www.usfst.com • Q1 2009 Citi Sunken From domination to disintegration, is the financial supermarket dead in the water? Page 26 BAPTISM OF FIRE Credit Suisse CIO Karl Landert on his turbulent first months in the job Page 32 STAY ON TARGET Huntington Bancshares CIO Zahid Afzal keeps his head in a crisis Page 86 THE FIFTY BILLION DOLLAR MAN How Bernie Madoff almost pulled off the biggest Ponzi scheme in history Page 38
Financial Services Technology magazine. Issue 10. January 2009. Click on our interactive edition for a look behind the decline of Citigroup and an exclusive interview with Credit Suisse CIO Karl Landert.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
www.usfst.com • Q1 2009
CitiSunken
From dominationto disintegration,is the financialsupermarket deadin the water?Page 26
BAPTISM OF FIRECredit Suisse CIO Karl Landerton his turbulent first monthsin the job Page 32
STAY ON TARGETHuntington Bancshares CIOZahid Afzal keeps his headin a crisis Page 86
THE FIFTY BILLIONDOLLAR MANHow Bernie Madoff almost pulled offthe biggest Ponzi scheme in historyPage 38
COVER FST 10 viz2:jan09 29/01/2009 10:54 Page 1
IBM_DPS.indd 2 28/1/09 08:39:00
IBM_DPS.indd 3 28/1/09 08:39:04
> CYBERSPACE FAST FACTS
735,200
30900
150,000
1 billion
1 in every 17 emails
2 million
1 in 105US $ 105 billion
2.5 billionNumber of emails filtered by MessageLabs every day
Estimated value of the online shadow economy
Ratio of emails containing malware
Estmated number of compromised computers within the Storm botnet
The ferocity of the forst global botnet, Sobig.F
Number of web requests scanned by MessageLabs each day
Number of targeted Trojans intercepted per day in Feb 2008
Average number of new strains of phishing attacks per day
Percentage of all email which is spam
Average number of email-borne malware interceptions per day in 2007
Average number of new strainsof email malware per day
DPS2.indd 32 28/1/09 08:40:22
>FURTHER INFORMATIONFor more information on MessageLabs, please contact:
MessageLabs, Inc Toll free 1-866-460-0000 or 1-646-519-8100
Number of targeted Trojans intercepted per day in Feb 2008
Percentage of all email which is spam
DPS2.indd 33 28/1/09 08:40:26
CHoicePoint1.indd 1 28/1/09 08:18:11
FROM THE EDITORHe who pays the piperEverybody likes to get value for money. The US government is no exception.5
“The specific merger transaction clearly hasto be seen to have been a mistake. Thestockholders have not benefited, the employ-ees certainly have not benefited and I don’tthink the customers have benefited.”Ex-Citigroup CEO John Reed (page 26)
“We are not a service provider;we are an IT or-ganization of a financial services institution andweneed to understand our business.We needto be respected and accepted by our counter-parts and our colleagues in the business.”Credit Suisse CIO Karl Landert (page 32)
“It’s all about the people skills, processesskills and then most importantly, the busi-ness leadership skills that are a must.”Huntington Bancshares CIO Zahid Afzal (page 86)
Fall behind on your mortgage payments and your bank is liable to foreclose.
So, if you ask the government for $700 billion to stop your business going
under, you shouldn’t be too surprised if it wants a say in how you run it.
In recent years, whisper the word ‘nationalization’ onWall Street and you’d be
liable to give your audience an attack of the vapors. But desperate times call for
desperatemeasures. The simple fact is that the economy is frozen solid, and there
are scant signs of any thaw in the near future.With banks and other financial insti-
tutions reporting staggering losses, something clearly needs tobedone. Before this
year ends, the unthinkable could become a reality.
In certain respects, amajor financial organization is like a shark. Not, as some
might suggest, because it is an implacable predator that cares only about satisfy-
ing its appetites, but rather that if it stops swimming forwards, it will sink to thebot-
tom like a stone. The sheer size of a company like Bank of America or Citigroup,
means that if it isn’t growing its business it is effectively operating at a loss. As long
as the specter of nationalization hangs over themarket, shareholders aren’t going
tobepartingwith anymoremoney. The lessonof thenowgovernment-runNorthern
Rock in the UK is too fresh in their minds.
That doesn’t leave toomany options. Banks could try to attract foreignmoney,
but the idea of investors in the Middle East or Asia owning so much of the US fi-
nancial system is not altogether popular. In any case, the slowdown is inexorably
working its way around the globe, so these potential saviors may not be prepared
to splash the cash.
That leaves the government as the benefactor of last resort for failing banks. It
has already serveduphuge chunks of taxpayermoney, but still the industry falters.
How longuntil PresidentObama’s newadministration decides that the state cando
a better job than the private sector and forces itself into a position of more direct
control? Many analysts contend that it is now amatter of when rather than if.
But the implications of such an event are staggering. Even the US government
doesn’t have the financial clout to nationalize the entire banking system, so thebest
wewould get is a takeover only of those poorly performing banks that are deemed
too big to fail. This would effectively create a two-lane system where nationalized
institutionswouldbe forced to refocus their efforts onproviding fewer, simpler prod-
ucts to a principally US customer base. The banks that escape government inter-
vention would be free to innovate in amarket dramatically shorn of competition.
Ormaybenot.Whatever happenswith regard to nationalization, increased regu-
lation for theentire industry isacertainty. Freshcontrolsontransparency,accountability
and risk are coming and by accepting somuch help from government, the industry’s
power to resist its demands is virtually non-existent. Sooner or later, everyone has to
pay their debts. For the financial industry, that day is fast approaching.
HuwThomas
EDITORS NOTE FSTUS10:nov08 28/1/09 16:13 Page 5
OpenLink.indd 1 28/1/09 08:20:15
86
Interesting timesKarl Landert’s first fewmonths in
the job at Credit Suisse have coin-
cided with an unnaturally turbulent
period for the industry. How canwe
manage IT in an age of uncertainty?
Citi breaksAdecadeafter it changed thefinancial landscape,Citigroup is fallingapart. FST
editorHuwThomas traces thedeclineof abankinggiant
38
26
7CONTENTSFEATURES
Route causesHow do you navigate through the
toughest six months the industry
has faced in decades? For
Huntington Bancshares CIO Zahid
Afzal, it’s all about knowing where
you’re going
32
Over the hedge?Following last December’s
arrest ofBernie Madoff and
the discovery of history’s
largest Ponzi scheme, FST’s
Matt Buttell looks at how
its repercussions are likely
to reshape the industry for
years to come
CONTENTS fst:jan09 28/1/09 16:12 Page 7
64
42 Play your cards rightBuilding solid purchasing cardprograms re-
quires careful planning
46 LockdownThe so-called ‘rock star’of the security industry,
BruceSchneier, exclusively reveals his thoughts
regarding current security issues
52 Phish talesDavid Jevansdiscusses theglobalwar on
58 The road aheadHankFarrarand LaurenHargraves explain how
The Federal Reserve and The Clearing House
are creating value for banks and their corpo-
rate clients
8 CONTENTSSECURITY RISK & COMPLIANCE
60 No time to loseData loss is anoft overlooked issue that needs to
be tackled immediately, saysMichaelOsterman
64 Line of defenseChallengingmarkets are changing the rules of
the riskmanagement game, saysBankof
America’sNick Jayanetti
68 One small step, one giant leapDocurrentmarketsprovideopportunity for small-
erorganizations toshoot for themoon?
72 A broader focusJamesBeesonofGECommercial Finance talks to
FSTabout riskmanagement, technology ad-
vances andhow looking at theGE’s broader set-
up for inspirationhelpsprovide real ROI
76 Dangerous gamesWith its enthusiastic trade in credit default
swaps, thefinancial industry is playing adeadly
versionof pass theparcel, saysSunil
Poshakwale
82 Core transformation – evolution,revolution, or die?You’re either re-architectingor it’s too late, says
AdamBurns
INDUSTRY INSIGHT
50 Chris Fedde, SafeNet62 Ken Knowles, OpenLink94 Steve Stein, EED Inc
ASK THE EXPERT
48 Andy Jimenez, Anixter70 Debra Geister, LexisNexis100 Jack Halprin, Autonomy104 Christopher McLaughlin,Thunderhead
100
EXECUTIVE INTERVIEWS
80 Sanjay Beri, JuniperNetworks
144
Jack Halprin
David Krauss
CONTENTS fst:jan09 29/1/09 10:41 Page 8
Zantaz1.indd 1 28/1/09 08:23:09
10 CONTENTSBUSINESS STRATEGIES
90 On the lookoutE-discovery solutions offer better efficiency
and can help reduce IT costs, say Jeffrey Hill
and Andrew Stamer
96 The law of the landIn a global economy, e-discovery is far from a
purely technical issue. Alison Brecher untan-
gles the legal complexities
102 What’s the color of money?Bank of America’sRobert Kee explains that
going green makes sense for the business as
well as the environment
106 It’s not enough to manage contentDougMiles knows a thing or two about how
the ECM industry is changing
110 The end is nighThe age of the static display is over. James
Bickers andDavid Drain explain that digital is
future for financial institutions
114 Storage issuesMaxim Samo details the challenges of manag-
ing not one, but two major data center projects
during an economic downturn
118 In the hot seatFST sits down with Liberty Mutual CIO Joanna
Young to discuss current issues that are cook-
ing up a storm in both the technology and in-
surance space
122 The bigger pictureIt’s not just pricing optimization, it's business
optimization, says TomSchwartz
124 Take one for the teamJohn Lee talks to exclusively to FST and about
the challenges inherent in IT today and the real
importance of cross-functional teamwork
128 Do the right thing?Keith Darcy tells HuwThomas that the state of
business ethics is inextricably linked to the cur-
rent financial meltdown
124
IN THE BACK134 Away on business 136 Quote/Unquote 138 Face off140 In review 141 Leading by example 142 The onus on bonus144 Final Word: David Krauss, Symantec
Legal InformationThe advertising and articles appearing within this publication reflect the opinions and
attitudes of their respective authors and not necessarily those of the publisher or editors. Weare not to be held accountable for unsolicited manuscripts, transparencies or photographs. All
15-17 April 2009 The Lansdowne Resort,Virginia, USA
The Financial Services Technology Summit is athree-day critical information gathering ofC-level technology executives from the
financial services industry.
A Controlled, Professional & Focused Environment
FST ’09 is an opportunity to debate, benchmark and learnfrom other leaders. FST ’09 is a C-level event reserved for75 participants that includes expert workshops, facilitatedroundtables, peer-to-peer networking, and coordinated
technology meetings.
A Proven FormatThis inspired and professional format has been used byover 100 CIOs and CTOs as a rewarding platform for
discussion and learning.
“This event continues to be one of the most worthy of thetime and expense expenditure for the development of
networks and an overview of what is on the minds of otherfinancial services companies.” Robert Kee, Bank of
America
“The organisation was excellent with easy transition fromprivate meeting to workshops. Quality of participants wasoutstanding.” Thomas Butler, Anglo Romanian Bank
CREDITS FST10:jan09 28/01/2009 15:40 Page 12
LRN.indd 1 28/1/09 08:19:26
14 www.usfst.com
14UPFRONTP16 From the vaultP18 Issue in numbersP20 Top 10P22 The five-minute execP24 Company index
January20 sawBarackObamasworn in as
the first African-American president in US
history.Inhisinauguraladdress,labelledby
someas “a speechushering in anObama
Era,”thenewpresidentmadeacool-headedandob-
jective analysis of the US’s current situation and
stressedhis“neweconomicpolicy.”
Thepresident called for “boldandswift”action
ontheeconomy,“notonlytocreatenewjobs,butalso
tolayanewfoundationforgrowth”.Obamaalsosaid
hewould takeapragmatic stanceon theeconomy.
Theonlyrightthingtodo,hewentontosay,istoexert
thegreatmarketpowerofmakingwealthwhilelearn-
ing lessonsfromthecurrentfinancialcrisis.
“The success of our economyhas always de-
pended not just on the size of our gross domestic
product, buton the reachofourprosperity;onour
ability toextendopportunity toeverywillingheart,”
saidObama.
Since his inauguration analysts have been
commentinghowthespeechsetthetoneforhis fu-
ture policies, however, what determines the suc-
cessor failureofObama’sadministrationwillbehis
performance in office, especially during the first
A NEW ERA
UPFRONT FST US10:12june 28/1/09 16:40 Page 14
15www.usfst.com
months.History indicatesthatanewpresident’spop-
ularity andpower to overcomeopposition is usually
at its peak during his first threemonths in office. As
anAmericanBroadcastingCompany(ABC)Newspoll
showed, up to 80 percent of Americans have ex-
pressedconfidence inObama,while71percentback
thepresident’snewpolicies.
While only time will be the true indicator of
whether President Obama can save America
from this mess, all eyes are currently fixed on
both the White House and, more significantly,
it’s newest occupant.
DATA PROTECTION & PRIVACYEMERGES AS NEW TOP RISK AREA
might prove critical in investigations.
Increased concern about electronic data
risk is the result of the growing amount of elec-
tronic data being generated across organiza-
tions, combined with new, more stringent
regulations and requirements regarding the
management and security of data. Global busi-
nesses have long had to protect their trade se-
crets, customer data and employee records,
but now they must also comply with the
eDiscovery Rule andnewdata privacy laws and
regulations imposed by European govern-
ments. Germany, for example, has instituted
specific new laws on data protection that go
beyond existing EU data protection laws, and
in the US 47 states have ratified separate data
privacy laws protecting individuals from fraud
andmalicious use of their data.
For more information and to learn more about the research anddownload the report, please visithttp://www.lrn.com/RiskManagement/form.php
Increased global competition, economic
downturn and tighter regulation has
broughtgreaterpressureonbusinessand
with it, greater risk. Both companies and
governments worldwide have had to make
adjustments to cope with these changes in
the business climate. Enterprises worldwide
now cite electronic data protection and data
privacy as their top two business ethics and
corporate compliance risks, according to
LRN’s 2008 LRN Ethics and Compliance Risk
Management Practices Report.
Compliance with these electronic data
protection andprivacy laws is nowmore com-
plex and has migrated beyond traditional IT
functions. Companies doing business in the
UShavehadtorespondto theneweDiscovery
rule that went into effect in 2007, requiring
them to account for andmaintain all their in-
ternal electronic records including emails, in-
stantmessagesandelectronicdocuments that
NUMBERCRUNCHING
volunteers providedsupport for the inaugural
activities
18,000
metro train rides taken onJanuary 20th, setting a newrecord for one-day ridership
1,120,000
participants marched inthe Inaugural Parade
13,000
jumbo screens on theNational Mall broadcasted
inaugural events
10
At the endof January,world leaders,
economic advisors and business
executives convened in Davos,
Switzerland to focus on the global
financial crisis at the annualWorld Economic
Forum.
Klaus Schwab, Founder and Chairman
of the Forum, said this financial crisis is un-
precedented in scope. He said it should be
seen as a wake-up call to reform global in-
stitutions, systems and ways of thinking.
This year a record 41 heads of state andgov-
TO STABILITY, AND BEYONDernment attended the Forum, including
Chinese Premier Wen Jiabao, Russian Prime
MinisterVladimir Putin, and thePrimeMinister
of Kenya, Raila Odinga.
Members ofObama's administrationwere
also in attendance, including US National
Security Adviser General James Jones.
In all, more than 2500 participants from
96 countries convened in the small Alpine vil-
lage from January 28 to February 1. Their main
objective: to search for ways to stabilize and
re-launch the global economy.
members of America’spolice departments providedsecurity on Inauguration Day
8000Top Ethics and Compliance Risks
UPFRONT FST US10:12june 28/1/09 16:40 Page 15
16 www.usfst.com
FROM THE VAULTQ2 2008
Chris Perretta, CIO at State Street Banking Corp16Back in issue eight of FST we spoke exclusively to Chris Perretta, CIO at State StreetBanking Corp. At the time, State Street had just posted a record-breaking $2.6 billionprofit for the first quarter of 2008. “We believe that we can deliver things quantitative-ly faster with new technologies and really increase the quality of the delivery for thecustomer,” he told us. “We are really making a lot of effort in developing our personnelhere and building bridges around the world to have a single dialogue about technologyand architecture across the industry. It’s key to our efforts going forward.”
To read the article in full, access an entire archive of past issues, and subscribe to the magazine, please
visitwww.usfst.com
FSTUS: issue eight
IS THEBAILOUTONTRACK?
As part of the $700 billion
TroubledAsset Relief Program,
literally hundreds of banks –
alongwithahandfulof insurers
and automakers –have applied for funds
from theTreasuryDepartment. Here, we
review which banks got what out of the
first$350billion
The amounts shown are in millions
and are from the first $350 billion of the
available funds. Alsoshown is thebanks’
Texas Ratio – a measure of the bank’s
credittroubles,theTexasRatioisa
ratioofeachbank'snonperform-
ingloanstocashonhand.
1
43
65
87
109
2Citgroup
Bank of America
JPMorgan Chase
Wells Fargo
Goldman Sachs Group
Morgan Stanley
PNC FinancialServices Group
US Bancorp
SunTrust Banks
Capital One Financial
$50,000m
$25,000m
$25,000m
$25,000m
$10,000m
$10,000m
$7579m
$6599m
$4850m
$3555m
15.4*
15.4*
8.3*
14.0*
N/A*
N/A*
15.1*
9.9*
32.3*
5.1*
*Texas RatioSource: New York Times
UPFRONT FST US10:12june 28/1/09 16:41 Page 16
17www.usfst.com
CRISIS OFCONFIDENCE
Only 21 percent of Chief
Executives are currently showing
confidence that their business
will grow–down from50percent
a year ago – as business confidence of top
bosses around theworld hasplummeted in
recent months. The poll, commissioned by
PricewaterhouseCoopers (PwC), also
shows that company chiefs believe any re-
covery there iswill be slowand takeat least
three years.
SamuelDiPiazza,GlobalChiefExecutive
of PwC, said in a statement that the “speed
and intensityof the recessionhas rocked the
psyches of CEOs and created a global crisis
of confidence”.
Meanwhile business leaders in Brazil,
Russia, India and Chinawhohadbeen pret-
ty bullish about their economics prospects
at the start of 2008, they are now nearly as
concernedas their colleagues inEuropeand
NorthAmerica.The report’s authors call this
the ‘downside of globalization’, where a cri-
sis that began in the United States has now
infected all theworld’smajor economies.
Real signs of recoverywill take at least
That’s down from
in 2008
Only
of executives haveconfidence in business
growth for 2009
21%
3 years
50%
anybodyelsebut the FDIC.That’swhat the FDIC
does, it takesbadassetsoutofbanksandman-
agesandsells them.”
Thebadbank initiativemayalso allow the
government to rewrite someof themortgages
that underpin banks’ bad
debt, in the hopes of stem-
ming a crisis that has stripped
more than 1.3 million
Americans of their homes.
Some lenders may be taken
over by regulators as the gov-
ernment seeks to provide a
shield to taxpayers.
Still, nationalization of a
portion of the banking industry is unlikely,
with Barney Frank, House Financial Services
Chairman, recently commenting that the
government should not take over all the
banks, and Bair herself having previously
stated that she would be ‘very surprised’ if
that happened.
Meanwhile, Obama is under in-
creasing pressure to drastically
revamp the $700 billion
Troubled Asset Relief Program
for the ailing industry. While
setting up a bank to buy un-
derwater assets is emerging as
a favored option, it could drive
up the cost of the rescue to in ex-
cess of $1 trillion.
THE GOOD, THE BAD AND THE FDIC
Federal Deposit Insurance Corp
(FDIC) Chairman, Sheila Bair, is
pushing to run the so-called ‘bad
bank’ that the Obama administra-
tion is likely to set up. The bad bank would
buy the toxic assets clog-
ging banks’ balance sheets
and Bair is arguing that her
agency has the expertise
and could help finance the
effort by issuing bonds
guaranteed by the FDIC.
President Obama’s
teammayannouncetheout-
lines of its financial-rescue
planasearlyasFebruary,anadministrationof-
ficial has said. JohnDouglas, a former general
counsel at the agencywhonow is a partner at
Paul,Hastings, Janofsky&Walker,a lawfirmin
Atlantasaid,“Itdoesn’tmakesensetogivethe
authority to
WRITE DOWNS A recent Bloomberg report highlighted somethought-provoking statistics regarding the shrinkingmarket value of some of the world’s biggest banks
$228
$33
$255
$15
$156
$68
$215
$82
HSBC JPMorgan Citigroup Bank of AmericaSource: Bloomberg
Market Value as of January 20th 2009in billionsMarket Value as of Q2 2007 in billions
To learn more about the ROI you can get by modernizingyour legacy scheduling solution, read Tidal Software’s ROI
Case Studies at http://www.tidalsoftware.com/r/roi
In what looks like a worrying start to 2009, January has already
seen two US banks fail. Regulators shut down two small US
banks earlier in themonth, marking a disappointing start to the
year. Bank of Clark County, Vancouver, Washington, with ap-
proximately $446.5million in assets and approximately $366.5mil-
lion in deposits was closed, with Oregon-based Umpqua Bank
agreeing to assume its non-brokered insured deposits.
Meanwhile, National Bank of Commerce in Illinois, with ap-
proximately $430.9 million in total assets and $402.1 million in
total deposits, was closed. In addition to assuming all of the failed
bank’s deposits, Republic Bank of Chicago, also based in Illinois,
agreed to pay a discount of $44.9 million, and will purchase ap-
proximately $366.6 million of assets. The FDIC will retain the re-
maining assets for later disposition.
YET MORE CASUALTIES
ROI STUDIES SHOW BENEFITSOF MODERNIZING SCHEDULING
UPFRONT FST US10:12june 28/1/09 16:41 Page 18
Tidal.indd 1 28/1/09 08:22:24
20 www.usfst.com
TOP 10
1
43
65
87
9
2Argentine Economic Crisis (1999-2002)In 1999,Argentina entered a three-year recession. Investors ran on banks for dollars,which theythen sent abroad for safety. In response, the government froze bank accounts. Citizens protest-ed and destroyed property and fatalities ensued. In 2001, the government collapsed.
Russian Financial Crisis (1998)In August 1998, Russia’s markets collapsed. Investors, fearing a devaluation of the ruble and adebt default, panicked, leaving the market with a 65 percent drop in one day. As a result, sever-al major banks closed, and inflation increased.
1997 Asian Financial Crisis (1997-1999)Policies leading to large amounts of credit pushed up asset prices, which then collapsed, lead-ing to massive debt defaults. International investors panicked and withdrew credit. To keep theregion attractive to foreign investors, ASEAN governments jacked up interest rates and boughtup excess domestic money using foreign reserves.
The Dotcom Bubble (1995-2000)When early dotcoms’ stock values shot skyward, venture capitalists jumped aboard en masseto finance internet startups. Dotcoms burned through their money, positive it would come back.But in 2000, the NASDAQ began to trend downward.
The Japanese Asset Price Bubble (1986-1990)Rather than a dramatic crash, Japanese real estate and stock values decreased slowly, leadingto Japan’s ‘lost decade’. People started investing outside of the country and companies lost someof their international competitive advantage.
US Wall Street Crash (1929)In the late 1920s, hundreds of investors contributed to a speculative bubble in the stockmarket.Manywent into debt to purchase stock, resulting inmore than $8.5 billion in debt throughout thenation – more money than was in circulation at the time.
Tulip Mania (1637)In order to secure new varieties of tulips, a market developed in the Netherlands around theirtrade where futures contracts were signed. Professional growers were willing to pay more andmore for flowers and some tulips were more valuable than peoples’ annual wages.
The UK’s Northern Rock Bailout (2007)When global liquidity dried up, Northern Rock couldn’t cover its money market borrowings. Itasked the Bank of England for money in 2007, at which point theTripartiteAuthority gave it emer-gency financial support.
United States Savings and Loan Crisis (1980s-90s)Old, incompetent policieswere behind themess as the government chose S&L’s, traditionally fund-ed by short-termdeposits, to finance long-term,fixed-ratemortgages resulting in amassive crash.
Swedish Financial Crisis (1990-1994)In 1985, Sweden deregulated its credit market, leading to a commercial property speculationbubble. But the bubble burst, leaving 90 percent of the banking sector with massive losses, in-cluding all of Sweden’s largest banks.
20
10
With global economies now experiencing recessionary conditions wedecided to take a look at some of history’s other dramatic financialcrises
UPFRONT FST US10:12june 28/1/09 16:42 Page 20
21www.usfst.com
MERGER AHEAD
State Street has been back in the news
again this month with reports that the
firm’sshareprice fell back60percenton
thenewsthatitsunrealizedlossesonas-
setshad increased to$9.1bnasatDecember30th
2008.SpeculationisnowmountingthatStateStreet
mayneedfurtheraccesstotheTroubledAssetRelief
Program,andrumorsaboundthat the timemaybe
right for Goldman Sachs tomake amove and ac-
quirethefirm.
In addition to this, Reuters has reported that
French traders are now touting the rumor that
SociétéGénérale andCredit Agricolemaywell de-
cide tomerge their assetmanagement units, say-
ing that a deal could lead to some important
synergies.‘Thebankingsectorissoweakenedright
now that anything that canmakeabank stronger
hasacompellinglogicbehindit’,thereportclaimed.
Meanwhile, Bloomberg reports that Bank of
AmericaCEOKenLewis andfive fellowfirmdirec-
torshavebeenbuyingthebank’sstockand,overat
JPMorganChase, CEO JamieDimonhasalsobeen
investing inhisfirm.
Finally,theWallStreetJournalreportsthatFitch
RatingshasputCreditSuisseonwatchforadown-
grade,asthefirmmayfacefurtherpressuresdueto
itsexposuretoinvestmentbankingwhilefundman-
agerBlackRockhaspostedan84percent fall in its
fourth-quarterearnings.
States Street’sshare price fell back
After unrealized losses onassets increased to
60%
Meanwhile, BlackRockhas posted an
fall in its fourth-quarterearnings
84%
$9.1bn
A CHANGE OF DIRECTION
On January 28th Federal Reserve
officials replaced interest rates
with emergency credit programs
as their main tool for steering
the economy, meaning investors are now
likely to have a tough time assessing cur-
rent policies. What’s more, reports sug-
gest that without rates as their main policy
gauge, the Federal Open Market
Committee will also find it more difficult to
anticipate the impact of their statements
on financial markets during the worst
credit crisis in 70 years.
Nonetheless, the new focus on
changes of the central bank’s assets makes
it harder for policy makers to revive confi-
dence in bond and stock markets. Such
WRITE DOWNS More from Bloomberg’s report highlighting theshrinking market value of some of the world’sbiggest banks
Market Value as of January 20th 2009in billionsMarket Value as of Q2 2007 in billions
confidence is needed after financial
shares tumbled 29 percent and unem-
ployment hit a 16-year high since the Fed
cut the main rate to a record low 0.25 per-
cent back in December.
The central bank may once again
break with usual practice as it pushes
ahead with the aggressive efforts to rein-
vigorate credit markets, as the Fed at-
tempts to summarize progress on several
different credit-easing programs.
However, all this means analysts can’t
base their predictions for Fed decisions on
a simple interest rate benchmark for the
first time since the FOMC began releasing
policy statements in 1994 and criticism of
the shift is gaining momentum.
UPFRONT FST US10:12june 28/1/09 16:42 Page 21
22 www.usfst.com
One of the things that we care most about at
Barclaycard is how to make customers lives
easier.Wethinkthatcontactlesstechnologyhas
great potential in that regard. All of us as con-
sumers are busy in our daily lives andanything
that can make that transaction at the point of
sale a little bit easier is going tobeappreciated
by customers,whether it’s buyinganewspaper
or a coffee or whatever.Wewill have over one
millioncontactlesscardsinmarket intheUKthis
yearandtensofthousandsofplaceswherecus-
tomerscanusethattechnology,sowefeelthere
is very significant potential both in theUK and
otherpartsofEurope for this technology.
If you lookat theheritageofBarclaycard from
its establishment in the 60s it’s always been
an innovativeandmarket leadingbrand. It’s in
our DNA andwe think this is the next wave of
consumer benefits we should be leadingwith
given the strength of our brand. Like all of the
productsweofferwe think that this provides a
high level of security for consumers and we
think theconvenienceandsecuritywill provide
ahugebenefit.
The main challenge you always get with this
sort of project is the issue of consumer adop-
tion.Likeallofus,consumersareinherentlycon-
servative and you need to be able to
communicatethebenefitsoftheprojecttothem.
Once consumers experience the benefits for
themselves then adoption quickly follows be-
cause they are able to see what it can do for
them.
Our business is a cyclical business.We know
that and respond to it and work very hard to
makesure thatwehelpourcustomers through
what are challenging times for them.We have
agoodsetofEuropeanbusinesses. InGermany
we are number two in themarket and number
one in the revolving credit market in
Scandinavia.We’re also the third largest credit
card issuer in Sweden, the second largest in
Norway, the sixth inDenmark.Wehave business-
es in France, Portugal, Italy andSpain andwebe-
lieve we will continue to grow those businesses
over time.Obviously that growthwillmoderate in
thecurrenteconomicclimatebutaseconomiesre-
cover across Europe, the growthwill resume.
We’re very happy with our business in the US.
We’ve becomeone of the 10 largest credit card is-
suers in the United States and we also have very
strongbusiness inSouthAfrica, inDubai and India
and, of course, the international growth and our
ability totransferskillsandexpertsacrossthose
markets isakey factor inoursuccess.
As any CEO you have to think about the long
termaswellastheshortterm. Inmanyways we
have to thinkabout everythingwehave todo in
the next 60 to 72 months as well as today. At
Barclaycardwealwaysthinkaboutourbusiness
inabalancedway.Wethinkaboutourcustomers
andwhatwehave to deliver for them.We think
aboutour colleaguesandour communities and
our responsibilities in termsof howweact as a
responsible lenderandapaymentprovider.
THE FIVE-MINUTE EXEC
22The innovative thinkerBarclaycard was the first company to launch credit cards in the UK but todaythe firm is investing millions in contactless technology that could lead to thedemise of plastic payments. CEO Antony Jenkins explains more
UPFRONT FST US10:12june 28/1/09 16:43 Page 22
23www.usfst.com
THEBIGGESTLOSER
It’s a sad fact, but rogue trading
makes headlines. The idea of a single
person losing millions or billions of
cash is always interesting, but even
more so when that person is losing other
people’s money. When a trader feels that
he or she has a special gift for sniffing out
money-making positions, it can be a dan-
gerous situation. Unfortunately, luck is a
fickle friend. When these formerly ‘magi-
cal’ traders start losing, they often look
for ways to magnify their bets and win
back their losses. Aside from the financial
damages that rogue traders inflict upon
the market, they do serve one very im-
portant function: they remind us that
seeking exceptional returnsmeans taking
on equally exceptional risk.
Because of this, take a look at five
tradersandfundmanagersthathavebecome
very famous for their verypublic losses.
1
4
3
5
2
Source: www.investopedia.com
HUNTBROTHERSLost UndisclosedAmountHaving attempted to corner the silvermarket by purchasing approximately100 million ounces of silver bullionthroughout the 1970s, brothersNelson and William witnessed silverprices crash onMarch 27 1980, a daynow deemed as Silver Thursday.Nelson was fined $10 million for at-tempting to control silver prices.
PETERYOUNGLost$580MillionIn 1996,Youngsecretly created sever-al companies in order to exercisestock warrants for his own benefit.Two years later, he was charged withconspiracy to defraud, but was foundmentally ill and unfit to stand trial. Atonecourt appearancehewasdressedasawomanandansweredonly to thename ‘Elizabeth’.
JULIANROBERTSONLost$16.3BillionRobertson started the hedge fund firmTigerManagement in1980andturneda$7.6million investment into $6.8 billion.However, he failed to participate in thetech-stockcraze,whichhedeemedirra-tional. As a result, Tiger Managementsufferedmassive losses,with all fundsclosing at a value of $5.7 billion (previ-ouslyworth$22billion in1998).
JEROMEKÉRVIÉLLost$6.6BillionThe SocGen rogue trader Kérviél’slossesoccurred fromanunauthorizedspeculation inEuropean futures.Sincehewas initially employedwithSociétéGénéralebeforebecominga trader,hewas, for a time,able tomanipulate thesystemand hide his losses.
JOHNMERIWETHERLost$5.5BillionIn1994,Meriwether founded theLong-Term Capital Management (LTCM)hedgefund,whichmanagedmorethan$96 billion in assets. In 1998, LTCMmadeabet that thetroubledRussianfi-nancial markets would revert back tonormal,andtooka large,unhedgedpo-sitioning Russian debt. The fund ulti-matelycollapsedandLTCMwasforcedinto liquidation in early 2000.
NOMOREAID
San Francisco-basedWells Fargo –
the second-largest US home
lender–hasreported itsfirstquar-
terly losssince2001becauseofun-
paid loans inherited with the acquisition of
WachoviaCorp.
According to the statement, Wachovia
recordeda loss of $11.2 billion. It added that
Wells Fargo doesn’t plan to seek additional
governmentfunds.Previously,WellsFargohad
received$25billionaspartoftheTreasury’sin-
dustry bailout and raised $12.6 billion in a
stockofferingthefollowingmonth.
After sidesteppingmuchof theworst of
the crunch for most of 2008, Wells Fargo is
nowbeinghithardwitha42percentcollapse
in Californian housing prices compared to a
year ago. The bank is also grappling with
debtsacquired in its$12.7billionpurchaseof
Wachovia.
This new statementmakesWells Fargo
thelastof thefourbiggestUSbankstoreport
fourth-quarter results. Of its three top com-
petitors, only JPMorgan Chase reported a
profit, with earnings declining 76 percent.
Citigroupposted an$8.29 billion loss,while
BankofAmerica lost$1.79billion,not includ-
inga$15.3billiondeficitatMerrillLynch&Co.
Wachovia recordeda loss of
Wells Fargo is nowbeing hit hard with a
collapse in house prices
$11.2bn
JPMorgan Chase report-ed a profit, with earnings
declining
76%
42%
UPFRONT FST US10:12june 28/1/09 16:43 Page 23
COMPANY INDEXQ1 2009
24 Companies in this issue are indexed to the first page of thearticle in which each is mentioned
Aberdeen GroupADFLOW NetworksAdobeAdoreAIGAIIMAmazon.comAmerican Broadcasting CompanyAmeriCreditAnixterApplied DiscoveryAPWGATB FinancialAutonomyAviva CanadaBanco Bilbao Vizcaya ArgentariaBanco SantanderBank of AmericaBank of Clark CountyBanque SafdieBarclaycardBarclaysBear StearnsBernard L Madoff Investment SecuritiesBest BuyBlackRockBloombergBNP ParibasCACapital One FinancialCaptive Indoor MediaCasitaCBC InnovisCCSCelentCGI TechnologiesChevronCitadel Investment GroupCitigroup
9011099134136106
42, 11014122
11, 489352
68, 829, 1001243838
14, 64, 102143814142
26, 136384214143882141101345426821174238
14, 26
ConocoPhillipsCPRCredit AgricoleCredit SuisseCyberArkDecisionPoint MediaDeutsche BankDigital Signage AssociationDisneyDolce & GabbanaDunhillEarly Warning ServicesEastman KodakeBayeBureauLLCEED IncEquifaxEuropean Central Bank 36ExperianFacebookFair IsaacFASTFederal Reserve Bank of New YorkFedexFerguson Wellman Capital ManagementFinancial InsightsFinancial Services CommitteeFinancial TimesFirst AmericanFitch RatingsFortisFour SeasonsFRCPGE Commercial FinanceGoldman Sachs GroupGrupo SantanderHBOSHigashiyama GantanHSBC
Huntington BancsharesIBMID AnalyticsID InsightsIDCInfosys Technologies LimitedInternational PaperJimmy ChooJPMorgan ChaseJuniper NetworksKeio PlazaKeywest TechnologyLehman BrothersLexisNexisLiberty MutualLloyds TSBLong-Term Capital ManagementLRNMarsh & McLennanMastercardMerrill LynchMessageLabsMetatomixMonsantoMorgan StanleyNanonationNational Bank of CommerceNCRNew York TimesNomura HoldingsNew York UniversityNordstromNorthern RockOpenLinkOsterman ResearchPayPalPilot Fish TechnologyPivotalPNC Financial Services Group
86IFC5454828242134
14, 26, 4231, 8013411026
4, 7011814214
13, 159663
14, 1362
10942
14, 14211014132
14, 38142612814
6, 62, OBC60
42, 4612712114
Porsche DesignPRBCRepublic Bank of ChicagoRetail Customer Experience MagazineReutersRoyal Bank of ScotlandSafeNetScreenRedSearsSECServiceMasterSigneraSociété GénéraleSouthwest AirlinesStarbucksState StreetSunTrust BanksSymantecTargetTCS Financial SolutionsThe Clearing HouseThe Full PictureThunderheadTidal SoftwareTiger ManagementTowerGroupTransUnionTraveler's GroupUBSUmpqua BankUniversity of TokyoUS BancorpWall Street JournalWal-MartWells FargoWindows FSWolters Kluwer Financial ServicesXenosYves Saint Laurent
noted that this set of resultswas regrettable. The
companywasforcedtoabsorbcostsincurredbythe
Lehmandealatatimewhentheglobalfinancialcri-
sis triggeredbig losseson its investments.
