSk maNagEmENT irrElEvaNT or CaN riSk aNalySiS gENEraTE pErFormaNCE WiThouT TimiNg?

Questioning the role of risk management in the prevention of crisis Risk management was an important development of the last 25 years. It is being questioned today in light of the 2007-2008 financial crisis. Managed with methodologies and products conceptualised by the academic world — CAPM, VaR, quant algorithms or rating agency stress tests — risk management has failed to contain many of the recent crises: Japan, LTCM, the Internet Bubble and the 2007-2008 meltdown of the financial system. ing market performance coupled with traditional “buy and hold” strategies have shown a 50% negative performance in real terms during the last 10 years. The risk in the future is that stock markets may not sustain asset growth or that purchasing power may not be preserved as it was during the fantastic boom period of the last 50 years. From 1964 to 2010, for example, the DJ Industrial Index went from 1'000 to around 10'000, a multiple of 10 or a performance of 4 to 5% per annum. During the same period a Harvard MBA starting salary went from $10-12'000 in 1964 to $100-120,000 a year in 2010, also a multiple of 10. Are markets just maintaining purchasing power? Does the additional 2% dividend rate after withholding tax and above inflation compensate for the volatility or the risk of an un-timed entry: 1970’s, 1987, 2000 and 2007?



wo years later, the system has partly recovered and claims a return to business as usual. Nevertheless, new problems have appeared which, despite new rules and governance, are difficult to frame or to address. The major risk is certainly the mammoth compounding debt, both private and sovereign, around the world. It will take time to be resolved, if ever, by the financial (or political?) system. Risk has also developed in the externalisation of investment decisions and the concentration of capital and investments in ever fewer hands, making diversification a forgotten principle. Investment decisions have delocalised to London, New York and Singapore and are concentrated in the hands of a few trillion-dollar houses: JP Morgan, GS, BOA, Fidelity, PIMCO, MAN and other major hedge funds. They all use similar sophisticated models and propel risk to a new dimension: “Too Big to Manage”. Another permanent risk which has not been sufficiently addressed is the manufacturing of “ersatz” derivative products, responsible for the toxic asset crisis. These new derivative products package wealth into opaque investment “containers” with limited market



Edouard OWCZARCZAK, Founder & Chief Executive Officer, Management Joint Trust SA

Is gold really a safe haven?

visibility and transparency. The number of “containers” and funds might be more important today than listed securities. With the eventuality of new fat-tail effects, these may constitute a new risk time bomb. There are also massive risk concerns in the systematic indexing of performance (by definition, a loser in bear markets). It has had a major impact on pension funds, insurance companies and savings institutions, and their uncovered liabilities. Disappoint-

Could gold also become a risk case study? Between 1964 and 2010 prices went from $42 to $1250, a multiple of 30. This corresponds to 4 to 5% per annum plus a 2% dividend compounded annually. This is on par with salaries and equity markets over the last fifty years, but for a hard asset which pays no dividend, it is fully priced historically and further rises might lead to a bubble. “Paper gold”, i.e. ETFs, is also a major risk, not so different from the scheme contrived by John Law in 1720. Physical


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page65

mEThodology gold covering these transactions represents the 6th largest holding in the world and is deposited in two New York banks which are currently net short the metal over 30%. In the thin OTC market, a carbon copy of the AIG bubble may be developing. Another risk in the gold market could involve a nationalisation of this lucky hoard in case of crisis or war. Regulators could also decide to tame speculation with a 100% margin (as befell the Hunt brothers when they cornered the silver market in 1980). These are some of the pending risks which are difficult to quantify and measure. With the derivative structures in place, many believe they are insured. Default risks and potential domino effects – e.g. AIG, Lehman - could come back to haunt us.

Long term investors e.g. Weekly charts 3-12 months horizon

Timing and managing “the real thing” In past crises the passive investment strategies of “buy and hold” and indexing failed despite risk management. Good timing, based on an analysis of the market, could have given protection. Often related to technical analysis, market timing tools are sometimes considered old-fashioned as most methodologies date to the pre-Markowitz era. However, in contrast to the “nobody knows” philosophy, they offer reliable guidelines when studying market action and advising clients. For over a century, technical market analysis has provided ample tools to monitor and implement market strategies, detect accumulation, distribution, potential reversals and differentiate between moves in or against the trend. It also offers a reactive complement to other active asset management tools, such as the study of fundamentals, as information and expectations in the market are continuously updated and revised. Expertise in technical analysis is unfortunately not taught in business schools and is most often bypassed by top management in financial institutions. Whatever the method, when navigating the complexities of markets, only a robust methodological approach can lead to a sound investment decision. In technical


Investors e.g. Daily charts 1-3 months horizon

Traders e.g. 15 min. charts 1-2 days horizon

sed through a multitude of methodologies which require expertise, solid experience and extensive fine tuning.

