FST US 10

www.usfst.com • Q1 2009

CitiSunken

From dominationto disintegration,is the financialsupermarket deadin the water?Page 26

BAPTISM OF FIRECredit Suisse CIO Karl Landerton his turbulent first monthsin the job Page 32

STAY ON TARGETHuntington Bancshares CIOZahid Afzal keeps his headin a crisis Page 86

THE FIFTY BILLIONDOLLAR MANHow Bernie Madoff almost pulled offthe biggest Ponzi scheme in historyPage 38

COVER FST 10 viz2:jan09 29/01/2009 10:54 Page 1

IBM_DPS.indd 2 28/1/09 08:39:00

IBM_DPS.indd 3 28/1/09 08:39:04

> CYBERSPACE FAST FACTS

735,200

30900

150,000

1 billion

1 in every 17 emails

2 million

1 in 105US $ 105 billion

2.5 billionNumber of emails filtered by MessageLabs every day

Estimated value of the online shadow economy

Ratio of emails containing malware

Estmated number of compromised computers within the Storm botnet

The ferocity of the forst global botnet, Sobig.F

Number of web requests scanned by MessageLabs each day

Number of targeted Trojans intercepted per day in Feb 2008

Average number of new strains of phishing attacks per day

Percentage of all email which is spam

Average number of email-borne malware interceptions per day in 2007

Average number of new strainsof email malware per day

DPS2.indd 32 28/1/09 08:40:22

>FURTHER INFORMATIONFor more information on MessageLabs, please contact:

MessageLabs, Inc Toll free 1-866-460-0000 or 1-646-519-8100

[email protected]

150,000

1 in every 17 emails

Estimated value of the online shadow economy

The ferocity of the forst global botnet, Sobig.F

Number of targeted Trojans intercepted per day in Feb 2008

Percentage of all email which is spam

DPS2.indd 33 28/1/09 08:40:26

CHoicePoint1.indd 1 28/1/09 08:18:11

FROM THE EDITORHe who pays the piperEverybody likes to get value for money. The US government is no exception.5

“The specific merger transaction clearly hasto be seen to have been a mistake. Thestockholders have not benefited, the employ-ees certainly have not benefited and I don’tthink the customers have benefited.”Ex-Citigroup CEO John Reed (page 26)

“We are not a service provider;we are an IT or-ganization of a financial services institution andweneed to understand our business.We needto be respected and accepted by our counter-parts and our colleagues in the business.”Credit Suisse CIO Karl Landert (page 32)

“It’s all about the people skills, processesskills and then most importantly, the busi-ness leadership skills that are a must.”Huntington Bancshares CIO Zahid Afzal (page 86)

Fall behind on your mortgage payments and your bank is liable to foreclose.

So, if you ask the government for $700 billion to stop your business going

under, you shouldn’t be too surprised if it wants a say in how you run it.

In recent years, whisper the word ‘nationalization’ onWall Street and you’d be

liable to give your audience an attack of the vapors. But desperate times call for

desperatemeasures. The simple fact is that the economy is frozen solid, and there

are scant signs of any thaw in the near future.With banks and other financial insti-

tutions reporting staggering losses, something clearly needs tobedone. Before this

year ends, the unthinkable could become a reality.

In certain respects, amajor financial organization is like a shark. Not, as some

might suggest, because it is an implacable predator that cares only about satisfy-

ing its appetites, but rather that if it stops swimming forwards, it will sink to thebot-

tom like a stone. The sheer size of a company like Bank of America or Citigroup,

means that if it isn’t growing its business it is effectively operating at a loss. As long

as the specter of nationalization hangs over themarket, shareholders aren’t going

tobepartingwith anymoremoney. The lessonof thenowgovernment-runNorthern

Rock in the UK is too fresh in their minds.

That doesn’t leave toomany options. Banks could try to attract foreignmoney,

but the idea of investors in the Middle East or Asia owning so much of the US fi-

nancial system is not altogether popular. In any case, the slowdown is inexorably

working its way around the globe, so these potential saviors may not be prepared

to splash the cash.

That leaves the government as the benefactor of last resort for failing banks. It

has already serveduphuge chunks of taxpayermoney, but still the industry falters.