These latest resultshighlight thefact that the
balance of income and costs at Nomura is not
goodand that the companyneeds to cut costs.
You can read more on the Madoff incident in our feature on page 38 of this issue.
UPFRONT FST US10:12june 28/1/09 16:44 Page 25
Where did it all go wrong for Citigroup? When it was
formed by the merger of Citibank and Traveler’s
Group in 1998, it was envisaged as the epitome of
the modern financial services firm. A one-stop shop
that rolled up credit cards, insurance, retail and in-
vestment banking and wealth management under
one roof. No-one had ever seen something this big before, a financial ser-
vices supermarket where you could take out a loan to buy a new car, or a
new company. Speaking in 1998, Roy Smith, a professor of finance at New
York University, described Citigroup’s genesis as a fundamental game
changer. “This new company will look more like Procter & Gamble than
it will look like a bank,” he said. “That's because what is being created
here is a retail-products-distribution company for people interested in
financial services.”
At first this bold move seemed to be paying off. Citi became the most
successful financial institution in America, reporting a profit of $24.6 bil-
lion in 2005. In that year, the company took second place in the Fortune
500 list, only beaten to the top by oil giant ExxonMobil.
Fast forward to 2009. At the end of January, CEO Vikram Pandit an-
nounced losses of $18.7 billion for the previous year and that Citi would
‘realign’ itself into two separate sections, Citicorp and Citi Holdings. Though
this is officially not yet a full-scale split, the feeling is that this is a precur-
sor to exactly that. The fact that many of Citi’s worst performing business-
es, as well as $300 billion in toxic debt, have been assigned to Citi Holdings
could well be significant, particularly in light of Pandit’s stated intention to
only keep the parts of the organization that ‘work’.
In any case, Citigroup’s fall from grace has been spectacular, and there
is every possibility that it could yet plummet further. Was the company
purely a victim of the credit crunch or one of its major architects? And ex-
actly what were the factors that led to its decline?
“What we are doing is creating a com-pany headquartered in the US thatwill be able to compete very effec-tively all over the world.” SandyWeill, April 1998.
Citi breaks
26 www.usfst.com
A decade after it changed the financial landscape, Citigroup is falling apart.FST editor Huw Thomas traces the decline of a banking giant
COVER STORY
CITI:jan09 28/01/2009 15:49 Page 26
“The specific merger transactionclearly has to be seen to have been amistake. The stockholders have notbenefited, the employees certainlyhave not benefited and I don’t thinkthe customers have benefited becauseour franchises are weaker than theyhave been.” John Reed, April 2008.
Upon its creation, Citigroup’s model of the all-encompassing financial
supermarket was a new paradigm. In bringing together Citibank and
Traveler’s Group co-CEOs Sandy Weill and John Reed redefined what a fi-
nancial organization could be. Citigroup’s birth was a key factor in the re-
peal of the last remnants of the Glass Steagall Act, which restricted the
types of services a single financial institution could offer. This in turn ef-
fectively paved the way for deregulation and the tangled financial environ-
ment we live in today. The Act was introduced in the wake of the Great
Depression in order to prevent any repeat of the large-scale bank failures
of 1929, a fact that will not be lost on connoisseurs of cruel irony.
But at the end of the 20th century, the birth of this gigantic organiza-
tion promised much. Economies of scale would enable huge cost reduc-
tions, while the sheer range of customers touched would provide virtually
limitless options for cross selling. Citi’s share price and
reported results certainly seemed to vindicate the wis-
dom of the model, at least at first. Nonetheless, even a
decade ago, there were certain dissenting voices. “When
you create these oversize companies, they become vul-
nerable by definition," said Porter Bibb, a senior invest-
ment banker at Ladenburg Thalmann back in 1998. For all its benefits, the
size of Citigroup does present certain disadvantages. Maintaining any sort
of agility in such a monumental entity is a major challenge. The ability to
quickly react to changing market requirements could leave Citi trailing be-
hind smaller, more nimble competitors. A good analogy would be that of a
supertanker and a frigate. Sure, the tanker can carry more cargo, but good
luck to you if you need to make a quick turn.
Weill, the architect of the Citi/Traveler’s merger, dismissed such con-
cerns. His theory was that people simply didn’t want to shop around for fi-
nancial products. If they could get a mortgage, credit card, loan and current
account in the same place, then that is exactly what they would do. Such
an attitude now seems dangerously misguided. The way in which the in-
ternet has reshaped not only the financial services industry but business
in general has irrevocably changed things. Quite simply, choice matters.
As the web has gained in sophistication and popularity, it has become in-
creasingly easy for customers to shop around and find the exact products
they are looking for.
27www.usfst.com
CITI:jan09 28/01/2009 15:49 Page 27
John Reed’s departure, I doubt there remained a senior manager who really
understood the firm. So long as the tide was rising, it kept lifting Citi's boat,
but at some point in time, the tide starts going out.” Considering Citigroup’s
ceaseless appetite for expansion through mergers and acquisition, this sce-
nario certainly has the ring of truth. “Citi was a huge beast, devouring very
many businesses in a very short time,” agrees Bob MacDowall, another
Research Director at TowerGroup. “While the legal and regulatory issues were
addressed, culturally I don’t believe they were ever fully integrated.”
The risk for merging institutions that fail to take differing cultures into
consideration is that they simply end up running different brands. Quite sim-
ply, time and effort has to be made stitch disparate elements together, oth-
erwise you wind up with a single entity in name only. “When HSBC bought
CCS in France, they allowed it to run independently for seven years, because
they felt that that was the length of time required for the cultures to merge,”
In fact, technology can be seen as both one Citi’s biggest achievements
and one of its greatest failures. While it undeniably has some of the most
advanced and best-funded IT in the industry, this hasn’t always been to its
advantage. “They spared no expense,” says Ralph Silva, a Research
Director at TowerGroup. “But as a result of all this expense, the only way
they thought they could make their money back was to implement this
technology everywhere. Nobody had a choice.” While it might have been
superior technology, it didn’t necessarily serve the specific need of every
customer everywhere. When you try to make everybody happy, you often
wind up making nobody happy.
Compared to some of its contemporaries, Citi’s ability to respond to
changing market requirements often seemed lacking. “Look at some of
their competitors,” says Silva. “Often they use the same middleware soft-
ware but each implementation has the ability to add in something unique
to their region. Citi never had that.” While it had a far better efficiency ratio
in its IT, it also had far worse customer satisfaction because it lacked the
ability to make changes. These problems are only compounded by current
events. Due to its sprawling technology infrastructure, making even small
changes can be a slow process, often leaving it lagging behind its peers.
“When the economic conditions are like they are, you need to have the abil-
ity change quickly. I don’t think Citi have that now,” confirms Silva.
But Citi’s structural problems aren’t purely a question of technology.
Culturally too, it has often seemed disjointed. According to one former Citi
employee now working at Deutsche Bank, Traveler’s and Citi didn’t really
come together following their merger. “That the two firms were never truly
integrated, and that the resulting entity become too large and cumbersome
for senior managers to really understand the ground realities and operating
environments, is a view that is shared by many Citibankers,” he says. “After
At the heart of Citi’s troubles has been the company’s heavy
involvement in collateralized debt obligations (CDO), a form of
asset-backed security. CDOs bundle up different types of debt,
with varying degrees of risk and gained a great deal of popularity during
the boom time of the early noughties. Despite warnings from certain
quarters, notably legendary investor Warren Buffett, that such
derivatives were greatly increasing risk the market continued to surge.
In 2007 Citigroup was the world’s biggest issuer of CDOs. It accounted
for 11.1 percent of the global market in the instruments, with
investments totaling $49.3 billion. Unfortunately for everybody, subprime
lending was a major component of many CDOs. When the bottom fell
out of that market, something had to give. By mid 2008 the value of
CDOs issued by Citi had dropped to just $5 billion.
INSTRUMENTS OF DESTRUCTION
4 Nov 2007 – CEO Charles Prince resigns asCiti announces $8-$11 billion in writedowns
15 Jan 2008 –Reveals $18.1 billion inwritedowns
A CITI IN DECLINE: KEY DATES
18 Nov 2008 –Announces a further52,000 job cuts,following 23,000earlier in the year
CITI:jan09 28/01/2009 15:50 Page 28
says Ralph Silva. “Citi’s mentality was ‘I’ll buy you on Friday and you’re Citi
on Monday.’ They didn’t give a lot of opportunity for that change.”
“We see a lot of people on the Streetwho are scared. We are not scared.Our team has been through this be-fore.” Charles Prince, Aug 2007
“It is my judgment that given the sizeof the recent losses in our mortgage-backed securities business, the onlyhonorable course for me to take asChief Executive Officer is to stepdown.” Charles Prince, November 2007
Any institution of Citigroup’s size requires an extremely firm hand on
the tiller particularly in trying times. When the bullish Sandy Weill anoint-
ed his protégé Charles Prince as his successor, it was generally seen as a
fairly uncontroversial move. The company was riding a wave of huge profits
and strong share prices and Prince had been a loyal servant. It was only his
lack of a heavyweight financial background that gave any pause. Besides,
Prince would be backed up by plenty of people who did know the money
game inside out, not least Director Robert Rubin, who boasted credentials
as a former Treasury Secretary under president Clinton.
But as the economic winds shifted, Prince’s suitability for the job be-
came less certain. Reports from insiders suggest that he was unaware
of the full extent of Citi’s exposure to the subprime market, only learning
that the bank owned $43 billion in such assets as late as September
2007. No one was necessarily expecting him to be checking up on every
calculation made by his subordinates, but such an oversight made his
ousting from CEOs office a question of ‘when’ rather than ‘if’. “Prince un-
derstood the business but I don’t think he was the right man for the job,”
says Silva. “He’s the perfect strategic thinker, in a good economic situa-
tion he was great. But in this situation what Citi needs is a three star gen-
eral with battlefield experience.” What they got was Vikram Pandit,
undoubtedly a competent and experienced candidate, but perhaps not
one to rally the troops in such a dire climate. Since his appointment, he
has continually been called upon to justify himself, both to shareholders
and the industry at large.
“It would be a shame to see Pandit go because I think the bank would
do very well with him but in a different economic situation,” says Silva. “I
think they should put him one step down, just for a while and get a Norman
Schwarzkopf-type figure who has nothing to lose on a short year contact
and just get it done. Right now they seem to be changing their minds as
often as I change my shoes.”
New chairman Richard Parsons, who succeeds Sir Win Bischoff, cer-
tainly has experience of turning failing companies around, as demonstrat-
ed by his recent work at Time Warner. However, his lack of experience in
the financial space does raise some concerns. It is here that Pandit has the
opportunity to prove his worth. “Parsons background might supply lead-
ership skills but I don’t think is going to lead the strategic initiatives,” says
Bob MacDowall. “I see him almost as mollifying figure. He has had a glit-
tering career, but not in banking, so will have to work closely with the chief
executive on strategy.”
20 Nov 2008 –Share pricesslump 26.4percent, closingat just $4.71
16 Jan 2009 – Announcement thatCitigroup will split into Citicorp andCiti Holdings after losses of $18.7billion the previous year
2 Jan 2009– Citi’s topexecutivesdeclare thatthey willforgo their2008 bonus
CITI:jan09 28/01/2009 15:50 Page 29
make enough money to cover their ongoing expenses.” Right now, the only
source of cash to help them meet their obligations is the state. And as long
as the specter of nationalization hangs in the air, shareholders aren’t going
to part with any more funds. After all, if the government steps in, investors
get zero.
The US has always been extremely hostile to government involvement
in private enterprise, but it has now reached the point where that hostility
will have to be tempered. Citi alone have already accepted $45 billion in gov-
ernment bailouts. It would be astonishingly naïve to think that a new
Democratic administration isn’t going to want something back in return. “At
the end of the day, it’s the taxpayers money,” says MacDowall. “Taxpayers
have rights too and the government will want to see a return on its funds.
These monies are not grants. I suspect it will be a three or five year extrica-
tion. This is not something that’s going to turn around in a year or so.”
So what does a nationalized Citi look like? “If Citi is taken over, I think
its international operations get sold, they get rid of all their fancy products,
you will never get a discount on any Citi product and it will only be a US
bank,” says Silva. From a corporate point of view that’s not great news. But
for a customer who just wants to know their money is safe, it could be the
best possible outcome.
What is certain is that fresh regulation is on the way. Financial institu-
tions are going to face fresh demands for transparency and much tighter con-
trols on the way risk is managed and how they handle the funds entrusted
to them. Citigroup, the institution that put the final nail in the original’s cof-
fin, could well be a key player in the birth of a new Glass Steagall Act. n
“We will continue to move aggressive-ly to get Citi back on the righttrack and return it to a position ofsustainable financial success.” VikramPandit, Jan 2009
“There must be a clear understandingthat government support for any com-pany is an extraordinary action thatmust come with significant restric-tions on the firms that receive sup-port.” Barack Obama, Jan 2009
So what will the future of Citi and the financial industry in general look
like? “I believe that within the next three months we will have significant
ownership by the US government,” states Silva. Looking at the realities of
the situation, such an outcome doesn’t seem as unlikely as it did a few
years ago. Citi is still carrying a lot of toxic debt and it basically has no new
business. If an organization of Citi’s size isn’t growing, it is essentially run-
ning at a loss. “The economic situation has stagnated so much that they’re
not growing their business, so from a revenue perspective they can barely
30 www.usfst.com
CASUALTIES OF THE CRISIS
Bear StearnsWhen Bear was forced into a sale to
JPMorgan Chase in March 2008 for a paltry
$2 per share, it was a clear sign that the
downturn was for real. Essentially a victim
of a lack of confidence rather than a lack of capital, Bear Stearns stock
had been worth $175 only a year before its collapse.
IndyMacWhen this Californian
thrift with assets of
$32 billion and
deposits of $19 billion was taken over by the government in July 2008,
it was the largest failure of an FDIC-insured institution since 1984. After
losing $184.2 million in the first quarter and dropping 95 percent of its
stock price over two years. The final straw came in the bank’s exposure
to the Alt-A mortgage sector.
Lehman BrothersUnfortunately for those at the 158-year old investment bank, it was not
deemed too big to fail, filing for bankruptcy in September 2008. As one
of Wall Street’s biggest fixed-interest traders, it was heavily involved in
the subprime market. As the risks of mortgage-backed securities
became clearer, Lehman’s share price dived by 95 percent and efforts
to find outside investors foundered.VikramPandit
SanfordWeill
CITI:jan09 28/01/2009 15:50 Page 30
Juniper.indd 1 28/1/09 08:19:12
“We are not a serviceprovider; we are anIT organization of afinancial servicesinstitution and weneed to understandour business. Wewalk the talk andwhat we say is whatwe deliver”
KARL LANDERT:jan09 28/01/2009 15:44 Page 32
Asked to define his role as head of Credit Suisse’s IT func-
tion, Landert likens it to being mayor who has to man-
age the different aspects of day-to-day life in a busy city.
“There are dozens of buildings and an infrastructure
which is sometimes old,” he says. “You need to replace
it to cope with growth and the influx of people coming
in from rural areas. Your
role is not purely a technology role anymore.”
If Landert is a mayor, then the city he became
responsible for little over half a year ago is one
located in the middle of a war zone, facing un-
predictable attacks from all sides. Good news
is in short supply in the financial services in-
dustry, with the ongoing credit crisis leading
the Swiss giant to report a third quarter loss of
more than €800 million. Given the situation, a
siege mentality would be understandable.
But if Landert is fazed by this baptism of
fire, he does a good job of hiding it. “It’s been
a challenge because a lot of things have
changed in the first few months,” he confirms.
“But it’s also been highly rewarding. If you
don’t enjoy working with your own people,
your IT organization, but also with your peers
on the business side, don’t do this job. It’s a
people job and with all the challenges that we
are facing and all the bad news, the one most
rewarding thing you have is working with a
good team, having a good spirit, and making
some of the tough decisions you need to make. But as long as the team is
working well, people enjoy working with each other, I think that gives you
a lot of motivation.”
In the choppy waters currently being navigated by those in IT in the fi-
nancial industry, a major challenge is building any kind of long-term strate-
gic plan. When the managers are anxiously awaiting the next bombshell
that threatens to blast them out of their corner office, it can be hard to both
get their attention and convince them to part with jealously guarded funds.
Though Landert is far too discreet to voice such a forthright assessment,
he nonetheless recognizes such pressures. “Given the seismic events we
are seeing right now, we see these profound changes coming along,” he
confirms. “Nobody can afford to have a long-range strategy which is very
detailed. I think one of the common themes
which I see throughout all the things we do in
our long-term strategy is about becoming a
very agile IT division of financial services or of
the bank. The agility has to be within the
whole IT organization in structural technolo-
gy-type of activities, in the way you set up
your operating model in order to react to and
be able to survive some of the volatility we
have and some of the changes which will
come along.” It seems that even the biggest
organizations are going to have put major
plans on the back burner in favour of being
prepared for an increasingly uncertain envi-
ronment.
For Credit Suisse at least, this shift in
focus is already underway. Though, as with
any move that requires a drastic direction
change, it cannot be done overnight. “You
need to look at the way that you do financials
and how you account for IT costs and the in-
vestments you do,” Landert continues.
“You’ve got to tackle some structural aspects
of the organization. You’ve got to look at the operating model that includes
some of the sourcing strategies you have. You’ve got to look at your archi-
tecture and your infrastructure, at technology processes and standards,
and last but not least, at your workforce. It’s the key point that you align
all these activities because they all highly depend on each other and you
cannot change one without affecting another.”
33www.usfst.com
Interesting timesBecoming Credit Suisse CIO in May 2008, Karl Landert’s first few
months in the job have coincided with an unnaturally turbulent periodfor the industry. FST editor Huw Thomas spoke to him about
managing IT in an age of uncertainty
FEATURE
VIRTUAL REALITY
The driving force for any virtualization strategy
comes down to three aspects. First, you want to
employ your machinery better, so that you utilize
your servers to a higher degree than having only
five percent utilisation on them.
Second, you want to reduce power
consumption. We have a lot of power issues and
it’s becoming a driving cost factor. In many areas
of the world it’s a constrained resource. So you
want to reduce your power and with that you also
reduce the power consumption, you reduce the
data centre space you need. You don’t need to go
and construct new data centres and buildings.
Last but not least, it allows you also to
simplify the overall management and systems
management processes. It has an effect on
sustainability, but there are also very good
economic reasons to pursue virtualization.
KARL LANDERT:jan09 28/01/2009 15:45 Page 33
bringing certain helpdesk functions back in house are currently being ex-
plored. “I think it’s the realization that most companies, although they are
global by nature, have a very big challenge in providing you with a consis-
tent global service,” he explains. “Sometimes you have local champions,
who are better prepared to do that. Secondly, what is driving it is where we
have customer satisfaction issues, which are leading us to this conclusion.
For example, in Europe we ‘re-insourced’ some of the helpdesk and the
desktop end-user computing services, which we had outsourced previously
in some of the European offices. We’re looking at it on a broad scale right
now.” It’s an important consideration. While it can be tempting to go for
the lowest cost option in difficult times, doing so at the risk of alienating
customers can lead to yet bigger headaches.
Credit Suisse operates an integrated bank model with IT acting as a
shared services unit to all the sections of the organization, from asset man-
agement, to private banking, to investment banking. Serving all these spe-
cific needs at a time when financial markets are in such a state of flux must
surely present some problems? “Right now one of the challenges we have
is certainly sizing IT and the way we provide our services to some of the
peak volumes we have seen,” Landert responds. “We have been reacting
very fast to deal with some of the volumes which were created by this mar-
A common response to uncertainty and constrained budgets is a
greater reliance on outsourcing. By not actually owning technology and
processes themselves, organizations can find it that much easier to walk
away if circumstances change suddenly. Landert confirms that this is very
much a part of Credit Suisse’s plans, but that the issue is not as black and
white as it might sometimes appear. “You’ve got to have a clear strategy,
and the clear strategy now regarding outsourcing is what parts of the over-
all value chain you outsource what you keep in-house,” he says. “More and
more you want to keep in-house design knowledge and architectural knowl-
edge, beyond the pure contract management that you always keep in-
house, in the retained organization. And you want to have the ability to do
what is called today multi-sourcing. By keeping that in-house you can uti-
lize different partners and use competition between different partners. But
it’s also easier to switch vendors.” Of course, any decision regarding out-
sourcing has to take geographic and vendor risks into account. The key
issue for Landert is that design and management authority remains inside
the company.
But contrary to the prevailing winds blowing through the industry,
Credit Suisse is even looking at bringing some previously outsourced ele-
ments back into the organization. Landert tells us that the possibility of
34 www.usfst.com
Landert explains the importance ofCredit Suisse’s people
To attract and retain best talent we have what we
call strategic workforce management programs in
every region, which are co-ordinated globally. We
have career development paths and the whole framework
to develop people. It is pretty unique and it’s something
we use globally where to show the career paths which we
have in the company. We have a very good and
successful mobility program for people to move between
the different divisions within the IT organization.
And when I speak about mobility program we are
speaking about an organization of roughly 12,000 people,
including contractors and some of our partners. We’ve
got more than 1000 projects running simultaneously,
more than 1000 applications. There are lots and different
cultures of every multinational environment. This gives
you the ability to attract a lot of talent who will actually
enjoy working in such organizations. I think there’s
another change that is also happening right now; you
need to hire for potential. You need to hire people that
also enjoy moving along the organizations as you start to
be more process-oriented, especially in certain
application development areas. You also need to
specialize people in a certain type of roles, like grouping
together test people and having a quality assurance test
competence centre, which you may locate in whatever
geography. That’s also a change in the way that people
have been working in the past.
IT’S NOT JUST IT
KARL LANDERT:jan09 28/01/2009 15:45 Page 34
ket volatility and by the events we have seen. Right now the challenge is
how can we sustain the business, how can we make sure that when we
have these events where you triple and quadruple your volumes, that all
the systems are really delivering on their SLAs. Reaction to these events
has kept us pretty busy.”
So what of the future? It’s virtually impossible to open a newspaper
without seeing stories about falling budgets and brutal cost cutting. Speak
to most people working in financial IT and they will tell stories about being
asked to do more with less. While Landert is cautious about sounding too
many alarm bells, he nonetheless acknowledges that the current situation
requires some very careful use of resources. “Going forward I think there
are going to be some of the tough decisions that we need to make about
where we continue to invest and where we reduce investments,” he says.
“That’s not an IT call you make alone; that’s the one you do with your busi-
ness.” Making these kinds of calls really puts a spotlight on the quality of
IT’s governance and its interaction with the business. It’s an area where
Landert believes his team has demonstrated considerable success. “I think
that over the last couple of months, we have made significant progress in
providing the full transparency of the levers we have,” he continues. “This
is a business IT alignment which is absolutely crucial in difficult times. You
have to be agile, to have the full transparency, and to understand the lever-
age you have on what you can do and you cannot do with your IT infra-
structure in supporting the business. That’s going to be very important in
the coming months in deciding where we put your investments and where
we don’t invest.”
In any case, Landert is sanguine about the bank’s ability to weather
any effects a prolonged downturn may bring to technology expenditure,
largely due to the work that has been done recently. “We had the luxury to
be in the situation where we could gain a lot of synergies through combin-
ing all the different IT units whilst at the same time continuing to invest,”
he says. “So we are looking at three or four years of having done healthy
CREDIT SUISSE – EDITED HIGHLIGHTS
1856 – Credit Suisse’s predecessorSchweizerische Kreditanstalt (SKA) is founded
1905 – Opens first branch outside Zurich
1910 – Unveils representative office in Paris
1940 – SKA launches New York Agency
1989 – SKA’s sister company CS Holding becomesparent company of the group
1997 – CS Holding becomes Credit Suisse Group
2005 – Credit Suisse implements its One Bankstrategy by merging its Credit Suisse legal entitiesin Switzerland with Credit Suisse First Boston
“It’s a people job and with allthe challenges that we arefacing and all the bad news,the one most rewarding thingyou have is working with agood team”
KARL LANDERT:jan09 28/01/2009 15:45 Page 35
36 www.usfst.com
investments and increases in the IT development.” Landert clearly believes
that this groundwork will be enough to see him through, but also seems
generally upbeat that budget cuts won’t have too big an impact on his
work. Though he acknowledges that the current uncertainty will have an
effect, he remains confident that IT will retain the capability to be effective,
simply because IT is so fundamental in coping with some of the challenges
that the industry is facing.
To ensure that the company’s IT doesn’t stagnate, Landert promotes
the concept of managed evolution. It essentially boils down to a constant
evaluation of the bank’s IT assets which enables change to be made with-
out potentially crippling investments. “To sur-
vive and to keep your cost levels acceptable
you need to have a constant process of elimi-
nating your heritage and your end-of-life ap-
plication systems,” he says. The approach
allows the technology portfolio to be con-
tained, both in size and complexity, reducing
redundancy and enabling a much greater level
of component reuse. Key to its success are
solid architecture and strong standards. “That
is one thing we do and we have been very suc-
cessful in it in the last 10 years, in different
parts of the IT organization,” Landert contin-
ues. “Constantly re-engineering and reinvest-
ing in our systems enables us to eliminate
some of the old ones and reduce complexity.
That allows you to become more flexible and
agile and to also meet business needs in a
faster way.”
It is maintaining this overarching philoso-
phy which is key to Landert’s role. Returning to
the idea of what the modern CIO actually is and
what responsibilities the IT function has, he of-
fers a stark assessment. “We are not a service
provider; we are an IT organization of a finan-
cial services institution and we need to under-
stand our business,” he says. “We need to be
respected and accepted by our counterparts
and our colleagues in the business, and we
need to speak with them in the same language.
We walk the talk and what we say is what we
deliver. These are some of the key principles.”
As stated earlier, Landert sees being a
CIO as like being a mayor. Making sure there
aren’t potholes in the roads and that the
buses run on times. To do this requires the
ability to get a good overview of the busi-
ness, to avoid getting bogged down in de-
tails. “At this level I don’t want to make a call
about which kind of technology we want to
use or what application we want to build,”
he says. “You need to have a view on how
you spend and how you prioritize spend
along the business areas you are supporting. You need to have a view
about what kind of skills you need today, what you will need in the fu-
ture and how it will develop.”
Perhaps most importantly, it is about setting the right tone. In times
as trying as those we now face, it is essential that management leads from
the front and brings together all the disparate elements of this global or-
ganization. “These interdependencies are what you need to manage be-
sides the people side and interfacing with the business and working with
your people to keep them engaged,” Landert concludes. “Engagement of
the organization is a key factor in being successful.” n
KARL LANDERT:jan09 28/01/2009 15:45 Page 36
Windows.indd 1 28/1/09 08:22:37
38 www.usfst.com
FEATURE
Following last December’s arrest of Bernie Madoff and thediscovery of history’s largest Ponzi scheme, FST’s Matt Buttelllooks at how its repercussions are likely to reshape the industry foryears to come
Over the hedge?
Madoff ED:25JUNE 28/1/09 16:16 Page 38
It was in 1960, at the age of just 22, that Bernie Madoff
began his financial career by taking the $5000 he had
saved from summer jobs as a lifeguard and a sprinkler
system installer and setting up the investment firm
Bernard LMadoff Investment Securities LLC.
The beginning of his story reads like the perfect urban
fairytale: a man realizing that he has a talent for making
money and applying it in a realistic and sensible fashion.
Over time, Madoff went on to chair the NASDAQ stock ex-
change, aswell as continuinghis responsibilities as the chair
of his own firm, gaining a trustworthy reputation among in-
dustry insiders and investors alike.
Then, on the 11 December 2008, Madoff was charged
with perpetrating the largest investor fraud ever committed
by a single individual this urban fairytale exploded into glob-
al news.
Madoff's assets and those of the firm were frozen and
according to federal charges Madoff himself admitted that
his firm has “liabilities of approximately $50 billion”. Since
the case has come to light many banks, including several
fromoutside theUS, have reported that they have potential-
ly lost billions of dollars as a result of fraudulent activities.
Many investors, journalists and economists are already
questioningMadoff's statement that he alone is responsible
for the large-scaleoperation, and investigators are looking to
determine if therewereothers involved in the scheme.As the
investigation continues,much of this remains unanswered.
One thing, however, is obvious: the mess couldn’t have
come at a worse time. And during a period when stock mar-
kets are falling, it does beg the question of why so many
wealthy and sophisticated savers were conned into believ-
ing that Madoff had come up with an investment strategy
that allowed him to pay such handsome returns? After all, if
something in this world sounds too good to be true that’s
usually because it is too good to be true. One unnamed se-
nior regulator, who has been involved in formulating public
policy for many years, was quoted in the New York Times as
saying the reason these people were conned is depressing-
ly simple: “People are prone to believewhat theywant to be-
lieve,” he said, “and in rising markets a kind of irrational
euphoria takes hold in which we are not inclined to ask our-
selves difficult questions.”
ScrutinyThemassive bailout of the American financial system in
October last year demonstrated the concept that our banks
are ‘too big to fail’. In other words, banks are of such im-
portance to the world's financial system that governments
would rather prop them up with public money than allow
them to suffer the consequences of their own greed or in-
competence and – in his own way – Madoff is the same as
these banks: an investment advisor too respectable to
scrutinize.
39www.usfst.com
Madoff ED:25JUNE 28/1/09 16:16 Page 39
scandal continues to grow, hopes for the future of hedge funds looks in-
creasingly bleak. Reports now indicate that investor confidence has sunk
to an all-time low, and it could take years for managers to regain the
trust they once had. Economists have gone on to predict that the indus-
try that emerges from the other side of this crisis will most likely be con-
siderably smaller, humbler and cheaper than the one that began 2008,
with near $2 trillion in assets. And Claude Le Ber, CEO of Geneva-based
Banque Safdie SA, who three years ago withdrew money invested with
Madoff, has said that the scandal will likely mean considerably more
hedge fund regulation.
“WhatMadoff has done is highlight the lack of regulation,” LeBer said
during a recent press conference in Geneva. “There’s going to be a shake
out. Even beforeMadoff, the hedge fund industrywas seeing redemptions
and wasn’t producing absolute returns.” Safdie, with $5.9 billion under
management at the end of 2007, is the second Swiss bank after Credit
Suisse Group AG to disclose withdrawals of money before Madoff con-
fessed to swindling investors.
“A lot of Swiss private banks were hurt,” Le Ber continued. “He was
able to cultivate a circuit and put people in a position where they felt that
opening an account was doing them a favor.” he added that Bank Safdie
withdrew money that it had placed with Madoff back in October 2005 be-
cause it wasn’t getting enough information about the investment.
Global ramificationsOn December 15, three days after Madoff’s arrest, a number of
Europe’s largest financial companies revealed their exposure – most no-
tably Spain’s Banco Santander, Iberian rival Banco Bilbao Vizcaya
Argentaria and France's BNP Paribas, who all confirmed losses to ad-
dress the growing concerns of their investors. Later, troubled Benelux
bank Fortis said that its Dutch subsidiary had indirect exposure of some-
Andnow,as if thehousingcrisis, liquidity freeze,deepeningrecessionand
aprospectofdeflationweren’tenough for theworld’sfinancial systemtodeal
with,wealsohave theMadoff affair pulling at the stringsof our economy.
Hedge funds for example have been in a downward spiral formonths,
as, in response to the worrying economy, investors have been pulling
moneyout fast. Even supposedly untouchable portfolios such as those at
Citadel Investment Group have lost half their value over the past 12
months. Nonetheless,Wall Street had remained optimistic that investors
would stick by hedge funds if the markets stabilized, thereby buoying
the industry’s fortunes. But as the list of victims affected by the Madoff
40 www.usfst.com
APonzi scheme is a fraudulent investment operation that pays re-
turns to investors out of the money paid in by subsequent in-
vestors rather than profit.
The Ponzi scheme usually offers abnormally high short-term
returns in order to entice new investors. The perpetuation of the
high returns that a Ponzi scheme advertises and pays requires an
ever-increasing flow ofmoney from investors in order to keep the
scheme going.
The system is destined to collapse because the earnings, if
any, are less than the payments.
The scheme is named after Charles Ponzi, who became noto-
rious for using the technique after emigrating from Italy to the
UnitedStates in 1903.ThoughPonzi did not invent the scheme, his
operation took in so much money that it was the first to become
known throughout the US. It was, in theory, based on arbitraging
international reply coupons for postage stamps, but soon divert-
ed investors'money to support payments to earlier investors and
Ponzi's personal wealth.
CLOSE-UP:WHAT IS A PONZI SCHEME?
Madoff ED:25JUNE 28/1/09 16:16 Page 40
where between $1.17 billion and $1.38 billion to Madoff's investments,
while French insurance giant AXA also revealed potential losses in the
range of $136million.
What’s more, even those who pulled out of Madoff’s funds before the
blow-up even happened could be forced to return their proceeds and prin-
cipal. Just a fewmonths beforeMadoff’s arrest, the FortWorth Employees’
Retirement Fund pulled $10 million out of a hedge fund that invested ex-
clusively withMadoff. But now themanagers face the possibility of having
to give back themoney – a sum that includes all of the pension's purport-
ed gains over the years, plus its initial investment.
The consequences of theMadoff scandal are running far and wide. At
the beginning of January, at the first hearing of the Financial Services
Committee on the alleged fraud, both Republican and Democratic House
members said the debacle surrounding Madoff reflected deep, systemic
problems of the US Securities and Exchange Commission.
“Clearly our regulatory system has failedmiserably and wemust now
rebuild it,” said Representative Paul Kanjorski, aDemocratwho chaired the
hearing, adding that the scandal, “fell through the cracks” of the regulato-
ry system. “It nowappears that regulators shouldhavedetected theMadoff
wrongdoing earlier because of the red flags raised by others.”
With a continuing investigation, it is hard tomakeany solid predictions
regarding how the Madoff scandal will ultimately impact our economy.