A unique “3T” methodology Choosing an investment horizon to fit your risk profile

Since 1969, Management Joint Trust’s decision-making tools have integrated these necessary parameters and framed them into specific time frequencies. This “all in one” solution offers protection against unforeseen market movements by providing timing and market risk analysis. It is based on a unique “3T” methodology, which brings into one picture a measure of Trend-TargetsTiming, including an automatic written interpretation for nonexperts. In other words, “We Give Answers”. This service is available through the Internet AN EFFICIENT DECISION MAKING TOOL: “All in One” (, and applies to analysis, the first pillar of this methodology all markets and time frames (charts is setting an investment horizon, i.e. a time representing 10 years of historical prices to frame in which to base your decision. For intraday are available), making it useful for example, advising a client to buy an asset strategic investments as well as short-term XYZ at 40 which a month later is worth 32 decisions. and six months later 45 proves to be the The methodology can also be applied by right decision. The optimisation of this portfolio managers in the analysis of portadvice, however, lacks both timing and a folios and their components; by asset allotime frame of reference. Charts represent a cators through the comparison of different scanned picture of investor behaviour. They asset classes, sectors or equities; by alterare a statistical tool for studying price native investors in the simulation of diffemovements, which are classified as primary rent strategies with instant evaluation and trends of more than 1 year; secondary by stock pickers through a continuous trends of 3 months to a year, which function filtering of the whole database for opportuas corrective trends; and minor trends, nities and risky situations. which run from 1 to 3 months. This division MJT financial graphs look at the “real thing” can be extended down to intraday trends. and are automatic, professional, responTo each one of these trends corresponds a sible, transparent and adaptable to most specific chart frequency of observation active investment managers or advisors (weekly, daily, hourly). By first defining an who like to control their decisions and be investment horizon, the technical analyst responsive to their clients. Their use can will match his decision-making process to help investors put a time frame on their a specific frequency (or a combination of fundamental views, detect upcoming risks specific frequencies). or opportunities as well as evaluate their Once a time frame for decision making is current investment profile. set, the situation must be regularly assesThe last fifty years have seen many unantised based on the following basic principles: cipated crises. Don’t expect the next fifty monitor trend development, differentiate years to be more forgiving. ■ between consolidations and turning points, E.O. measure exaggerations and price potential *Founder & Chief Executive Officer, Manage(price objectives). These are usually assesment Joint Trust SA (



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page66

riSk maNagEmENT ouTSourCiNg 2.0

Service provisioning in the banking sector Operating in an increasingly complex environment of evolving technologies, multiple vendors, and constant back-office challenges, private banks are forced to consider new ways to bring about long-term cost reduction. We look at business service provisioning as an enabler of cost transformation. Marc CROTEAU*


n private banks, the increase in assets over the past 18 months – despite regulatory intensification – has not been enough to compensate dwindling margins: a recent study revealed that profitability in private banks had fallen by a median 35% in 2009 (Scorpio Partnership, Global Private Banking KPI Benchmark, 2010). While banks have implemented cost-cutting programmes and reduced annual budgets, these short-term measures have reached the limits of efficiency. Reducing too much head-count for example will handicap the bank’s future ability to pursue revenuegrowing projects once business rebounds. Cut too much in the fat, and you risk cutting in the lean. How then can a bank achieve long-term cost reduction while still maintaining organisational flexibility? The answer must be found in using outsourcing models to achieve cost transformation: turning fixed capital costs in IT and Operations to variable operating costs, a process which allows banks to scale to fit the business cycle while maintaining transparent and foreseeable costs. Indeed, one would think that the current low-growth economic environment, client re-shoring, and increased competition between financial centres would cause banks to re-think their businesses from top to bottom. However, beyond the short-term belt-tightening, there is no evidence to suggest that banks are seriously pursuing new operating models. A study of 44 Swiss



banks highlighted this contradiction: while the in-house production of systems and applications was low (27%, meaning that most of this development is outsourced), 86% of back-office and asset management tasks were still performed by the bank.

Business Service Provisioning An enabler of cost reduction, outsourcing comes in several variations, one of which is called service provisioning (recognizable with the suffix “as-a-service”). While service provisioning models have been around for many years, they have remained largely part of the IT or administrative worlds. Application service provisioning (ASP) – a service where business applications are hosted and managed by a provider company on its infrastructure and access is leased to its clients – is a descendant of

earlier service-bureau and IT infrastructure outsourcing models. Learning from past experience and benefiting from close collaboration with universities (for example, the Sourcing Competence Centre at the University of St. Gallen), service providers have evolved over the years toward a more integrated approach. By adding business services to the mix – the bank back-office personnel providing transaction processing – we obtain an integrated BSP (“business service provisioning”) model, whereby the entire chain of services from IT infrastructure to application service to business processing are offered from one contractually-responsible provider. How does this integrated model fit with cost transformation necessary to derive longterm benefits? To offer an integrated BSP model, firms need to be the major players


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page67

CoST TraNSFormaTioN in their field and have a strong strategic network with the companies providing the underlying services (for example, through ownership or via a strategic partnership). By virtue of the size and strength of this strategic network, economies of scale come into play, as does a fee-based pricing model based on volume or number of transactions. This allows banks to reduce their IT and operational costs over the long term: one can generally expect a reduction of about 20% compared to in-house production. The cost savings can then be ploughed back into business-enabling projects to grow revenue, in the areas of client-facing support, research platform, asset management, or product development.