How longuntil PresidentObama’s newadministration decides that the state cando

a better job than the private sector and forces itself into a position of more direct

control? Many analysts contend that it is now amatter of when rather than if.

But the implications of such an event are staggering. Even the US government

doesn’t have the financial clout to nationalize the entire banking system, so thebest

wewould get is a takeover only of those poorly performing banks that are deemed

too big to fail. This would effectively create a two-lane system where nationalized

institutionswouldbe forced to refocus their efforts onproviding fewer, simpler prod-

ucts to a principally US customer base. The banks that escape government inter-

vention would be free to innovate in amarket dramatically shorn of competition.

Ormaybenot.Whatever happenswith regard to nationalization, increased regu-

lation for theentire industry isacertainty. Freshcontrolsontransparency,accountability

and risk are coming and by accepting somuch help from government, the industry’s

power to resist its demands is virtually non-existent. Sooner or later, everyone has to

pay their debts. For the financial industry, that day is fast approaching.

HuwThomas

EDITORS NOTE FSTUS10:nov08 28/1/09 16:13 Page 5

OpenLink.indd 1 28/1/09 08:20:15

86

Interesting timesKarl Landert’s first fewmonths in

the job at Credit Suisse have coin-

cided with an unnaturally turbulent

period for the industry. How canwe

manage IT in an age of uncertainty?

Citi breaksAdecadeafter it changed thefinancial landscape,Citigroup is fallingapart. FST

editorHuwThomas traces thedeclineof abankinggiant

38

26

7CONTENTSFEATURES

Route causesHow do you navigate through the

toughest six months the industry

has faced in decades? For

Huntington Bancshares CIO Zahid

Afzal, it’s all about knowing where

you’re going

32

Over the hedge?Following last December’s

arrest ofBernie Madoff and

the discovery of history’s

largest Ponzi scheme, FST’s

Matt Buttell looks at how

its repercussions are likely

to reshape the industry for

years to come

CONTENTS fst:jan09 28/1/09 16:12 Page 7

64

42 Play your cards rightBuilding solid purchasing cardprograms re-

quires careful planning

46 LockdownThe so-called ‘rock star’of the security industry,

BruceSchneier, exclusively reveals his thoughts

regarding current security issues

52 Phish talesDavid Jevansdiscusses theglobalwar on

phishingduring thefinancial crisis

54 Going underTowerGroup’sBobbiBrittingdiscuseshowfinan-

cial institutes need to serve theunderbanked

market during the credit crisis

58 The road aheadHankFarrarand LaurenHargraves explain how

The Federal Reserve and The Clearing House

are creating value for banks and their corpo-

rate clients

8 CONTENTSSECURITY RISK & COMPLIANCE

60 No time to loseData loss is anoft overlooked issue that needs to

be tackled immediately, saysMichaelOsterman

64 Line of defenseChallengingmarkets are changing the rules of

the riskmanagement game, saysBankof

America’sNick Jayanetti

68 One small step, one giant leapDocurrentmarketsprovideopportunity for small-

erorganizations toshoot for themoon?