However, already it is clear that the ramifications will be felt for years
to come. Without the huge source of ready money, both from funds of
funds and bank credit line hedge fund returns will suffer even after the
markets eventually bounce bank. �
41www.usfst.com
In the case of Bernie Madoff, there have been some
notably high-profile victims. Here, FST takes a look at
some of the most prolific.
• Director Steven Spielberg’s charity, Wunderkinder
Foundation, ‘appears to have invested a significant
portion of its assets with Madoff, based on regulatory
filings,’ according to the Wall Street Journal.
• Real estate and publishing magnate Mort
Zuckerman had a large amount tied up in a fund that
invested heavily in Madoff's firm.
• Nobel laureate Elie Wiesel’s charity organization,
Foundation For Humanity, reportedly had $10
million tied up in Madoff's organization.
• Lawyers for Sen. Frank Lautenberg said they
weren’t sure how much the senator’s charitable
organization has lost but said ‘the bulk of its
investments had been handled by Madoff.’
VICTIMS OF MADOFF
For over a decade and a half, regulators fromthe SEC and other agencies conductednumerous examinations at Madoff’s offices,but failed to uncover fraud.
1992NY SEC sues four individuals for illegally raising $440
million in what was thought to be a massive Ponzi
scheme apparently unrelated to Madoff. The money,
however, is managed by Madoff, and is both intact
and redistributed back to investors.
1999SEC in Washington DC opens limited examinations
into Madoff and two other firms to review trading
practices. SEC finds violations in trade executions and
Madoff says he will address them.
2004SEC in Washington DC opens a limited exam looking
into whether Madoff is front-running his market-making
trades to benefit hedge fund clients. SEC finds no
violations and refers the case to its New York office.
2005NY SEC opens a limited examination looking into
suspicious emails found during the review of a hedge
fund as well as news stories that raised questions
about Madoff’s consistent returns. The SEC issues a
delinquency letter citing execution and trading
violations.
2005SEC investigators in New York meet with Harry
Markopolos, a former executive of Madoff’s who, in a
21-page presentation, suggests Madoff is running the
world’s largest Ponzi scheme
2006SEC NT staff opens an enforcement investigation.
The SEC finds that Madoff and one of his clients
misled the agency about investors in the past and
about its money-management business. Madoff
agrees to register as an adviser and the SEC
closes the investigation 22 months later.
16 YEARS OF INVESTIGATION
Madoff ED:25JUNE 28/1/09 16:17 Page 41
42 www.usfst.com
PLAY YOUR CARDS RIGHT
Organizations are increasingly taking steps to cut costs
and bring greater control over spending. In today’s
highly regulated environment where the main focus
is on compliance and auditing controls, a purchasing
card program provides the foundation and visibility
tools to better manage corporate spending.
By following the best practices and innovative strategies
shared by some of JPMorgan’s purchasing card customers, corpo-
rations are better positioned to launch an effective card program,
improve compliance and auditing processes and practices, and
further accelerate efficiency.
The risks of ineffi ciency are signifi cant. A university employee in
Georgia was recently indicted for ringing up more than $300,000 in
personal charges on a state-issued purchasing card. Items acquired
included foosball tables, season tickets to football games and a
$1900 frozen drink machine. A state audit report blamed the univer-
sity for its lax supervision of the card program.
In Tennessee, county employees resigned amid a purchasing
card scandal that included close to $50,000 in undocumented or in-
adequately documented expenses; reports of fabricated receipts; pur-
chases of cruises, alcohol, lobster dinners and family members’ plane
tickets; as well as gas purchases for private cars.
Though such cases of fl agrant misuse are fairly iso-
lated, hearing such stories causes treasurers and purchas-
ing card administrators to pause and question. No matter the
industry, market segment or program size, concerns regarding
out-of-policy spending, fraud detection and card misuse remain the
same. Here are some key steps to take to ensure that your program is
up to par.
Establish checks and balancesA set of checks and balances and a segregation of duties must be
established between the various individuals involved in card program
management. No matter how clearly roles and responsibilities are
Building solid purchasing card programs requires careful planning. JPMorgan’s Eduardo Vergara reveals the best practices of several leading companies.
CARD PURCHASING
EduardoVergara.indd 42 28/1/09 15:53:45
43www.usfst.com
Establish protective controls upfrontAll successful purchasing card programs are safeguarded with
a combination of upfront controls and back-end auditing practices.
In addition to required training, some common upfront measures
include the establishment of cardholder transaction limits, monthly
spending limits and the blocking of unauthorized Merchant Category
Codes (MCCs). An increasing number of companies have deployed
single-use or limited-use account technology to bring greater control
over spending.
ServiceMaster, the parent company of pest control business Termi-
nix, has implemented single-use account technology to bring greater
spend control and efficiency to its payment processes. The company
is using the technology throughout its network of Terminix branches
as a means to make one-time payments to its subcontractors. Once a
Terminix subcontractor’s work is complete and the associated claim
has been approved by ServiceMaster, a limited-use account number is
issued to securely pay the subcontractor’s approved claim.
In the past, ServiceMaster would pay its Terminix subcontrac-
tors by giving them a credit card number and expiration date. Ser-
viceMaster would have no control over how often the subcontractor
could charge the card or how much they charged. According to Mike
Gaffney, ServiceMaster’s Director of Card Services: “We were running
into situations where subcontractors would double charge us or they
would charge us before the work was complete. The control is now
very tight.”
Use technology to streamline back-end auditingTechnology is key to helping card administrators more effectively
pinpoint potential card misuse and guide the back-end auditing pro-
cess. Corporations should seek to partner with an issuer that provides
web-based payment management tools designed to support all areas
of card program administration, including enhanced reporting and
real-time visibility into spending.
Best-in-class systems enable administrators to block unauthor-
spending limits and cancel cards. Administrators should have access
to a variety of standard reports that provide the transaction detail
needed, including vendor analysis, unusual activity analysis and de-
linquency reports. Cardholders can assist with compliance efforts by
viewing their statement information in real-time.
Raymond Williams, accounts payable manager at coffee giant
Starbucks, oversees a program with 4300 cardholders and approxi-
mately 45,000 expense reports per year. Williams and his team use an
online reporting tool on a daily basis to oversee spending in real-time.
A specialist identifies transactions that fall under certain restricted
Merchant Category Codes (MCCs), as well as merchant names that have
been placed on Starbuck’s high-risk transaction list or ‘Hot List’. Four
documented, they will prove ineffective in mitigating risk unless there
is logical segregation of duties. At a minimum, cardholders should not
be their own approving manager or approving executive. Separate in-
dividuals must be identified for card program responsibilities related
to requests, authorization and execution.
Pam Henton, director of accounts payable and card services for
energy company ConocoPhillips, manages about 13,500 cardholders
and 120,000 expense reports per year. All expense reports and as-
sociated receipts must be reviewed and approved by the cardholder’s
direct manager. By placing some burden on the manager, expense
reports have already been through one review cycle.
Establish consistent policies The development of policies should support various aspects of
card program control including establishing card issuance guidelines,
transaction controls, and rules for card usage, documentation and
record retention. No matter how the management of your card pro-
gram is structured, the same policies and processes should apply to all
cardholders. Whether your company is acquiring an established
business or if you have oversight of a single program based in
one location or multiple programs spread across a number of
business units, be consistent when establishing parameters.
Only then can rules be enforced without confusion.
According to Sears card manager Wayne Randall: “When
Sears Holdings Corporation acquired Kmart and Land’s End, we real-
ized from the onset that our purchasing card policies and procedures
differed in a number of ways. Some of the initial goals were to gain
buy-in to the program, establish consensus with a companywide
policy and roll out the cards to leverage the already established
spending practices. We audited 100 percent of all new cardholders for
the first few months to inform, educate and enforce compliance during
their transition to a new corporate culture. If out-of-policy spending
occurred, an email was sent to the cardholder outlining existing poli-
cies. New cardholders quickly adapted.”
Mandate training before a card is issuedEducation and a clear understanding of cardholder roles and
responsibilities are vital to any program. Once an application is re-
ceived, companies should consider having card applicants participate
in some form of training course before they receive their card. While
training in-person or via conference call could be offered every month
or so, companies may want to consider establishing a brief online
course or quiz. A record of those who took the course or passed the
quiz can be maintained to further support your company’s Sarbanes-
Oxley initiatives.
Chevron Corporation employees are required to take a training
course every two years to continue using the card. Monsanto Com-
pany requires that its cardholders take a computer-based training
course and receive a score of 100 percent in order to apply for their
card. Upon completion of the course, users receive a ‘digital diploma’
or certificate that then must be submitted along with their applica-
tion. Cardholders who are on a watch list as a result of multiple audits
are required to take the course again.
No matter the industry, market segment or program size, concerns regarding out-of-policy spending,
fraud detection and card misuse remain the same
EduardoVergara.indd 43 28/1/09 15:53:46
44 www.usfst.com
or five emails are sent out each day asking
cardholders for additional information on
questionable transactions. The cardholder’s
manager is copied on these messages. Ac-
cording to Williams, “It is an effective con-
trol if employees sense that their spending
is being monitored. The card is for business
purposes only, not for personal use.”
Audit beyond the traditionalBest-in-class organizations enhance
their traditional auditing practices by look-
ing beyond spend limit and MCC violations.
Additional controls also may need to be
established depending on your industry.
Some companies conduct audits on pur-
chases that are made in the evening or on
weekends. Purchases that are shipped to
an individual’s home as opposed to campus
are also investigated. Other items that are
red-flagged: personal technology purchas-
es such as computers, cell phones or PDAs,
and items acquired through PayPal. Many
companies focus on retail spending by au-
diting statements that include purchases
from Amazon.com, Best Buy, eBay, Target
or Wal-Mart. Audits are also conducted on
purchases made outside of its published
list of preferred suppliers.
Sears Holdings Corporation focuses on
the travel-related practices of its OneCard
users. When renting an automobile, card-
holders should not sign up for the rental
agency’s fueling option. In order for meals
to be reimbursed, cardholders must be on
overnight status. Cardholders must provide
supporting documentation to demonstrate
that an overnight trip occurred.
Foster positive relationships While monitoring and enforcement
are vital to success, it is important that card program administrators
not be viewed as the enemy. In order for your program to grow and
succeed, positive, interactive relationships must be established with
your cardholder base. Take a consultative approach. Create an envi-
ronment where cardholders feel comfortable reaching out to you with
questions and issues. Sometimes spend limits or other restrictions
need to be loosened in order for cardholders to be more effective in
their job.
The purchasing card manager at a major US airline reviews de-
cline reports daily and proactively investigates why such declines
occurred. Perhaps MCCs should be unblocked for certain buyers
or spending limits need to be raised. Perhaps a cardholder needs
to be further educated on policies. The company also reviews its
spending reports daily. If a cardholder has accidentally used the
company card to buy a personal item, they
should self-report immediately to demon-
strate that they are operating within the
spirit of the program and not engaged in
suspicious activity.
According to the airline’s purchasing
card manager: “We are very parental in a
number of ways. If you have used the card
in a non-compliant manner, we can work
out the issue if you are honest upfront. Ev-
eryone is human and mistakes can occur.
But we will monitor your reports more
closely over the coming months to make
sure that your behavior has improved.
Like baseball, we have a ‘three strikes
and you’re out’ approach. After the third
strike, you lose card privileges and dis-
ciplinary action will be taken. But if you
have received one strike and proven over
the following months that you are follow-
ing policies correctly, that one strike may
be removed from your record.”
Periodic peer reviews To mitigate improper card use and
help support Sarbanes-Oxley, best-in-
class organizations also perform ongoing
peer reviews of purchasing practices well
in advance of regularly scheduled audits.
Sarbanes-Oxley Section 404 requires
management to report on the adequacy
of their company’s internal control over fi-
nancial reporting. Informal, periodic peer
reviews can help determine any program
weaknesses while promoting efficiencies,
ongoing training and limiting overall risk.
International Paper’s purchasing
card practices are audited every other year by internal audit. These
audits take place at each of International Paper’s seven divisions.
In anticipation of these audits, cursory peer reviews are conducted
annually at each location. Divisions also perform monthly transac-
tional reviews.
The purchasing card program at Monsanto is audited at least twice
a year, once by an internal team and once by an external firm. Card ad-
ministrators prepare for these audits by conducting approximately eight
random audits per month and reviewing at least 40 percent of spend.
Card program policies should be reviewed and updated peri-
odically to reflect any changes in the company that affect the use of
the card. Despite the existence of written policies in the majority of
companies surveyed by the Association of Financial Professionals,
only 38 percent of those companies update their policies annually.
At a minimum, it is recommended that reviews of the card program
policies should be scheduled on an annual basis. n
Eduardo Vergara is a Managing Director in Treasury
Services and Global Commercial Card Executive. He
is responsible for the day-to-day management of
the global commercial card business and for setting
and implementing Treasury Services’ strategic vision
for its card products. He also provides industry
leadership and helps grow the business by expanding
its international card platform and Order-To-Pay and
emerging Procure-To-Pay product capabilities.
Vergara joined the firm in 2008, from American
Express, where he was the global head of Product
Management & Marketing for the Global Commercial
Card business. Prior to American Express, Mr.
Vergara worked for Bank of America, where his
roles included head of international Business
Development, Latin America, and Canada, global
Treasury Services, head of Prepaid Cards and head
of International Remittances.
EduardoVergara.indd 44 28/1/09 15:53:48
Wolters.indd 1 28/1/09 08:22:52
46 www.usfst.com
LOCKDOWNThe so-called ‘rock star’ of the security industry, Bruce Schneier, exclusively reveals some interesting thoughts regarding current security issues
You’re on record criticizing post 9/11 airport
security measures as little more than window
dressing that don’t actually make passen-
gers safer. Do you see any similarities to this
situation and the steps fi nancial companies
take to protect their customers?
Bruce Schneier. The phrase I use is ‘security
theater’, and one of the reasons we fall for
it in airline security is that attacks are very,
very rare. Security theater is exposed when
it’s obvious that it’s not working, and there
simply isn’t the attack data to assess the
effectiveness of bag screening, liquid con-
fi scation, photo ID checks and other useless
security measures.
Financial fraud is different, because
there is a measurable crime rate that reacts
as security countermeasures are applied.
Financial companies know what is and isn’t
working. They may decide not to tell their
customers and keep up a charade of security
theater, but that only works in the short term.
So while there certainly is security theater in
the fi nancial industry, it won’t last. People
will, for example, eventually fi gure out that
two-factor authentication doesn’t reduce
identity theft and fraud.
What do you see as the key security issues
currently facing fi nancial institutions and
their customers?
BS. Crime. Crime, crime, crime. Crime in the
form of fraud. It may come with the fancy
name of identity theft, but it’s really just
fraud due to impersonation. That’s the key
issue, and it’s not changing. The tactics of
fraud might change – phishing, pharming,
key logging, social engineering, password
guessing, whatever – as security measures
make some tactics harder and others easier,
but the underlying issue is constant.
Are customers concerns about online secu-
rity matched by that of their banks and credit
providers or is there any disconnect with
what consumers want and what companies
are prepared to do?
BS. There is always a mismatch, and you can
easily see it when you look at where the li-
abilities are. If fi nancial institutions manage
to pass off the cost of fraud onto consumers,
then of course the consumers will want more
recourse than the banks provide. Think of a
Bruce Schneier Ed P46-47.indd 46 29/1/09 09:05:50
47www.usfst.com
has done more to improve credit card secu-
rity than anything else.
FST. What needs to be done to truly create
an environment where customers are pro-
tected from threats such as identity theft?
Are banks and other financial institutions
capable of achieving this on their own or will
outside influence be required?
BS. It’s easy. Make banks responsible for all
the costs of identity theft. Once you set the
economic incentives properly, the market-
place will come up with all sort of technical
and procedural solutions.
Do you see any particularly striking new se-
curity threats emerging at the moment?
BS. No. I’m asked to make predictions like
this regularly, but honestly, I think we’re
going to see more of the same for the fore-
seeable future.
Does the increased ubiquity of online com-
merce mean that resolving new security
threats is a purely technological issue or is
there other aspects to consider?
BS. Mitigating security threats is never a
purely technological issue. Security always
involves people – people doing the attacking,
and people as the victims – so security will
always have a people component. And actu-
ally, one of the reasons online crime is so suc-
situation where someone steals a customer’s
password, breaks into a customer’s account,
and steals money. It’s far cheaper for the
bank to foist the cost of that fraud onto the
consumer. But the consumer is perfectly
right when he says: ‘What do you mean, it’s
my fault? I wasn’t involved.’ The best way to
mitigate security risks is to have the entity
best situated to mitigate the risk be respon-
sible for the risk. Customers can’t improve
a bank’s computer security, so it makes no
sense to give them the risk. The bank can
improve security, so it should be responsible
for the risk, regardless of who is at fault.
Think about credit card security. In the
UK the law states that customers are only
responsible for the first £50 of card-present
fraud, and not at all for card-not-present
fraud, even if they were at fault. That law
cessful is that so much security tries to take
people out of the equation. Technology can do
a lot to improve security, but it can only aug-
ment what people do, not replace them.
We recently spoke with PayPal’s CISO Mi-
chael Barrett. He believes that the war on
phishing is winnable, but it will require a
great deal of hard work and coordination be-
tween many different parties. What is your
feeling on the subject?
BS. I think that comment illustrates a lot of
what’s wrong with current security thinking.
It’s not a war on phishing, it’s a war on fraud.
Phishing is just a tactic, and if you concen-
trate your effort on defeating that particular
tactic – something I agree is possible but will
take a great deal of hard work and coordina-
tion – the criminals will just move to another
tactic. If we’re ever going to truly reduce
fraud, we need to look beyond tactics and
deal with the economic motivations of both
the criminals and the victims. n
Bruce Schneier is an internationally
renowned security technologist and
author. Described by The Economist as
a ‘security guru,’ he is best known as a
refreshingly candid and lucid security
critic and commentator. The best
selling author of eight books, he has
written articles and commentary that
have appeared in numerous prominent
publications. Regularly quoted in the
media, he has testified on security before
the United States Congress and is also
Chief Security Technology Officer of BT.
In recent weeks a worm, a malicious software program,
has swept through corporate, educational and public
computer networks around the world. Known as Conficker
or Downadup, it is spread by a recently discovered Microsoft
Windows vulnerability, by guessing network passwords and
by hand-carried consumer gadgets like USB keys.
Experts say it is the worst infection since the Slammer
worm exploded through the internet in January 2003,
and it may have infected as many as nine million personal
computers around the world.
Worms like Conficker not only ricochet around the
internet at lightning speed, they harness infected computers
into unified systems called botnets, which can then accept
programming instructions from their masters.
Many computer users may not notice that their machines
have been infected, and computer security researchers
said they were waiting for the instructions to materialize, to
determine what impact the botnet will have on PC users.
It might operate in the background, using the infected
computer to send spam or infect other computers, or it
might steal the PC user’s personal information.
Microsoft rushed an emergency patch to defend the
Windows operating systems against this vulnerability in
October, yet the worm has continued to spread even as the
level of warnings has grown in recent weeks.
Earlier this month, security researchers at Qualys, a
Silicon Valley security firm, estimated that about 30 percent
of Windows-based computers attached to the internet
remain vulnerable to infection because they have not been
updated with the patch, despite the fact that it was made
available in October last year. The firm’s estimate is based
on a survey of nine million internet addresses.
Wormhole: security in action
“The tactics of fraud might change as security measures make some tactics harder and others easier, but the underlying issue is constant”
Bruce Schneier Ed P46-47.indd 47 28/1/09 15:44:12
With more than three trillion bits of
data created every second, the
world’s appetite for more fea-
ture-rich information keeps
growing, and with it comes the need for data
centers to store and process that information.
Consequently, the data center growth rate is
roughly 50 percent a year. However, as the
worldwide pool of data grows, corporations
are increasingly consolidating and centralizing
data center operations to save costs associat-
ed with their operation andmaintenance, such
as real estate, taxes, utilities and other physi-
cal support groups. These new high-density
data centers save on physical costs by reduc-
ing equipment and floor space costs for
servers in remote offices, cutting software li-
censes and distribution costs and reducing op-
erating expenses.
One consolidation strategy is server virtu-
alization, which harnesses the computing
power of multiple servers into logical group-
ings, known as virtual servers, running concur-
rently on the corporate network. Virtualization
essentially breaks the link of the physical
server and the software applications that run
on it. Because the software applications run
on virtual machines, virtualization realizes
greater computing and power efficiencies by
maximizing the utilization of the physical
servers that support the software.
Virtualization provides network administra-
tors with essential flexibility and agility in
managing data center environments while de-
livering rapid deployment, rapid adoption of
change and flexible disaster recovery.
From a physical hardware perspective, the
use of high-density blade server technology fa-
cilitates server virtualization. By containing
multiple servers in a single chassis-based en-
closure, blade servers maximize CPU process-
ing power per watt of power consumed.
However, its higher density platform changes
the design paradigm on which traditional data
centers were built. As computing resources
consolidate into smaller physical footprints,
the kW usage per square foot increases as
does the associated cooling requirements.
With next-generation data centers consuming
upward of onemegawatt of electricity and pro-
ducing as much as 20kW of heat on a per cabi-
net basis, data center managers will need to
contend with power and thermal management
challenges as well as increased distances be-
tween standalone and redundant data centers.
Even with these concerns, organizations are
finding it increasingly difficult to maintain a
network of servers distributed across the coun-
try or world and are turning to data center con-
solidation to cut IT costs, tighten data security,
meet regulatory requirements and improve op-
erational efficiency.
To fully realize themanyorganizational ben-
efits of consolidation and virtualization, there
are inherent design challenges that must be
overcome. An understanding of the complexi-
ties associated with provisioning of high-out-
put, high-efficiency 3-phase power distribution
systems used to support blade server technol-
ogy is essential. Once the power requirements
for supporting the computing load is under-
stood, the correct thermal management or
cooling strategy can then be developed. A pas-
sive or active cooling solution with the ability
to provide enough capacity for upwards of
20kW a cabinet heat loads will be needed.
Virtualization also requires an improvement of
network bandwidth and latency performance.
High-bandwidth technologies such as 10
Gigabit Ethernet using laser-optimized 50-mi-
cron fiber (ISO OM3) and Category 6A (ISO
Class EA) twisted-pair cabling will alleviate the
potential bottlenecks associated with aggre-
gating computing resources using virtualized
servers and storage platforms. Lastly, following
the TIA-942 and other global data center stan-
dards will ensure the cabling infrastructure is
designed to effectively support virtualized
server environments as well as scale with net-
work growth. �
Designer trends
48 www.usfst.com
Andy Jimenez, Anixter VP of Technology, looks at what IT managers need to be aware ofwhen designing and managing a data center
Andy Jimenez is Vice President
of Technology, Enterprise Cabling
Solutions and has over 19 years
experience in the fields of
telecommunications testing and
product certification. He has held
various engineering and
management positions with test
laboratories specializing in the
certification of voice/data
communications systems and
components. He has also given
numerous technical presentations
at trade shows, and is a regular
speaker at Anixter's National
Seminar Series.
ASK THE EXPERT
For more details on industry standards, go toanixter.com/standards to order your copy of the Anixter StandardsReference Guide.
Anixter ATE:25JUNE 29/1/09 08:58 Page 48
Anixter2.indd 1 28/1/09 08:17:10
The ecomonic distress of the financial com-
munity has added new dimensions to the
protection of sensitive information.
Always of the highest priority, the financial com-
munity has to protect the privacy of personal in-
formation and institutional data while securely
transacting all forms of commerce. Now, with
consolidations and take-overs occurring at a
breathtaking pace, there is an even greater chal-
lenge – combining institutions in a manner that
is rapid and cost effective without jeopardizing
the sensitive data. It is more important than ever
to find ways to cut costs, retain customers,
maintain business processes and demonstrate
a positive return on investment to stakeholders
even while incompatible systems and infra-
structures are being merged.
For years, financial institutions have fo-
cused on security solutions that thwart the ever-
increasing number of serious threats to sensitive
data assets. However, during transitional times,
institutions are once again vulnerable to threats
as data is consolidated amongst multiple het-
erogenous systems that are complex, often in-
compatible and difficult to secure.
Over the coming months, as IT departments
bring together these vast amounts of data, con-
solidate IT systems and develop new business
processes, they need to consider solutions that
provide business efficiency, scalability and con-
tinuity of information. And, with a heightened
level of scrutiny on technology purchase deci-
sions in the areas of goverance, risk manage-
ment and compliance, it is important for
financial institutions to take an enterprise ap-
proach to establishing their new combined in-
frastructure to maximize IT investments and
protect sensitive data.
In the past, most organizations were able to
establish a perimeter defense, employing fire-
walls, intrusion detection and antivirus software
to keep threats to information at bay and meet
compliance requirements. But now, with more
than 50 percent of security breaches perpetrat-
ed internally, perimeter security mechanisms
are no longer sufficient for addressing the many
threats to sensitive data. Additionally, compa-
nies are required to extend their data infra-
structure across business units, partners,
suppliers, customers and an increasingly mo-
bile workforce. The outsider is now an insider,
and, here again, the perimeter security is no
longer sufficient.
All this is further exacerbated when multiple,
disparate products create security gaps and het-
erogenousenvironments,whicharecostly toman-
age, create vulnerabilities and inhibit business.
Protecting the information withinin the en-
terprise is the only way to provide core to edge
protection. Encrypted information, integrated
under a centralized security platform, provides
seamless, cost-efficient management of data
across databases, applications, networks and
endpoint devices. Securing data at all times – at
rest, in motion, and in use.
Protecting the information within the enter-
prise extends security and compliance across all
systems where data resides – network, applica-
tion, database, or storage. The overall security
model will determine the points of protection,
which then determines the scope of the integra-
tion task. Typically, modes of implementation for
a data protection solution vary in terms of secu-
rity model, but each have strong commonalities
that represent the essential building blocks of
data privacy implementations:
• Cryptographic operations
• Secure key management
• Specialized, dedicated hardware
• Authentication and authorization
• Logging, auditing, and management
• Backup and recovery
In essence, an effective and comprehensive
data protection solution must follow the data
from the core, where key data repositories exist,
to the edge, where the data is used. When se-
lecting a data protection solution – especially in
times of transition or consolidation – you should
know the fundamental elements that make up
the solution, be sure to leverage standards-
based technologies and ensure that the proper
planning and cooperation occurs within and
across the enterprise. Doing so will ensure an ef-
fective solution that meets security require-
ments, reduces the overall complexity,
management, and maintenance costs of the or-
ganization’s IT infrastructure, and provides a
foundation for addressing future data protection
needs, business processes and regulatory com-
pliance requirements. �
Reducing the cost and complexityof consolidation
50 www.usfst.com
Chris Fedde discusses the best practice strategies for ensuring efficient businessprocesses and security during consolidation
Chris Fedde was named President and
Chief Operating Officer of SafeNet in
October 2006. Throughout his tenure at
SafeNet, which began in February of
2001 as Director of Corporate Product
Management and Business
Development, Fedde has been a key
contributor to building the company’s
security presence in the Federal
Government and the financial
community. During this time, SafeNet
has seen a significant increase in
demand for the company’s technology
solutions and managed services.
INDUSTRY INSIGHT
Safenet:25JUNE 28/1/09 16:22 Page 50
SafeNet.indd 1 28/1/09 08:20:44
52 www.usfst.com
When I founded the Anti-Phishing Working Group in 2003, I
thought that we would have eliminated phishing by mid-
2004. How wrong I was.
The Anti-Phishing Working Group (APWG) was founded to bring to-
gether the diverse communities of banks, ISPs, e-commerce companies,
security vendors and law enforcement agencies. Our core philosophy
was to create a forum where these diverse players could talk frankly
and honestly about the evolving phishing attack situation, without fear
that these conversations would become public. This format proved to
be immensely successful, and the APWG now has over 1500 member
companies and government agencies.
In 2003, phishing attacks spread from attacks against eBay and
PayPal customers to a wave of coordinated attacks against the custom-
ers of Australian financial institutions. In the summer of 2003, these
attacks were then aimed against customers of UK financial institutions
and in late 2003 US banking customers began to be targeted.
This global pattern indicated that cyber criminals were becoming
just as organized as traditional crime gangs. They were testing new
techniques in smaller markets like Australia, where users are easily
targeted by both their network address and because there are a smaller
number of financial institutions. The model was then perfected and ex-
panded in the UK, where there were still a small number of institutions,
and an easily targeted customer base. The scam was then scaled up to
the US market, particularly targeting customers of the top few banks.
It became clear that one particular group could not solve the phish-
ing problem on their own. It would require cross-industry collaboration.
Thus the APWG was formed.
As phishing scams became ever more sophisticated and profes-
sional, members of the APWG were able to discuss the evolving tac-
tics and best practices for detecting these attacks, shutting down the
phishing sites and tracking and reducing losses. In closed-door APWG
meetings, members were able to discuss the indirect financial losses
from phishing attacks, for example the costs of call centers receiving
tens of thousands of phone calls from consumers when a major attack
was launched.
The APWG publishes monthly reports that track phishing statistics
around the globe. These statistics allowed us to see patterns where
some financial institutions would be attacked with much more inten-
sity than others. Eventually it became clear that one significant factor
in the number of attacks that an institution faced was related to how
52 www.usfst.com
Phishtales
David Jevans discusses the challenges faced in fighting the global war on phishing and crimeware during the financial crisis
EMAIL SECURITY
Jevans.indd 52 28/1/09 14:31:13
53 www.usfst.com
easily criminals could transfer funds out of compromised customer
accounts. We also began to see cross-channel fraud, where account
numbers and PINs were used to create ‘white plastic’ ATM and debit
cards. Financial institutions started to realize that the phishing prob-
lem spanned all types of fraud, and was involved in ATM, debit card,
check card, wire transfer, ACH and account opening fraud. More re-
cently we have been seeing the telephone banking channel used as an
attack vector, where phishers send out emails requesting customers to
call a fake call center, where the IVR system is used to collect account
numbers and PINs from customers without them ever having to visit a
spoofed bank website.
the cyber criminals fi ght backThrough 2005 and 2006 the security community began to develop
anti-phishing technologies and service offerings such as outsourced
takedown services to get spoofed websites shut down in a timely
fashion. The phishers responded by increasingly hosting their spoofed
websites in foreign countries, making takedowns very time consuming
and requiring foreign language skills and working around the clock to
deal with sites hosted in varying time zones.
For every defensive measure that is put in place by the industry, the
criminals react with a creative new approach to continue their fraudulent
activities. For example, the security and web browser community began
to track known phishing sites and share those web addresses as a block-
list, which would allow browsers and email servers to prevent users from
receiving known phishing emails
or visiting known phishing sites.
One of the prominent phishing
gangs, known as the ‘Rock Phish
Gang’, responded by using tens of
thousands of sub-domains on their
phishing sites, thus overwhelming
the block-lists.
Another example of escalation
in the war against cyber fraud was
the invention of fast-fl ux technol-
ogy by the leading phishing gangs.
Fast-fl ux is a DNS technique used
by botnets to hide phishing and
malware delivery sites behind an
ever-changing network of compro-
mised hosts acting as proxies. A
sophisticated type of fast-fl ux is
when multiple nodes in the fraud
network register and de-register
their addresses as part of the DNS
record list for the DNS zone. This
makes taking down phishing and
crimeware sites extremely diffi cult
as they are hosted on many ma-
chines with changing IP addresses.
The APWG and our members have
been working with ICANN, the Inter-
net Corporation for Assigned Names and Numbers, to create policies for
rapid takedowns of fraudulent domain names that are being used to host
phishing and fast-fl ux sites. This has been a multi-year effort, and there
is still much work to do with policy and education among the registrar and
registry communities.
A very disturbing trend over the last year has been the use of social
networks to spread crimeware and phishing. There have been attacks
against users of MySpace and LinkedIn that have infected tens of thou-
sands, and in some instances up to a million users in a very short time
frame. These attacks do not rely on traditional email, as they spread
inside the social networks using their internal web-based messaging
systems. This can make these attacks very diffi cult to track and profi le.
2009 and beyond We expect that the current global fi nancial crisis will continue to
give phishers new ways to create believable social engineering attacks
to steal account credentials and to spread crimeware. In the fourth
quarter of 2008 there were numerous attacks against customers of
major fi nancial institutions that were being acquired or were in the
news receiving government aide. In 2009 we can expect an increase
in money mule recruitment scams, where criminals recruit unemployed
consumers to act as online funds transfer agents, or to reship goods
that were purchased using stolen credit card numbers.
The rapid and continuous evolution and expansion of online fi nancial
fraud through phishing, crimeware and social engineering is something
that requires a coordinated global
response from the fi nancial services
industry, ISPs, security vendors,
e-commerce merchants and law
enforcement agencies. The APWG
and our members have been work-
ing to expand our systems and tools
for secure collaboration and data
sharing. We have facilitated the
sharing of phishing site URLs be-
tween members, and are expanding
this to allow fi nancial institutions
and security researchers to share
information about fraudulent web-
sites and IP addresses of known and
suspected cyber criminals.
In these challenging fi nancial
times, its more important than ever
for the fi nancial services industry,
the security industry, ISPs and
law enforcement to work together
to share information and pool our
resources to keep our customers
safe, and to secure our assets.
Come and join us.
53 www.usfst.com
David Jevans is the chairman of the Anti-Phishing Working Group. For more information please visit www.antiphishing.org
Over the last several years we have seen phishing be
augmented by the spread of malicious software that is
designed to steal online account credentials. This malicious
software that is designed for electronic crime has been dubbed
‘crimeware’. The crimeware wave seems to have started in Brazil
in the 2003 timeframe, and has naturally spread around the
world. Crimeware variants are merged with remotely controlled
malicious software to create networks of hundreds of thousands
of compromised home computers (botnets) that are used by cyber
criminals to launch phishing, crimeware and spam attacks. The
botnet explosion since 2006 seems to have infected millions of
personal computers around the world that are being used by criminals
without the knowledge of the person who owns the computer.
Recent activity in the crimeware landscape is the evolution of
targeted crimeware that is designed to get onto the computer of a
targeted employee in a large corporation or government agency. Once
that person’s computer is infected, the criminals can upgrade the
crimeware to add new functionality to compromise other computers,
steal intellectual property, create backdoor access paths into the
corporate network, or even to run customized software to generate
transactions inside the company network. This represents the
ultimate professionalism of the cyber crime industry, where crime
gangs are plotting these attacks for many months, and using highly
sophisticated crimeware and targeted social engineering to get this
crimeware into corporate networks. We call this ‘spear phishing’.
CRiMeWaRe esCalatiON
Jevans.indd 53 28/1/09 14:31:14
More than 100 million individuals in the United States
today are considered unbanked, underbanked or
credit underserved. These people have no bank
accounts or far fewer accounts than the average
American. While the US economy is caught up in the
current worldwide credit crisis and recession, some important ques-
tions arise: Are bankers even thinking about the underbanked?
And why should they?
Underbanked consumers have traditionally
relied heavily on a cash-based economy or
alternative, nonbank providers of financial
services to conduct their financial transac-
tions, which are profiting nicely from these
relationships. Traditional financial ser-
vices institutions (FSIs) could be on the
profit side of the equation, but to emerge
from the current credit crisis, they will
need to create the right products and
tools for financially underserved
consumers. For the most part, exist-
ing bank products, including loan
underwriting processes, do not
meet the needs of underbanked
consumers and were not built
with them in mind.
This population typically falls
into one of three categories related
to credit:
• No hits. These individuals have
no record at traditional credit
reporting agencies such as Equi-
fax, Experian and TransUnion.