Risks Working with a service provider also can provide a decrease in bank-side operational risk present in human errors, system faults and, sadly, the dishonest employee. Some of


these risks are borne by the provider who can mitigate them by using the most up-todate business processes, industry standard checks and balances, specialised software solutions and state-of-the-art infrastructure (which, as previously mentioned, the provider’s greater scale can afford). In the banking sector, security and quality are paramount when it comes to choosing a BSP or ASP partner. For Swiss banks, the ability to provide services and store the data within the country’s borders is the top consideration, as is compliance with IT auditing standards such as SAS 70 or PS402. After a partnership is established, the quality of the service-level agreement will be one of key factors in a good relationship. Well-stated performance indicators will help avoid ambiguities and smooth over the transition in what is admittedly a major change for the bank. Indeed, the new economic and regulatory environment will have lasting impacts on

banks which will need re-focus on their core competencies; they must take a hard look at the proportion of services which are produced in-house versus those sourced externally, and if the cost efficiencies are there, then make the difficult choice to move to a new model. â– M.C. *Manager, Management Consulting, COMIT SA



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page68

SpECializEd appliCaTioNS miT lauNChES a CollaTEral maNagEmENT SySTEm For TradE FiNaNCE

Improvement in Trade Commodity Finance Industry! MIT looks at the Trade Finance software industry nowadays, and explains why he believes TRAC, MIT’s latest system fills a huge gap in the Trade Commodity Finance & Structured Trade Finance arena. These second and third methods require a vast knowledge of the commodities markets and most of all of the customers seeking financing. In these cases, the risks will be limited in certain types of transactions due to the possession of the Bill of Lading (B/L). Nevertheless, the growing complexity of the financing structures and the increasing demands of the supply chain forces the Banking community to design more complex financing schemes better suited to customers’ specific requests. The risks are higher but so are the perspectives of revenues for the Bank.



ne can observe three major schools of thoughts in terms of Trade Finance and Commodities financing. First there is “balance sheet based financing,” a type of “corporate financing” that focuses mainly on companies with a stable and solid financial background, but which require strong working capital to finance their core business. This form of financing usually requires little control once the bank has decided to finance the company, and is based on the corporate capacity to reimburse; in other words, balance sheet analysis is the cornerstone of such a financing method. Then there is “transactional-based financing,” which is not based on a corporate balance sheet, but rather on the goods that are financed; indeed, one of the major characteristics of International Trading companies, except for the large corporate, is their relatively low capitalization. With such method, the banks need to monitor the physical flow of goods since they represent their main collateral. Effectively, transactional-based financing requires a thorough evaluation of risks and an accurate followup of transactions financed. A third form of financing called “structured trade finance” is in fact a mix of the two financing methods explained above. This third method is becoming increasingly



Current bank needs

Jean-Luc SPINARDI, Banking Consultant, MIT common, and represents the future in terms of trade commodity financing. The purpose of such a practice is for banks to back their risks both on collaterals and on a financed company’s balance sheet; this very interesting way of financing can be defined as a tailor-made solution for corporate needing financing that depends on the particularities of their activities and their cash-flow. The main difference with transactionalbased financing is a stronger balance sheet that allows more complex and “structured” financing.

Banks specializing in transactional- and structured-based financing, however, need to put in balance several indicators in order to monitor efficiently this activity – more specifically, the scrupulous respect of financing limits set for each customer, the level and type of commitments, the evaluation of its collaterals, and most of all a good comprehension of the different types of risks involved. A bank needs generally to look at several risks. Customer Risk or “KYC” - Know your Customer: a bank’s relationship manager must know his customer well, and identify whether the skills and professionalism of the latter represent a sufficient guarantee to finance a transaction. Country risk: risk is evaluated differently depending on which country the goods are located at a given time, since the fact that goods may transit from one country to another will have a strong impact on the risk calculation and


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page69


evaluation. Market risk or Price risk: monitoring such risk is fundamental; since goods are the only collateral for the bank, it becomes necessary to follow the price change of commodities. The more volatile the price of a Commodity is, the higher the risk becomes. Counterpart risk: banks need to evaluate the risk on counterparts of transactions they are financing; indeed, the second step of a transaction involves a counterpart to which the goods will be sold, and whose payment will serve to reimburse the amount initially financed. Operational risk: the bank ought to put in place very strict internal procedures for this activity and make sure their employees follow them rigorously. The set up of such procedures must be accompanied by the implementation of IT solutions designed to apply these procedures in a secure manner, but also to help bankers make quick and rational decisions based on valid data updated in real time.

Basel II and auditors pressure As a matter of fact, Banks are currently evaluating whether their existing Trade Finance systems are still in phase with today’s market standards and with the evolving prerequisites of auditors. In today’s current


Crisis Climate, one major topic remains on the lips of bankers and software vendors: “How can we improve Risk Management?” And Trade Finance and Commodities financing does not escape from such debate. Furthermore, Basel II regulations oblige banks to look more in-depth at how they evaluate their risks with regards to Trade Finance, since it has repercussions on capital requirements for this activity. If it is true that banks nowadays are more or less well equipped with systems capable of supporting their back-office operations with regards to financial instruments such as Letters of Credits, Guarantees and Collec tions, it is not as obviously the case for more complex financing and the monitoring of its allocated credit limits, as well as the management of Collaterals. In this case, the most frequently used tool is an Excel spreadsheet. The spreadsheet offers great flexibility for relationship managers to follow the evolution of their transactions, and establish the global economic position of a customer at a given time. The position is calculated on the spreadsheet by consolidating data manually coming from heterogeneous sources. The global economic position supports the decision making process of a relationship manager or a credit committee, when deciding whether or not to finance. Despite its proven flexibility, a spreadsheet is not sufficiently secure as far as the reliability of the data presented is concerned. On the other hand, this information supports the decision-making process for financing amounts

up to seven or eight digits. Therefore, there is an increasing market demand for innovative dashboard tools that can be easily integrated into a bank’s IT infrastructure, and that is capable of automating the extraction of data coming from various systems in order synthesise it in a tool capable of presenting a reliable view of a customer’s global economic position in real time. This was our goal when we created our new product TRAC-Trade Risk Active Control. ■ J.-L.S. *Banking Consultant, MIT