72 A broader focusJamesBeesonofGECommercial Finance talks to

FSTabout riskmanagement, technology ad-

vances andhow looking at theGE’s broader set-

up for inspirationhelpsprovide real ROI

76 Dangerous gamesWith its enthusiastic trade in credit default

swaps, thefinancial industry is playing adeadly

versionof pass theparcel, saysSunil

Poshakwale

82 Core transformation – evolution,revolution, or die?You’re either re-architectingor it’s too late, says

AdamBurns

INDUSTRY INSIGHT

50 Chris Fedde, SafeNet62 Ken Knowles, OpenLink94 Steve Stein, EED Inc

ASK THE EXPERT

48 Andy Jimenez, Anixter70 Debra Geister, LexisNexis100 Jack Halprin, Autonomy104 Christopher McLaughlin,Thunderhead

100

EXECUTIVE INTERVIEWS

80 Sanjay Beri, JuniperNetworks

144

Jack Halprin

David Krauss


Zantaz1.indd 1 28/1/09 08:23:09

10 CONTENTSBUSINESS STRATEGIES

90 On the lookoutE-discovery solutions offer better efficiency

and can help reduce IT costs, say Jeffrey Hill

and Andrew Stamer

96 The law of the landIn a global economy, e-discovery is far from a

purely technical issue. Alison Brecher untan-

gles the legal complexities

102 What’s the color of money?Bank of America’sRobert Kee explains that

going green makes sense for the business as

well as the environment

106 It’s not enough to manage contentDougMiles knows a thing or two about how

the ECM industry is changing

110 The end is nighThe age of the static display is over. James

Bickers andDavid Drain explain that digital is

future for financial institutions

114 Storage issuesMaxim Samo details the challenges of manag-

ing not one, but two major data center projects

during an economic downturn

118 In the hot seatFST sits down with Liberty Mutual CIO Joanna

Young to discuss current issues that are cook-

ing up a storm in both the technology and in-

surance space

122 The bigger pictureIt’s not just pricing optimization, it's business

optimization, says TomSchwartz

124 Take one for the teamJohn Lee talks to exclusively to FST and about

the challenges inherent in IT today and the real

importance of cross-functional teamwork

128 Do the right thing?Keith Darcy tells HuwThomas that the state of

business ethics is inextricably linked to the cur-

rent financial meltdown

124

IN THE BACK134 Away on business 136 Quote/Unquote 138 Face off140 In review 141 Leading by example 142 The onus on bonus144 Final Word: David Krauss, Symantec

134


Anixter1.indd 1 28/1/09 08:16:53

Chairman/Publisher SPENCER GREEN

CEO/Publisher JAMES CRAVEN

Director of Projects ADAM BURNS

Editorial Director HARLAN DAVIS

Editor HUW THOMAS

Managing Editor BEN THOMPSON

Associate Editor MATTHEW BUTTELL

Deputy Editors NATALIE BRANDWEINER, REBECCA GOOZEE,

DIANA MILNE, JULIAN ROGERS, MARIE SHIELDS

Creative Director ANDREW HOBSON

Design Directors ZÖE BRAZIL, SARAH WILMOTT

Associate Design Directors MICHAEL HALL, CRYSTAL MATHER,

CLIFF NEWMAN

Assistant Designer ÉLISE GILBERT

Online Director JAMES WEST

Online Editor JANA GRUNE

Project DIrector HEATHER C. BRIDEN

Sales Executives CAITLIN M. DOHERTY, DANIEL, REINHOLD-SHOR, JONATHAN

MALAVE, STEFANI SEALS

Finance Director JAMIE CANTILLON

Head of Production and Events ROBERT SIMMS

Production Coordinators HANNAH DRIVER, HANNAH DUFFIE, JULIA FENTON

Director of Business Development RICHARD OWEN

Operations Director JASON GREEN

Operations Manager PHILIPPA LUDIN

Subscription Enquiries +44 117 9214000. www.usfst.com

General Enquiries [email protected] (Please put the magazine name in the subject line)

Letters to the Editor [email protected]

Financial Solutions Technology33 Whitehall Street, 14th Floor, New York NY 10004, USA.

Tel: +1 212 920 8181. Fax: +1 212 796 7010.E-mail: [email protected]

Legal InformationThe advertising and articles appearing within this publication reflect the opinions and

attitudes of their respective authors and not necessarily those of the publisher or editors. Weare not to be held accountable for unsolicited manuscripts, transparencies or photographs. All

material within this magazine is ©2009 FST .

GDS InternationalGDS Publishing, Queen Square House, 18-21 QueenSquare, Bristol BS1 4NH.

+44 117 9214000. [email protected]

Find Out MoreContact FST at +44 (0) 292 066 3626

www.fstsummit.com

15-17 April 2009 The Lansdowne Resort,Virginia, USA

The Financial Services Technology Summit is athree-day critical information gathering ofC-level technology executives from the

financial services industry.

A Controlled, Professional & Focused Environment

FST ’09 is an opportunity to debate, benchmark and learnfrom other leaders. FST ’09 is a C-level event reserved for75 participants that includes expert workshops, facilitatedroundtables, peer-to-peer networking, and coordinated

technology meetings.

A Proven FormatThis inspired and professional format has been used byover 100 CIOs and CTOs as a rewarding platform for

discussion and learning.