Approximately 20 million people in
the US are in this group. Without a
record at a credit reporting agency,
they will nearly always be declined
credit by a bank, thrift or credit union
and often will be unable to open a
demand deposit account (DDA) or savings
account.
• Unscorable. The unscorable population includes people with ‘thin’
credit files containing little or no credit history or payment data.
Again, lenders won’t have enough data to score their credit worthi-
ness and/or make a lending decision. Consumers with thin credit
files include young people who have not had time to build a credit
history, recent immigrants who have been in the US only a short
time, and others who are undergoing a life change, such as losing a
spouse whose credit history was tied to theirs.
• Subprime. For each type of loan product, the exact definition of
subprime will vary. In general, the subprime category includes
consumers with unfavorable credit history based on credit bureau
reports. More Americans are falling into this category because of
their delinquent or unpaid credit balances, overextension of credit,
and extreme factors such as defaulted loan accounts and loan fore-
closures, and because bankruptcy is becoming more prevalent.
The regulators and the underbankedIn 1977, the US Congress enacted the Community Reinvestment Act
(CRA) to ensure that banks serve a greater portion of the population.
The intent of the act is to encourage depository institutions to help
meet the credit needs of the communities in which they operate, includ-
ing low- and moderate-income neighborhoods. CRA does not require
institutions to make high-risk loans that will jeopardize their safety.
Today, some would argue that subprime borrowers who benefited
by receiving mortgages from lenders struggling to meet CRA objectives
contributed to the mortgage crisis. However, a study released by the
University of North Carolina at Chapel Hill’s Center for Community Capi-
tal on default rates among low-income and minority homebuyers notes,
“Risky mortgage products, not risky borrowers, are the root cause of
the mortgage default crisis.” The study shows that mortgage borrowers
with similar risk characteristics defaulted at much higher rates if they
took subprime mortgages than if they took loans made under the aus-
pices of CRA. Although not all consumers can afford a home, the actual
mortgage product, features and underwriting guidelines are more the
cause of the default than is the risk profile of borrower.
Banks may be missing an opportunity to serve and profit from the
underbanked markets, but consumers are not going completely without
financial services. Nonbank financial service centers (FSCs) and com-
munity financial centers (CFCs) operate nationwide in around 20,000
physical locations today. Financial Service Centers of America (FiSCA), a
trade association of nonbank FSCs, estimates that 30 million customers
are being served annually through 350 million transactions represent-
ing more than $106 billion in various products and services.
According to a 2007 FiSCA key member survey, some notable
volume estimates for products and services purchased at the associa-
Going underTowerGroup’s Bobbi Britting discusses how financial instutions need to serve the underbanked market during the credit crisis
54 www.usfst.com
ANALYSIS
BRITING.indd 54 28/1/09 16:38:10
55www.usfst.com
tion’s member organizations included 137 million checks cashed, for
$56 billion; 86 million money orders sold, with a value of $17.6 billion;
2.8 million prepaid value cards sold and $5.4 billion transferred to the
cards; 32 million payday advances for a total of $13.2 billion; and 21 mil-
lion wire remittances, with a value of $8.3 billion.
Check-cashing services and payday loans
for small dollar amounts may represent the most
abusive services to the unbanked and are the ones
banking institutions have the greatest opportu-
nity to disrupt. Numerous sources estimate total
payday lending loans at approximately $40 billion
annually. Although loan amounts range from $100
to $1500, the average is just over $400 for the 100
million loans made annually.
How banks can compete for the underserved market
Traditional FSIs need to rethink strategies for
attracting underbanked and credit underserved
populations to compete with these other organiza-
tions. Accessing current practices and realigning their offerings with the
needs and desires of the underbanked and credit underserved markets
will be critical to garnering profitable market share.
To aid in reaching the underbanked, traditional credit reporting
agencies are now providing a variety of risk models using nontra-
ditional data to score no hits and previously unscorable files. New
products typically try to emulate the efforts of traditional scoring
models by rank ordering risk of an applicant, thus offering the ability
to evaluate additional credit applications and increase the lendable
population as well as support lenders’ CRA initiatives and efforts to
serve underbanked consumers.
In addition, a number of nontraditional
providers have entered the market with new
scoring products using nontraditional credit
data to bring new risk management insights
to FSIs. The products offered by both tradi-
tional and nontraditional risk management
providers, are highlighted in Figures 1 and 2.
To compete with nonbanks, traditional
FSIs will need to expand their products’ fea-
tures and offer attractive intangible benefits
to underbanked consumers. This population
needs products and services tailored to their
unique needs, preferences and economic
circumstances rather than ‘stripped-down’
versions of those designed for more affluent
consumers.
The volume of services being provided to underbanked consum-
ers proves the market need, but some important features are typically
missing from traditional FSI product offerings. Underbanked consum-
ers need product features at no or low costs that help them avoid
heavy expenses involved with financial transactions. These include
access to small-dollar, short-term, unsecured credit; ability to build
or rehabilitate credit histories; ability to transact in the internet
FIG 1: Underbanked rIsk manaGemenT prodUcTs and servIces From TradITIonal provIders
vendor prodUcT name parTner addITIonal daTa provIded
Equifax MarketMax LexisNexis
Experian Emerging Credit Score eBureauLLC
Fair Isaac Expansion Score
First American Anthem Score NA
TransUnion Link2Credit
Uses Equifax data as well as LexisNexis on rent utilities, negative information, etc. Score
range is 501-900.
Uses Experian trade and public record data combined with alternative data sets such
as internet catalog and direct mail sales, property and asset information, and utility and
telecom information. Score range is 100-999.
Numerous
data and
distribution
partners
Designed to score ‘not hits’ and ‘unscorable’ records. Rank orders risk incorporating
alternative data such debit, membership, utility, bill payment and public record data and
property and asset information. Score range is 300-850.
For use mainly in mortgage lending, utilizes alternative data such as for payment of
rent, insurance and utilities.
L2C (Thin File
Model)
Combines TransUnion data with L2C data such as that on payday loans, rent, and cellular
and utility payments. Score range is 1-999.
Source: TowerGroup review of the companies
nonbank Fscs serve
30 million customers annually
BRITING.indd 55 28/1/09 16:38:11
56 www.usfst.com
and culture. Many underbanked consumers consider confidentiality
extremely important, possibly because of a previous negative expe-
rience with a bank. Easy access to FSIs’ locations in neighborhoods
where consumers live and work and offices that are open at times
allowing for nontraditional work schedules are also vital. To succeed
in reaching underbanked consumers, FSIs need to provide services in
the languages they speak as well as in English.
ConclusionUnderbanked and credit underserved consumers form a large
portion of the US population, and although the world focuses on FSIs
struggling through the credit crisis, innovative institutions will likely
be positioning themselves to create new products and serve a greater
portion of the population. They will make a full-scale evaluation of the
market and address its unique needs where they operate. For lending
transactions, a number of risk tools using alternative data elements
not previously available for credit evaluation purposes can help FSIs
ascertain the credit worthiness of credit underserved consumers.
They also will be able to consider other aspects to attract this popula-
tion, including office locations and hours, language barriers, market-
ing, account documentation and cultural traditions. n
(noncash) economy; immediate liquidity for paper checks, including
shortening or eliminating hold periods; ability to pay bills at the last
minute to avoid late fees and overdraft fees; wire transfer services;
and low-balance checking and savings accounts with no or very low
fees. Another feature not offered by or thought about at most main-
stream FSIs is the ability to accept alternate forms of identification
that are compliant with the USA PATRIOT Act, such as the Mexican
Matricula Consular Card or the Guatemalan Consular ID card.
As important as responding to unique product needs of the vast
array of underbanked consumers is understanding other intangible
characteristics of the market and meeting those needs as well. Fac-
tors include trust, which requires banks to show respect for the
customer while offering acceptance and understanding of customs
This article is based on research by the consumer lending service at TowerGroup, a leading research and advisory services firm focused exclusively on the global financial services industry. To learn more please contact [email protected]
FIG 2: New rIsk maNaGemeNt produCts aNd servICes For the uNderbaNked
LexisNexis RiskView
ID Insights Safe2Change Address change verification and compliance with Red Flags Rules.
ID Analytics Credit Optics ID verification, fraud, Red Flags analysis. Offers visibility into the stability of an individual by
Examining changes to identity and credit risk over time.
NA
CBC Innovis NA Fourth credit bureau.
Payment Reporting
Builds Credit
(PRBC)
Additional tools and data for the underbanked, fraud and identification that are not available through
the bureaus: Alternative data can include information from private and public records, utility
companies’ payments data, bankruptcies and liens and licensing information.
Early Warning
Services (EWS)Industry co-operative focused on fraud management, including internal and employee theft
identification.
PRBC Reports Consumer credit reports incorporating self-reported and third-party-verified data on rent, mortgage,
mobile home payments, utilities, and insurance and bill payment data from FSI bill pay services,
money service providers, and lenders. Also PRBC report with FICO Expansion Score.
Bill Payment Score
(BPS)BPS takes a time-series bill payment history using a weighted scorecard.
Score range is 100-1000.
veNdor produCt Name addItIoNal data provIded
“underbanked and credit underserved consumers
form a large portion of the us population”
BRITING.indd 56 28/1/09 16:40:43
CheckScanning Ad_OL.indd 71 28/1/09 08:38:42
58 www.usfst.com
In less than two years, the nation’s major wire transfer systems,
the Fedwire Funds Service and CHIPS, are set to deliver signifi -
cant new functionality that will streamline the wire transfer pro-
cess for corporations.
By the end of 2010, US dollar wire transfer systems will
be upgraded to allow invoice and other business remittance
information to fl ow along with wire transfer payments, a signifi cant
improvement that will enable corporate customers to reconcile their
payments with much greater effi ciency. This will save corporations
time and money by eliminating the source of confusion about why a
wire transfer was sent.
The business challengePayments professionals at US corporations have expressed
frustration for years about their inability to apply wire payments to
appropriate accounts/bills because wire payments arrive with lim-
ited remittance information. For corporations, there simply wasn’t
The road ahead
Hank Farrar and Lauren Hargraves explain how the Federal Reserve Banks and The Clearing House are creating value for banks and their corporate clients
suffi cient space or structure in a wire transfer message to carry the
necessary information. At the prompting of these professionals, the
Federal Reserve Banks and The Clearing House worked with fi nancial
institutions, global payments systems operators, corporations and
software companies over the past two years to create this much-
desired enhancement.
The Federal Reserve Banks and The Clearing House worked to-
gether with the Association for Financial Professionals (AFP), a leading
trade association for treasury management professionals, to verify
and better understand the demand for an expanded wire transfer mes-
sage that could carry standard business remittance information, such
as invoice numbers.
The Federal Reserve Banks and The Clearing House validated
demand for this enhancement through a joint research project. Together,
they retained Granite Research Consulting and conducted a nationwide
study from February to August 2006. A total of 381 questionnaires were
completed by companies that sent and/or received at least 10 wire pay-
ments in 12 months and had annual revenues of at least $5 million. As a
follow-up, eight focus groups were held in Dallas, San Francisco, Chicago
and New York to solicit further comment and insight from corporations.
The fi ndings, contained in the October 2006 report Business-to-
Business Wire Transfer Payments: Customer Preferences and Opportu-
nities for Financial Institutions, included the following:
PAYMENTS
greg baradi.indd 58 28/1/09 15:46:54
59www.usfst.com
• A consensus exists among users of wire payments that there is a need
to create a common standard for sending and receiving remittance
information with the wire payment.
• 94 percent of corporate respondents said it is ‘valuable’ to include re-
mittance information with the wire payment; 65 percent said it is ‘very
valuable’ and they are willing to pay for capabilities that streamline
their operations.
• Corporations say that more than 80 percent of their payments (by
volume) are still made by check, in part due to the availability of remit-
tance information on the check stub.
• Most accounting and bank-provided cash management systems do
not work together, making process automation and straight-though
processing of wire transfer payments difficult to achieve today.
In addition to the joint research, the Federal
Reserve Banks sought feedback in through a web-
based survey sent to thousands of banks that use
the Fedwire Funds Service. The Federal Reserve
Banks reviewed 366 responses from a variety of
users, in a wide range of user categories, includ-
ing high volume users, low volume users, domes-
tically focused users, internationally focused
users, browser-connected users, and computer
interface-connected users.
The results of the survey demonstrated that
banks understand and support the need for this en-
hancement. By a substantial margin, the number of
respondents who were ‘very interested’ or ‘some-
what interested’ in adding business remittance to
a wire transfer message outnumbered those who were ‘not interested’
across every user category that the Federal Reserve Banks analyzed.
New process will bring substantial benefitsThe inclusion of business remittance information with wire transfer
payments is a significant improvement with the potential to save time
and money for corporate users by reducing or eliminating the need to
research incoming wire transfer payments. A 2005 AFP survey found
that corporations typically need to research 17 percent of incoming wire
transfers at an average research cost of $35 and approximately 30 min-
utes of staff time per wire.
The enhancement planned for the Fedwire Funds Service and CHIPS
at year-end 2010 will provide the tools for corporations to reduce or elim-
inate the need to research wire transfers because these payments will
have sufficient information for a corporation to apply these payments
to their accounts receivables systems. Small and large firms alike will
benefit from this change, but IT-savvy corporations have the potential to
benefit the most – they will be able to automate the entire wire transfer
process, if they so desire.
The process improvements will result in substantial benefits. No
longer will corporations incur the time and expense of follow-up phone
calls and emails to match invoice and other key information with wire
payments. For corporations, that means a significant cost reduction
in managing wire transfers. For banks, it means one of their most es-
sential payments products will be even more valuable to their best
corporate clients.
To facilitate adoption of this change, the Federal Reserve Banks
and The Clearing House are enlisting the support of banks, corporations
and technology providers to adapt their processes for the new message
format. As part of the initiative, the Federal Reserve Banks and The
Clearing House are engaging high-value payment system operators from
around the globe to discuss interoperability and global compatibility.
BanksTo take advantage of the opportunity to send remittance informa-
tion with wire transfer payments, banks need to engage with their cor-
porate clients to understand better how customers intend to use these
messages. Banks can make this transition smoother – and perhaps
get an edge on their competition – by increas-
ing staff awareness and understanding of this
enhancement.
CorporationsFor their part, corporations need to engage
with their banks to understand the type of
interfaces to be supported – XML, EDI, and
SWIFT, among others. Corporations should
review how they use their treasury worksta-
tions, cash management software, and en-
terprise resource planning (ERP) software for
these types of wire transfer messages. They
should also work with the providers of these
products to identify, plan for, and implement
the IT changes that will support this initiative.
Corporations looking for ways to ease the transition of paper-
based to electronic payments should evaluate the role that new wire
transfer capabilities could play in that transition. From prior research,
it is known that there are a small percentage of checks that are rela-
tively high dollar, high importance, or time sensitive that continue to
be written in part due to the availability of remittance information on
the check stub. With upcoming enhancements to the US dollar wire
transfer systems, there may be opportunities to improve efficiencies
of some paper-based payments.
Technology providersFinally, technology providers need to identify their bank and corpo-
rate clients that will be affected by these changes, so that the required
functionality is delivered on time.
After many years of discussion and planning, a new era of effi-
ciency is arriving for wire transfer payments. By continuing to work
in the spirit of cooperation, banks, corporations, and technology
providers can realize even more value from the nation’s two major
wire transfer systems. n
Lauren Hargraves is Senior Vice President, Wholesale Product Office, Federal Reserve Bank of New York.. Hank Farrar is Senior Vice President of The Clearing House, responsible for CHIPS.
94% say it is valuable
to include remittance information with wire payments
greg baradi.indd 59 28/1/09 15:46:55
60 www.usfst.com
Consider the facts. According to a 2008 Osterman
Research survey, 100 percent of organizations have
deployed anti-virus capabilities, 99 percent have
deployed anti-spam capabilities and 96 percent have
deployed anti-spyware capabilities.
However, even using a fairly broad interpreta-
tion of data loss prevention (DLP) capabilities, which would include
products that do not provide true DLP functionality, only 49 percent
of organizations have deployed these capabilities. Any organiza-
tion should deploy DLP capabilities, but none more so than the
financial services industry.
Clearly, this data suggests that organizations of all sizes are
well aware of the need to monitor their inbound communica-
tions for spam and malware. However, they are not nearly as
aware of the need to monitor outbound communications, or
they are not taking the threat as seriously as they should.
This, despite the fact that 27 percent of organizations
in the same survey reported that during the previous
12 months data or information was accidentally or
malicously leaked from their organization.
Given the tight regulation of the financial
services industry relative to most others,
coupled with the increased level of
oversight and compliance that will be
required of firms in the financial ser-
vices space in 2009 and beyond, DLP
is not simply an option – it is a busi-
ness requirement.
Knowing the risksOne of the key reasons
that organizations have not
yet deployed DLP systems is
that many decision makers
are simply not aware of the
potential risks they face,
nor might they be aware of
the data breach examples
in their own industries. For
example:
• Employees will often accidentally
send confidential data in an email
– such as credit card numbers, Social Security numbers or other
confidential information – without realizing that the data needs to
be encrypted during transmission.
• There are many cases in which confidential data, un-
beknownst to the sender, is buried in an email
thread that is forwarded to others.
• Email is sometimes sent to the wrong person,
often resulting in the leak of confidential in-
formation.
• Some employees will send confidential data
via personal webmail accounts to others or
to themselves to avoid file size limitations on
attachments or so that they can work on docu-
ments at home.
• Web 2.0 applications represent a significant
potential for data loss. For example, MySpace,
Facebook and other social networking sites have
been on the receiving end of healthcare-related
data. Hidden malware installed on
endpoints has harvested
personal information
like credit card numbers
and quietly uploaded this
content via HTTP/HTTPS.
Serious breachesData breaches are becoming
more numerous and more serious.
For example, the Privacy Rights
Clearinghouse has tracked data
breaches since early 2005 and
has recorded many examples in
which data breaches were caused by
emails sent mistakenly; cases in which
laptops, CD-ROMs and backup tapes
with confidential data were lost or stolen;
employees discarding printed content in
dumpsters or at the curb for trash pickup; and
many other instances in which sensitive data
was compromised.
There are many risks that organizations know about and
often do not address, such as employees who use corporate email
systems in violation of stated policies or who use personal webmail ac-
DATA LOSS
No time to loseData loss is an often overlooked issue that needs to be tackled immediately, says Michael Osterman
Osterman.indd 60 28/1/09 15:51:20
61 www.usfst.com
counts to send company data home – a 2007 Osterman Research survey
found that 47 percent of organization allow employees to use personal
webmail for business purposes. There are also a variety of unknown
risks, such as keystroke loggers that can infect corporate computers and
distribute confi dential data to hackers and others.
It is also important to distinguish between authorized and unau-
thorized data breaches. For example, an employee who is authorized to
place information on a company website or a corporate wiki can mistak-
enly post confi dential information. By contrast, a terminated employee
who is no longer authorized to send email can still use the system to
send trade secrets to competitors or others until their access creden-
tials are removed. Whether inadvertent or intentional, the damage
caused by such breaches can be enormous.
There are many tools and systems from which confi dential or sen-
sitive information can be sent in violation of corporate policy, including
corporate email systems, employees’ home computers, consumer and
enterprise instant messaging systems, personal webmail accounts
used at work, thumbdrives and other portable storage devices, social
networking tools, other web 2.0 applications, including wikis and
blogs, fi le transfer protocol (FTP) tools, chat tools, Skype and other
consumer-oriented VoIP tools, peer-to-peer fi le-sharing tools and mes-
sage boards and forums.
As a result, there are a large number of data sources and communi-
cations tools that organizations must monitor closely in order to protect
corporate data from accidental or unauthorized distribution, although
email and instant message are clearly the most important channels to
monitor given their pervasive and much more frequent use by employ-
ees than most other tools.
Potential problemsData breaches can be very expensive: for example, an Osterman
Research survey found that if a data breach were to occur in which dis-
closure of the breach would have to be made to customers and other
external contacts, nearly two-thirds of organizations estimated that
a single such breach would cost their organization at least $100,000,
not to mention other operational costs, damage to their brand and
other problems.
Organizations that do not properly address DLP can suffer a vari-
ety of problems, including:
• Loss of intellectual property
• Loss of reputation
• Harmful legal judgments
• Compromise of corporate security
• Violation of statutes and compliance requirements
California’s SB1386 (the Database Security Breach Notifi cation
Act) is a far reaching law that requires any holder of personal informa-
tion about a California resident to notify each resident whose infor-
mation may have been compromised in some way. This requirement
makes it important to retain and transmit records in an encrypted
form, since doing so exempts an organization from the reporting re-
quirement in the event of a breach.
Since California passed its groundbreaking data breach notifi ca-
tion law, most other US states have passed similar laws. For example,
Nevada put into effect a law (NRS 597.970) on October 1, 2008 that
that requires protection of confi dential information. Massachusetts
has passed a similar, but more restrictive law that went into effect on
January 1, 2009.
Osterman Research believes that most organizations are waking
up to the fact that they need to implement DLP capabilities. For exam-
ple, a survey that Osterman Research conducted in 2008 found that
53 percent of mid-sized and large organizations in North America will
very likely invest in DLP capabilities through the fi rst quarter of 2009.
Further, the same survey found that 68 percent of organizations plan
to have some of DLP capability in place by the end of 2009.
Michael Osterman is President of Osterman Research, a leading analyst fi rm in the messaging and collaboration space.
WHAT CAN BE DONE?
There are a number of steps that organizations should undertake
as they attempt to prevent data leaks in their organizations:
The fi rst step that decision makers may want to take to solve the
data breach problem is to audit the current state of electronic
communication and fi le management in the organization. Doing
so will reveal the extent of the risks that an organization faces
and will help to make real the problem to IT management,
as well as senior line-of-business decision makers. In many
cases, this will help an organization to realize that the risks
and problems it faces are not merely a potential, theoretical
problem, but are instead a real and present business danger
that it must address. While this is not always a necessary
step given the abundance of evidence that exists for the data
breach problem, it may be required by some organizations in
order to convince senior managers of the extent of their own
organization’s problems.
After the audit has been completed and digested by senior
managers, an organization should establish very detailed
and thorough corporate policies that focus on all of the
issues related to the use of electronic communication and fi le
management capabilities.
Develop country-specifi c requirements, since organizations
must understand any regulations that govern monitoring
polices, particularly in countries that place restrictions on how
monitoring practices may be carried out.
The next step is to deploy the technologies that will enforce
the corporate policies that have been established. While policies
are necessary to establish what an organization needs to
protect, they will be ineffective at solving all of the data breach
problems an organization might experience.
?
Osterman.indd 61 28/1/09 15:51:20
Risk managers have found themselves in
a tailspin formuch of the last 18months.
While not exactly forgotten, it’s fair to say
that risks beyond market risk are now much
more clearly in focus than they were before the
financial crisis began.
Banks’willingness to lend toborrowerswith
lower credit quality and buy into securitizations
of this credit risk, alongside inadequate borrow-
er documentationanddatamanagement are ex-
emplars of the credit risk and operational risk
management challenges that lay at the heart of
the US subprimemortgage crisis.
We’ve also witnessed numerous examples
of how one form of risk can quickly transform
into another. For example, how:
• Heightenedmarket risk can prompt poor op-
erational risk to accentuate credit risk. Just
think about the several headline-grabbing
instances when financial and corporate
treasury groups have found themselves
nursing huge losses, as extreme market
volatility has exposed unauthorized deriva-
tives trading activity.
• Concern about credit risk can lead to greater
market risk, and vice versa. Hedge funds, for
instance, have sufferedasheightenedmarket
risk prompts investment strategies to unrav-
el, prime brokers to reel in credit and in-
vestors to scramble for the exits. Similarly,
this de-leveraging has amplified market
volatility and stressed liquidity further, and so
the cycle continues.
Regulators and politicians are understand-
ably focusing a lot of their attention on the key
roles that regulation, executive compensation
and government-induced moral hazard have
played in creating and exacerbating the crisis.
Perhaps equally significant is the role of risk
management. It could be argued that the sever-
ity of the US subprime crisis – one of the initial
catalysts of our current financial woes – might
have been lessened if banks hadbetter appreci-
ated that lax operational processeswere expos-
ing them tomuchmore credit risk thanmight be
apparent. It has therefore become abundantly
clear that to be measured and managed effec-
tively, market, credit and operational risksmust
be dealt with in a holistic manner.
But as somefirmsmayhave alsodiscovered
during the financial crisis, market stress can ex-
pose shortcomings in trading and risk manage-
ment approaches and solutions that, although
effective in someways, are not truly integrated.
The value proposition of truly integrated
and extensible risk management technologies
such as those created by leading New York-
based vendor, OpenLink, has never been more
compelling. OpenLink’s Findur and Endur solu-
tionsare targetedatfinancial capitalmarketsand
energy markets participants, respectively. Both
are built upon the same core architecture and
functionality and allow users to manage the en-
tire lifecycle of a trade: from deal entry right
through to settlement and accounting.
There is a definite industry-wide desire to
improve risk management. According to an
American Banker/Greenwich Associates
Executive Forum, 52percent of participants said
that their company had plans to improve their
operational riskmanagement effort, and57per-
cent of these said they would do so by mid-
2009. From OpenLink’s perspective, we’ve wit-
nessed a definite upswing in end-user interest
in making greater use of workflow functionality
and our solution’s collateralmanagement capa-
bilities – especially in light of the emergent dy-
namic policies and processes that have
developed in the current market environment.
Usingoureasy-to-implement ‘point-and-click’
interface, exceptions-based management is
straightforward–hopefullyenablingusers topre-
ventunauthorized tradingactivity fromescalating
intoamajorexposure,by triggeringadditional lev-
els of review prior to automatic confirmation and
settlementwhenuser-defined triggers are hit.
We believe that this kind of functionality is
liberating. It empowers clients to dynamically
implement their own business controls and
monitoring processes and not be constrained,
as has oftenbeen the case, by a technology that
assumes standard trade processing. Echoing
our earlier discussion of the transformation and
overlapof risks, user-definedworkflows canalso
be a powerful tool to deploy at the intersection
of operational and credit risk. Rules could, for
example, be set up so that a particularworkflow
is invoked when the credit rating of a specific
counterparty is changed or put under review.
The failureofmajorderivativecounterparties
and heightened systemic counterparty credit risk
concerns are naturally leading to increased inter-
est inmeasures that lookat thesensitivityof cred-
it exposures tomarket rates and thedownstream
impacts of credit andmarket events on liquidity.
Recognition of the imperative to fold collateral
management into an overall risk management
framework is growing too.
These developments and recentmarket ex-
perience have demonstrated beyond a doubt
that effective risk management can only be
achieved when you have a truly integrated and
adaptable system in place. �
An integrated approach
62 www.usfst.com
Ken Knowles of OpenLink explains how a unified future may be the best thing forbetter credit and operational risk management
INDUSTRY INSIGHT
Ken Knowles, EVP, Risk Management and Analytics, has fullresponsibility for the risk and analytic elements of OpenLink’ssolution sets. These include the management and oversight of amulti-functional team of developers, consultants, and Ph.D’s.
Openlink ED:25JUNE 28/1/09 16:17 Page 62
Mastercard.indd 102 28/1/09 08:39:49
Let me start off by talking about the operational risk model that we
have for the bank. Within Bank of America we have three lines of
defense. The first line of defense is that risk management is every-
one’s responsibility.
The second line of defense is comprised of operational risk and com-
pliance that builds the enterprise risk program and works with the first line
to implement those risk management practices. They work with the indi-
vidual lines of businesses to look for deficiencies and control risk and also
look at emerging risk. This line reports to the enterprise risk function and
to the risk officer.
The third line of defense is internal audit: an independent group that
provides the oversight for the entire risk management program and as-
sesses the control environment for the bank. This line reports to the audit
committee.
My function is to build the risk governance process controls that are
aligned to the enterprise risk function. What risk management means to
me and to our business is fundamentally to make sure that we protect our
customers, that we comply with the laws and regulations and that all the
customer information is protected. We aim to ensure that as a Bank of
America customer you have a very secure environment in which to conduct
your financial business.
The need for structureWe have a very structured program around policies and procedures, the
elements within the risk and compliance program and related training. We
have certain training sessions in which all associates are required to do
some risk related training – for example, on ethics and money laundering.
We at Bank of America touch about 50 percent of the US population
in some fashion. So customer experience and customer satisfaction are
fundamental to us. We want to make sure that we care about our cus-
tomers, that we know them and act for them in everything we do. With a
model like that we have to not only look within the financial industry, we
also have to look at some of the other best practices and benchmarks that
are outstanding.
For example, Ritz-Carlton is known for their customer satisfaction, and
we do look at the level of service they provide. It doesn’t mean that we have
to operate like a hotel, but there are certain key aspects that we can learn
Challenging markets are changing the rulesof the game. By Nick Jayanetti, SVP forOperational Risk at Bank of America
LINE OF
RISK MANAGEMENT
JAYANETTI:jan09 28/01/2009 15:42 Page 64
from a company like that in servicing and how we could deal with cus-
tomers that are appealing to our clients.
During the past few years we have become increasingly customer-cen-
tric and customer-focused. If you look at most of the recent products that we’ve
come out with – for example, Keep the Change, No Fee Mortgage, Zero Dollar
Trades – they’re all based on customer feedback and aimed at providing bet-
ter solutions to our customers. We wanted to make sure that a customer who
goes through the Bank of America experience walks away delighted.
From a customer experience to an activity that a Bank of America as-
sociate performs in a backend operation, we had to make sure we had that
link. I may never interact with a customer, but the work that I do in some
form or fashion impacts the customer. Everything I do today looks at, ‘How
is my work going to impact the customer and how are we going to improve
that customer experience?’
Measuring successThere are several different measures of success. We look at customer
experience, at surveys that are conducted in industry, and then more locally
and personally there are certain performance metrics that I look for within
my group more around risk controls – the time it takes to resolve certain is-
sues and how many problems we are identifying internally.
We consider that as a success metric. If we encourage our associates
to identify problems and if we can get those problems resolved in a very
quick and efficient way, that’s a success metric that we look for. We also
look for associate satisfaction. Almost all of our associates are also cus-
tomers and we do look at associate experience, not only as a customer but
also as an associate.
In terms of possibilities for improvement, we look for some key indi-
cators and we measure that almost on a weekly basis. If you think of what
we do, we are primarily a consumer bank and we also have a lot of differ-
ent areas – for example, investment banking, commercial banking and so
on. The way each area looks at and measures customer experience could
be quite different.
Within each business there are certain indicators that we look for.
Depending on how those indicators are performing we change our ini-
tiatives, keeping in mind that by the time we see a change in an indica-
tor it may be somewhat lagging. We change the way we do things to
make sure that they are supporting a move in the right direction or a cus-
tomer expectation.
These changes can be bi-directional. We follow a top-down plan. The
CEO, Ken Lewis, has a plan for the year that encompasses his goals at a very
high level, and then each one of the businesses support those goals. For
DEFENSE
JAYANETTI:jan09 28/01/2009 15:43 Page 65
particular risk. That’s how you can insulate yourself from potential break-
downs and potential risk. Coupled with this, you need to have a program
to monitor the existing controls to make sure that the people are doing
what they’re supposed to do: monitoring the processes and making sure
that the controls are effective. If you have those two components, you
should be able to prevent 99.999 percent of risk and potential failures.
Technology advantageTechnology is the way to go to limit variation. Wherever you have peo-
ple involved, obviously there’s a lot more variation. You need to look at the
controls you have in a business and try to use technology as much as pos-
sible to monitor and assess your controls. That’s a very efficient method
and is obviously cost effective.
Of course there are areas where you don’t have the luxury of using
technology, and that’s where you’re depending on the associates or the
human element. Having the right people, providing people with the right
training and having the right oversight and a dual level of control to make
sure people are doing what they’re supposed to be doing
is the correct approach. In a way, technology is the easy
part. The real challenge comes when you are dealing with
operations in which you have a lot of associates and
you’re depending on the variation in what they do, and
then you multiply that by thousands.
It can be difficult to control risk without stifling it. If
you look at some of the risk we have today, it’s very dif-
ferent from the types of risk we had a year ago or five
years ago or 10 years ago. As technology changes, risk changes. You can
look at risk as a cat and mouse game, where you’re upgrading certain con-
trols to mitigate certain risk.
We will always need risk management. We will never be able to say,
‘I’ve mitigated all the risk and I can now sit back and relax.’ Unfortunately
that won’t be the case. It’s the nature of things; things are always going to
change.
As technology changes, as people change, as the landscape
changes, risk changes, and we have to continuously go after it. We have
to have the right people, the tools and the technology to continuously
look for emerging risk. One of the key components is to make sure that
you’re not reacting to what’s happening today but that you’re looking at
the environment and you’re looking at future trends. The differentiating
factor between a risk mindset company and one that is not would be a
company that looks for emerging risk and puts controls in place today to
mitigate future risk. n
example, the activities I carry out in my function as well as those of the as-
sociates in my group eventually support the plan for our company. It’s a
tiered approach – everything flows up. The work we do on a day-and-day
basis needs to support the overall objectives of the company.
Managing through turbulenceIn challenging times there’s a danger of becoming risk-averse. The way
I look at it, risk is something we always have to keep in the forefront of our
business. It’s not something that you need to keep changing depending
on the market commissions or the environment. You always have to make
a risk/reward tradeoff. Publicly traded companies have certain responsi-
bilities to our shareholders, and in everything we do we have to make cer-
tain risk/reward tradeoffs.
Considering the current market environment, there are certain types
of risk that you may need to pay more attention to. For example, if you look
at the current market conditions you would probably see more fraudulent
activities, so you may want to strengthen your controls in fraud detection.
Also, if you look at historically what’s
happened with the credit crunch and
the mortgage industry there are obvi-
ously lessons to be learned.
I don’t think you necessarily need
to change your risk practices, but you
may need to be more in tune with some
of you risk practices and also pay more
attention to existing controls that you
perhaps haven’t examined closely in
the past. The mortgage industry is a
good example. If you were to look at the
control environment for some of the fi-
nancial organizations that are in trouble
on the mortgage side, you would prob-
ably say, ‘We wish we had paid more at-
tention to them, from a risk perspective.
We wish we had guided and influenced
those organizations a little differently.’
Maybe this is one case where the
risk/reward tradeoff didn’t pay off. It’s not necessarily a matter of chang-
ing but paying more attention to certain controls and practices.
One of the things I’m building is proactive monitoring. With risk man-
agement, you’re trying to prevent something from occurring. If you’re very
successful at it, you prevent potential problems or breakdowns or issues. If
you have a very effective risk management program, obviously you have the
right tools, and you would have the right people looking at the right areas.
Fundamentally, you need to understand all the activities within the or-
ganization and then be able to look at those individual activities and come
up with potential failures. If you have the right people with the right risk mind-
set and then you have the people that understand the process, you can mesh
the two and say, ‘What can go wrong here? What are all the different poten-
tial failure modes?’ Based on those potential failure modes, you need to ask
yourself, ‘Do I have the right controls to mitigate those failures?’
If you do, then you need to see how effective they are. If you don’t, then
you have a potential gap and you need to build a control to mitigate that
66 www.usfst.com
“Fundamentally, you need tounderstand all the activitieswithin the organization andthen be able to look at thoseindividual activities and comeup with potential failures”
Nick Jayanetti
JAYANETTI:jan09 28/01/2009 15:41 Page 66
gdsinternational www.gdsinternational.com
Europe
Editio
n
US Editio
n
Your World. CoveredFrom the people you hire to the products you sell, if you’re in business, we’ve got it covered...