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page70

«Only a sand dune can withstand a sandstorm» This could be an ancient proverb, simply stating that things must change to last, which is true in life and also for human constructions and organizations. But this is no longer purely a matter for philosophers as it also permeates every-day culture. Take robots and how Hollywood imagined them: less than 20 years ago a powerful robot was commonly shown as a huge gleaming steel creature epitomising strength; recent blockbusters like Transformers depict live metal creatures that, while existing individually, can literally merge and re-assemble themselves – or morph - into various larger, stronger, faster creatures best adapted to face each enemy, or to fulfill a specific collective mission. Of course they save mankind – in the film. How relevant is such a metaphor to banks and banking IT? If we assume that resilience and growth are their fundamental strategic drivers, banks must indeed be able to re-shape and redeploy their resources to face new challenges and seize new opportunities. From an organisational view point, it questions the ability of HR and IT groups to create an agile organisation that can learn fast, re-shape and move quickly. In terms of human resources and hiring policy, it also coincides with the arrival on the market of a new generation of people whose relationship to learning, working and networking is tremendously different. They learn through trial, they multi-task, they connect to achieve a form of community intelligence,; they can embrace new technology at once, they expect variety in life and systems ubiquity - accessing the universe from any flat screen, laptop or smartphone. They can be a chance to build an agile organisation where people receive and fulfill missions rather than tasks, truly and efficiently share knowledge and experience, innovate – if they are provided with the adequate framework, the tools, and the necessary business rules. Miss it and you might get the worst of both worlds. A “future-watcher” recently declared that algorithmic search engines like Google might be challenged if not replaced within a couple of years by Twitter-like “social” networks that would outsmart those thousands of instantaneous but “fossil” answers by collecting this additional intelligence that networked human thinking can bring, when the questions being asked become more complex. Think about it… Hence the role of IT is key for this transformation, and the good news is that several technologies coming of age will support it. It has been a long journey from single-process resource-driven computing to what is now called Service-Oriented Architecture, which has taken a necessary step towards that flexibility and ubiquity from a business IT perspective. This in turn has made possible a new model for providers: “Software as a Service”. But mission-oriented business IT requires two more achievements to be truly effective. The first one is about control and security at large – from the security of the data to the quality of the services to their availability levels. Thanks to standards and network bandwidth, many IT services can potentially be totally delocalised. In terms of storage and processing capacity, this concept is referred to as “Cloud Computing” by the providers promoting it. The Internet uses it, for example. But from the enterprise user perspective, authentication and access rights, encryption, single sign-on, certificates, firewalls, and a strict selection of trusted and appropriate services and providers, all are prerequisites for this new model. The second one addresses the users - and the enterprise needs for a smart and flexible approach to integrating the chosen services and tools. This demands a substantial change from the previously

accepted norm; a move from a dedicated user interface imposed by each application, however graphical, smart and intuitive, to a flexible, user-controlled, subscription-based interaction mode where users will easily select, shape and assemble the exact views, windows, feeds, filters, graphs, actions they need for their mission. If repetitive tasks and simple processes are increasingly automated and chain-linked – we mean Straight-Through Processing here – the teams will have to manage the remaining complexity and they need the right tools. And the technology for that is called Portal. Portal technology – with Web2.0 “rich Internet” technologies - brings together features previously incompatible, business focus and community networking, straightforward deployment – no huge resident software nor data - and intuitive graphical presentations, contents control and personalisation. Portals enable high levels of security and business acumen, mixed with the company-wide collaborative work, customisable looks and contents, and real-time probes into the markets and the outside world, that the new generation of our workforces expects. In some ways, portals could also announce the final decline of the “Personal Computer” of the nineties, replaced by a simpler “screen terminal”, but this time a powerful gate to chosen services, data, images, processing on demand. Technically speaking, a portal relies on a framework integrating recent Web technology like “rich” presentation tools, with new/revised connectivity methods - with standards and powerful administration and privilege controls.Through a portal the users can also tap into a growing “catalogue” of on-line application “portlets” (public or professional, external- or intra-company). Economically, portals also enables the smart integration of many existing services as soon as they can be Portlet-enabled, thus capitalising on, and leveraging, the often rich enterprise legacy applications, and facilitating a meaningful and cost-conscious best-of-breed strategy. Broadridge is one of the major entrusted global providers of business processing IT and applications services to the banking and securities industry. Year after year we refine and expand our services to meet and anticipate the outsourcing requirements of our clients. We are proud to serve our customers globally with platforms and software solutions that are robust, efficient, scalable, and backed by our services that respond to changing business and market requirements in terms of functionality, pricing models and speed. We have a long track record of servicing private banks and wealth managers in Switzerland and Europe and, recognising the business challenges and diverse requirements of such organisations and the real benefits it can bring them, we have chosen to deploy these state-of-the-art technologies and build a portal to offer a new interaction with our proven banking applications and other complementary corporate tools and services. If you would like to know more about our solutions, or be convinced that this is absolutely relevant for your industry, contact us at

BROADRIDGE SUISSE SA 58, rue de la Terrassière - 1207 Geneva Tel: +41 22 787 23 23 Web:

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page71

SpEzializEd appliCaTioNS aCCESS To iNFormaTioN aNd origiNal doCumENTS From 350 WorldWidE SourCES