“This event continues to be one of the most worthy of thetime and expense expenditure for the development of

networks and an overview of what is on the minds of otherfinancial services companies.” Robert Kee, Bank of

America

“The organisation was excellent with easy transition fromprivate meeting to workshops. Quality of participants wasoutstanding.” Thomas Butler, Anglo Romanian Bank

CREDITS FST10:jan09 28/01/2009 15:40 Page 12

LRN.indd 1 28/1/09 08:19:26

14 www.usfst.com

14UPFRONTP16 From the vaultP18 Issue in numbersP20 Top 10P22 The five-minute execP24 Company index

January20 sawBarackObamasworn in as

the first African-American president in US

history.Inhisinauguraladdress,labelledby

someas “a speechushering in anObama

Era,”thenewpresidentmadeacool-headedandob-

jective analysis of the US’s current situation and

stressedhis“neweconomicpolicy.”

Thepresident called for “boldandswift”action

ontheeconomy,“notonlytocreatenewjobs,butalso

tolayanewfoundationforgrowth”.Obamaalsosaid

hewould takeapragmatic stanceon theeconomy.

Theonlyrightthingtodo,hewentontosay,istoexert

thegreatmarketpowerofmakingwealthwhilelearn-

ing lessonsfromthecurrentfinancialcrisis.

“The success of our economyhas always de-

pended not just on the size of our gross domestic

product, buton the reachofourprosperity;onour

ability toextendopportunity toeverywillingheart,”

saidObama.

Since his inauguration analysts have been

commentinghowthespeechsetthetoneforhis fu-

ture policies, however, what determines the suc-

cessor failureofObama’sadministrationwillbehis

performance in office, especially during the first

A NEW ERA

UPFRONT FST US10:12june 28/1/09 16:40 Page 14

15www.usfst.com

months.History indicatesthatanewpresident’spop-

ularity andpower to overcomeopposition is usually

at its peak during his first threemonths in office. As

anAmericanBroadcastingCompany(ABC)Newspoll

showed, up to 80 percent of Americans have ex-

pressedconfidence inObama,while71percentback

thepresident’snewpolicies.

While only time will be the true indicator of

whether President Obama can save America

from this mess, all eyes are currently fixed on

both the White House and, more significantly,

it’s newest occupant.

DATA PROTECTION & PRIVACYEMERGES AS NEW TOP RISK AREA

might prove critical in investigations.

Increased concern about electronic data

risk is the result of the growing amount of elec-

tronic data being generated across organiza-

tions, combined with new, more stringent

regulations and requirements regarding the

management and security of data. Global busi-

nesses have long had to protect their trade se-

crets, customer data and employee records,

but now they must also comply with the

eDiscovery Rule andnewdata privacy laws and

regulations imposed by European govern-

ments. Germany, for example, has instituted

specific new laws on data protection that go

beyond existing EU data protection laws, and

in the US 47 states have ratified separate data

privacy laws protecting individuals from fraud

andmalicious use of their data.

For more information and to learn more about the research anddownload the report, please visithttp://www.lrn.com/RiskManagement/form.php

Increased global competition, economic

downturn and tighter regulation has

broughtgreaterpressureonbusinessand

with it, greater risk. Both companies and

governments worldwide have had to make

adjustments to cope with these changes in

the business climate. Enterprises worldwide

now cite electronic data protection and data

privacy as their top two business ethics and

corporate compliance risks, according to

LRN’s 2008 LRN Ethics and Compliance Risk

Management Practices Report.

Compliance with these electronic data

protection andprivacy laws is nowmore com-

plex and has migrated beyond traditional IT

functions. Companies doing business in the

UShavehadtorespondto theneweDiscovery

rule that went into effect in 2007, requiring

them to account for andmaintain all their in-

ternal electronic records including emails, in-

stantmessagesandelectronicdocuments that

NUMBERCRUNCHING

volunteers providedsupport for the inaugural

activities

18,000

metro train rides taken onJanuary 20th, setting a newrecord for one-day ridership

1,120,000

participants marched inthe Inaugural Parade

13,000

jumbo screens on theNational Mall broadcasted

inaugural events

10

At the endof January,world leaders,

economic advisors and business

executives convened in Davos,

Switzerland to focus on the global

financial crisis at the annualWorld Economic

Forum.