Financial ServicesTechnologyProviding for its customer’s needs anddemands is the goal of financialinstitutions now more than ever. But itis a tricky remit to fulfill. Yourcustomers want it all – security, cost-efficiency, speed, added functionalityand, most of all, convenience.
Can it be done? Read FST to find out…
Find out more: www.usfst.com Available for:US, Europe
CXOTechnology leadership is merging with strategic and financialleadership, and senior management is being called into apartnership for the future.
CXO brings together a range of voices with one sharedvision: to develop a strategy that considers business needsand technology’s role in moving your company forward.
Available for: US, Europe, Asia-Pacific
Find out more: www.cxoamerica.com
Next Generation PharmaceuticalApproximately 50% of new drug development fails in the latestages of phase 3 – while the cost of getting a drug to marketcontinues to rise.
NGP is written by pharmaceutical experts from the discovery,technology, business, outsourcing, and manufacturingsectors. It is committed to providing information for everystep of the pharmaceutical development path.
Available for: US, Europe, Asia-Pacific
Find out more: www.ngpharma.com
Business ManagementWhat business processes work? What are the proven,successful strategies for taking advantage of domestic andinternational markets?
Business Management is about real, daily managementchallenges. It is a targeted blend of leadership and learningfor key decision makers in government and privateenterprise.
Available for: US, Middle East, Russia
Find out more: www.busmanagement.com
Executive Healthcare ManagementThe healthcare industry is changing. Understanding how toimprove clinical processes, meet industry standards andmerge the maze of disparate systems is vital.
EHM combines unbiased industry news with thoughtleadership from the most respected executives in healthcare,providing a platform for strategy and learning.
Available for: US
Find out more: www.executivehm.com
HRManagementHR needs three eyes: one on the past – don’t lose sight ofthe systems that generate value; one on the present –determine if current processes are efficient; and one on thefuture – be proactive in meeting new challenges.
HRManagement concentrates on the development of HRstrategies, directions and architectures.
Available for: US, Europe
Find out more: www.hrmreport.com
Oil & GasCollaboration between Government and multinationals toensure the energy supply is developing on two fronts. O&G isthe definitive publication for stakeholders and servicecompanies to read about the regional projects, technologiesand strategies affecting their group.
At ATB Financial we have a two-pronged approach to our
overall strategy. One is that we are in the process of re-
placing our core banking application; we recently put a
deal together with SAP and are now implementing that
end-to-end across our entire enterprise. In conjunction
with that, what we want to do is replace our infrastructure
so that over the next 18 months, as we refresh, we can effectively over-
lay the SAP application so that it runs very effectively in our overall pro-
duction environment.
We’re actually in the enviable position that we’re small enough, in
comparison to the big banks, where we believe we can take out our old
application and put in the new application, and yes, there will be risks
associated with data conversion, but we actually have a pretty large team
in place focused on the areas where we think we’re going to have risk.
It’s not the technology that’s going to be difficult, it’s actually how the
people are going to associate with the data and use that technology that
is going to be the challenge for us. Ultimately, this is not an IT project, this
comes straight from our CEO that this is a business transformation pro-
ject – it’s just that the technology enables it to make the difference. This
is driven out of the business, for the business and IT will support the busi-
ness units to make it successful.
The way we look at it is that we have an architectural team that is
actively involved in the core banking transformation project and that
team is helping us define what our strategy and our direction will be ar-
chitecturally across the enterprise going forward. Given the order of
magnitude around our efforts in SAP, it only makes sense to say that if
you’re going build that solid foundation, take that and leverage it going
forward.
I firmly believe that the CIO function starts right with the core data
itself. Data is at the heart of running our business. We can have technol-
ogy challenges all we want, but if we have an issue with our customers’
data, we have a much bigger challenge inside the marketplace.
Everything is encompassed by data privacy, compliance and how we
leverage that data, what we do with it, the storage of it and so forth. The
bottom level is around the CIO’s function of how that data is distributed
and shared inside the lines of business. What’s more, research shows
68 www.usfst.com
Over the last 18 months we have become accustomed to hearing about how someof the world’s biggest banks are suffering at the hands of the economic crisis.
Perhaps then, current markets provide some opportunity for smaller organizations toshoot for the moon? ATB Financial’s VP and CTO Mike Redeker seems to thinks so
ONE SMALL STEP, ONE GIANT LEAP
TRANSFORMATION
REDEKER:25JUNE 28/01/2009 15:46 Page 68
that nearly $30 billion was spent on compliance alone back in 2000, and
that is clearly an unsustainable situation. The reason we’re seeing such
a huge spend is because of minimal efforts in the past, so a number of
my peers inside the banking industry are trying to catch up with compli-
ance and move forward.
In addition, many analysts are now predicting increased outsourc-
ing in financial services. I consider myself pretty lucky because I have a
background where I have been in the outsourcing space for the last
decade, first as a vendor with IBM Global Services and now as a cus-
tomer. Also about 10 years ago, ATB Financial outsourced a huge portion
of its operations, and we have slowly but surely brought services back
in-house. Outsourcing provides a lot of benefits to our organization, but
you have to look at the risk associated with that. You do lose intellectual
capital, a certain amount of control and a certain amount of the abilities
associated with ensuring you’re maintaining industry compliance. So
while I do see how outsourcing may continue to grow because of the
downturn in the economy, with people looking at it as an avenue to save
on their costs, I think that if the balance isn’t right, it just creates a sig-
nificant number of other challenges going forward.
If you outsource a number of products and services, by default you
lose that intellectual capital and you’re not going to be any different from
anybody else. However, if you maintain that intellectual capital it allows
you to be flexible, innovative and provide products and services that your
competition doesn’t bring to the table. That’s what makes us different. n
69www.usfst.com
It sounds so simple, so why do so many IT projects fail?
Mike Redeker. I think a large number of IT projects fail
because nobody really wants to say no. If you look at most
of the successful IT projects, it’s because there’s a
governance model in place with leadership inside the
organization that is willing to say, ‘No, this is the box we’ve
agreed to build within, and that’s what we’re going to go
forward with.’
The harsh reality is that the business units often say,
‘Now that I understand what that box looks like, I actually
want it to be bigger’. And if you’re not careful, you
allow that project to get bigger and you end up
tripping over yourself.
How do you stop that from happening?
MR. In my mind its about leadership and it’s about
communication. That’s leadership from the
perspective that says, ‘We need to manage this as a
collective leadership team inside that bank’; that says,
‘We’ve got to manage it to ensures success’.
It’s also about building a collaborative relationship
with your business units and having a trusting
relationship that is committed to delivering on a
smaller scope to build a solution that meets 100
percent of the business requirements.
It is interesting then that IT leadership is clearly a
key issue. How do you achieve that business
acumen within the IT space?
MR. I think it’s about who is actually in the CIO position,
who’s in your CTO position and so forth. I’m of the opinion
that technology will always work; that’s not the issue. What
is the issue is having the right team, the right ROI and the
right relationship with the business units. If you address
those things, then you can build a collaborative relationship
with your lines of business, and then you can build a
trusting relationship that will enable you to manage the
projects to a smaller scope, delivering expectations and
addressing additional business requirements as you move
forward. It’s not about the technology; it’s about the people.
Mike Redeker is responsible for
providing IT leadership in the
areas of computing operations,
security, architecture and disaster
recovery for IT services and
communications networks, as well
as corporate project management
implementation and tracking to all
business units. He joined ATB
Financial in 2007, having
previously spent 11 years with
IBM Canada, where he focused
on delivering quality Information
Technology services within the
Financial Services Industry.
IF AT FIRST YOUDON’T SUCCEED�
According to Peter Weill in his, somesay, definitive book on the subject, ITgovernance must account for threequestions. He says, “What decisionsneed to be made? Who’s accountablefor making those decisions? How willthose decisions be made?”
“We’re actually in the enviableposition that we’re smallenough, in comparison to thebig banks, where we believe wecan take out our old applicationand put in the new application”
REDEKER:25JUNE 28/01/2009 15:46 Page 69
70 www.usfst.com
Getting startedThe good news is that financial institu-
tions should not have to start from scratch.
You should be able to leverage current pro-
grams – CIP, credit card fraud prevention, data
privacy, multi-factor authentication and online
banking, among others – to cover a significant
portion of these new requirements.
An enterprise-wide, cross-channel ap-
proach to your Identity Theft Prevention
Program will build the foundation for a sound
program. We expect compliance will evolve
as this new regulation is further defined. n
to protect customer information. A smart ap-
proach is to look at each and every service
provider and determine how much data they
handle and any points of weakness. Audit
your service providers to determine whether
they have policies and procedures to ad-
equately guard against identity theft.
If any service providers are not willing
to share their Identity Theft Red Flags Rule
program information, or if their programs
fall considerably short of your requirements,
begin formal discussions about your pro-
gram requirements and how that impacts
your vendor selection. Be sure to document
these conversations.
Initial examinationsEarly reviews are likely to seek evidence
of evolutionary progress toward a compre-
hensive program rather than a completed
program. Initially, most examiners will want
to see that you conducted an enterprise-
wide risk assessment, developed a written
program, obtained board approval and
completed sufficient training to implement
an effective program.
Document all conversations and efforts
pertaining to your program: project plans, risk
assessments, meeting minutes, departmental
procedures, training materials, documenta-
tion of training, board minutes, service pro-
vider contracts, etc. Some of our clients create
a book for examiners that is very much like a
training manual you would give to a new hire.
By compiling this information into a single
document, you can provide your examiners a
tangible guide that walks them through your
program and leaves little to question.
Most financial institutions are regu-
lated by federal functional regula-
tors and are therefore still subject
to the original November 1, 2008, deadline.
Fortunately, there are several strategies to
help ensure your organization is fully compli-
ant with the regulation when the examiners
arrive at your doorstep.
Implement a cross-channel approach
Identity theft occurs in many industries
– in any type of organization, in many depart-
ments and at any time during the customer
lifecycle. In fact, fraud, and identity theft in
particular, often involve multiple channels.
This helps explain why a cross-channel ap-
proach is expected. For example, addressing
identity fraud only in internet banking may
fail to address identity theft in credit card
fraud or mortgage fraud.
Compliance with the Identity Theft Red
Flags regulation should involve looking across
your entire organization and bringing together
efforts to mitigate risk. A cross-channel ap-
proach should help drive programs at your
institution to better protect the customer and
ultimately lead to lower risk for the organiza-
tion – which is simply good business.
Review Even if you outsource your operations to
one or more service providers, you remain
ultimately responsible for compliance with
the rules.
Service providers often have access to
your customers’ private information. This can
seriously compromise or hinder your efforts
The eleventh hour of complianceDebra Geister discusses last-minute strategies that financial institutions can follow to help ensure Identity Theft Red Flags Rule compliance
Debra Geister manages the
development of fraud prevention
and compliance solutions for the
Risk and Information Analytics
Group of LexisNexis. She spends
most of her time working with
customers to understand their
needs, challenges and business
processes. She also works with
the ABA, other industry groups
and the regulatory community.
“Fraud, and identity theft in particular, often involve multiple channels. Addressing identity fraud only in internet banking may fail to address identity theft in credit card fraud or mortgage fraud”
Choice Point Ed P70.indd 70 28/1/09 15:50:51
CHoicePoint2.indd 1 28/1/09 08:18:32
Take a look at General Electric’s company overview and you’re
faced with a rather extensive list of disciplines and work areas.
struction, energy, aviation, infrastructure and equipment, and as a main
component of GE Capital – General Electric's financing unit that serves con-
sumers, retailers and businesses around the globe – GE Commercial
Finance has assets of over $276 billion.
You have to admit, it’s a pretty impressive portfolio. Especially given
the current state of our economy. But such achievements don’t come with-
out their challenges, as CISO James Beeson is only too aware of: “It’s cer-
tainly a big stumbling block if we have a major breach somewhere. For a
company like GE that trust and reputation is absolutely critical. We’ve got
one of the best known brand names in the world and the last thing we want
to do is harm that reputation. Building trust is a big piece of that.”
Do you think that it’s your role to bring in new technology ap-
proaches and do you ever look outside of banking’s four walls for
best practices?
I would argue that our job is to enable the business to take a risk. That re-
quires us to bring new ideas in to the business and to say to management,
‘Here’s a way that you could take a bigger risk’, and that’s a massive part
of our job to do that.
72 www.usfst.com
James Beeson of GE Commercial Finance answers our questions on riskmanagement and technology advancement, and tells us how looking at GE'sglobal set-up can provide real ROI
FEATURE
Beeson ED:25JUNE 29/1/09 09:19 Page 72
73www.usfst.com
The way we go about it is through various methods.We cer-
tainly look within the financial services arena for best practice,
but of course, beingGE,we’re part of this huge conglomeratewith
stuff in aerospace and healthcare andwe have a very diverse set
of product lines that we can look into and get best practices that
we may not otherwise have thought of using in the information
security space.
Of course, most of the things that you’re battling against in
information security are commonalities, regardless of what kind
of business you’re in. Some businesses may have more physical
threat than logical threat, but still, when youget down to it, we’re
mostly fighting the same bad guys.We look everywhere for best
practices andopportunities to collaborateon solutions thatmight
help us be more secure or improve our posture. We go out and
we look at government and do collaborative work with govern-
ment and academia to seewhat things are coming thatwemight
be able to take advantage of. We look everywhere. We leave no
stone unturned.
What lessons has GE Commercial Finance taken on during your
tenure?
There is certainlymore focusonawareness andeducation. I know
one of the things that we have found is that education is a tough
thing to sell on. We’ve learned from a lot of statistics out there
that people will click through things, and everybody certainly
does that at home: ‘Oh, I know there’s a security warning, but I
don’t care. I just want to get to whatever I want to get to.’
What we have found is that one useful way to help educate
people is to bring it closer to home, so we will have brownbag
lunches at our facilities and thedraw is ‘Comeon in andwe’ll give
you some suggestions or ideas as to how to better protect your-
self on your home PCs or protect your children on the internet.’
Amazingly enough, we get a lot more interest from people
who’ve got kids and who’ve got PCs at home who want to know
how to set up awireless network andhow to secure that network
to keep their kids from going to all the bad sites on the internet.
And even though it’s not really got anything to do with business
security per se, the fact is we’ve found that when we get them in
that mindset at home, they begin to think smarter in the work-
“The more you share and virtualize,the more risk you have as you putall your eggs in a single basket; onthe other hand, the more autonomyyou give people, the more they’relikely to bring in extra threats thatyou’re not aware of”
Beeson ED:25JUNE 28/1/09 16:24 Page 73
constantly merging, etc.? They may outsource to another third party –
how do you maintain that?
It’s a problem across all industries and there’s not a good process for
dealingwith that. Surewe can go out andwe do due diligences but as soon
as you’vedone that, tomorrow itmaynot still be theway theyhandle things.
In this day and age we can quite happily say that everybody has security
software. Yet there are still these very public security breaches. What is
missing from the overall picture? Is it the people or the processes?
It’s probably a mixture of those things. There’s no simple answer. I don’t
think there’s a silver bullet towhat’smissing. The SocGen incident is an ex-
cellent example of what has got everybody scared right now.
There, there were billions of dollars that this one individual was
able to perpetrate from within the organization and all of a sudden an-
tifraud committees across the board found some energy. I’m no expert,
but it was probably all of those things that made up that particular
issue at SocGen – and so we have to continue to look at all of them. We
have to get access controls, process controls and people controls in
place. You have to have it all.
Of course, themore complex the environment becomes and themore
bad guys come that into the environment, the harder the job is tomaintain
those controls. Currently, there’s somewhere in the region of 800,000 to a
million newpeople that comeonto the internet every day, 365 days a year,
and somepercentage of those are bad guys. And so on top of that, and the
fact that you’ve nowgot organized crime supporting these guys, all you can
do is just try to stay on top of it as best you can.
And as things like the BlackBerry and the iPhone continually pave new
consumer experiences, the demand for technological change is happen-
ing farmore rapidly thanbusinesses are comfortablewith and reacting to.
How do you as the CISO face that challenge?
While I think most CIOs are going to react by saying ‘Keep them out.
Block them. Don’t let employees have these devices’, I don’t necessar-
ily think that is the best option. While I agree that you have to take pre-
cautions to not cause a problem, I think what you really need to do is
take the other side of that and say, ‘How can we make this work to our
advantage?What new technologies can we bring?What can the suppli-
ers and vendors bring that will help us enable the business to take more
risk with these devices?’
place too. They usemore common sense around security and they tend to
then take better care of GE’s proprietary data and information.
AsCISO, there’s often a real danger of only seeing symptomsandnot caus-
es. How do you work around this?
You have to deal with both. We ‘patch’ our systems, but we don’t patch
thembased onwhat’s actually being taken advantage of but based on vul-
nerabilities.
Just because there’s a vulnerability doesn’tmean somebody’s exploit-
ing the system, and I think that’s what’s driven us into this area of treating
the symptom instead of the cause.We need to figure out how to shift that
and become more focused. That doesn’t mean we can ignore vulnerabili-
ties all together, but we do need to getmore focused onwhere the threats
are coming from.
And how do you ensure that focus and then move towards a more cause-
centric solution?
I thinkwe have to get smarter at using the tools and the information that’s
out there. There’s a huge amount of information today that companies are
getting from different sources and we don’t necessarily take advantage of
pulling that information together and putting things against that to allow
us to correlate the information andhelp us predict what’s going tohappen.
The other way is that we have to collaborate more with each other as
well as with the information that is out there. The public, private and even
the academic side of the equation need to pull together and collaborate
more.We don’t do enough of that today.
What are the greatest risks that you face from an information security
standpoint?
My spin is that education is still probably the number one risk, andmaking
sure thatusersunderstandwhat those risks look like.Wehave tospend time
and resources educating people and making sure they understand that.
Number two is the issues surrounding third parties, and asmore andmore
haveprocesses inplace thatensure these thirdparties,whoarestoring,using
andprocessing our information, are handling it appropriately.
This is an even bigger challenge given the thousands of third parties
that most big companies have. Something that I loose sleep over is how
you maintain that, in a really dynamic space, where third parties are
74 www.usfst.com
James Beeson has been with General Electric for 11 years. He started as aTechnical Services Manager in GE Capital, Vendor Financial Services, movedinto Information Security in 2000 with responsibility for Mid-Market Finance, andis now responsible for Information Security and Data Protection globally atGeneral Electric - Commercial Finance.Prior to that, he worked at Trinity Industries, Inc., a Fortune 500 Dallas based
manufacturing company, for eight years in a variety of IT leadership positions.
Beeson ED:25JUNE 28/1/09 16:24 Page 74
75www.usfst.com
We’re kidding ourselves in the business world if we don’t realize that
this generation that is coming into the workforce aren’t going to want to
use these devices. Soweneed to figure out how to enable these new tech-
nologies because we’re going down a path that would suggest that we’re
going to get to a timewhere a newemployeewill say, “I’ve already got one
or twodevices. They’remy little personal devices and I don’t want aGEma-
chine anymore. Just letme accesswhat I need to access throughwhatever
device I’m comfortable with’.
How do you balance the need for autonomy in technology solutions by
each business line with the demand and need for synergy across the
whole enterprise?
For us, we have obviously a lot of divisions or subdivisions within the
commercial finance business and I tend to frame it up in my mind as
a target.
Thequestion really is howdoyoufind the right balance between those
things and typically it’s about flexibility. You want them to be able to be
more agile andmorequickly respond to abusiness needand, again, there’s
no simple formula for what’s the right balance. You have to understand
what those business processes look like out at the front edge of the busi-
ness and understandwhat your businessmodel is.
From a security perspective there’s also two sides to the puzzle: The
more you share and virtualize, the more risk you have as you put all your
eggs in a single basket; on the other hand, the more autonomy you give
people, themore they’re likely to bring in extra threats that you’re not aware
of. You just have to find the right balance.
The key lies in sitting down with the business partners and under-
standing how, operationally, the business is run and not just having your
‘IT blinders’ on. You have to take these off and look at the business
processes and understand them from a universal perspective. �
THE GE PORTFOLIO• ENERGY INFRASTRUCTUREGE’s Energy Infrastructure segment is leading the field in
the development, implementation and improvement of
the products and technologies that harness our
resources such as wind, oil, gas and water.
• TECHNOLOGY INFRASTRUCTUREAround the world, GE is helping build the healthcare,
transportation and technology infrastructure of the new
century. Many of GE’s fastest growing businesses are in
GE's Technology Infrastructure segment.
• GE CAPITALGE Capital offers an astonishing array of products and
services aimed at enabling commercial businesses and
consumers worldwide to achieve their dreams. Services
include commercial loans, operating leases, fleet
management, financial programs, home loans, insurance,
credit cards, personal loans and other financial services.
• NBC UNIVERSALNBC Universal is one of the world’s leading media and
entertainment companies, developing, producing and
marketing film, television, news, sports and special
events to a huge global audience.
• CONSUMER & INDUSTRIALFrom the familiar light bulb to the latest advancements
in consumer technology, GE Consumer & Industrial
has a long tradition of life changing innovations that
have improved the quality of life for millions of people.
Beeson ED:25JUNE 28/1/09 16:24 Page 75
76 www.usfst.com
investment bank to another without anyone overseeing the trades.
Thus, there is no oversight to ensure that the holder of CDS has the
required financial capital to meet losses in case the underlying se-
curity defaults. In the last few years, CDS became very popular with
investment banks as an easy way to make money because in the
booming economic period that we experienced in the last decade or
so, the general perception was that big corporations and/or banks
whose credits were insured via CDS markets were unlikely to fail. No
wonder then that the CDS market has grown very fast and according
to the International Swaps and Derivative Association (ISDA), it is
worth more than $60 trillion which is approximately twice the size
of the US stock market and also dwarfs the $12 trillion US mortgage
market and the $6 trillion UStreasuries market. It is worth mention-
ing that the American Insurance Group (AIG), recently rescued by the
US Federal Reserve through a capital injection of $85bn, had written
off $450bn worth of CDS.
The current financial crisis gripping the investment indus-
try in the US and other parts of the world reminds me of
the ‘pass the parcel’ game that children play at birthday
parties. You probably know the game – a parcel is passed
around and whoever ends up with the parcel in their hands
when the music stops, wins a prize. However, in the case of the invest-
ment industry, the parcel called Credit default swaps (CDS), which
were being passed by one bank to another, contained a ticking time
bomb in the shape of contaminated assets that no bank bothered to
look at since there was plenty of money to be made from this game.
Credit default swaps provide insurance against the potential
losses on the investments in certain assets such as municipal
bonds, corporate bonds, mortgage securities, etc. CDS are similar
to taking home insurance to protect against losses from fire and
other causes. The credit default swaps market is not regulated and
as a consequence, CDS contracts can be traded or swapped by one
With its enthusiastic trade in credit default swaps, the financial industry is playing a deadly version of pass the parcel, says Sunil Poshakwale
A dangerous game
DERIVATIVES
CDS Ed P76-78.indd 76 28/1/09 16:38:32
77www.usfst.com
the quest for more profits, investment managers and traders started
to develop clever trading strategies in a bid to outsmart each other.
This led to the development of proprietary investment strategies that
became too complicated to price for rest of the market.
The vast profit potential led to excessive greed to make maximum
money in the shortest possible time. This short-termist behavior was
encouraged by the compensation packages that were available to the
investment bankers and trading community since more profits directly
translated into higher bonuses. Years of good economic conditions
with low inflation and low in-
terest rates further fueled the
growth of financial markets
and encouraged excessive
risk taking by investment
banks. Investment success
lavishly compensated by Wall
Street and in London plagued
rational decision-making.
Central bank and regula-
tory bodies have been badly
exposed in the current crisis.
To some extent the criticism
of these institutions that have
primary responsibility to reg-
ulate the banking sector and
financial market operations
is justified. In my view, regu-
lators can only effectively
regulate if they understand
what they are regulating.
Therefore, it is not a question
of more or less regulation but
rather how ‘effective’ is the
regulation. Regulatory au-
thorities allowed investment
banks to race ahead with
trading of complex products
and deals without making
sure that both the regulator
and the banks doing such
deals understood the risks
and that the counterparties
involved had the necessary
capital base to take those
risks. There is an urgent need
for governments to ensure that those who are responsible for regula-
tion are either appropriately qualified or trained so that they have a
sound understanding of the underlying risks.
One of the central tenets of the free market economy is that the
markets are generally efficient. It is believed that markets are able to
price risks appropriately and therefore reflect correctly the fair value
of assets being traded in the market. However, markets are made
up of small investors and some very large and influential investors.
Besides the CDS, the market for securitized assets such as the
Collateralized Debt Obligations (CDO) has also been growing over
the years. CDOs are attractive investments for investment banks and
hedge funds because of the high potential to make large profits, and
like CDS, markets for CDOs are unregulated. CDOs comprise a port-
folio of fixed-income assets which are divided into different tranches
based on the credit ratings of the underlying mortgages. For example,
an AAA rated CDO is considered safer compared to a BB rated CDO
because the exposure to losses is greater in the BB rated CDO com-
pared to the AAA rated CDO.
Over the years, CDOs have
become an important vehicle
for funding of fixed-income
assets. Around April 2006,
the rating agencies began to
re-rate the BB rated bonds
as they sensed that given the
higher risk, returns on these
bonds were not high enough.
As a consequence, the
spreads on mortgages began
to widen and the investors
began to leave the BB rated
bond market. Around the
same period, the subprime
residential mortgage market
in the US started to experi-
ence high defaults, which
caused lenders to become
more risk averse. The inves-
tors perceived higher risk in
holding CDO backed bonds.
Consequently, availability
of credit became scarce and
bond yields (return required
by investors from investing in
bonds) started to rise. One of
the reasons for the downfall
of Lehman Brothers was that
they had a high exposure to
the CDO market. It is estimat-
ed that Lehman’s exposure
to all outstanding corporate
CDOs is nearly 60 percent.
Many commentators and
financial experts have been blaming the derivative markets for the cur-
rent financial crisis. However, in my view, derivative products such as
options, futures, swaps and their complex combinations were primarily
invented to hedge risk. However, since most derivative instruments
principally rely on leverage, the investment industry started to use
derivatives to make money and quite rightly so. Soon the profit making
potential began to dominate the hedging motive and greed overtook
rational behavior. The results are for everyone to see. Besides this, in
2001 2002 2003 2004 2005 2006 2007 2008 2009
$890 billion
$2.1 trillion
$3.7 trillion
$8.1 trillion
$16.6 trillion
$33.4 trillion
$60.3 trillion
$52 trillion
credit default swapgrowing fast
The CDS market is worth nearly $50 trillion
CDS Ed P76-78.indd 77 28/1/09 16:38:36
78 www.usfst.com
capital to businesses. This may adversely affect new investments and
growth. The slowdown resulting from the scarce availability of capital
for businesses may lead to higher future job losses. The scarcity of fi-
nance would lead to an increase in the cost of capital, which will mean
that businesses will have to tighten their operating costs or else they
will be reporting lower future profits. Prospects of lower corporate
profits will adversely affect stock values. Thus the stock markets are
unlikely to reach the heady levels that we
have experienced in the last few years.
Large falls in the equity markets are
bad news for the average person on the
street, even if he/she had nothing to do
with the subprime mortgages. Losses
on equity investments would reduce the
value of portfolio investments held by
pension funds and this is the next problem
the governments around the world will
have to deal with. If pension funds suffer
losses on their investments then those
who are dependent on the pension income
are likely to suffer too. Many others who
may have bought additional residential
properties with an aim to use the sale
proceeds in lieu of pension income in the
next five years or so will find that they may
not be able to afford the luxurious holi-
days they had planned. Worst hit will be
those who cashed in by releasing equity
from inflated house prices since they will
find themselves with an expensive loan
that they will have to repay in case house
prices do not regain the same levels which existed before the onset of
the subprime crisis. Less credit availability will also mean a less luxuri-
ous lifestyle since people will find it difficult to borrow money to spend
on luxury goods. This may be good news since less demand will lead to
a fall in prices and those who have the cash will be able to get the best
bargains. After all ‘cash is king’ as they say. Alas, banks did not heed
this age-old advice or else we would not be in this financial mess. n
Unfortunately, the system has allowed some investment banks to
become too powerful. This in itself is a breach of the basic invest-
ment management principle which suggests that diversification is the
key to reducing risks. When some institutions and investment banks
become too influential, the systemic risk increases since they domi-
nate trading volumes and are able to manipulate the asset prices.
There would be widespread implications of the financial markets
meltdown in the US and the UK. One of
the reasons for recent takeovers (Merrill
Lynch by Bank of America in the US and
HBOS by Lloyds TSB in the UK) was that
both Merrill Lynch and HBOS would have
found it difficult to raise further capital
on their own. Both have perfectly viable
and possibly profitable businesses but
because of the credit crunch, they would
not have been able to borrow the re-
quired money from the market because
of the lower capital base caused by the
write-downs of bad assets in their bal-
ance sheets. Some European banks – for
example, Fortis in Europe, Bradford and
Bingley in the UK, Wachovia in the US
(and the list is growing every day) – have
found themselves in a similar predica-
ment. It is worth noting that collectively,
European banks together had €258bn
worth of maturing debt in 2008 alone. In
the case of HBOS, it needed to rollover
debt worth €1.6bn maturing in 2008.
Thus one of the major consequences of
the credit crunch is that the banks will have to de-leverage their
balance sheets. De-leveraging would require infusion of additional
capital so that maturing debts could be paid and debt to capital ratio
is lowered.
Second, because of the high levels of debts on banks’ balance
sheets, the shareholders will demand a higher risk premium on the
banking sector shares. It is not surprising therefore, that the banking
stocks have been the loss leaders on Wall Street and London as well
as in other markets.
Third, though bonds are considered much safer compared to
investing in equity shares because bondholders have the first claim
on a company’s assets, currently high levels of defaults on bonds
would make it very difficult for banks and corporations to raise
capital by issuing bonds. As a consequence the bond yields will
continue to rise and so will the cost of borrowing.
Fourth, the whole finance industry will shrink in size because
as the market values of overvalued assets fall, the value of capital
required to finance the new levels of investments will also have
to fall. There will be consolidation, as we are witnessing, and
fewer big players in the banking industry in future.
There are some serious implications of the credit crunch for
the real economy. To start with, there will be reduced availability of
Sunil Poshakwale is Professor of
International Finance at Cranfrield School of
Management.
CDS Ed P76-78.indd 78 28/1/09 16:38:41
Xenos.indd 63 28/1/09 08:42:00
What can you tell us about the current drivers
for NAC solutions?
SanjayBeri.New technologies are beingutilized
that enable businesses to operate differently
than they have until now. Organizations want to
take advantage of these changes to achieve a
competitive advantage, but changes can also in-
troduce risks and threats. For example, organiza-
tions want to move faster by enabling outsiders
likepartners, suppliersorcustomers toaccess the
network directly. Or they may want to allow em-
ployeeswhowork remotely to connect to thenet-
work after using their computers outside the
perimeter. Inbothcases,anorganizationcan’tpre-
dict how users will behave or know the state of
theirmachines.Youwant to takeadvantageof the
speed and flexibility technology offers, but you
have to maintain control over your critical re-
sourcesandpreventdata loss.Accesscontrol lets
you do this. This is especially important in finan-
cial services organizations, where companies
need to fiercely protect their reputation, as well
as comply with regulations and defend against
cyber terrorism. So the drivers include guest ac-
cess, insider threats, off shoring/outsourcing
and compliancemonitoring and enforcement.
How does network access control solve this
problem?
SB. Network access control solutions manage
access to thenetwork and its applications based
on user and/or device compliance against a se-
ries of enterprise-defined network and security
policies. Criteria for network and security poli-
cies include things likeuser identity, device iden-
tity, health, security state and network location.
Policies to be enforced may include users and
their devices adhering to and maintaining a
baseline of criteria definedby the enterprise and
making sure only authorized users are access-
ing networks and applications.
Furthermore, a NAC solution can ensure
that access is allowed only to authorized corpo-
rate resources, and all corporate authentication
and security policies aremet before the network
is accessedandduring thedurationof a session.
Therefore you can make sure that the account-
ing department only accesses financial records
and HR and the person the records belong to
only access records.
Do NAC solutions replace existing security so-
lutions like firewalls, VPNs and antivirus?
SB.A comprehensive access control solution ac-
tually leverages and extends existing security
solutions like firewalls and VPNs. For example,
Juniper’s Unified Access Control (UAC) solution
uses Juniper’s firewalls as enforcement points to
stop unauthorized traffic where the firewalls re-
side. Likewise, access control policies can be
shared between UAC and Juniper’s Secure
Access SSLVPN appliances to centralize provi-
sioning of access control and ensure consistent
policies for both remote and local access. This
simplifies policy development and manage-
ment, which results in cost savings.
What does Juniper’s NAC solution look like?
SB. Juniper’s Unified Access Control is com-
prised of a number of components. All access
policy is implemented by the Infranet Controller –
UAC's hardened, centralized policy server; and
user identity,devicesecuritystateandnetwork lo-
cationaredeterminedbytheUACAgent–which is
availableasa lightweight,dynamicallydownload-
able agent with cross-platform support for
MicrosoftWindows,AppleMacOSandLinuxplat-
forms,aswell asanagent-lessmode, forwhen in-
stalling a software client is not feasible.
Juniper Networks Unified Access Control is
based on open industry standards and field-
tested components that leverage existing enter-
prise network infrastructure, delivering solid
investment protection. UAC reduces access con-
trol deployment complexity and cost, while in-
creasing operational efficiencies. �
ACCESS ALL AREAS
80 www.usfst.com
With security becoming more and more important to financial institutions, the conceptof Network Access Control (NAC) aims to do exactly what its name implies: controlaccess to a network with policies, including security checks and post-admissioncontrols, over where users can go and what they can do. Sanjay Beri explains more
EXECUTIVE INTERVIEW
Sanjay Beri is Vice President,
Access Solutions Business Unit at
Juniper Networks and has more than
10 years of experience in the high-
tech industry including key roles at
such companies as Microsoft,
Newbridge Networks (now Alcatel)
and McAfee. Prior to Juniper, he was
a co-founder of Ingrian Networks, a
leader in providing solutions to
secure data in transit and storage.
Beri holds a Masters in Electrical
Engineering from Stanford University,
and an MBA from Berkeley.
“You want to take advantage of thespeed and flexibility technologyoffers, but you have to maintaincontrol over your critical resourcesand prevent data loss”
Juniper Networks:25JUNE 28/1/09 16:14 Page 80
Juniper.indd 1 28/1/09 08:19:12
82 www.usfst.com
Core banking systems are key to banks fl ourishing in this
intensely competitive banking landscape – come rain or
(eventually!) shine.
They can facilitate high growth business initiatives,
providing agility and fl exibility for tapping new oppor-
tunities, meet compliance and regulatory
requirements, improve risk management
effectiveness and bring about operational
and process effi ciencies. The problem is
that most don’t.
“When we talk about core banking
systems, we are referring to those back-end
systems that do the day-to-day transac-
tion processing, statement generation and
reporting for the bank,” says Bart Narter, a
Senior Analyst at Celent.
“These systems tend to be written in
COBOL, perhaps with a bit of assembler
thrown in to optimize batch runs. They run
in batch mode, so that transactions are posted nightly. They have been
running at the bank for 20 or 30 years – yet the fact that they have been
running for so many years is both a blessing and a curse. The blessing is
that they are scalable, reliable, stable systems, with some rare excep-
tions. Whatever else people might say about their core systems, they do
the job day in and day out. The curse is that they are saddled with old
technology that make the systems very infl exible, hard to communicate
with and diffi cult to maintain.”