FinWatcher, a unique monitoring platform for the banking and finance sector The rapidly changing banking and finance sector generates huge amounts of information worldwide, and the successful professional cannot possibly keep up with it all on his own. The platform FinWatcher is a new service that monitors documents from 350 sources and provides subscribers with personalised daily alerts based on their preferences. A wide range of search criteria are available, and the original documents are available for instant downloading. Conversation with Philippe Braillard and Henri Schwamm, Honorary Professors at the University of Geneva and Founders of FinWatcher. Interview with Didier PLANCHE

In response to which specific needs was FinWatcher created? The rapid and profound changes in banking and finance are creating a growing need for information among all professionals working in the sector. The sources of information are so numerous and varied on a global scale it is increasingly difficult to keep track of them and make effective use of them. Besides the news, it is essential for professionals to have direct access to the documents themselves: national or international regulations, structural and economic analyses, prospective or retrospective studies, surveys, publications of international and government organisations, etc. Aside from products providing realtime news, banking and finance professionals therefore also have a need for a document monitoring service. This is why we created FinWatcher, which is the only Internet platform today able to filter the entirety of worldwide financial and banking information from more than 350 public and private international sources, from which strategically important documents can be selected and downloaded immediately by the subscriber. What are the main technological innovations central to its functioning?


First of all, navigation on FinWatcher is possible according to several criteria: by publisher, by topic and by date. Documents can also be located according to their author (using a search engine). Secondly, FinWatcher subscribers receive a daily e-mail with all the new documents that have been added. They can also opt for personalised alerts on subjects of particular interest. All these documents can be downloaded instantly. Thirdly, FinWatcher offers permanent archiving of all published documents (about 4,000 per year), which can be downloaded instantly at any time. What procedures does FinWatcher use to filter the desired banking and financial information, and according to which criteria? FinWatcher uses specialised software for Internet monitoring that has been adapted for document searches in the area of banking and finance. But even the best software and technical tools are alone insufficient to reach the level of quality required by a service like FinWatcher. Much of the work relies on extensive experience and a deep understanding of the field in all its complexity, as well as of the various entities and institutions that publish documents of strategic importance.

The alerts are sent out by e-mail every morning (Monday to Friday) at 03:00 GMT to FinWatcher subscribers. As mentioned, subscribers can personalise their alerts by selecting topics of interest. They can choose one or more of the four general themes (financial basics, banking and financial activities, financial industries, public interventions). They can also select one or more of the 75 topics used by FinWatcher (e.g. capital, credit liquidity, valuation, business models, IT technologies, risk management, wealth management, corporate finance, private banking, private equity, funds, insurance, accounting standards, financial regulation, financial supervision, monetary policy, etc.). Direct access to documents is carried out by downloading them in PDF format. 95% of the documents are freely accessible. The remaining 5% are either freeof-charge after registration or available for a fee. Note that in the latter two cases, after clicking on “download this document,” the FinWatcher subscriber arrives directly at the publisher’s page, where he or she can either register for free or pay for the document. ■ D.P.

What are the technical characteristics of the alerts, instant connectivity, and direct access to strategic documents?



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page72

SpEzializEd appliCaTioNS lEvEragE oN paST iNvESTmENTS aNd FrEE up rESourCES

Be more competitive: give your users more time for value-added activities Basel III, SwissBanking Agreement on Due Diligence (CDB), FINMA guidelines, internal regulations and controls…: boost your bank’s performance whilst reducing operational, credit and reputational risks. Banque & Finance interviews Alain Rubeli, Managing Director of APIA SA. Interview with Didier PLANCHE

What are the current trends in banking software? Banks are struggling to deal with growing regulatory pressure, which leads to higher process costs, and the need for increased profit margins: a not so easy equation to solve, in which the variable “standardisation versus tailor-made” plays an important role. Banks should look for tools and solutions that help them better exploit the existing customer base potential, allowing relationship managers to focus on crossselling and acquisition activities – instead of spending their time performing double or triple checks – and ensure at the same time a strict risk and compliance control. How do APIA’s solutions differentiate from other players/competitors? APIA helps banks to neutralise the “standard versus tailor-made” variable of the equation, offering a highly personalised solution that provides each bank with its own version, with no “release obligation” at all. This is developed on a yearlong proved software: ABS APIA Banking Suite, which has been designed as a modular, flexible, and user friendly front end application, with a workflow and rules based approach and build-in qualitative and quantitative controls. Apt to interface with any of the most common core banking systems (OLYMPIC, Finnova, Avaloq, BEST, Sungard APSYS, ...), ABS modules



increment and complement their functionalities in credit and customer management, as well as in handling teller activities. Banks can leverage on past investments, empowering their accounting system to gain in efficiency and effectiveness, as well as improve risk control. ABS APIA Banking Suite “plugs into” the existing or new IT platform of the bank, adapting to the existing environment (DMS, middleware, Datawarehouse,...).This avoids all data redundancy. APIA is recognised as a competent (both from the technical and functional point of view), reliable, and punctual partner, and the solutions offered are considered state of the art, cost-effective, and user-friendly. Which of your solutions is most appreciated? KommerzOffice, the module dedicated to credit management – from the very first offer made to a potential customer, to watchlists and recovery activities, as well as front and back office tasks – is the result of almost twenty years of sharpening and finetuning in collaboration with our customers. One could object that credit lines and mortgages are basically the same regardless of where you apply, but our experience proves that each bank is somehow unique, with its own processes, philosophy, risk policy, and product specifications. KommerzOffice offers both proprietary solutions for rating and real estate estimation, but also access to third-party systems like CreditMaster from RSN or IAZI and Wüest & Partner estimation tools.