Klaus Schwab, Founder and Chairman

of the Forum, said this financial crisis is un-

precedented in scope. He said it should be

seen as a wake-up call to reform global in-

stitutions, systems and ways of thinking.

This year a record 41 heads of state andgov-

TO STABILITY, AND BEYONDernment attended the Forum, including

Chinese Premier Wen Jiabao, Russian Prime

MinisterVladimir Putin, and thePrimeMinister

of Kenya, Raila Odinga.

Members ofObama's administrationwere

also in attendance, including US National

Security Adviser General James Jones.

In all, more than 2500 participants from

96 countries convened in the small Alpine vil-

lage from January 28 to February 1. Their main

objective: to search for ways to stabilize and

re-launch the global economy.

members of America’spolice departments providedsecurity on Inauguration Day

8000Top Ethics and Compliance Risks


16 www.usfst.com

FROM THE VAULTQ2 2008

Chris Perretta, CIO at State Street Banking Corp16Back in issue eight of FST we spoke exclusively to Chris Perretta, CIO at State StreetBanking Corp. At the time, State Street had just posted a record-breaking $2.6 billionprofit for the first quarter of 2008. “We believe that we can deliver things quantitative-ly faster with new technologies and really increase the quality of the delivery for thecustomer,” he told us. “We are really making a lot of effort in developing our personnelhere and building bridges around the world to have a single dialogue about technologyand architecture across the industry. It’s key to our efforts going forward.”

To read the article in full, access an entire archive of past issues, and subscribe to the magazine, please

visitwww.usfst.com

FSTUS: issue eight

IS THEBAILOUTONTRACK?

As part of the $700 billion

TroubledAsset Relief Program,

literally hundreds of banks –

alongwithahandfulof insurers

and automakers –have applied for funds

from theTreasuryDepartment. Here, we

review which banks got what out of the

first$350billion

The amounts shown are in millions

and are from the first $350 billion of the

available funds. Alsoshown is thebanks’

Texas Ratio – a measure of the bank’s

credittroubles,theTexasRatioisa

ratioofeachbank'snonperform-

ingloanstocashonhand.

1

43

65

87

109

2Citgroup

Bank of America

JPMorgan Chase

Wells Fargo

Goldman Sachs Group

Morgan Stanley

PNC FinancialServices Group

US Bancorp

SunTrust Banks

Capital One Financial

$50,000m

$25,000m

$25,000m

$25,000m

$10,000m

$10,000m

$7579m

$6599m

$4850m

$3555m

15.4*

15.4*

8.3*

14.0*

N/A*

N/A*

15.1*

9.9*

32.3*

5.1*

*Texas RatioSource: New York Times


17www.usfst.com

CRISIS OFCONFIDENCE

Only 21 percent of Chief

Executives are currently showing

confidence that their business

will grow–down from50percent

a year ago – as business confidence of top

bosses around theworld hasplummeted in

recent months. The poll, commissioned by

PricewaterhouseCoopers (PwC), also

shows that company chiefs believe any re-

covery there iswill be slowand takeat least

three years.

SamuelDiPiazza,GlobalChiefExecutive

of PwC, said in a statement that the “speed

and intensityof the recessionhas rocked the

psyches of CEOs and created a global crisis

of confidence”.

Meanwhile business leaders in Brazil,

Russia, India and Chinawhohadbeen pret-

ty bullish about their economics prospects

at the start of 2008, they are now nearly as

concernedas their colleagues inEuropeand

NorthAmerica.The report’s authors call this

the ‘downside of globalization’, where a cri-

sis that began in the United States has now

infected all theworld’smajor economies.

Real signs of recoverywill take at least

That’s down from

in 2008

Only

of executives haveconfidence in business

growth for 2009

21%

3 years

50%

anybodyelsebut the FDIC.That’swhat the FDIC

does, it takesbadassetsoutofbanksandman-

agesandsells them.”

Thebadbank initiativemayalso allow the

government to rewrite someof themortgages

that underpin banks’ bad

debt, in the hopes of stem-

ming a crisis that has stripped

more than 1.3 million

Americans of their homes.