How important is good core banking technology? Santander’s José
María Fuster was named CIO of the Year 2007 by The Banker. The year
before, it had awarded Santander the Core Banking Systems Innovation
award for its new core banking system.
Coincidence? Fuster doesn’t think so.
Though the group’s roots are in
Spain, it has a strong presence across
the world (it is Europe’s largest bank).
This has been built through a number
of acquisitions in the last few years,
including Sovereign Bancorp in the US
and Abbey in the UK. “Business and
geographical diversifi cation is an oppor-
tunity to improve our technology with
functionalities from different markets,”
Fuster states. “It has helped our core
banking system to become one of the
most technically and functionally advanced in the industry.”
Fuster claims that technology is never a constraint in the decision
making process. “On the contrary, we were very confi dent [during the
Abbey acquisition] that our core banking system would accelerate Ab-
bey’s integration in the group,” he says. “At the same time, it generated
synergies by transferring our deep expertise in commercializing fi nancial
core transformation – evolution, revolution,
or die?
“existing core systems often hamstring the
operations of the bank and the business
of the bank”
Jeanne capachin
Nearly one quarter of all banks are considering replacement of core systems within the next three years according to a recent study by Financial Insights, an IDC company. The question is how (rip and replace, or gradual modernization?) and not why. You’re either re-architecting today, or it may already be too late. By Adam Burns, Senior Editor
CORE BANKING
CA.indd 82 28/1/09 15:42:55
83www.usfst.com
products and services. In essence, our core system allows us to export
our way of doing banking.”
Why change now?Jeanne Capachin is Lead Analyst on core systems transformation
for Financial Insights, an IDC company. According to a recent Financial
Insights study, nearly one quarter of all banks are considering replace-
ment of core systems within the next three years. This is not a decision
to be taken lightly – the cost of transformation is high, as are the risks
– especially in light of current economic conditions. So if core bank-
ing systems are what keeps the lights on, and the lights are on, why
change things now?
“Certainly the core bank systems that we have today are very ef-
ficient if we look strictly at transaction processing,” says Capachin.
“But, as soon as we try to change those systems or get at the data
that’s stored in the monolithic code, that’s when we start to run into
problems. This isn’t the core system that’s going to form the basis of
the bank in the future.”
“It’s hard to serve your customers with the core banking systems
that we have now. It’s also very difficult to make changes to those sys-
tems, to introduce new products. So, the core systems that we have often
hamstring the operations of the bank and the business of the bank.”
“By investing in new core banking technology, they have more flex-
ible organizations. They can serve their customers better and they can
improve the processes of the bank – many of which are in as a result of the
core technologies, not because that’s the way we serve our customers.”
Dave DeCamp is a Vice President and the Chief Solution Architect
for Worldwide Financial Services at CA. He agrees that the reasons for
transformation extend way beyond cost.
“Many banks recently have tried to look at this purely as an eco-
nomic oriented decision – i.e. that we will be able to save X number of
hundreds of millions of dollars over Y number of years if we implement
a new integrated core,” he explains.
“In many cases, it’s not the outright short-term economic benefits
in ‘classic’ ROI. It’s the ability to improve competitive positioning, cus-
tomer service and business process optimization that’s really driving
their decision.”
For every bankATB Financial is not Grupo Santander, but the largest Alberta-based
financial institution does have a very enviable record – since 1997, it has
reported a profit in every quarter. To continue in that successful vein, ATB
is in the process of replacing its core banking application.
What is the role oF an it vendor such as ca?
By dave decamp, vP, chief solution architect, Worldwide Financial services, ca
There are many very strong, healthy companies that really had
minimal exposure to the particular financial instruments that
caused so many balance sheets to implode and has resulted in this
increased wave of mergers and rescues and bailouts. There are
many regional banks who really had no exposure to that market,
that have already been through an IT belt-tightening cycle. They’re
looking at this as a golden opportunity to jump ahead of the pack.
Although, we don’t yet have public references for how we’ve
worked with these banks, there are a number of them that fall into
a couple of categories. One notable example is a midsize bank,
located in North America.
They happened to be an established user of many of
our EITM solutions, in particular our application performance
management, IT governance, network management and service
level management technologies.
They already had a well-oiled EITM machine for managing
their current legacy application environment, but they’d taken
those apps as far as they could possibly go without doing
something fundamental.
They were in a position where they had those foundational
IT capabilities in place and operating smoothly, enabled by good
IT management solutions to allow them to more aggressively
consider deploying a core banking replacement.
There are other examples, where the banking vendor
has gotten engaged with the customer and started the
implementation. Suddenly, in the midst of the implementation,
they find that they’re having performance related issues – or
there is a perception on the client’s part that their application
is causing degraded services levels or poor application or
transaction performance.
In many cases we know, it’s probably not the application.
Just because a new application was put in to production doesn’t
mean the new application is to blame. There’s countless other
factors that could come into play. If the shop is immature from an
enterprise IT management perspective, they simply may not have
the tools in place to be able to conclusively isolate the problem
to either the new application stack or something else in their
infrastructure.
In those cases, we’ve partnered with the application vendors
who’ve asked us to come in and using tools like our application
performance and transaction management, be able to watch that
whole end-to-end transaction. And conclusively demonstrate
much to the core banking vendor’s delight that it really isn’t their
application in most cases and that we helped them find other ways
where they can improve the integration to the legacy environment.
“Just because the app was put in doesn’t mean the app is to blame”
dave decamp
CA.indd 83 28/1/09 15:42:56
84 www.usfst.com
private banks, who didn’t have quite the ‘footprint’ as a more traditional
government bank, they took on transformation very quickly, leaving the
government-sector banks behind,” explains Roman. “That became a cat-
alytic event for the government banks to then take it on and do the same
thing, which they have done and regained much of their market share.
“In Europe they were converting to the Euro and incorporating the
eastern block, and that kept them pretty busy. They took on transforma-
tion as a key enabler to get these things done.”
In North America, however, banks – and the decision makers driving
banks – have a very different profile. “Just as an example, the CIOs tend
to be a little older here than maybe they are in some of the BRIC coun-
tries. And those countries tend to be a little bit more risk sympathetic
than maybe we are here.”
What is the key factor? “It’s also true in the United States that, while
the technology tends to be quite old, it’s getting the job done.” Perhaps
true, as the ‘job’ is currently defined, but the job description appears to
be changing rapidly.
Now that US institutions have their own ‘external force’ – and the
financial crisis is a doozy – getting the job done is not enough. Transfor-
mation is vital.
“I think the US market personifies best of breed much more than any
other part of the world,” says Sanat Rao, Global Head of Finacle Sales for
Infosys Technologies Limited. “Therefore, for a long time, I think banks
in North America were really wondering, ‘do I need to change at all?’ It’s
our belief that a lot more banks in this part of the world now are indeed
conscious about the fact that they need to make a change – and they’re
grappling with the issue of how.”
Good practiceAccording to Jeanne Capachin, to succeed, core systems transforma-
tion must have agreement from the whole organization. “It’s not just the
CIO’s decision. It’s not going to fly. Everyone needs to buy into this. We’ve
seen projects fail here in the US for that very reason – what seemed like a
good idea to a portion of the organization really wasn’t fully supported.”
Capachin also believes in managing expectations – “What are the
top three or even two things you expect to get from this? Make sure that’s
what you scale the project to and focus on, so that you can realize what-
ever is most important to your organization” – and the importance of a
According to Mike Redeker, Vice President and CTO, this move is for
the business, by the business.
“We probably spent about eight to 12 months just doing planning,
going through RFP processes and so forth,” he says. “In January 2008, we
made the decision to proceed, and we expect to go live April 2010.
“This is not an IT project. This is straight from our CEO down. This is a
business transformation project – and core banking technology enables
you to make the difference.”
What about the risks in these famously risk-averse times? “We’re in
the enviable position that we’re small enough in comparison to the big
banks where we believe we can take out our old application and put in the
new application,” explains Redeker. “Yes, there will be risks associated
with data conversion, some of the business transformation and so forth,
but we have a pretty large team in place, focused on the areas where we
think we’re going to face risk, such as data conversion, business transfor-
mation and so forth.”
evolution or revolution?In the last seven to eight years, many Chinese, Indian and European
banks have affected a very revolutionary approach to their core banking
transformation. In contrast, a lot of North American banks have not. So,
beyond simple geographical separation and sovereign boundaries, what
are the principle reasons for such a stark dichotomy?
Dennis Roman is Chief Marketing Officer for TCS Financial Solutions,
a transformation solution vendor. He believes that the different ap-
proaches are down to external forces and one key factor.
“In India there were many private banks and government banks. And
when India deregulated, there was a lot of pressure for innovation. The
the
Pane
l
“We were very confident that our core banking system would accelerate abbey’s integration in the group”
José María Fuster
dave decamp, VP, Chief Solution Architect,
Worldwide Financial Services, CA
Mike redeker, Vice President and CTO,
ATB Financial
CA.indd 84 28/1/09 15:42:57
85www.usfst.com
clear roadmap to make sure the project isn’t ‘going off course’ or extend-
ing ‘what might be a 24-month project to a 36-month project’.
When all of this is in place, start thinking about the IT side and,
in particular, having a good enterprise IT management (or EITM)
framework.
“Really, that’s where our focus has
been at CA, being an enterprise IT manage-
ment solution vendor,” says Dave DeCamp.
“Looking at the opportunities that we have
to partner with some of these core banking
application providers, as well as the ulti-
mate customer who’s deploying that core
banking solution.”
According to DeCamp, what CA have
found is a lot of “very siloed, very frag-
mented” application environments. “There
are a lot of very deep, complex legacy de-
pendencies that contribute to that whole bad
economic model of spending 80¢ of every IT
dollar on keeping the lights on,” he explains.
“And only 10 or 15 percent on investing for
strategic growth and competitive advantage.”
Then there are the additional headaches associated with integrat-
ing a core banking solution. “It brings a lot of additional overhead com-
plexity from a security perspective,” says DeCamp. “Who are the IDs
that are coming in and out of the application? How do they get passed
down to the legacy applications in a seamless and integrated way,
especially while a bank is in that ‘ugly in-between state’, where they
have started to implement a new core system, but have to continue to
integrate with legacy environments.”
To help, CA have worked with the application vendors to identify the
key IT capabilities that will support mitigating risks associated with core
banking transformation.
Key it capabilitiesThe first capability relates to the sheer size and complexity of
these long, multi-year projects with multiple phases, gates, deliver-
ables and resources.
“That demands the CIO have a solid IT governance and dashboard
technology in place that can give detailed, granular information about
the status of the project and all those ‘what if’ scenarios. For example:
what if we have to add a phase or an integration that we didn’t initially
account for?” says DeCamp. “IT governance,
project portfolio management, and financial
management are a core capability there.”
“Another risk is that involved in simply in-
troducing a brand new technology stack. I put in
the core banking system and suddenly nothing
performs well anymore, so it must be the bank-
ing application that’s causing the problem.”
“There are so many other things that an
implementation could actually draw out in terms
of transaction performance and efficiency,” ex-
plains DeCamp. “Most banks lack the domain
management discipline to be able to look at
an entire transaction across an integrated core
banking platform and their legacy environment,
so there’s a constant battle back and forth, over
who’s at fault.”
Good application performance management and transaction man-
agement solutions, that are capable of following a transaction from end-
to-end through the new core system will allow both the software vendor
and the client to agree where problems are, and whether they are in the
core banking application at all.
Because you’re worth itChanging out core systems is never going to be easy. Both evolution-
ary and revolutionary approaches have their share of risks – but neither
is as risky as ignoring the problem.
Jeanne Capachin explains: “In the year 2000, we had the Y2K bug,
which financial institutions needed to address. There was no alternative.
We had to make the necessary investments.
“We like to think of this as a Legacy bug that we’re all suffering with,
but we don’t have an end date in place that we need to get to. The ques-
tion is: when is that Legacy bug going to explode for financial institu-
tions?” The answer is simple – lose the rotten core. n
“this is not an it project. this is straight from
our ceo down. this is a business transformation
project – and core banking technology
enables you to make the difference”
Mike redeker
Jeanne capachin, Lead Analyst on core systems transformation,
Financial Insights, an IDC company
José María Fuster, CIO,
Grupo Santander
CA.indd 85 28/1/09 15:42:59
86 www.usfst.com
r o U T e
C A U S E S
How do you navigate through the
toughest six months the industry has
faced in decades? For Huntington
Bancshares CIO Zahid afzal, it’s all
about knowing where you’re going
Zahid Afzal Ed P86-89.indd 86 28/1/09 16:26:50
87www.usfst.com
Our first encounter with Zahid Afzal comes in August
2008. The credit crisis is gaining momentum daily and
it is starting to become clear that this isn’t going to be
a mere blip. Bear Stearns and IndyMac have already
fallen while Lehman Brothers’ demise is just around
the corner. Despite the hostile environment, the CIO
is in a fairly buoyant mood. While he acknowledges the challenges
that the industry is facing, he remains confident that his organiza-
tion can keep its head above water, even continuing to innovate and
grow. Six months later, we decided to follow up with Afzal and see if
the intervening period had dented his optimism.
The question of whether the gathering storm would lead to
long-term plans being forsaken in favor of short-term gains is one
that continues to be asked throughout the industry. Last year, we
addressed the issue with Afzal, who acknowledged that there were
certain concerns. “We took a look at our portfolio of strategic initia-
tives very carefully, and we cut back a little bit on certain strategies
but not the ones that have the bigger impact for us over a long period
of time,” he said. “To give you an idea, we went from about 30 ini-
tiatives down to 19 on the strategic side, but those 19 are the ones
that we believe are the most critical for us, not only short-term but
long-term.”
During our more recent
meeting, we ask if the worsen-
ing situation over the past half
a year has forced any further
sacrifices. “The process we
used was to make sure we don’t
walk away from any critical stra-
tegic investments,” he replies.
“So, we did not put on hold or
revise or cancel any of those.
We went through the process of
looking at things that we could
defer or reduce the scope of. We were able to be free up the dollars
we needed to meet our targets.” Inevitably, certain projects fell
by the wayside, but some are already getting back on the agenda.
“Probably the biggest one I could tell you about was our telephony
initiative, moving our voice telecom over to voice over IP,” Afzal
continues. “That’s something we did defer, but there were other
reasons for it besides economic reasons.” Telephony is now firmly
on the priority list for 2009 and significant advances have already
been made (see Then and Now).
One element that remains constant during both our meetings is
the emphasis Afzal places on aligning IT with business. It’s always
been a key challenge for technology professionals, but it takes on
a particular significance when times are tough and budgets are
stretched. Afzal tells us that he spends perhaps 50 to 55 percent of
his time on these alignment efforts, working closely with the business
leaders on strategic initiatives. “Last time we spoke, I alluded to some
of the strategic planning sessions we were planning to kick off,” he
says. “We started a series of efforts we call blueprinting, which is a
technology grouping thing. We start out with the business planning
In August of 2008 Afzal identified talent management, telecommunications and virtualization as his key priorities. Six months later, we find out how these initiatives are progressing.
Talent managementWe have a talent management process rolled out.
In fact, we’re going through our incentive payout right
now and we’re using that talent management process to
assign ratings and so forth. We did some restructuring
and we used the talent management process to take our
top talent and give them the opportunity. Now, we’ve
created a function called ‘resource management,’ and
we’re tying that to the talent management process to
start to build career paths for our top talent. We make
sure that we’re ‘growing’ them and they’re not just
stagnating in their current positions. With our support
and partnership with our HR organization, that has
actually gone extremely well.
TelecomsWe’ve made great progress there. We completed a
full roll out of the MPLS network, which is the network
that we are basically streamlining and standardizing
across the enterprise. We’ve done the data side of the
network. We made that voice and video enabled and
rolled it out across the franchise. Hence, our voice over
IP roll out is a much simpler and cost-effective plan that
we’re now starting to execute. We’ve got about 1000
phones rolled out already. We’ve got a way to go, but
we’re on our way.
VirtualizationLast year we achieved about 25 percent reduction
in our server environment. We had over 1000 servers
and cut down by about 250 servers. We’ve made about
$4 million in terms of net saves on an annual basis. That
comes from not only the hardware and the software, but
also the cooling, heating, electricity and space required.
We have targets to reduce another 25 percent this year
and that’s moving in a very good direction. It’s tied to
our green IT initiative because as we start to cut back on
these things, it’s also helping us to use less power and
less cooling and, obviously, that helps the environment.
There are a lot of benefits there.
Then and now
“My view of IT organization is that it is not a back office operation. It’s a very strategic element of the company’s success”
Zahid Afzal Ed P86-89.indd 87 28/1/09 16:26:51
88 www.usfst.com
To promote this understanding, Afzal conducts quarterly reviews
with all of Huntington’s management. “The primary reason for it is
to make sure they understand the value not in words, but in reality,”
he explains. “Translating those into a business value framework is
critical.”
Afzal is firm in his belief that it is the modern CIO’s duty to
speak the language of business, something that technology pro-
fessionals have not always excelled at. “I don’t believe that CIOs
or IT managers do a very good job translating value,” he says. “So,
we laid out a service delivery model where I meet with every senior
leader, one-on-one on a quarterly basis, including our CEO. I also
spend some time with the board members, presenting to them what
is it that we’re doing, what our priorities are and what the value is.
aspects of it and then go back and assess the architecture. We now
have six of those going on, where we’re spending a lot of time.”
Obviously, quite a bit of that time gets spent looking at current
market conditions, seeing where things can be made more effi cient,
where cost reductions or opportunities exist to enable growth. “We
did several of those last year and that helped us in the deposit side in
the landing area, as well as in the areas of credit risk and regulatory
compliance risk,” Afzal continues.
Key to Afzal’s approach to IT in the fi nancial institution is the ne-
cessity that it is understood and supported by senior management.
This doesn’t only apply to the nuts and bolts aspects of keeping the
lights on, but also to the specifi c business benefi ts that it can bring.
Communicating this is an ongoing process and while some are alive
to technology’s possibilities, not everybody is on the same page. “I
wouldn’t say that everyone is, because there are some that are further
along than others,” he confesses. “Some have more engagement and
more interest. Some looked at it and said, ‘Just go do what you need to
do.’ As long as systems are stable and things are getting done, that’s
all they care about. I operate very differently. My view of the IT orga-
nization is that it is not a back offi ce operation. It’s a very strategic
element of the company’s success.”
POLITICALLY MOTIVATED
“”
Afzal gives his thoughts on how the new administration is going to affect the fi nancial services industry
One of the areas where I see that Mr Obama
can help is obviously the economy itself. The
second part of that would be that there will be
a lot more regulatory controls. We anticipate that this
will happen, as we look at some of the credit issues
and what went on with the securities environment.
Even though we as a company were not involved
in any of those practices, we will be impacted by
having to put additional controls in place. Obviously
that puts a lot of burden on technology to automate
those controls and those are resources that should be
working on the growth of the company too. That’s an
impact I see coming. The FDIC has things they want
us to take care of right away, but it’s a pretty huge
effort. It’s not a situation where we can just cut the
programmers loose. We’ve got to work out analysis to
make sure all the controls are in place correctly. On
the positive side though, I do see President Obama
as being a lot more technology savvy. I’m hopeful that
he will stir the growth through some of the technology
initiatives he talked about during his campaign. That
would have a positive impact not only on the economy
but on us as well.
“What I do on a day-to-day basis has less and less to do with technology, although that still needs to be part of the core responsibility”
Zahid Afzal
Zahid Afzal Ed P86-89.indd 88 29/1/09 09:04:00
What is clear from both our con-
versations with Afzal is that he places
a great deal of value on consistency.
While the current climate could lead
some to make decisions focused only on
the short-term, his IT governance model
prizes structure and stability, which
seems to be enabling Huntington to
negotiate some choppy waters. True, as
a more regional institution, Huntington
doesn’t face quite the same challenges
as a Citi or a Bank of America, but it is
nonetheless operating in an extremely
hostile environment and doing so with
some success.
Asked to finally sum up the key
qualities and responsibilities of the
modern CIO, Afzal is unhesitating in
his response. “What I do on a day-to-day basis has less and less to
do with technology, although that still needs to be part of the core
responsibility,” he says. “But do I need to be a technologist to be
successful? In my view, the answer is no. It’s all about the people
skills, processes skills and, most importantly, the business leader-
ship skills that are a must.” n
I translate it to corporate value, share-
holder value, things of that nature. “
These quarterly reviews are extreme-
ly helpful in generating valuable feedback
from the business. They also enable Afzal
to educate the company’s leaders about
exactly why IT is so important. This edu-
cation is critical. Otherwise, technology
will remain a back office function, rather
than taking its rightful place on the front
line of the enterprise.
An unexpected and atypically welcome
side effect of the credit crunch has been to
make certain sectors of management more
receptive to some of IT’s potential benefits.
“I think it has helped,” says Afzal. “For ex-
ample, when I was with Bank of America
and trying to implement an IT governance
structure, there was a lot of resistance earlier on and it took a long time
for our business leaders to truly see the value in economic terms. When
you translate those into dollars and cents it is just unbelievable. It just
speaks for itself and it opens people’s eyes. The tough economic times
do help with that, because when dollars are tight you have to tighten
your belt and these types of processes do help a lot.”
A $54 billion regional bank holding
company headquartered in Columbus, Ohio
It has 604 branches and 1384 aTMs
Presence in 6 Us sTaTes: Indiana,
Kentucky, Michigan, Ohio, Pennsylvania,
and West Virginia
Founded as P. W. hUnTingTon &
coMPany in 1866
Employs 12,000 associaTes
hunTIngTon by nuMbers
Zahid Afzal Ed P86-89.indd 89 28/1/09 16:26:57
90 www.usfst.com
E-discovery solutions offer better effi ciency and can help reduce IT costs, say Jeffrey Hill and Andrew Stamer
With the average legal discovery costing around $130,000,
many companies seek a solution to reduce costs and ex-
trapolate data that can be used as evidence in a criminal
operational efficiency with less staff and all the functionality of in-
ternal solutions and can offer a more efficient and effective way to
remain compliant. n
Source: Aberdeen Group, September 2008
Offsite storage
Disaster recovery
Email
Records management
site replication
E-Discovery
Document
Back up
Not using hosted solution52%
67%
17%33%
14%33%
25%
14%22%
18%11%
11%11%
9%11%
2%
0%
22%
All others
Financial services
Figure 2: Hosted solution landscape
OnTheLookOut.indd 92 28/1/09 16:08:42
AppliedDiscovery.indd 1 30/1/09 09:10:58
Given the current state of the economy,
the risks and costs for financial services
providers faced with requests for elec-
tronic discovery have never been high-
er. These realities are forcing most corporate
counsel to look for alternatives to the model of
outsourcing the management and execution of
eDiscovery to outside counsel and third party ser-
vice providers. Due to the complexity, however, in-
sourcing the entire process isn’t a realistic or
effective option for most organizations.
For the majority of cases, corporations can
in-source early-stage components of discovery.
Once litigation has begun (or is reasonably like-
ly to begin), corporate counsel must first identi-
fy and notify all potential corporate witnesses
and/or systems administrators to preserve evi-
dence. This custodian notification process must
be auditable so that it can be defended if chal-
lenged in court. Once custodians have been no-
tified, corporate counsel must implement the
legal hold process in order to preserve all po-
tentially responsive paper and electronically
stored information.
By deploying an in-house application that is
either built on an existing enterprise content man-
agement (ECM) platform or a stand-alone system,
corporate counsel can efficiently and effectively
in-source custodian hold notification, identifica-
tion of data sources, automated hold and preser-
vation notices, with a process that is auditable.
The strategic alignment of eDiscovery software on
existing ECM investments enables corporate legal
departments to effectively preserve electronic
content for compliance, investigation and poten-
tial litigation needs, while saving IT from having
to support additional applications.
The next step is to collect the information.
In general, for small cases and minor litigation,
in-house technology is effective for the docu-
ment collection process, and some of the more
advanced ECM systems offer this capability. The
scope and subject matter in larger cases, how-
ever, brings greater risk of challenge and error,
and therefore corporations will most likely con-
tinue to rely on third-party consultants who spe-
cialize in the collection and management of large
amounts of data.
Failing to collect potentially responsive con-
tent or accidentally destroying content has re-
sulted in major sanctions and fines in recent
cases and can adversely affect the defense of the
merits. For example, judgments handed down
against corporate defendants in highly publicized
cases – $29 million against UBS in the Zubalake
case and $1.45 billion in Ronald Perelman’s law-
suit against Morgan Stanley in the Coleman case
– were largely driven by eDiscovery missteps (al-
though the Coleman case was later reversed for
reasons unrelated to the eDiscovery issues). For
matters that represent significant financial expo-
sure or involve an allegation of fraud among key
employees, it is recommended to hire an outside
data expert – with experience in testifying – to
oversee and/or execute data collection.
Corporations can cut costs by minimizing the
number of documents reviewed. Outsourcing the
legal document review process to outside coun-
sel is, on average, 70 percent of the cost of the
total eDiscovery process. Many top-tier
eDiscovery vendors offer consulting services and
strategies to help corporate counsel reduce the
data set before review. These strategies may in-
clude maximizing the use of in-sourced culling
technology or the initial culling of data by the
eDiscovery provider using sophisticated search
technology.
The best way to minimize the costs and
risks of litigation for the corporation is to cre-
ate a well-documented, enforceable eDiscovery
strategy and response plan that incorporates:
(1) an early assessment of the severity and ex-
posure in the case, (2) a process for effecting
custodian notification of a litigation hold for
those cases that require such action, (3) a plan
for whether to collect data internally or
whether to contact outside experts and (4) a
consistent plan to cull data to limit the amount
that requires review. Having these best prac-
tices in place, combined with the appropriate
balance of in-sourcing and outsourcing, will ad-
vance your efforts to create and maintain the
most effective and efficient eDiscovery process
for your organization. n
A hybrid approach to eDiscovery
94 www.usfst.com
A look at how combining in-sourced software and out-sourced servicescan lead to lower cost and less risk
INDUSTRY INSIGHT
For more information, please visit www.eedinc.com.
STEVESTEIN
Steve Stein is Vice President of eDiscovery
Consulting, Electronic Evidence Discovery
(EED), Inc.
Stein leads EED’s national eDiscovery
consulting practice, having worked with
corporations and law firms on eDiscovery
issues since 2000. As an eDiscovery
consultant, he works with many clients to
scope and implement work flow solutions
for the retention, collection, review and
production of electronic data. Stein brings
to this practice the perspective of extensive
hands-on trial experience, having first-
chaired 10 jury trials and second-chaired
some 20 more.
“Failing to collect potentially responsivecontent or accidentally destroyingcontent has resulted in major sanctionsand fines in recent cases”
EED:25JUNE 28/01/2009 14:49 Page 94
EED.indd 1 28/1/09 08:18:46
96 www.usfst.com
E-DISCOVERY
In a global economy, e-discovery is far from a purely technical issue. Alison Brecher untangles the legal complexities
An email can travel just as quickly from New
York to Miami as it can from New York to
Paris. Yet, these communication technolo-
gies that have fostered our global economy
can wreak havoc when it comes to litigation.
That’s because data protection laws in some
countries prohibit the transfer of certain data
to the United States.
Take the following not-so-hypothetical situation and it is
easy to understand why companies that have not yet encoun-
tered the issue will likely do so soon. An employee of Megacorp,
a fi nancial services company based in Germany, relocates to
Megacorp’s New York offi ce. He then sues Megacorp in the
Southern District of New York alleging that he was discriminated
against on the basis of his country of origin. Megacorp, in order
to defend the action, wants to obtain emails from the plaintiff’s
supervisor and co-workers who are based in Germany and other
EU member states and the plaintiff’s performance reviews which
are stored on servers located outside of London.
The Federal Rules of Civil Procedure clearly requires parties to
preserve the performance reviews, email and compensation, but
the law in some other countries is equally clear that preserving or
collecting that data and transferring it to the United States – even
THE LAW OFTHE LAND
Alison Breecher.indd 96 28/1/09 15:39:54
FAst.indd 1 28/1/09 08:18:58
98 www.usfst.com
using ASCII, which does not recognize special characters of some lan-
guages. Instead, look for a vendor or software that supports Unicode.
Unicode recognizes more than one million possible characters and
easily accommodates symbol-based languages like Hebrew and Japa-
nese. Also, some languages like Japanese and Thai do not have spaces
between words. The vendor should be capable of reading not just the
characters, but also the context of foreign
languages.
Then there is the logistical issue of
translating the documents into English and
converting them into a standard format
that can searched using the attorney’s pre-
ferred review tool. In general, translating
documents is expensive and the strategy
is usually to limit the number of documents
that has to be manually translated. To that
end, counsel can use software to automate
the translation of documents during the
fi rst pass review stage; the software will
produce a far less than perfect translation,
but one that is adequate enough to identify
which documents are privileged or relevant
so as to be reviewed further.
Keeping track of relevant metadata
is especially important in international
data collections. Certain characters in
other languages may not function properly on a US-based operating
system. For instance, emails in HTML cannot always be viewed ac-
curately. Consider sending your e-discovery vendor a sample set of
data in multiple languages so that any glitches can be identifi ed and
resolved as soon as possible. The time lost will be more than made up
for in speedier review.
International e-discovery presents a host of issues. It is best to raise
all of them during the Rule 16 conference. Even the smallest detail can
cause major (and expensive) disputes later on in the litigation.
if used solely to defend the litigation – may violate international data
protection laws. These laws impose fi nancial and, in some instances,
criminal sanctions for transporting certain data to the United States.
Unfortunately, the relatively few published opinions are of little
assistance in navigating between this rock and a hard place. Some
courts found that data must be produced in the litigation notwithstand-
ing the international laws (in one
reported decision, the court ordered
the production even though the
French statute at issue allowed for
the imposition of criminal sanctions)
and other courts ruling that the con-
fl icting international law presents
an undue burden so as to relieve the
party of having to produce the data.
Generally, courts invoke a balancing
test to determine the reasonable-
ness of compelling foreign discovery
by considering several factors such
as the importance of the data to the
litigation, whether alternative means
exist to obtain the information, and
the hardship of compliance.
Rather than risk being compelled
to produce foreign data in the US in
violation of international law, counsel
has a few options. If the organization is regulated by the United States
Department of Commerce it can get certifi ed pursuant to the Depart-
ment’s Safe Harbor program which examines whether the organiza-
tion has adequate safeguards to transport foreign data securely to the
United States.
Financial services companies are generally not regulated by the De-
partment of Commerce, but other alternatives are available. Data protec-
tion laws in some countries allow data to be processed and transported
to the United States when consent has been obtained from the individual
whose data is sought. Obtaining the consent can be tricky. Each country
usually has slightly different laws or interpretations of them, so con-
sider retaining local counsel for advice on how to draft a proper consent
form. Local law may also require notice to the individual and regulatory
authority about the data collection. In some countries there is consider-
able debate about whether consent can ever be freely given when the
request is made by the individual’s employer. As a practical matter, it is
usually best to involve the individuals whose data could be subject to
production in the United States as early in the litigation as possible to
allow them time to consider how to respond to the request for consent.
Also, consider contacting the international regulator. The European Com-
mission recently developed a series of model contracts that allow for the
transport of data to the United States for use in litigation.
Even after fi guring out a way to navigate the legal confl ict between
international privacy laws and document preservations obligations,
there are additional logistical issues. First, since the documents may be
in one or more languages, your selection of an e-discovery vendor could
be affected. Many software tools and vendors only support documents
Alison Brecher is experienced commercial litigation attorney,
having served as lead counsel in over 35 bench and jury trials
and taken/defended hundreds of fact and expert witness
depositions. She joined Marsh & McLennan, a Fortune 200
fi nancial services company, in 2002. Brecher was one of the
fi rst in-house counsels in the country promoted to manage
electronic discovery activities. Since 2006, she has managed all
aspects of MMC’s e-discovery for litigation and investigations
involving more than 50,000 employees in over 100 countries.
In partnership with IT and other business functions she has
developed and implemented global corporate policies and
procedures around new technologies, including voicemail,
instant messaging, VOIP, unifi ed messaging, email retention,
data privacy, and related compliance issues.
“Communication technologies that have fostered our global economy
can wreak havoc when it comes to litigation”
Alison Breecher.indd 98 28/1/09 15:39:54
Adobe.indd 12 28/1/09 08:38:07
What are the challenges and risks in monitor-
ing, managing and storing unstructured data?
JackHalprin.More information is nowbeing cre-
ated in more file formats and languages than
ever before. This enormous growth in unstruc-
tured information – the information explosion –
has resulted in a number of issues: rising infra-
structure costs; increased risk of failure in the
identification, preservation, collection and dis-
position of information which could lead to evi-
dentiary sanctionsor largefines in litigation; and
managing this data effectively across borders
and jurisdictions to comply with differing rules
and regulations regarding electronically stored
information (ESI).
Though most institutions have systems
for compliance, supervision and eDiscovery in
place, they are typically point solutions lack-
ing integration. Additionally, many of these
systems rely on manual efforts that cannot
scale and simply cannot handle the volume of
information that’s being produced today. This
lack of unification is particularly troubling
when conducting pan-enterprise business
processes such as eDiscovery, information
governance and regulatory audits. A more
holistic, unified approach is needed.
The global financial crisis has triggered unpar-
alleled mergers and acquisitions and unfortu-
nately massive litigation. What can financial
institutions and their counsel do to meet com-
pliance requirements andmanage high-stakes
litigation?
JH. It is true that litigation and investigation are
exploding as a result of recent turmoil in the fi-
nancialmarkets, butmore troubling is that these
cases are complex and involve tremendous
amounts of unstructured and structured data.
This data must be quickly identified and ana-
lyzed tomeetFRCPandregulatorydeadlines,and
recent events havehighlighted the fact that regu-
lators and the companies themselves often don’t
knowwhat’shappening in theirenvironmentsuntil
it’s too late.Aholistic,proactivestrategywouldad-
dress issues before failures occur. The right solu-
tion enables legal and compliance to knowwhat
an email says – when it is sent – and determine
whether it presents a legal or regulatory issue.
What is a defensible eDiscovery process?
JH. In the US and the UK, the legal bar has been
raised substantially by amendments to the FRCP
and the CPR in order to streamline themanage-
ment of ESI and encourage compliance.
A defensible process requires a systemized
and repeatable approach toward eDiscovery.
Preservation requirements demand that all data
sources be searched, including voice and video,
and courts are beginning to recognize the useful-
nessof advanced search technology toovercome
thedeficiencieswithkeywordandBooleansearch
techniques. This same process will prepare your
organization for future regulatory changes.
Howcan technology create adefensible process
andavoid repercussions that include sanctions,
fines and jail sentences?
JH. Technology must provide uniform coverage
across all sources, formats and languages. Using
sophisticated analytics to quickly cull, prioritize
and understand themeaning of content provides
adefensibleprocess forcompliance, litigationand
investigations while helping avoid unnecessary
repercussions fromprocess failures.
What does Autonomy offer that is unique?
JH. Autonomy is the only vendor to offer a
comprehensive end-to-end platform for
Enterprise Search, Information Governance,
Compliance and eDiscovery. The FRCP-com-
pliant platform is based on our IDOL engine,
which is used by more than 17,000 customers
worldwide. IDOL is language independent,
can read and analyze more than 1000 file
types and connect to 400 repositories, in-
cluding laptops and desktops. Our solutions
are available as either a licensed or hosted
offering and our five world-class data centers
host over 7.1 petabytes of data, process more
than one billion documents a month, and pro-
vide industry-leading solutions for the largest
and most complex legal and regulatory mat-
ters to nine of the top 10 banks and 10 of the
top 10 law firms. �
A WORLD OF DISCOVERY
100 www.usfst.com
While the increased use of email, IM, audio, video, blogs and wikis can provide richnessto organizations and offer leverage for business success, this unstructured informationintroduces a host of new challenges and risks regarding operations, regulations andlitigation. FST speaks with Jack Halprin about reducing risk, complying with regulationsand controlling costs through a defensible eDiscovery process
ASK THE EXPERT
Jack Halprin is Vice President of
eDiscovery and Compliance at
Autonomy. Widely considered a subject
matter expert, Halprin assists clients
with building best practices and
defensible processes. He works with
the EDRM standards body and
previously held eDiscovery positions at
Guidance Software, LexisNexis and
was a litigation associate at Haight,
Brown & Bonesteel.