Alain RUBELI, Managing Director, APIA SA What is the future development of the ABS APIA Banking Suite? APIA pays a lot of attention to market trends and needs. We are continuously investing in order to widen the functional coverage by introducing new features, as well as by interfacing with the best specialised tools. More concretely, we are now developing a Business Intelligence module, which also offers interesting features with a CRM-oriented approach such as, for example, the so called “geo marketing,” and a different way of accessing and experiencing APIA’s products, like mobile access for our internet banking solution. ■ D.P.


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page73

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page74

SpEzializEd appliCaTioNS privaTE BaNkiNg ChallENgES

Staying ahead with technology solutions In the past few years, a series of converging trends have combined to place private banks under greater pressure than ever before. First, organisations whose clientele includes high/ultra-high net worth individuals are faced with a never-ending battle to hold innovative, well-financed competitors at bay. At the same time, internal management continually seeks techniques to boost productivity for their relationship managers, while they also struggle to implement sophisticated, faster trading and processing systems. Enhancing the customer experience

Fabrice BIDARD* Sinan BASKAN**


ncreasingly demanding clients expect personalised service, enhanced risk management, near-instantaneous trade execution, and more transparency than ever before. Finally, the recent series of global economic crises guarantees that all financial institutions will be subject to more regulations and scrutiny than they have been for decades. Fortunately, specialised and sophisticated software solutions running on high-performance technology platforms are helping to surmount these challenges. Introducing targeted software packages has been a proven technique in realising tremendous productivity enhancements across dozens of industries, and private banking is no exception. However, when considering this class of solution, it’s important to take into account the fact that the selected automation must be explicitly tailored to meet the unique needs of private banking. Generalised tools meant for a broader range of banks commonly fall short of fully addressing the requirements of this specific constituency. Furthermore, these types of application are best supplied by an external vendor for a number of compelling reasons: a packaged offering provides more capabilities at a better cost than can be delivered by the internal IT department; even if



Fabrice BIDARD, Product Marketing Manager, Odyssey Financial Technologies

they wanted to develop this type of application, most internal IT departments are focused on day-to-day operations, and don’t have the resources necessary to design, develop, and maintain a solution of this sophistication; and external vendors can supply a fresh viewpoint in addressing the specific concerns of private banks; while new customers can profit from the vendor’s experiences with existing clients.

It’s not surprising that high/ultra-high-networth individuals have heightened their expectations in terms of service offered by their private bank. Thankfully, relationship management automation promises to transform their experience, and lead to much higher levels of satisfaction. By recording and managing customer preferences, these packages help relationship managers proactively suggest products while anticipating and answering questions. Customers are particularly impressed with the comprehensive, well-designed reports supplied by these solutions. These include asset performance, cash flow, trading activities, market analysis, and proposals for new investments. To further optimise their customers’ experience, private banks are using these types of solutions to implement dedicated websites, which present account information, provide access to historical reports, enable secured email with their relationship managers, and grant access to targeted events. One unfortunate casualty of the recent financial crisis has been the vastly lower amount of trust now placed by customers in their financial institutions. By providing detailed, timely portfolio management information, relationship management software can go a long way toward helping repair this damage by demonstrating that only authorised transactions are being performed, using products that meet the client’s risk appetite. By increasing customer satisfac-


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page75

EFFiCiENCy tion and satisfying their concerns, relationship management software can be a large part of negating competitive pressure and retaining clients.

Improving internal operations In addition to keeping customers happy, relationship management packages can greatly streamline the bank’s internal operations. As we described earlier, private banks are under significant pressure to foster relationship manager productivity, without compromising the outstanding service that high/ultra-high net worth clients expect. Those private banks that have already implemented these types of solutions have found that their bankers are now able to successfully support 200 to 300 clients, instead of the customary 20 to 50, all with heightened customer satisfaction. On top of the always essential job of keeping clients happy, private banks are also labouring to implement more effective order processing. Many of these procedures are still performed by middle- and backoffice staff, yet the relationship manager must be able validate and monitor these orders in real-time without needing to resort to manual intervention. Specialised software applications make this visibility possible, while also furnishing detailed, accurate risk indicators to help bankers

make more informed and risk-aware decisions. Since regulations continue to expand, the auditing processes found in these applications will help demonstrate compliance, including measuring the education levels of customers to prevent offering them inappropriate products. While the capabilities delivered by private banking relationship management software are important, it’s not possible to deliver them without the footing provided by a robust, high-performance technology platform. This selection is especially important given the transaction volumes now being processed through these types of solutions. Fortunately, modern database infrastructure is now able to take advantage of the speed of in-memory processing to increase throughput and reduce latency while preserving information integrity. Application providers that have elected to follow this route benefit in several ways as long as some key criteria are met by the database infrastructure. First, the determination whether to use an in-memory information storage option must stay completely transparent to the application logic: no code changes are necessary. This infrastructure must also make it possible to push data updates to external tools such as business intelligence products. In addition, the decision about when to employ an in-memory