Some lenders may be taken

over by regulators as the gov-

ernment seeks to provide a

shield to taxpayers.

Still, nationalization of a

portion of the banking industry is unlikely,

with Barney Frank, House Financial Services

Chairman, recently commenting that the

government should not take over all the

banks, and Bair herself having previously

stated that she would be ‘very surprised’ if

that happened.

Meanwhile, Obama is under in-

creasing pressure to drastically

revamp the $700 billion

Troubled Asset Relief Program

for the ailing industry. While

setting up a bank to buy un-

derwater assets is emerging as

a favored option, it could drive

up the cost of the rescue to in ex-

cess of $1 trillion.

THE GOOD, THE BAD AND THE FDIC

Federal Deposit Insurance Corp

(FDIC) Chairman, Sheila Bair, is

pushing to run the so-called ‘bad

bank’ that the Obama administra-

tion is likely to set up. The bad bank would

buy the toxic assets clog-

ging banks’ balance sheets

and Bair is arguing that her

agency has the expertise

and could help finance the

effort by issuing bonds

guaranteed by the FDIC.

President Obama’s

teammayannouncetheout-

lines of its financial-rescue

planasearlyasFebruary,anadministrationof-

ficial has said. JohnDouglas, a former general

counsel at the agencywhonow is a partner at

Paul,Hastings, Janofsky&Walker,a lawfirmin

Atlantasaid,“Itdoesn’tmakesensetogivethe

authority to

WRITE DOWNS A recent Bloomberg report highlighted somethought-provoking statistics regarding the shrinkingmarket value of some of the world’s biggest banks

$228

$33

$255

$15

$156

$68

$215

$82

HSBC JPMorgan Citigroup Bank of AmericaSource: Bloomberg

Market Value as of January 20th 2009in billionsMarket Value as of Q2 2007 in billions

Obama isunderincreasingpresure todrastically revampthe

TroubledAssetReliefProgram

$700Bn


18 www.usfst.com

The average costs oflegal discovery is

around $130,000 ande-discovery solutions

can save

of these expenses (p90)29%

American consumershave replaced about

computers over thepast two years becauseof online threats (p46)

2.1million

On the 15 january 2008,Citgroup announced

inwritedowns (p26)

Bernie Madoff arrested with liabilitiesof approximately

(p38)$50 billion

$18.1billionMore than 100 million individ-uals in the US are considered un-

banked, underbanked orcredit underserved (p54)

ISSUEIN NUM8ERS

Achallengingaspectof informationtechnologyhasalwaysbeento

introduce new technology environments into the business.

Mission critical enterprise applications have become genuine

businessassetsthat theenterprisecannotdowithout,evenfora

shortperiodoftime.Yet, thebusinessesareconstantlypressurizedtomove

tonewer, lowercostandmoreagile ITenvironments.

Job scheduling is one of themission critical enterprise applications

that fits theabovepicture.Manyenterprisesadopted solutions longago,

but legacy scheduling solutions suffer from several drawbacks in today’s

ITlandscape.Theseincludelackofsupport for today’smission-criticalbusi-

nessapplications,higheroutage risks; limited functionality leading to the

need for customextensions; excessivemaintenance and training costs;

poorusability, leadingto lowerproductivity. Studieshaveshownthatmov-

ing toamodern scheduling solution caneasea lot of these issuesaswell

asprovideanextremely favorableROI ina shortperiodof time.

Modern scheduling platforms like Tidal Enterprise Scheduler pro-

videadvancedschedulingcapabilities, enhancedserviceavailability and

jobmonitoring capabilities, greaterease-of-useand integrationcapabil-

ities,while reducingmaintenance and training costs and improving em-

ployee productivity. Tidal Enterprise Scheduler provides scheduling

capabilities forERPapplications (SAP,Oracle,PeopleSoft, JDEdwards,

Lawson),Business Intelligenceapplications (SAPBW, Informatica,

Business Objects, Cognos, Hyperion), Databases (Oracle,

MSSQL), File & Storage (FTP/SFTP/FTPS, Veritas, Tivoli

Storage Manager, Backup Exec), SOA (Web

Services, JMX, JMS),andVirtualization (VMWare,

HyperV). Inaddition, it caneasily integrate into

mostmanagement frameworks.