Zantaz:25JUNE 28/1/09 16:21 Page 100
Zantaz2.indd 1 28/1/09 08:23:24
102 www.usfst.com
makes it paralyzing. These are all opportunities for us, and we’re
actually excited about those environments.
These growing reserves of data also have an impact from an
environmental perspective. When you take a look at being green, it
always parallels just being economic in your consumption of any kind
of commodity. The nice thing is that if you pursue a logical business
path related to expense reduction and you understand all the exter-
nalities of that, it’s going to be green. Also, if you properly classify
and categorize data, then you’re going to destroy it and eliminate it at
the appropriate retention cycle, which is going to reduce your storage,
your need for space, and consumption of energy and hardware.
There are literally hundreds of bottom-line benefi ts from more
sustainable practices. Our online banking is a great example of this.
This is a scenario where you provide customers with very robust, agile
information 24 hours a day, seven days a week, from any place in the
world where they can get internet connectivity. Why is there a need
to have a physical statement sent to those people? For some it might
have value, but for a large population of online banking customers,
it’s almost an irritant. The elimination of all that paper has a huge
environmental benefi t. So that effi ciency that we provided them also
creates effi ciency for us and an environmental benefi t.
Green IT has to be more than just green wash. Under our Electron-
ifi cation of Paper program, we look at paper in large concentra-
tions along with other kinds of commodity spend as indicators
of non-lean process. We then use that data to identify and prioritize
processes that we want to digitize, and use best-in-class technolo-
gies and applications to try and replicate those and ultimately build a
Leaning process is enormously effective from a cost reduction
standpoint but it also has all kinds of productivity gains that are really
hard to predict in a business case prior to going in and actually doing it.
The collapsing of cycle times, the effi ciency and the effectiveness of the
use of information, all those things are really hard to foresee in a model.
But pursuing this is very lucrative in the short run in terms of the elimi-
nation of commodity expends and it also has multipliers of productivity
that are hard to visualize before you go into leaning the process.
Ever increasing volumes of data and stringent compliance
rules all have big implications for my function. Having information
indexed, classifi ed and categorized for reasons of compliance re-
tention, those are all things that help us build our cases to go in
and digitize, making the information that much more agile. If you
don’t make the information accessible, then the abundance of it just
Bank of America’s Robert Kee explains that going green makes sense for the business as well as the environment
WHAT’S THE
COLOR OF MONEY?
Robert Kee Ed P102-103.indd 102 28/1/09 16:14:25
103 www.usfst.com
make immense efforts to be absolutely sure that what we do is prop-
erly vetted. My particular group does a lot of reporting related to CO2
reduction and to the removal of paper from processes, so we use the
EPA methodologies for calculating that. We have third-party entities
that come in and vet our calculations and our statements so that we
know that they’re accurate and will be interpreted properly. and then
ultimately we abide by all the rules and regulations and interpreta-
tions of the GRI report.
The other thing that is really fundamental here is that if a business
goes in and makes their processes more sustainable, it’s more effi cient,
which makes them a better risk to the bank. Quite frankly, we fi nd busi-
nesses that are green generally tend to be
more effi cient and therefore less risky.
One of the most important things to
remember that there are so many opportu-
nities to do things that are both green and
rational from a business standpoint. It’s
even true of our commitment to convert
our builds to LEED certifi ed buildings. It
certainly creates a larger investment for us
on the front end, but the payback on that in energy consumption, in
the health of our employees, our associates and our customers pays
that investment back with a healthy ROI in a very, very quick fashion.
Green is just intelligent.
Another factor is to understand that through your lending portfolio,
that there is some responsibility to direct that to investments that are
more sustainable versus those that are not. Again, that’s not just a green
thing. That is an intelligent thing, because sustainable businesses will
survive and thrive more than those that are not sustainable.
Robert Kee is SVP Process Change Executive within Global Operations at Bank of America
In any case, Bank of America's involvement in the environment
goes way back. It’s one of the things that I've always admired about
the corporation, that they’ve always really had an environmental prin-
ciple that underlay all of their practices. A couple of years ago, our CEO
Ken Lewis committed $20 billion to environmental pursuits. Monies
were set aside so that over the next 10 years, we would be sure that
we made investments in green technologies, green industries, both
from the small business standpoint and from a large business stand-
point. We put caps on the amount of CO2 emissions that we would
generate from our utilities portfolio. We’ve given ourselves percent-
ages in terms of how we were going reduce our energy consumption
across the whole portfolio. So those were
all things that the bank had gone our and
created well before kind of green became
a popular sort of scenario. So the Carbon
Principles we signed up to recently are just
a rational way for us to continue that sup-
port of environmental sustainability.
To guarantee that the money we
spend is used properly we have the Global
Reporting Initiative, which we’ve been a member of for a number of
years. We already have an ethic in our work to be able to assess the
sustainability initiatives and roll them up into this one big picture. The
criteria within our commitment on the $20 billion is tailored for each
one of our business lines. So there is a methodology that’s inherent in
each one of those processes to be sure that we in fact do that.
We also created what we call our Environmental Council, which
is made up of high-ranking executives within the bank and reports
ultimately to Ken Lewis. It makes sure that our policy is consistent,
that it’s accurate across the whole global corporation. We've been
involved in environmental initiatives for over two decades, so we
A couple of years ago we committed
$20 BILLIONto environmental pursuits
Robert Kee Ed P102-103.indd 103 28/1/09 16:14:29
104 www.usfst.com
We are in a time of unprecedent-
ed change for the financial ser-
vice industry, where consumer
confidence is at an all-time low.
One of the realities of today’s financial ser-
vices industry is that it is very difficult to
actually ‘get to know’ customers.
For years now, banks have invested
untold millions in technology to help gather,
analyze and segment customer data. Simply
put, engagement is about putting all of this
customer knowledge to work. Every custom-
er touch point, interaction or communication,
should be infused with this knowledge.
By improving engagement, banks can
provide superior service, enhance loyalty
and better deliver new products and ser-
vices to their customers. Customers will be
less likely to change providers and more
likely to purchase additional products.
What’s more, every customer touch
point or interaction is an opportunity to dem-
onstrate knowledge of this customer. To this
end, many financial services companies have
focused a tremendous amount of time and
effort on improving the customer experience
in their branch and call center operations.
However, many of these same companies
have largely ignored one of their most impor-
tant customer touch points, the documents
and correspondence that they routinely
send. For many customers, their single most
consistent point of interaction with their
bank is written communication.
Therefore, it is critical that financial ser-
vices companies begin to look at their writ-
ten communications as ideal opportunities
for enhancing customer engagement. Every
item of correspondence should incorporate
customer knowledge to ensure that its con-
tent is highly personalized and relevant to
that customer.
Of course, we can clearly see a trend
away from paper-based communications.
Studies show that younger consumers tend
to prefer receiving information electronical-
ly, and this goes beyond email and a bank’s
website. Witness the rise of channels such
as mobile phones and social media sites like
Facebook. Consumers today are interacting
online with their brands more than ever, and
banks that rely on paper are quickly becom-
ing dinosaurs.
Beyond customer engagement, it is im-
portant to note that financial services firms
should aggressively embrace electronic
communications because of enormous
opportunities for cost savings. One of our
clients mails two billion pieces of print
communications, and the cost of printing,
postage and fulfillment is astronomical.
By simply transitioning a small percentage
of these to electronic channels, this client
hopes to save tens of millions annually.
Modern document composition solutions
such as Thunderhead NOW are designed
to help banks and other financial services
firms to produce highly personalized, multi-
channel customer communications, not just
for batch but also real-time needs.
Thunderhead NOW is a rules-based so-
lution that leverages web services to easily
integrate with existing sources of customer
information, like CRM systems. As a result,
every communication the bank produces
can incorporate comprehensive historical
knowledge and information. Thunderhead’s
XML design also means a bank can simplify
delivery of communications across virtually
any channel, paper or electronic. This can be
traditional email or PDF documents, as well
as text messages, RSS feeds or even auto-
mated voice mail output.
And, regardless of whether you are
producing routine communications, like
statements and notices, or one-off customer
correspondence, Thunderhead can help you
do it more easily and efficiently. Believe it or
not, you can get more personal with your cus-
tomers and save money at the same time. n
Getting personalLooking to better engage customers? Start with getting more personal in how you communicate. Increase the relevance of your communications, while embracing new media channels.
Christopher McLaughlin is the
SVP of Marketing and Business
Development at Thunderhead,
a leading enterprise customer
communications software
vendor. He has 15 years of
experience in the ECM market
as both a systems consultant
and software marketing
executive at FileNet. He can
be reached at cmclaughlin@
thunderhead.com
asK the eXpert
Christopher MCLaughLin
“For many customers, their
single most consistent point
of interaction with their bank is written
communication”
thunderhead.indd 104 29/1/09 09:03:25
Thunderhead.indd 1 28/1/09 08:22:11
After 25 years of ECM experience Doug Miles knows a thing or two about how our industry is changing. Here, he tells FST why ECM solutions are so important to today’s economic climate
IT’S NOT ENOUGH TO
MANAGE CONTENT
Organizations, both public and private, are operating in
an era where they are called upon to no longer simply
be ICT enabled, but ‘information management compli-
ant’ as well. The emphasis in these times is about being
able to handle the proliferation of information born as a
result of the increasing number of channels by which individuals and
businesses are able to communicate with each other.
At AIIM, we represent the information management community
as the global association for both users and suppliers of enterprise
content management (ECM) solutions. These are the strategies,
services and technologies that enable organizations to capture,
manage, store, preserve and deliver information to support business
processes, and are the key to successful performance. By staying in
control, organizations are able to maximise effi ciency, productivity
and business continuity. This isn’t easy – which is why AIIM exists.
The here and nowIn today’s markets, everybody in every offi ce, at every
desk, is using computer tools to complete their daily work.
Employees often need two or three different packages in the
106 www.usfst.com
INFORMATION MANAGEMENT
doug miles.indd 106 28/1/09 15:44:31
107 www.usfst.com
Doug Miles is UK Managing Director, AIIM Europe, and
has over 25 years’ experience of working with users and
vendors across a broad spectrum of IT applications.
He was an early pioneer of document management
systems for business and engineering applications
and has been involved in their evolution from technical
solution through business process optimisation to
the current corporate-level concerns of compliance,
continuity, collaboration and cost reduction. Doug
has also worked closely with other enterprise-level
IT systems such as ERP and CRM. He has an MSc in
Communications Engineering and is an MIET.
workplace, and when you occasionally come across terms like
‘typing pools’ you realize that in the past people didn’t gener-
ate their own documentation at all, but had secretaries to do it.
The changes in this process run parallel to ECM development.
What used to be people with fi ling cabinets along the walls and
secretarial assistants to run those fi ling systems, is now people
generating their own documents and fi ling them away in non-offi -
cial systems and against non-offi cial schemes. When I started on
computers, for example, you could only use an eight-character up-
percase fi le name to defi ne a fi le or a document. That’s now moved
on to long fi le names with folders and sub-folders, but we still have
this crazy concept of ‘My Documents’ which has no place in the
business world.
Ultimately, whether a business goal is to meet increasingly com-
plex regulatory requirements or to gain faster access to information,
planning is the key to any successful implementation. At AIIM we
have highlighted four cornerstones of ECM benefi ts – Compliance,
Continuity, Collaboration and Cost Reduction – and we understand
that, as a business makes progress through the project, the ECM
investment should build rewards for the organization, reduce day-
to-day costs, improve customer service and lower the all-too-real
risks of compliance infringement.
While many of the larger fi nancial organizations already under-
stand this and have been dealing with these issues for many years,
once you get down to the mid-market area you see that people actu-
ally look at these compliances as something they do in response to
a particular directive and not as something they should look at on a
day-to-day basis. That’s something that has to change.
What’s more, even the most tech-savvy company has to realize
that, at the end of the day, it’s still the people behind the technol-
ogy that really matter. And while CRM processes cover most of those
issues, banks and insurance companies need to understand the
importance of this and many are subsequently connecting their CRM
systems with their help desks and are now moving toward connect-
ing the document management side of the bank as well. Undeniably,
and especially in today’s unruly markets, organizations are having
to dramatically change their business models in very short periods
CORNERSTONES
Doug Miles explains the four cornerstones of ECM.
Compliance
This has been very much to the fore and very much a
strong driver in the fi nancial sector. With companies
being absorbed into other companies or having to
do joint mergers, you reach a point where the value
of a company is down to its information governance
as much as it is about fi nancial governance and
customer relationships.
Continuity
Being able to store things electronically provides
you with continuity and also helps with continuity
planning so that you can improve access. That offers
its own scenarios in terms of the fact that you can
also outsource offshore processes without needing to
set up physical transference.
Collaboration
This covers everything from shared project sites
through to Web 2.0 and enterprise 2.0, wikis and
blogs and so on. There is an issue there, and the
collaborations going on at the moment aren’t being
handed too well. There are repositories of documents
sitting around in sites that should be made available.
Cost reduction
This covers the obvious productivity benefi t of being
able to move documents through the business
process in a way that allows companies to monitor,
measure and improve the way the process is done.
of time. For example, if you’re merging the headquarters of two dif-
ferent fi nancial institutions, you have to make sure that all the pro-
cedures, processes, documentation, human resources and quality
schemes are made available to everybody involved in that merger.
You then have to quickly roll all of that out across the other busi-
nesses that you’ve acquired or that you’ve merged with, and that’s
a massive challenge.
Key featuresIn terms of fi nancial services environments, records manage-
ment is key for most organizations. They may be storing information
for the short-term or for the very long-term, but either way, what has
changed over the last few year is the fact that there is now a need for
a dialogue between records managers and IT managers. As it stands,
nobody is sure how you store away an electronic record and make
doug miles.indd 107 28/1/09 15:44:32
sure it’s accessible in 15 or 20 years’ time,
but what is clear is that if you are required to
pull some of that material back, or if a cus-
tomer demands to know what information
you hold on them, then trying to pull that out
of a paper system is always going to be hor-
rendously expensive and very, very slow.
In fact, it has almost becoming manda-
tory these days for anybody in those regula-
tory environments to provide solutions that
give organizations the ability to designate
records, store records and pull records back
in a fairly adept way at any point where they
might need to be audited.
Furthermore, anybody who currently
uses X-drives or file-shares to store their
documents rather than keeping them in a
proper ECM system, or anybody who is not
taking measures to store their emails in a
reasonably controlled repository are put-
ting themselves at big risk. As people start
to look at the collaboration benefits and
extend search portals to do things in their
business, then the reuse of knowledge and
the speed at which people can find infor-
mation and respond to data is going be so
much better.
Of course, it could be considered that
these functions will become part of the
operating system and I think we’re moving
to a scenario where content management
services will become more and more part
of the underlying infrastructure. Microsoft
knows that this is what people need to
have and that’s what the company’s Share
Point solution is aspiring towards. But I
think there will be a blurring of the divid-
ing line between what is an ECM overlay
and what is actually provided as a service
within the operating system.
Similarly, on a higher level, compa-
nies are looking to just have one business
process management tool across all de-
partments. They’re looking to standard-
ize their business around a set of tools
and then merge their processes on to
that system. So further down the market,
the sort of exposure that people will get
to these tools will decrease their cost and
it will become the role of ECM to ensure
that every person at every desk has a way
of knowing where to put their documents
– somewhere safe and somewhere acces-
sible in a controlled way. n
Doug Miles
“As it stands, nobody is sure how you store
away an electronic record and make sure it’s accessible in 15 or
20 years’ time”
doug miles.indd 108 28/1/09 15:44:33
Metatomix.indd 1 28/1/09 08:19:45
110 www.usfst.com
The writing is on the wall for static displays. James Bickers and David Drain explain that digital is future for financial institutions
The bank branch, much like any other place of business,
has undergone a radical shift in the past two decades.
For financial institutions, this shift comes at a pivotal
time. Many of the transactions that once required a trip
to the branch are now done from the home computer, and
online financial services providers are snapping at the
heels of large banks, offering attractive rates and terms.
As it has done with retail, digital signage allows banks and finan-
cial institutions to hone the in-store experience with a level of preci-
sion and visual appeal that has never before been possible. It is an
evolution that is in process, and one that will result in the total reinven-
tion of the bank branch.
One of the immediate benefits a digital signage network brings to a
business is the delivery of on-time content. Mike Abbott, vice president
of ADFLOW Networks, says the typical compliance rate for the timely
updating of in-branch POP materials is less than 50 percent. With digital
in-branch media, that instantly becomes 100 percent.
That compliance matters more than ever, as financial institutions
add more and more products and services to their menus. Plus, the in-
tangible nature of financial products means customers will benefit from
seeing their real-world value.
The end is nigh
Digital Signage Ed P.indd 110 28/1/09 15:51:36
111www.usfst.com
Financial institutions face the same dilemma. A passbook sav-
ings account used to be the only real place to stash some money
that needed to stay liquid. But now, a few clicks of the mouse
brings up an unlimited number of options, from hundreds of dif-
ferent providers. The only thing left to count on as a point of dif-
ferentiation is the emotional and physical experience the customer
has with his bank.
“The banking industry, like many others, is changing to adapt to
customers who are more fickle, smarter about what they want and
may not be as loyal,” says Abbott. “Banks have needed to respond by
creating in-branch environments that attract customers and create a
positive retail experience.”
A big part of that change is the physical environment. Douglas
calls it a ‘period of metamorphosis,’ as FIs move away from the
“The financial products provided by banks offer intangible ben-
efits that many times are better illustrated with dynamic pictures and
images than static numbers,” says David Little, director of marketing
for Keywest Technology. “Digital signage can provide meaningful il-
lustrations showing the results of intangible benefits, like the CD that
was cashed in paying off a daughter’s wedding, or the second mort-
gage that just put the children through college. Digital signage can
target rich media at the point patrons are thinking about financial de-
cisions, and that may be just the ticket to arouse need recognition.”
Consumers evidently need all the prodding they can get – in 2005,
the rate of personal savings in the United States was negative 0.5 per-
cent. That’s only the second time in history that the savings rate was
a red number. The other time? The Great Depression.
Clearly, consumers aren’t thinking enough about their financial
futures. Banks have an opportunity to change this, to the ben-
efit of both parties, but first they have to get their attention.
“Despite the advances in internet and phone banking, the
branch remains the No. 1 channel for building sales,” says Brian
Douglas, director of business development and marketing for
ScreenRed. “And banks are far from fully exploiting the value of
the physical channel. Today, only two of 100 branch visitors make
a purchase. The remaining 98 percent represents an enormous
prospect base that can be targeted through POS marketing.”
If all of this sounds a lot like the reasoning behind digital
signage at retail, there’s good reason. Today’s financial institu-
tions are becoming more and more like retail establishments
with every progressive branch re-design and every new flight
of product brochures.
“When it comes to in-branch POP, make no mistake – bank-
ers are indeed retailers,” Abbott confirms. “Many of the same
retail objectives exist for today’s bankers: basket size, conver-
sion rate, cross-selling and up-selling.”
Building a positive in-branch experienceOne of the major changes brought about by the growth of
the internet in modern culture has been the shift in the nature
of business value; specifically, there are many businesses that
once differentiated themselves based on service or availability,
and now do so chiefly on price instead.
Before the dawn of Amazon.com, a reader who wanted a
specific book was likely to visit his local bookstore. If it wasn’t
on the shelf, the bookseller would place a special order. The
result was a full-price sale, and at least two separate visits to
the store. But now that the shopper has literally thousands of
different options for buying any given book, he can look strictly
at hard numbers such as price and shipping date.
Why go Digital?
Brian Nutt, president of Captive Indoor Media, points to four specific reasons why FIs should consider using digital signage to communicate with both customers and employees.
1. TRAining “This is a critical component for banks and credit unions. Most
have several branches and many have dozens or even hundreds spread
across large geographic areas. Banking is also one of the most heavily
regulated industries and many of these complex regulations flow down to the
teller level, where turnover can be as high as 50 percent per year.”
2. CROss-seLLing “The cross-sell is at the core of a financial institution’s
success story. There is substantial research that shows the more products
a person purchases from a financial institution, the less likely that person
will leave for another bank. This is a critical issue, because the ability for
a bank or credit union to effectively execute the cross-sell often falls on
the tellers. Yet the tellers are usually underpaid, understaffed and have not
received an adequate amount of training.”
3. eXPeRienCe “Banking is a commoditized industry which has very few
differentiators outside of the brand experience. That experience starts when
the customer walks through the door and hopefully carries forward with
that person even after they leave the branch. It involves interaction with the
employees of the bank, traditional advertising outlets, the internet and the
interior and exterior of the branch. Digital signage offers the opportunity to
enhance the brand experience that customers receive each time they enter
the branch.”
4. dRiVe-ThRU “The drive-thru is often the most overlooked part of the
digital signage equation in a branch. Yet the statistics prove that it should
be one of the most carefully planned and executed. Our customers tell me
that between 40 and 60 percent of their customers use the drive-thru on
a regular basis. That’s a staggering number, when you again consider the
importance of the cross-sell.”
“Today, only two of 100 branch visitors make a purchase”
Digital Signage Ed P.indd 111 28/1/09 15:51:43
112 www.usfst.com
Just how much of an impact digital signage makes on perceived
wait times is up for debate, and so far the numbers are anecdotal – but
all have been positive. Douglas explains that ScreenRed’s research
shows perceived wait time is reduced by half when the digital signs
are on. Steve Harris of The Full Picture says that, in his experience,
wait-warping is “the primary reason banks and credit unions are in-
terested” in digital signage.
“Digital signage can have a big impact on reducing perceived
wait times, but what is most important is that the content has to be
effective,” says Michael Quartarone, director of business develop-
ment for ADFLOW Networks. “If the content is repetitive and boring,
then the customer will lose interest and may have a negative experi-
ence. Making sure the content loops are scheduled to play at the
busy times with content tailored to the right audience demographic
will not only reduce perceived wait times, it will have a positive
impact on customer satisfaction.” n
James Bickers is Editor of Retail Customer Experience Magazine and david drain is Executive Director of the Digital Signage Association.
traditional layout that employed a clear separation of staff
and customer.
“The present and certainly the future have more open en-
vironments where clients are made to feel more comfortable in
pleasant surroundings with soft colors, no barriers or partition
walls and an environment conducive to encouraging a good
relationship,” he said. “Technology is also a much more inte-
grated part of a bank today, with ATMs, telephone banking,
internet and even teller positions offering a more convenient
multichannel experience.”
Even so, he said FIs still struggle with stimulating discus-
sions with customers during their routine, errand-oriented
visits. Digital signage breaks through that struggle by deliver-
ing the desired message in a very convenient, easy-to remem-
ber fashion.
‘Effective digital signage is not CNN and a stock ticker run-
ning on a plasma TV,’ says Brian Ardinger, senior vice president
and chief marketing officer of Nanonation. “Unfortunately,
that’s what most banks are currently doing. Banks that are
taking advantage of the technology are using it to change the
customer experience – targeting information based on time of
day, location and demographics. Utilizing multimedia to tell
more effective stories, changing content more frequently with
greater consistency of service.”
entertainment and ‘wait-warping’Fewer things are more frustrating than waiting in line – which
is precisely why retailers have long stocked queuing areas with
magazines and quick-read books. And if you take a moment to
study the types of magazines placed there, you’ll see that the
titles aren’t chosen at random; not only are they the most attrac-
tive titles visually, but they also cut across all demographics (men,
women, children, etc.). It’s a simple fact of human nature that un-
pleasant tasks appear to go by more quickly when we are mentally
engaged. This perceived decrease in the amount of time spent
waiting, or “wait-warping,” can be exploited in the financial institution
with the judicious use of digital signage content.
“Americans are big media consumers,” says Bill Collins of Deci-
sionPoint Media. “One of the reasons that they pay attention to media
is that it passes the time. Radio passes the time during a long automo-
bile commute. Newspapers and books pass the time in airports and
on airplanes, and chatting on a mobile phone passes the time when
students walk across a campus. So, in a bank, viewing screen media
passes the time as people stand in line.”
“effective digital signage is not Cnn and a stock ticker running on a plasma TV”
the CheCklist
What to consider when implementing a digital signage solution
• Talk to the providers of your existing software. For every bit of mission-critical
software in your organization, get somebody on the phone and ask them about
whether it plays nice with digital signage. You may find that you’ve already got
unused functionality that can power screens; you may find that code will have
to be custom-written to make the connection. Create a list of all of these people
and companies, and make it available to everyone on the digital signage team.
• Find a digital signage provider you trust and want to work with. Ask to see
the provider’s existing work. Fly out to see what it has done for other banks.
Talk to its existing customers. Ask questions, kick tires.
• Get the creative team up to speed. Whether they are employees of the FI
or an outside agency, let the people responsible for your brand assets know
about the upcoming digital screen rollout. Ask them what concerns and
needs they have. Express to them two points that are paramount above all
else: The digital signage content must look great, as it is going to be shown
in hi-def. Also, the content must be 100 percent consistent with all other
brand materials while not directly copying them. Digital signage needs its
own content – under no circumstances can your creative team repurpose
television ads.
• Schedule a meeting with four parties present: your team, your IT people,
your creative people and your chosen digital signage provider. Rent a
conference room for a day and have lunch delivered. Give everybody a
turn, expressing what they need from everybody else to make this work.
Consider what resources in-house can be used and what is best outsourced
to industry leaders. Be realistic about your deployment plan. Consider a
“walk-before-you-run” strategy.
• Start picking out displays and wall mounts and other needed technology.
Please note that this is the last step in the process – not the first.
Digital Signage Ed P.indd 112 28/1/09 15:51:43
Signera.indd 89 28/1/09 08:41:44
114 www.usfst.com
stoRage issuesMaxim Samo details the challenges of overseeing two major data center projects for a prominent European bank during an economic downturn
DATA MANAGEMENT
SAMO ED P114-116.indd 114 28/1/09 16:24:53
115 www.usfst.com
The data center build project kicked off back in 2005, when
business was good and the economy was great. Everybody
was looking to expand data center capacity and space was
at a premium. So back at that time we decided to build a new
facility in the United States, a project build in two phases. The
fi rst phase is 4.5 megawatts of capacity and the second phase
is another 4.5 for a site that would be able to fi nally have nine megawatts
of capacity. July 2008 was our live date and we went live with about 2.2
megawatts of capacity. That was always the level we planned to start at, but
now we’ll wait a little longer before ramping up to full phase one capacity.
We didn’t put in the full mechanical and electrical, just because with the
downturn in the economy the demand for all that capacity is no longer as
high as we originally thought it would be.
That actually was one of the big challenges, the complete turn in the
economy. These data center projects are like huge ships, like the Titanic. You
can’t just turn them around from one second to the other. So we basically
had to go through the project and look at where we could defer as much cost
as possible given the new circumstances. Not fully build out the site, but
just kind of put things in where it makes sense. Despite the circumstances,
the project has been successful. It was on time and on budget and the busi-
nesses are happy. Since we have brought that site online we do have people
using it, especially in migrations
from rented colocation sites that we
had. We had to go into colocation
rentals back in 2005 because of the
capacity constraints. Now we have
migrations out of those very expen-
sive rental sites. If we bring them
onto our site now it’s a lot cheaper
for us in the long-term. While a lot
of companies are looking to out-
source things like data storage as
a way of cutting costs, we look at
things case-by-case. We’re actually
working on a study looking at when
we should we go into colocations and when we should build our own data
center? We’re building this for our own company at the lowest cost possible.
If you need a huge chunk of capacity and you know you’re going fi ll that site,
it actually makes sense for you to build it. However, things are different if
you just need a tactical space – for example, at the time we went into the
colocation agreement, we knew that this was going to be temporary. We
knew that once we had the new site we could actually move out of it.
Of course, if the business situation improves, we can quickly scale up
the center’s capacity. The way it is now we can easily scale it up to the full
phase one capacity of 4.5 megawatts. Once we see that we need to activate
phase two, that would obviously be another major undertaking.
Any project like this now has to take environmental concerns into ac-
count. We have something called the platform design committee. In there,
we look at energy effi ciency for our servers and other technologies. How-
ever, we also looked at effi ciency in our plant. We are using state of the art
units with variable speed fans and other features like that so you don’t have
a data center that uses a lot of energy for those servers in there. Even in the
process of construction, together with the general contractor we looked
“these data center projects are like huge ships, like the titanic. You can’t just totally turn them around from one second to the other”
SAMO ED P114-116.indd 115 28/1/09 16:25:02
116 www.usfst.com
at ensuring that resources were as local as possible. We tried to favor
regional traders for all the contracts so that people didn’t have to drive
across the country just to get to the job site.
Obviously we implemented heat exchanges that allow us to do free
cooling during winter. We have carpets made from recycled materials.
We even used recycled steel. Also we’re utilizing company credits from
the utility providers that we get for energy efficient design. Alongside
the environmental benefits we also have to ensure that these kind of
efforts are financially viable. Sometimes it’s hard to quantify. In addi-
tion to program managing these big constructions projects, I’m also the
global head of the data center design team. Something we’re looking at
is going into existing data centers and making the mechanical electrical
plant more efficient and trying to come up with energy savings in our
existing facilities.
The difficulty there is first of all you need a baseline, so you need
to know exactly how much power you’re already drawing. Especially
in buildings that you share with office areas, there’s quite an effort in-
volved in just getting that baseline right. But we are actually running a
pilot in Chicago where we have created our baseline. And what we did
then is we started to go into the raised floor and started to do all the best
practices for energy efficiency. So
we started to plug up all the holes
we had in our raised floor and made
sure we had blanket panels every-
where we could in the cabinets. We
also looked at the CRAC units, their
fan speeds, their humidification,
the sub-points and all that kind of
stuff. We essentially began to opti-
mize the whole system.
We actually managed to create
a business case and this is an initiative that we are looking into rolling
out globally. It’s very hard and you need to put a lot of effort into it. But
if you can correctly set a baseline, you can actually show that there is a
business case there. The trouble is that savings are hard to quantify.
They’re actually very difficult to see. For example, you might start
saving money on your utility bill, but at the same time you still have
people installing new equipment. So maybe even in your existing data
center you will use more energy because you have growing amounts of
equipment. So all your savings are basically gone because somebody
installed a new piece of equipment, and it’s using all that energy that
you just saved. That’s the difficulty. That’s the challenge here. But there
is a business case, even if in trying environments.
Room for improvementAfter the work over in the US I’m now back in Europe working
on the renovation of an existing data center. I believe the building is
somewhere between 15 and 20 years old, so it’s got into its old age.
It’s a shared office and data center. We decided to renovate it because
otherwise we’d have to spend a lot of money getting out of it and re-
locating elsewhere. The project is probably an even bigger challenge
than the new data center because this is open-heart surgery. We have
to replace the electrical system in an existing data center and be very
careful while we do it. You really don’t want to bring the center down
while you do that.
Fortunately we do have some extra space in the building avail-
able. So what we’re doing is building the new electrical plant within
the building while the old plant is running, and then there’s going to
be a switchover phase. That’s going to be the critical moment when
we switch over to the new electrical plant. Once we’ve done that we
can rip out the old electrical plant.
What I learned on the building operation in the US has been very
helpful in this new project. I’m originally a system administrator, and
then I started to work in the applications space so it was my first
real building project. First of all, it was a different culture, working
with different types people. But I did learn a lot. I learned a great
deal about how construction projects work, what the difficulties
are, how the accounting works, how project management works and
what general contractors do. All of that will be of use for me in the
renovation project.
We are still at a very early stage on this project and we’re planning
to have it completed by 2012. This will be happening despite the ongo-
ing economic crisis, though there will likely be some implications. It’s
not as if I have a top-down mandate where I’m told that I need to cut 10
percent of the budget. However, we are revisiting what we are doing.
We’re making sure that we’re not gold plating anything that doesn’t
need to be gold plated. There probably will be some sacrifices once
we actually get into the work. However, even in the difficult times,
now more than ever, stability is absolutely the key to the endeavor.
We cannot make any sacrifices where you would create a risk to the
company. We can’t do that. So operational stability is our number one
priority during this project. n
Maxim Samo is
Director of Information
Technology at a major
international bank.
He has more than a
decade’s experience in
the financial IT space.
PoweRing data: big numbeRs
Between 2000 and 2006 global data center power consumption doubled
Consumption is expected to rise by a further 40 percent by 2010
Data centers account for around 0.5 percent of global electricity production
The average data center consumes as much power as 25,000 households
It costs $5.6 million annually to power a 10,000m2 data center
“we’re looking at is going into existing data centers and making the mechanical electrical plant more efficient and trying to come up with energy savings in our existing facilities”
SAMO ED P114-116.indd 116 29/1/09 09:02:18
CGITech.indd 1 28/1/09 08:17:56
IN THEHOTSEAT
118 www.usfst.com
FST sits down with Liberty Mutual CIO Joanna Young to discussthe issues that are cooking up a storm in both the technology
and insurance space
IT INNOVATION
YOUNG:25JUNE 28/1/09 16:20 Page 118
119www.usfst.com
Since 1912, Massachusetts has been the home to insurance
giant Liberty Mutual. Today, Liberty is a Fortune 500
Company and America’s sixth largest P&C insurance com-
pany. The firm prides itself on its commitment to provide a
broad portfolio of insurance products and services that
meet the ever-changing demands of today’s modern con-
sumer. As the nation’s eighth-largest provider of auto andhome insurance,
the most recent entries into Liberty Mutual’s award cabinet include being
recognized for call center operation customer service excellence anda jump
of 12 places in Business Week’s ‘50 Best Places to Launch a Career’ list.
As Vice President and CIO for Corporate Information Systems and
Enterprise Services at Liberty Mutual, Joanna Young is responsible for all
corporate systemsat the firm.Her goal is to provide best value in this area,
aswell as best value shared services. “We’re very focusedonflexibility and
affordability, together with high quality,” she explains. “We’re also very fo-
cused on some acquisition activity that we have going on at the moment,
aswell as a number of consolidation activities to getmore efficiency out of
our application portfolio.”
Of course, Liberty Mutual is well known for being something of a con-
servative outfit, where there obviously has to be an enormous degree of
care taken in the things that are being implemented. This is especially in-
teresting given today’s unpredictable anderraticmarkets. “The thing is,we
don’t do technology for technology’s sake,” notes Young, “we do it for the
business’ sake.”
Nonetheless, Liberty has proven that it is a combination of this con-
servative approach and the leadership of innovative thinkers such asYoung
herself that has resulted in Liberty’s success. Here sheprovides insight into
why LibertyMutual is right at the top of its game.
ON THE CONCERNS SURROUNDING SPIRALLING IT COSTS
Idon’t think thatcostshavetospiral.Theway Iapproach it is this: Firstofall,whatare therightcon-
whowouldhave towalk tensofmiles to get home that evening.”
The followingweeks sawsimilar scenarios being playedout across the
city. People just pulled together and helped share each other’s burdens.