Sinan BASKAN, Director Global FSI Solutions, Sybase

option can be made on an installationby-installation basis, offering customers flexible options for this important choice. Although private banks are guaranteed to continue facing arduous competitive, profitability, and regulatory pressures, tailored relationship management software powered by modern, high-performance database infrastructure can improve operational efficiencies as well as strengthen customer satisfaction. Finally, by capitalising on inmemory database technology from their suppliers, application developers are free to devote their programmers to improving their core offerings, instead of working on infrastructure. â– F.B. & S.B. *Product Marketing Manager, Odyssey Financial Technologies **Director Global FSI Solutions, Sybase




BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page76

BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page77

meet the future of finance

20 Years of the Finance Forum: Changes and Innovations in the ICT-Finance Community Financial markets have gone through an upheaval and are now recovering from the recent global financial crisis. Banking professionals around the world are fighting to improve their image and restore customer confidence. Comprehensive regulations are being implemented to ward off another global crisis in the future. These are developments that also impact the Swiss financial marketplace and its participants. Against this backdrop, the Swiss ICT and financial community will come together on 2-3 November to exchange ideas on current topics and trends at the 20th Finance Forum. "Thought Leadership – People and Technology as Factors for Success": This motto sets the tone for this year's meeting of the "Who's who" in the Swiss financial marketplace, ICT sector, academic community and political arena. Top speakers share their ideas and insights on current issues in three main issues facing the financial industry: 1. Customer Management: Maximizing Added Value 2. Leadership: Just wow them! 3. Risk & Regulation: More Than Simple Requirements

Attractive Keynote Speakers Paint the Big Picture Dr. Markus R. Neuhaus, CEO of the consulting firm PricewaterhouseCoopers will open this year's Finance Forum with a keynote address entitled: «Switzerland in a Global Business Environment». Till Guldimann, Vice Chairman of SunGard, will share what banks can learn from IT at Google, Amazon and on Facebook.

The current conference program is available at:

20. Finance Forum – 2. und 3. November 2010 On-line Registration for the Conference, the Exhibition and the Receptions is possible until 28 October 2010. Entrance into the Exhibition is Free of Charge Access to the Exhibition, the Speakers' Corners lectures within the Exhibition area as well as participation in the Finance Forum Receptions is free of charge for all event visitors. Conference Passes Conference participation requires payment of an admission fee. The Conference Pass includes


entrance to the conference, the keynote addresses and access to the exhibition, catering services (including coffee breaks, lunch and the Finance Forum receptions) and password-protected access to lecture downloads on the Finance Forum website. 1-Day Conference Pass: CHF 290.– 2-Day Conference Pass: CHF 490.– (+7,6 % VAT) Event Location: Kongresshaus Zürich Event Program Information and Registration at

Jacqueline Schleier, Managing Partner Finance Forum und Finance Summit

The 20th Finance Forum will take place once again in Zurich this year. No other event has followed the developments and innovations in the ICT-financial industry more closely; remember that in the early days of the Finance Forum, participants were just beginning to incorporate the personal computer into their business models. These first steps were soon followed by the internet and the globalization of the financial sector – as well as the most recent International financial and economic crisis. During these exciting and turbulent times, the Finance Forum has become the leading community-builder through its unique event concept including an exhibition, conference and attractive networking opportunities. Over the years, a fundamental premise has led the way: challenges can best be overcome when people work together. This sentiment applies equally to our event in Geneva – the Finance Summit – which addresses the community of private bankers and asset managers as well as their service providers. We are happy to invite you to join us on 2-3 November 2010 to experience the Swiss ICT and financial services community in a new way. You will also be introduced to new products and business solutions from more than 90 exhibitors and in three parallel conferences, which provide first-hand information about the current market situation. I look forward to welcoming you at the event! Sincerely,



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page78

Finance Forum Survey 2010: Current Banking Topics and Trends The Finance Forum asked branch experts from leading IT service providers about the greatest challenges facing the banking industry in the coming months and years. Here are selected answers to the question: "In your opinion, which area of the banking industry needs to make the most changes to meet new market challenges?"

Francisco Fernandez, CEO Avaloq Evolution AG "Efficiency, which is in essence cost management, should be maximized in all processes. Risk and compliance issues should be regulated internationally so that customer consulting can be systematically supported using IT systems."

Urs Hafner, Head Financial Industry, Microsoft Switzerland GmbH "Technologically speaking, banks have already taken the most crucial steps toward automation of the value creation chain. However, personal contact remains essential. Without modern communication tools and opportunities for collaboration, the current and future needs of our "always online" customers, both private and corporate, cannot be adequately met. The



interesting question of "how much banking" our Web 2.0 world really needs remains unanswered. Internet communities, business forums and the global banking infrastructure already offer the foundation for new deposit, payment and credit transaction formats. Models such as microfinance, peer-to-peer banking and the like will continue to grow in importance."

SunGard: "Risk management is crucial for the survival of a financial institution. The days of lists of meaningless numbers are over! Only completely transparent and efficient risk management fosters credibility and creates an atmosphere in which risk taking becomes possible. Modern risk architects are already offering a view of expected future requirements ranging from stress tests through to credit value adjustments. In the retail sector, cross asset trading platforms will play an integral role in the reduction of operating costs. Automated platforms such as the Algo Trading could provide an efficient solution for this new challenge."

Christoph Oggenfuss, Head Marketing & Communications, COMIT AG "1. This question is difficult to answer clearly; however, it is obvious that many things need to be changed beginning at the level of office administration and customer service management. This can be observed in the area of multi-channel integration. Many banks are still operating with catch phrases and discussing the matter; however, customers now demand greater transparency as a result of positive experiences in other commercial transactions. 2. The separation of roles among internet banking, branch offices and field representatives is still in the beginning stages in many companies. 3. Two priority topics are: data-governance and data-security."


BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page79


Paul Kummer Manager Financial Services IBM Global Business Services "In the current banking landscape financial services organizations are faced with restoring the trust and confidence of their clients. They are looking for a better understanding of what their customers want and need, as well as what they are willing to pay. They are balancing how the customers want to interact with them and how to personalize those very important interactions. IBM has the solutions to make this possible, to allow the banks to accelerate multichannel application development and provide services to their customer using a variety of devices."

Christoph Erb, Division Manager Customer Care, Member of the Leadership Team, Finnova AG "Many banks have already modernized their business platforms; today innovation is required at the level of structured, computerized sales support. At the same time, the direct interaction between customers and banking professionals faces new challenges. What does customer service and advising look like today? What kinds of information should customers be expected to gather themselves? These are the questions that banks need to find strategic answers to in the current marketplace. In this process, innovations in mobile devices and social CRM become increasingly important."


meet talk: Networking for

Branch Experts Take advantage of a unique opportunity to meet the colleagues and experts you are wanting to connect with at the Finance Forum! The new tool Fifo CONNECT from Netcetera AG makes it easy: Q When you register online, you can release your contact information and make yourself available for meetings with other registered participants.

Q When you arrive at the Finance Forum, sign in on one of the Meet 'n Talk touch screen terminals. You will immediately see which other visitors, exhibitors and speakers are present and interested in meeting. Q You can download the names and mobile phone numbers of those people whom you would like to meet so you can make contact directly and quickly*. (*Walk-in guests cannot take advantage of the Meet 'n Talk service.)


Win a Travel Gift Certificate with "Meet 'n Talk" All Finance Forum visitors who register on-line and release their contact information for the Meet 'n Talk system will be eligible for the special Anniversary Prize drawing for a gift certificate from the travel agency Atlantis Reisen. The grand prize is worth Fr. 500.00; twenty additional gift certificates in the amount of Fr. 50.00 will also be given away. The prize drawing will take place during the Finance Forum Anniversary Reception on 2 November 2010. Sponsor: Atlantis Reisen

Register Now!

10. Finance Forum Running to Benefit 31. October 2010 10.30–12.30 Uhr Bürkliplatz Zürich

Running for a good Purpose

Running to Benefit the Swiss Multiple Sclerosis Society Within only a few years, the Finance Forum Charity Fun Run has become a tradition for runners from the finance and IT sectors as well as celebrity guests. The goal of this event is not to prove athletic prowess, but to collect money for a good cause. This year donations collected by the runners according to the number of laps they run will benefit the Swiss Multiple Sclerosis Society. Information and Registration at: The registration deadline is 26 October 2010 The Course Each lap is 800 m long, and the course runs through downtown Zurich. Beginning at Bürkliplatz, the route continues along the lake, up to the Arboretum, on to the Volière, then down to the Harbor, finally returning to Bürkliplatz again running along Lake Zurich. Our Sponsors


For more information visit:



BF_HS10_BF_HS09.qxd 06.10.10 16:25 Page80

cross-border dialogue between the Swiss and German banking communities possible and paves the way for increased international activity.

Communication and Networking at its Best: Communities 4 U

With an attractive offering including an exhibition, a conference with top speakers and community networking opportunities, the sectorspecific events operated by CBC AG, including the eHealth Summit and the Swiss CRM Forum, consistently satisfy participants. «Our events present the newest topics and industry trends while also supporting active interaction between service providers and their clients. Professionals who network in our communities have year-around opportunities to connect with the top players in their business sector», explains René Meier, CEO of CBC AG.

Communities offer a real alternative to conventions and high-priced conferences. Nevertheless, truly beneficial business forums also need to offer personalized, knowledge-based exchange with experts on the highest international and professional level.

In today's knowledge-based society, information and communication are the key factors for success. It takes time to identify trends, benefit from knowledge networks and to broaden one's own circle of contacts – unless you are part of a community that fosters and actively supports professional dialogue between its members. Attractive knowledge-based, informational offerings as well as active networking activities have been the main components of the renowned Swiss events now joined together in the Community Building Company AG (CBC AG). International Offering for the Financial Industry The best proof of the success of this concept is the notable Finance Forum, which celebrates its 20th anniversary in 2010. Banking professi-



onals, service providers and consultants come together in Zurich each year to discuss the newest industry developments and current trends, to share ideas and to network. With such a winning track record, it was simply a matter of time before the Finance Forum began to grow. The Finance Summit, a community event focused on international private bankers in Geneva, continues to resonate with its participants. Managing Partner, Jacqueline Schleier, has organized this event for the third successful year in a row. The success has even continued across national boundaries with the headline «Finance Forum goes Germany» announcing the newest event in 2009. Locating the Finance Forum Germany in Wiesbaden under the leadership of Lutz Pelzl, German banking and marketing expert, makes

Communities 4 U The community experts at CBC also offer their expertise and experience to organizations, companies and associations that wish to sponsor their own events. Marketing expert René Meier is convinced: «The future is community networking in CBC style!»

Kontakt Community Building Company AG Überlandstrasse 109 CH-8600 Dübendorf Tel: +41 (0)43 355 22 00


C2 - C3- C4_Mise en page 1 06.10.10 16:05 Page2

C2 - C3- C4_Mise en page 1 06.10.10 16:05 Page3