To learn more about the ROI you can get by modernizingyour legacy scheduling solution, read Tidal Software’s ROI

Case Studies at http://www.tidalsoftware.com/r/roi

In what looks like a worrying start to 2009, January has already

seen two US banks fail. Regulators shut down two small US

banks earlier in themonth, marking a disappointing start to the

year. Bank of Clark County, Vancouver, Washington, with ap-

proximately $446.5million in assets and approximately $366.5mil-

lion in deposits was closed, with Oregon-based Umpqua Bank

agreeing to assume its non-brokered insured deposits.

Meanwhile, National Bank of Commerce in Illinois, with ap-

proximately $430.9 million in total assets and $402.1 million in

total deposits, was closed. In addition to assuming all of the failed

bank’s deposits, Republic Bank of Chicago, also based in Illinois,

agreed to pay a discount of $44.9 million, and will purchase ap-

proximately $366.6 million of assets. The FDIC will retain the re-

maining assets for later disposition.

YET MORE CASUALTIES

ROI STUDIES SHOW BENEFITSOF MODERNIZING SCHEDULING


Tidal.indd 1 28/1/09 08:22:24

20 www.usfst.com

TOP 10

1

43

65

87

9

2Argentine Economic Crisis (1999-2002)In 1999,Argentina entered a three-year recession. Investors ran on banks for dollars,which theythen sent abroad for safety. In response, the government froze bank accounts. Citizens protest-ed and destroyed property and fatalities ensued. In 2001, the government collapsed.

Russian Financial Crisis (1998)In August 1998, Russia’s markets collapsed. Investors, fearing a devaluation of the ruble and adebt default, panicked, leaving the market with a 65 percent drop in one day. As a result, sever-al major banks closed, and inflation increased.

1997 Asian Financial Crisis (1997-1999)Policies leading to large amounts of credit pushed up asset prices, which then collapsed, lead-ing to massive debt defaults. International investors panicked and withdrew credit. To keep theregion attractive to foreign investors, ASEAN governments jacked up interest rates and boughtup excess domestic money using foreign reserves.

The Dotcom Bubble (1995-2000)When early dotcoms’ stock values shot skyward, venture capitalists jumped aboard en masseto finance internet startups. Dotcoms burned through their money, positive it would come back.But in 2000, the NASDAQ began to trend downward.

The Japanese Asset Price Bubble (1986-1990)Rather than a dramatic crash, Japanese real estate and stock values decreased slowly, leadingto Japan’s ‘lost decade’. People started investing outside of the country and companies lost someof their international competitive advantage.

US Wall Street Crash (1929)In the late 1920s, hundreds of investors contributed to a speculative bubble in the stockmarket.Manywent into debt to purchase stock, resulting inmore than $8.5 billion in debt throughout thenation – more money than was in circulation at the time.

Tulip Mania (1637)In order to secure new varieties of tulips, a market developed in the Netherlands around theirtrade where futures contracts were signed. Professional growers were willing to pay more andmore for flowers and some tulips were more valuable than peoples’ annual wages.

The UK’s Northern Rock Bailout (2007)When global liquidity dried up, Northern Rock couldn’t cover its money market borrowings. Itasked the Bank of England for money in 2007, at which point theTripartiteAuthority gave it emer-gency financial support.

United States Savings and Loan Crisis (1980s-90s)Old, incompetent policieswere behind themess as the government chose S&L’s, traditionally fund-ed by short-termdeposits, to finance long-term,fixed-ratemortgages resulting in amassive crash.

Swedish Financial Crisis (1990-1994)In 1985, Sweden deregulated its credit market, leading to a commercial property speculationbubble. But the bubble burst, leaving 90 percent of the banking sector with massive losses, in-cluding all of Sweden’s largest banks.

20

10

With global economies now experiencing recessionary conditions wedecided to take a look at some of history’s other dramatic financialcrises


21www.usfst.com

MERGER AHEAD

State Street has been back in the news

again this month with reports that the

firm’sshareprice fell back60percenton

thenewsthatitsunrealizedlossesonas-

setshad increased to$9.1bnasatDecember30th

2008.SpeculationisnowmountingthatStateStreet

mayneedfurtheraccesstotheTroubledAssetRelief

Program,andrumorsaboundthat the timemaybe

right for Goldman Sachs tomake amove and ac-

quirethefirm.