Darcy himself did emotional triage in the lobby of his building, helping
those employeeswho had lost loved ones into one-on-one or group coun-
seling. It was during this time that his essentially optimistic attitude to
humannaturewas confirmed. “I sawsomething that I’ve never seenbefore,
Keith Darcy tells FST editor Huw Thomas that the state of businessethics is inextricably linked to the current financial meltdown
DOTHERIGHT
THING?
KeithDarcy HRM RPT:feb08 28/1/09 16:36 Page 129
“If you had invested one dollar in the stockmarket in 1926 in a bread bas-
ket of stocks youwould have gotten 415 times yourmoney back by 1991.”
On the other hand, had you invested your money in the second best per-
forming companies in each sector, youwouldhavemade973 times your ini-
tial investment. Thatmight seem like a good return but, had you invested in
the top performing companies, you would have made a staggering 6300
timesyour stake.The factor that ties these industry leaders together? “At the
core, ineveryexample,wasavalues-basedcultureembedded in thoseorga-
nizations,”Darcy continues. “Clearly, ethics, valuesandprinciplesaligned to
a culture arewhat builds and sustains great organizations.”
This focus on culture continues to lead to success. Darcy points to a
couple of organizations that embody this fact, Southwest Airlines and the
retailer Nordstrom. “At Southwest Airlines, they know exactly the kind of
person that they want to take into the organization,” he explains. “In fact,
they have a provisional training program only at the end of which do you
find out if you’re a permanent hire.” The results of this attention to detail
are striking. The airline has a staff turnover of just eight percent compared
to a 22 percent industry average and is virtually the only carrier that has
consistently postedprofits, year on year, for decades. ForNordstromevery-
thing is constructedaround customer service. “Yougo intoNordstrom’s and
everybodywants to help you,” saysDarcy. “If one of the salespeople is not
as helpful as the rest think they should be, they’ll speak to that person.
Strong cultures self-regulate.”
The idea of self-regulation should not be underestimated, particularly
in our current climate. “What emerges in strong cultures is, rather than try-
ing to create a compliance based top model program which tells people
what they can and can’t do, people self-regulate the organization,” he con-
At the root of the problem is the approachmany organizations take to
ethics training, particularly in the financial sector. “When you look at the fi-
nancial sector as awhole, it is a heavily regulated one. Therefore, the train-
ing and the monitoring that tends to take place is very regulatory and
compliance focused,” Darcy continues. “What I think we’ve been missing
in the financial sector is attention to ethics.” But this doesn’t only apply to
the financial space. “It is incredibly important, not just to that sector, but to
all companies. There is such a profound lack of trust in our institutions and
in their leaders thatweneed to domuchmore to try and reassure all stake-
holders, employees, customers, investors, suppliers and even regulators
that we are going beyond just mere compliance.”
A common complaint of those resistant to ethics training and legisla-
tion is that an increased focus on doing the right thing could have a nega-
tive impact on profits. With more than three decades of experience in the
financial industry, it’s an attitude that Darcy is extremely familiar with.
“When I would talk about ethics, especially to people directly in theWall
Street community, I would typically get a response, ‘What do you want,
Darcy?Do youwant ethics or profits?’” he says. “Iwould always say, ‘I want
both. This is not an either/or proposition. I want the highest possible finan-
cial outcomes for our organizations at the highest possible standards.’
They’re not mutually exclusive.”
On the contrary, there is strong evidence that a good company culture
is a key differentiator for long-term success. Darcy references a 1994book,
Built To Last by Jim Collins and Jerry Porras, to illustrate the point. “They
studied 18 different sectors over a period from 1926 to 1991,” he explains.
130 www.usfst.com
Keith Darcy is Executive Director of the Ethics and
Compliance Officer Association, the largest association of
ethics and compliance professionals in the world with over
1400 members across six continents. Darcy spent over 30
years in the financial services industry, is a director of
E*Trade Bank, and teaches ethics and leadership at the
Wharton School, University of Pennsylvania.
HOLLYWOOD ENDINGLessons in ethics from the silver screenDarcy: Watch the Tom Hanks movie Castaway. It’s a two-
hour FedEx commercial. The plane is flying over the
Pacific. The plane goes down in a storm. Tom Hanks
grows a beard and long hair. Five years later,
somebody finds him. He gets a shave and a
haircut and what does he do at the end
of the movie? He delivers the
package. I always ask the question,
who does he deliver it to? Well, in fact,
the person wasn’t home, so he left the
note with the package, and the note said
simply, “Thank you. This package saved
my life.” Metaphorically, work gave him
meaning. It kept him alive. He even took a
volleyball, called him Wilson and drew a face
on it because he needed to personify
something. He understood that we do not exist
alone. We exist in relationship to other people. I
realize it’s fiction, but the implications are huge.
Everything we do is done with, by, for and through
people, and so ethics has to relate to that.
KeithDarcy HRM RPT:feb08 28/1/09 16:36 Page 130
tinues. “When you think about it in the larger context, there’s only one al-
ternative to self-regulation, and that’s more regulation.”
It nowseems clear that, particularly for the financial industry,more reg-
ulations are an inevitability. Darcy sees the roots of our current malaise in
the deregulation-fuelled boom of the nineties when the NASDAQ jumped
from453 in 1991 to a high of 5132 in 2000. “Unfortunately, not only didwe
get the growth that came from that, but the energy deregulation also gave
us Enron. The telecom deregulation gave usWorldCom, and we are today
paying the price for banking deregulation,” he says. “I’m a free market
economist by training, I would prefer to see themarketswork in a free sys-
tem. The argument is between idealogues who believe totally in the free
market system and those who have seen the failings of it. We need an ef-
fective balance between the two.”
But it won’t be easy. Despite Darcy’s professed faith in human nature,
nearly two decades of erosion in ethical standards will take some time to
repair. It seems the problem is at risk of moving outside the office and af-
fecting other areas of life. “I like to be anoptimist about the future,” he con-
firms. “My concern is data that says 54percent ofMBAstudents cheat their
way through their degree, that 52 percent of engineering andmasters stu-
dents do the same, where 48 percent of law students cheat their way
through their degree and55percent of high school students admit to cheat-
ing so they can get ahead. I am concerned that somewhere over time we
began to feel like people who were entitled to something, that we would-
n’t have to sacrifice for getting ahead, that somehow life was there to pick
from.With that kind of attitude comes a certain arrogance. I really do think
that we need tomake sure we understand the difference between accept-
able profits and greed, that we understand that there’s no substitute for
hard work and rolling up your sleeves to reach the next level.”
Asked for a prescription to reverse our ethical decline, Darcy can pro-
vide no quick fixes. He talks about the need to remember what people are
capable of achieving and how the positive human spirit must be given the
opportunity to growandexpress itself. On amore conventionally business-
focused level he outlines a requirement to get back to the basic fundamen-
tals: positive cash flow, quality products, good customer service, being
respectful of all stakeholders and rebuilding the trust that has been
broken. “There is amandate today,” he explains. “Companies have
to understand themeaning of trust and the importance of ethical
awareness in their organizations is a differentiator in the mar-
ketplace. It is a differentiator for building enduring great com-
panies. None of this is a six-month rollout. All of this is a
permanent commitment to the future. It’s ethics training.
It’s ethics awareness. It’s raising the consciousness of
people onunderstandingwhat’s the right thing to do
and building cultures therefore that will self-regu-
late over time.”
But even if all this hardwork is successful,
it will require constant vigilance for it to be
maintained.Thinkingback to the collective spirit that
hewitnessed following the attacks onNewYork, Darcy is clear
that such a feeling can evaporate as quickly as it appeared. “I remember
remarking about sixweeks after 9/11 to a group that I was speaking to,” he
recalls. “I said, ‘My biggest fear is that somedaywewill take thismoment,
leave it behind and go back to business as usual.’ Andwe did.” �
131www.usfst.com
FOLLOW THE LEADER
Looking up to a more ethical futureDarcy: We need moral leadership, people who will stand
up and bring voice and action to setting standards of
behavior and conduct. Where are the great moral
leaders today? I can think of two in my lifetime that
stand out. I’m sure there are many more examples, but
Dr. Martin Luther King Jr. was somebody who believed
in something and gave his life for it. And another one
that’s the most extraordinary example of leadership in
my lifetime is Nelson Mandela. He was willing to be put
to death and assumed he would be because the pain of
apartheid was greater than the pain of death. In fact, he
spends 27 years on Robben Island and somehow
emerges from that not only as a free man but becomes
president of the free republic of South Africa. He then
has the audacity to create a truth and reconciliation
commission saying, “We need to be able to tell the
truth in South Africa and forgive ourselves because
unless and until we do, we cannot take our seat at the
table of nations. So we’ve got to get to the truth of
what’s going on here.” It’s long been said that we’re
only as well as our deepest secrets. That is true of
families, it’s true of corporations and it’s true of
society. So we need to address the truth of what ails
us. And I do think at some level that we have to speak
to the moral fiber of this country and get us back to
the basics and the fundamentals that our founding
fathers lived by. When they signed the Declaration of
Independence, they said that they mutually pledged to
each other their lives, their fortunes and their sacred
honor. They were doing something enormously bold at
the risk of failure. They had no real sense that they
could succeed, but they did. But it was built on a
foundation of values. We need to get back to that.
We’ve got to get away from self-interest and promote
the common interest and the common good.
KeithDarcy HRM RPT:feb08 28/1/09 16:36 Page 131
NCR_DPS.indd 2 28/1/09 08:41:05
NCR_DPS.indd 3 28/1/09 08:41:10
134 www.usfst.com
134AwAy On Business
Rising sunOne of the key global centers of financial services, Tokyo is also a dazzling, neon-soaked city of the future. FST checks out what’s on offer once work is over
• Tokyo Disneyland was the first
Disney Park to be built outside of
the US and celebrated its 25th An-
niversary in April of 2008. Special
celebratory events will continue
into this year.
• As one of the most overcrowded
cities in the world, men known as
‘pushers’ are recruited to pack
people onto the city’s trains.
• In the 1920s the University of
Tokyo became one of the first
Imperial universities and houses
institutes for earthquake re-
search, cosmic ray research,
nuclear study, solid-state phys-
ics, applied microbiology, ocean
research and Asian culture.
AboutAlong with New York City and London, Tokyo is
one of three ‘command centers’ for the world
economy. Tokyo has the largest metropolitan
economy in the world and houses several head-
quarters of some of the world’s largest invest-
ment banks and insurance companies. It is also
the main hub for Japan’s transportation, pub-
lishing and broadcasting industries. 50 compa-
nies listed on the Global 500 are based in Tokyo,
almost twice that of the second-placed city.
Getting aroundA network of trains and subways
dominate the public transport
system in Tokyo, with buses, mono-
rails and trams playing a secondary
feeder role to the most extensive
urban rail network in the world. The
Yamanote Loop, which circles the
center of downtown Tokyo, carries
an estimated 3.5 million passen-
gers between its 29 stations every
day. By comparison, the New York
City Subway only carries 5.8 mil-
lion passengers per day across its
entire 26 lines.
From the airportNarita International Airport handles
the majority of international passen-
ger traffic to and from Japan, and is
also a major connecting point for air
traffic between Asia and the Ameri-
cas. Located just 60 kilometers from
downtown Tokyo, access to the city
center is recommended via rail ser-
vice. While taxis and buses are avail-
able, the trains provide a cheaper and
quicker option. The airport currently
has two rail connections, but a third
line is scheduled for 2010.
FAst FActs
AwayOnBusiness.indd 134 28/1/09 15:40:55
135www.usfst.com
Where to make the $The Tokyo Stock Exchange is the second largest in the world, outstripped only by New
York. At present, it lists 2271 domestic companies and 31 foreign companies, with a total
market capitalization of over $5 trillion.
Situated between Tokyo Station and the Tokyo Imperial Palace is Japan’s business
district, Marunouchi. Along with neighbouring Otemachi, this is home to many of Japan’s
largest companies, particularly those from the financial sector. Other business areas
include West Shinjuku, which houses the Metropolitan Government offices. With recent
tween the city center and Narita Airport, and the new Tokyo Big Sight complex in Tokyo
Bay have also made the city Japan’s major trade fair venue.
Where to spend the $Shibuya – a major shopping area in Tokyo – is a definite place to visit for anyone
interest in Japanese fashion, while Omotesando – a broad, tree-lined avenue
leading downhill from the southern end of the JR Harajuku station – shows the
other side to Harajuku fashion and is not only full of cafés and international
brand clothing boutiques, but also includes the up market Omotesando Hills.
This stylish center is full of the who’s who of world fashion brands including
Yves Saint Laurent, Dolce & Gabbana, Porsche Design, Dunhill, Jimmy Choo
and Adore. The center covers six floors and has a very fashionable interior
design. While Paris and Milan may be the center of world fashion design,
Omotesando is the center of world fashion consumption.
sleepFour Seasons Hotel Tokyo
Located in the Marunouchi central
business district, The Four Seasons
offers a striking, contemporary set-
ting, luxurious rooms, privacy and
exclusivity.
57 rooms available
Double rooms from $752
Keio Plaza Tokyo
Five blocks from Shinjuku Station
and across the street from the Tokyo
Metropolitan Government Building,
this hotel is located in the heart of the
city’s business and political center.
Over 1440 rooms
Japanese Tatami Suite from $1024
EatCasita
Carving its own niche by creating a
tropical atmosphere and a year-round
outdoor deck. Set dinners: $108
Higashiyama Gantan
An industrial-minimalist bar, with pri-
vate dining rooms. Popular with fash-
ionistas. Dinner for two: $90
AwayOnBusiness.indd 135 28/1/09 15:41:00
136 www.usfst.com
136Quote/unQuoteLooking backHindsight is a wonderful thing. While the credit crunch has proven itself to be erratic and unforgiving in its victims, these people really should’ve known better. Here are some of the worst predictions made since the crunch began
“I did express, at some point, my concern about the use of leverage and was politely told to mind my own business.”Former fund manager James O’Shaughnessy at Bear Stearns of his warning to bosses back in 2007.
“I expect there will be some failures but I don’t anticipate any serious problems of that sort among the large internationally active banks.”Nine months after this comment by Federal Reserve Chairman Ben Bernanke and Citigroup became the largest financial institution in US history to fail.
“Freddie Mac and Fannie Mae are fundamentally sound. I think they are in good shape going forward.”
House Financial Services Committee Chairman Barney Frank made this prediction in July 2008. Two months later the
government forced the mortgage giants into conservatorships.
“AIG could have huge gains in the second quarter of this year.”
Analyst Bijan Moazani’s may 2008 prediction was sadly proven very wrong indeed when AIG wound up losing $5 billion in that
quarter and $25 billiom in the next. It has since been taken over by the US Government.
Quotes.indd 136 28/1/09 16:11:25
137www.usfst.com
And now?So have we learnt anything from another 12 months of business in the shadow of the crunch? or are the same outlandish predictions being made for 2009? FST rounds up some of the best of this new Year’s opening gambits
“The financial and economic firestorm we face today poses a serious risk of an extended period of stagnation – a very grim outlook. Even with vigorous Fed action to restore credit flows, an extended period of economic weakness is likely.”Janet Yellen, president of San Francisco Federal Reserve Bank shows her concern.
“It took more than three years for the economy to recover from both the dot.com bust of 2000 and the stock market crash of 1929. So, in our view, hopes that the economy is going to recover as soon as mid-year are likely to be dashed in the coming months.”Merrill Lynch’s US economist David Rosenberg illustrates just how little faith is left.
“Clearly the situation is dire. It is deteriorating and it demands urgent and immediate action.”
It’s a grim outlook as far as European Central Bank President Jean-Claude Trichet is concerned, here speaking at the Bank for
International Settlements talks in January.
“Already the former heads of the Federal Reserve and the Bank of England, have held up their hands to admit
they didn’t understand the risk building up in the financial system. If those in the private sector are to defuse
public anger, they will have to do the same.”The Wall Street Journal think its about time the world’s bankers
learn to say sorry.
Quotes.indd 137 28/1/09 16:11:28
138 www.usfst.com
138FACE OFFChanging lanesWith the inauguration of the 44th American President now complete, many economists are hoping that Obama will bring change to the fi nancial markets. Here, FST looks at what two key players are saying about Obama’s new policies
Earlier this month, at a senate confi rmation hearing, Geithner
said that the Obama administration would unveil a three-
pronged strategy to aid fi nancial fi rms, struggling hom-
eowners and the consumer credit markets by using the remaining
$350 billion of the government’s fi nancial rescue program. “The
ultimate costs of this crisis will be greater if we do not act with
suffi cient strength now,” Geithner told the Senate Finance Com-
mittee. “In a crisis of this magnitude, the most prudent course is
the most forceful.” He promised that the Obama administration
would offer a “clear plan” but provided few specifi cs.
In his previous job as president of the New York Federal
Reserve Bank, Geithner had been a key participant in efforts to
prop up fi nancial markets. He added: “We’ve seen the costs, in
terms of uncertainty created by tentative signals not followed up
by clear actions.” He went on to say that the new administration
was reviewing a “broad range of proposals,” including the option
of setting up a government-run “bad bank” to take toxic assets
off banks’ books.
Geithner also faced tough questions about his role in devis-
ing federal bailouts for Wall Street’s biggest fi rms and his failure
to pay all of his taxes on time between 2001 and 2004. Geithner,
who settled his outstanding taxes only after he was nominated
to the Treasury post, said he signed his tax forms without read-
ing them carefully. “These were careless mistakes,” he admitted,
“they were avoidable mistakes, but they were unintentional.”
He concluded by apologizing to committee members for making
them spend time on his personal history when the nation faced
more pressing issues.
In a post-inauguration interview, Pelosi revealed that she
opposes – at least for now – the idea of Congress approving
another costly bailout for troubled banks. While she has spent
recent days lavishing praise on the new president – she called his
inaugural speech “wonderful” – she’s also said that she won’t
always defer to Obama on key policies.
In the interview, the San Francisco Democrat, who is arguably
the second most powerful person in Washington, sought to quell
expectations about how quickly Congress and President Obama
will address current problems, from a weak economy to an ailing
health care system. “We can’t fi x it all overnight,” she said, “but
we have to start to begin.”
Furthermore, Pelosi looked to downplay the policy rift, sug-
gesting that she and the President may end up on the same page.
“I don’t know that he’s made that decision,” she said, ”but it’s my
view that tax cuts for the wealthy are big contributors to the na-
tional debt.” As doubts continue to grow about the stability of US
markets and foreign banks in general – the United Kingdom have
just approved a new rescue plan for British banks, for example
– the House is already planning to vote on whether to approve
the second $350 billion. In addition there’s already talk that the
Obama administration may need to ask for even more money from
Congress to assure the stability of major banks.
However, Pelosi said she won’t talk about another bailout
package until the new administration shows it will make good use
of the second half of the current $700 billion fi nancial rescue fund.
“How this next money is spent will determine if more money will
be spent down the road,” she said.
Timothy GeithnerSecretary of the Treasury
Nancy PelosiSpeaker of the United States House of Representatives
FaceOff.indd 138 28/1/09 16:04:49
20,000 Challenges. One Industry.20,000 Executives. One Community.
But there’s more. Weekly interviews with industry leaders are webcast on the site’sdedicated channel. These are combined with live, moderated discussion groups,video conferencing, IM and secure e-mail in one easy-to-use app that’s dedicatedto financial services.
Join now: www.meettheboss.com
New York 8:50 a.m.John is upgrading some corebanking functions. He wants toknow how to ensure a smoothtransition, so he calls…
London 1:50 p.m. Dubai 4:50 p.m.Georgina, the turnaround expertwho’s moving on to a new project in Japan, where…
Tokyo 9:50 p.m.
MeettheBoss.com membership reads like a financial services industry who’s who. CEOs, CIOs and other senior executives fromthe leading institutions are just two clicks away.
If your network isn’t focused on your business, change it.
Paul, who has seen the benefitsof an upgrade and is now sharing project management tipswith…
Ringo has the local knowledge.But he’s also planning for tomorrow, and that’s all aboutcore banking…
Dedicated To Finance
MeettheBoss.com is simple, intuitive, unintrusive and secure. It’s also free to use. Membership restrictions apply.
MTB MAG AD:Layout 1 28/01/2009 15:59 Page 139
140 www.usfst.com
140IN REVIEWHot off the pressFST rounds up on some of this quarter’s best business books
Everything I Know About Business I Learned At McDonald’s By Paul Facella and Adina Genn
McDonald’s might not be the fi rst place fi nancial services would think to look for inspiration, but in
this insightful new book, Facella, a former senior McDonald’s executive, explains how this monu-
mental organization has one of the highest employee retention rates of any company, managing
to motivate staff in a fast-paced and potentially stressful environment, in which pay increases and
perks are not readily available as incentives.
FST says: Each chapter of Everything I Know About Business I Learned At McDonald’s features
one of seven leadership principles that drive business success, based on McDonald’s one-of-a-kind
leadership culture.
This simple guide clearly outlines Warren Buffett’s strategies in a way that will appeal to newcom-
ers and seasoned professionals alike. Inspired by the seminal work of Buffett’s mentor, Benjamin
Graham, this book presents Buffett’s interpretation of fi nancial statements with anecdotes and
quotes from the man himself.
FST says: Written both for the laymen and the serious investor, chapters begin with clear defi ni-
tions and explanations of what the master investor is looking for when he sits down to explore a
company’s fi nancial statement. This book is the perfect companion to other titles in the already
acclaimed Buffett series and is likely to become a classic in the world of investment books.
Warren Buffett And The Interpretation Of Financial StatementsBy Mary Buffett and David Clark
Today, people are doing more in the name of personal security than at any other time in history. But,
is it really making a difference? Are people really safer? In this challenging book, Schneier unveils
the reality behind current security practice in a collection of his most recent and important writings.
The collection features some of the most informative security issues and looks at the price people
pay when security fails.
FST says: Schneier on Security not only explores the digital aspects of this important issue, but
the behavioral side too. Topics include everything from identity theft, to the threat of unchecked
presidential power, to why some risks are overestimated and others underestimated. This is a book
for all IT and corporate professionals and those individuals with security concerns.
Schneier On SecurityBy Bruce Schneier
BookReview.indd 140 28/1/09 15:42:01
gal went on, it’s generally accepted that
many of our current problems spring from
certain companies and individuals oper-
ating at the very limits of acceptability.
Huge levels of toxic debt were racked
up, while essentially worthless financial
products were traded with wild abandon.
Since everything started falling apart, the
standard statement has been that no one
could have seen this coming. As explana-
tions go, it’s pretty weak. The average work-
er in the financial industry is no idiot, so the
idea that the credit crisis is one massive sur-
prise is pretty hard to swallow. If that’s the
case, then you have to accept that these
business strategies were pursued even
though the risks involved were understood
by those who were meant to be in charge.
Now put yourself in the position of an
employee who is facing the sack. Chances
are it’s not your fault that your company
is cutting back. The decisions that led to
this predicament were likely taken way
over your head. As the prospect of walk-
ing out of the front door with your posses-
sions in a cardboard box becomes ever
more likely, why wouldn’t you seek to give
yourself every possible advantage? After
all, many of the top people in the industry
have managed to hold onto their jobs dur-
ing this crisis. Even those that have
walked the plank have often done so with
a chunky payoff in their pockets. It hardly
seems fair.
Culture is something that has re-
cently taken on increasing importance in
the business world. A company’s culture
is often held up as a key differentiator in
a competitive market. But culture comes
from the top. If leaders bend the rules for
their own short-term gain, we shouldn’t
be too shocked when employees do so
as well. n
If you knew you were about to lose
your job, what would you do? It
seems that many would make the
pre-emptive move of grabbing all the
company data they can get their hands on
so that it won’t just be the severance
package they walk out with. A new survey
called The Global Recession and its Effect
on Work Ethics by IT Security firm
CyberArk suggests that a surprisingly
large number of employees are prepared
to break the rules in times of crisis.
The figures are striking, more than
half of the respondents, drawn from work-
ers in London, Amsterdam and New York,
admitted that they had already down-
loaded sensitive data that they planned to
use as a bargaining tool in their search for
a new job. Slightly surprisingly given their
reputation for being laid back, the Dutch
were the worst offenders. A staggering 71
percent of respondents in the Netherlands
admitted that they would do this if their
job was hanging in the balance.
But this willingness to bend the rules
also has some more positive impacts, at
least from a business perspective. About
one third of those polled said they would
accept 80-hour work weeks, if that was the
only way to keep their jobs. Around a quar-
ter would accept pay cuts rather than face
redundancy in such a harsh climate. All this
serves to demonstrate exactly how uneasy
workers feel about their current prospects.
Predictably though, it is the stats
about staff stealing data that will draw the
strongest reactions. But perhaps we
shouldn’t be so shocked by these revela-
tions. Desperate times call for desperate
measures and there is very little a human
being won’t do if it feels threatened. There’s
also the uncomfortable feeling that busi-
ness has to bear some responsibility for
this. The reason so many workers are cur-
rently living in fear of losing their jobs is be-
cause of a crisis brought on in large part by
irresponsible business practices. While few
are suggesting that anything outright ille-
OPINIONLeading by examplePerhaps we shouldn’t be so quick to judgeemployees who break the rulesBy Marianne Sorensen
141www.usfst.com
141
SORENSEN:dec08 28/01/2009 16:23 Page 141
142 www.usfst.com
142OPINIONThe onus on bonusAs we waved goodbye to one of the toughest calendar years our global economy has ever faced, many executives learnt that keeping their job was the only bonus they were going to get. FST’s Matt Buttell investigates why
Close up: A look at how two of America’s biggest banks are handling the bonus-crisis, as their CEOs join the ranks of leaders forgoing their year-end bonus.
In a memo to employees on Tuesday January 7 2009, CEO Ken
Lewis recommended the board not award 2008 bonuses to
himself and other senior executives.
“This was a diffi cult decision because we have worked hard and made progress on many projects that will create
value for our company in future years,” the memo, later obtained by Bloomberg News, read. “Nonetheless, we are a
pay-for-performance company.”
Other senior executives are likely to receive lower bonuses and Bank of America is expected to report
disappointing quarterly earnings later this month as the recession deepened late in 2008.
The fi rm did not pay 2008 bonuses to CEO John Mack – he also gave up his
bonus in 2007 – and his two top deputies. It also awarded restricted stock
bonuses worth less than $1 million to four other executives.
The company’s board also approved a change to Morgan Stanley’s pay system, which will let management recoup
payments if employees later turn out to have damaged or discredited the fi rm.
In 2007, end of year payouts on Wall Street were up 14 percent
compared to what they had been in 2006. Goldman Sachs,
Morgan Stanley, Lehman Brothers and Bear Stearns – then
the four largest investment fi rms on Wall Street – handed out
nearly $30 billion in bonuses. To put these kinds of earnings
into perspective, the entire budget for the city of New York,
employing a quarter of a million people, was only $59 billion
for fi scal year 2008. In other words, around Christmas time
2007, Wall Street bonuses alone far surpassed the combined
funds available for the city’s fi re and sanitation departments,
education, health, hospital, welfare, homeless, children’s and
social services for the whole of 2008.
What a difference 12 months makes
Governments across the globe have already injected billions
in an effort to bankroll our fi nancial institutions and there is
now a renewed focus on how these organizations are spending
their money – especially in relation to executive pay. After all,
it would surely have taken a lot of gall to have openly accepted
massive injections of public funds with one hand only to dole
out billions in executive bonuses with the other. Because of
this, many executives at top fi rms across the globe were either
choosing to (or being forced to) forgo their bonuses.
Take Goldman Sachs for example: despite being only one
of two US investments banks left standing through the crunch,
Goldman announced last December that its seven top execu-
tives had refused year-end bonuses. According to the fi rm, the
seven executives made this decision themselves because they
felt it was the right thing to do. Those involved, who, along
with CEO Lloyd Blankfein, included Presidents and Co-Chief
Operating Offi cers Jon Winkelried and Gary Cohn, Vice Chair-
men John Weinberg, J. Michael Evans and Michael Sherwood
and Chief Financial Offi cer David Viniar, all decided to receive
no cash bonuses, no stock and no options for 2008 – just
their salaries.
As well as this, Goldman also announced that it would
impose a major bonus pay cut to about 400 of the bank’s part-
ners after the company recorded its fi rst quarterly loss in the
space of 10 years. In fact in 2007, Goldman’s partners received
a staggering amount from between $5 million to $29 million
in bonus pay outs marking them as both Wall Street and Lon-
don’s highest paid partner executives.
Meanwhile, the CEO of Citigroup, Vikram Pandit, also
agreed not to receive his bonus as the company struggled to
MattsColumn.indd 142 28/1/09 15:50:12
143www.usfst.com
cope with the financial downturn, and Jamie Dimon, chief ex-
ecutive of JPMorgan Chase & Co, reportedly declined his share
of 2008 bonuses which would have amounted to a few million
dollars. Then John Thain at Merrill Lynch followed suit, citing
the acquisition of Merrill by Bank of America last September
15 – the same day Lehman Brothers went bankrupt – as his
main reason for forgoing his bonus.
Elsewhere, on the other side of the Atlantic, Swiss banking
group UBS was the first to announce that top executives would
forgo their year-end bonuses. The bank’s Chairman and Chief
Executive, as well as other members of the board, are now set
to only receive their fixed salaries this year. After UBS shares
slumped to a new all-time low last month, and with the Swiss
government stepping in to assist the ailing bank, it is not
overly surprising that such a decision has been made. What
is surprising though is UBS’s announcement that in 2009 they
will introduce a new compensation model that is set to bring
about a huge cultural shift within the company.
In this new model, while top management will still be eli-
gible to receive both variable cash compensation and variable
equity compensation, a large portion of this will be held in
escrow and will only be paid out if the results of UBS warrant
it. In other words, those who are rewarded will only be those
who deliver good results over several years, without assuming
unnecessary high risk.
From my seat, it seems that the greed of our financial in-
stitutions is finally catching up with them. Nine of the largest
financial institutions on Wall Street – Bank of America, Citi-
group, Bank of New York Mellon, JP Morgan, Merrill, Goldman,
Morgan Stanley, State Street and Wells Fargo – were also the
first nine to receive a combined $125 billion in capital from the
US Treasury Department.
Historically speaking, banks and financial related
companies are usually a generous lot when it comes to
bonus give-out. True enough, many of the bank staff will
find themselves working long and stressful hours: but more
often than not, there will be happy faces as the fiscal year
edges to an end. When it comes to earnings and profits,
banks make most money. And this means a super high year-
end bonus. Bonus payment can be as much as 10 times that
of a banker’s basic salary, or even more. Just clearly not
this year.
In honesty, it’s beginning to feel a little like we’re in a
Hollywood movie. In Oliver Stone’s 1987 smash Wall Street,
Michael Douglas’s character Gordon Gekko tells us ‘Greed
is good’. While on some level this still may be true, it seems
greed also has a tendency to come full circle on us – with
grossly negative implications.
Perhaps this point can be best illustrated by looking at
a speech recently made by Australian Prime Minister Kevin
Rudd. The speech, looking into the state of the global financial
crisis, was entitled ‘The Children of Gordon Gekko’, and in it,
Rudd stated, “It is perhaps time now to admit that we did not
learn the full lessons of the greed-is-good ideology. Today we
continue to clean up the mess of the 21st-century children of
Gordon Gekko.”
Rudd makes an illustrative point – albeit a melodra-
matic one. Just mentioning the words ‘banker’ and ‘bonus’
in the same sentence seems to trigger a political furor these
days. But he is right – no one can deny that we face a global
financial mess. And 2008, at least, showed that executive
bonuses were the first spillage of that mess to be cleaned up.
And as the clean up continues, many of us, I imagine, will be
happy to help scrub the floors. n
MattsColumn.indd 143 28/1/09 15:50:14
144 www.usfst.com
• 76 percent of respondents have imple-
mented some form of endpoint virtualization
technology;
• 31 percent said their organizations spend
at least 21 percent of IT resources managing
incompatibilities between applications on
endpoint devices;
• 36 percent said at least a quarter of their
entire 2009 IT budget is earmarked for end-
point virtualization initiatives.
W ith non-discretionary spending
at financial institutions already
representing a small percent-
age of overall IT budgets, CIOs are under
increased pressure to deliver improved
efficiencies with existing assets. Consol-
idation efforts and M&A activity that con-
tinue to reshape the financial landscape
combined with never before seen trans-
action volumes are challenging organiza-
tions to centrally manage resources and
reduce costs without compromising the
quality and speed of the services that
IT delivers. Endpoint virtualization has
gained a lot of attention within the finan-
cial services community because of its
promise to reduce the total cost of own-
ership (TCO) for enterprise endpoints
and improve employee productivity and
endpoint control.
IT departments are faced with the
challenge of greater complexity and ex-
ponential growth in the number of enter-
prise endpoints that must be supported.
The mobility of the workforce, outsourc-
ing initiatives, new delivery channels and
an increase in shared services are fueling
the rising costs associated with this vast
ocean of PCs, laptops and PDAs.
Endpoint virtualization de-couples
the information that matters from the
underlying systems and software that
deliver it. This makes computing for end-
users extremely portable and flexible,
helping IT to reduce costs and respond
to rapidly changing business needs
while centrally managing the endpoints
for improved control and security.
Symantec recently sponsored a
survey, conducted by Applied Research-
West, to gain insight into the uptake of
endpoint virtualization. Some of the
key findings include:
The information from the survey validates that
endpoint virtualization will play an important
role in how IT departments look to increase
user productivity while lowering IT costs.
In addition to reducing cost and complex-
ity, security, availability of information and
compliance with industry regulations are
among the top reasons institutions consider
endpoint virtualization. Preventing the loss
of sensitive corporate and customer data is
critical for any organization – and even more
so for financial institutions. Compliance with
regulations such as ID Theft Red Flags, GLBA
and PCI demands that today’s financial institu-
tions make investments and put processes in
place to keep customer data safe.
A recent study found that the average
cost of a data breech for financial institutions
is $239 per compromised record. This is 21
percent higher than in other industries. With
almost half of data breaches in 2007 due
to lost or stolen laptops or other mobile
devices, preventing data leakage at the
endpoint is a big challenge. Endpoint
virtualization can help solve the problem
by moving stored sensitive data off the
endpoint device and into the data center
where it can be more easily controlled
and effectively protected.
The Teachers Credit Union (TCU)
in South Bend, Indiana is great ex-
ample of how a financial institution can
implement an endpoint virtualization
strategy to more effectively manage
its software applications and empower
its employees to be more productive.
Looking to eliminate application con-
flicts, automate application deploy-
ments and improve support, TCU turned
to Altiris Client Management Suite and
Software Virtualization Solution (SVS).
Using SVS, The Credit Union is able to
run multiple versions of the same ap-
plication, saving hundreds of hours in
implementation time. It was also able to
complete its migration to Windows XP
under time and budget. Worker produc-
tivity at TCU has improved and support
costs are lower as the volume of IT help
desk calls has decreased. As a result,
TCU’s IT organization is able to do a lot
more in a lot less time.
With many IT projects being put on
hold or re-evaluated during this time of
economic downturn, endpoint virtualiza-
tion appears to be an area where IT de-
partments are still looking to invest. The
strong and immediate ROI is escalating
endpoint virtualization as a priority. It can
be argued that endpoint virtualization, if
it hasn’t already, will soon change the way
software is delivered and consumed. n
For more information please visit www.symantec.com
144Final Word
David Krauss is Senior Manager of Financial
Services at Symantec, where he assesses
business challenges in the financial services
industry and develops technology strategies
or solutions that enable financial institutions
to secure and manage their information-
driven enterprise against more risks at more
points, with greater efficiency, cost savings
and confidence
Endpoint virtualizationSymantec’s David Krauss offers a case for real ROI