In addition to this, Reuters has reported that

French traders are now touting the rumor that

SociétéGénérale andCredit Agricolemaywell de-

cide tomerge their assetmanagement units, say-

ing that a deal could lead to some important

synergies.‘Thebankingsectorissoweakenedright

now that anything that canmakeabank stronger

hasacompellinglogicbehindit’,thereportclaimed.

Meanwhile, Bloomberg reports that Bank of

AmericaCEOKenLewis andfive fellowfirmdirec-

torshavebeenbuyingthebank’sstockand,overat

JPMorganChase, CEO JamieDimonhasalsobeen

investing inhisfirm.

Finally,theWallStreetJournalreportsthatFitch

RatingshasputCreditSuisseonwatchforadown-

grade,asthefirmmayfacefurtherpressuresdueto

itsexposuretoinvestmentbankingwhilefundman-

agerBlackRockhaspostedan84percent fall in its

fourth-quarterearnings.

States Street’sshare price fell back

After unrealized losses onassets increased to

60%

Meanwhile, BlackRockhas posted an

fall in its fourth-quarterearnings

84%

$9.1bn

A CHANGE OF DIRECTION

On January 28th Federal Reserve

officials replaced interest rates

with emergency credit programs

as their main tool for steering

the economy, meaning investors are now

likely to have a tough time assessing cur-

rent policies. What’s more, reports sug-

gest that without rates as their main policy

gauge, the Federal Open Market

Committee will also find it more difficult to

anticipate the impact of their statements

on financial markets during the worst

credit crisis in 70 years.

Nonetheless, the new focus on

changes of the central bank’s assets makes

it harder for policy makers to revive confi-

dence in bond and stock markets. Such

WRITE DOWNS More from Bloomberg’s report highlighting theshrinking market value of some of the world’sbiggest banks

$80

S19

$116

$53

$75

$22

$100

$28

Goldman Sachs Credit Suisse Santander Societe GeneraleSource: Bloomberg

Market Value as of January 20th 2009in billionsMarket Value as of Q2 2007 in billions

confidence is needed after financial

shares tumbled 29 percent and unem-

ployment hit a 16-year high since the Fed

cut the main rate to a record low 0.25 per-

cent back in December.

The central bank may once again

break with usual practice as it pushes

ahead with the aggressive efforts to rein-

vigorate credit markets, as the Fed at-

tempts to summarize progress on several

different credit-easing programs.

However, all this means analysts can’t

base their predictions for Fed decisions on

a simple interest rate benchmark for the

first time since the FOMC began releasing

policy statements in 1994 and criticism of

the shift is gaining momentum.


22 www.usfst.com

One of the things that we care most about at

Barclaycard is how to make customers lives

easier.Wethinkthatcontactlesstechnologyhas

great potential in that regard. All of us as con-

sumers are busy in our daily lives andanything

that can make that transaction at the point of

sale a little bit easier is going tobeappreciated

by customers,whether it’s buyinganewspaper

or a coffee or whatever.Wewill have over one

millioncontactlesscardsinmarket intheUKthis

yearandtensofthousandsofplaceswherecus-

tomerscanusethattechnology,sowefeelthere

is very significant potential both in theUK and

otherpartsofEurope for this technology.

If you lookat theheritageofBarclaycard from

its establishment in the 60s it’s always been

an innovativeandmarket leadingbrand. It’s in

our DNA andwe think this is the next wave of

consumer benefits we should be leadingwith

given the strength of our brand. Like all of the

productsweofferwe think that this provides a

high level of security for consumers and we

think theconvenienceandsecuritywill provide

ahugebenefit.

The main challenge you always get with this

sort of project is the issue of consumer adop-

tion.Likeallofus,consumersareinherentlycon-

servative and you need to be able to

communicatethebenefitsoftheprojecttothem.

Once consumers experience the benefits for

themselves then adoption quickly follows be-

cause they are able to see what it can do for

them.

Our business is a cyclical business.We know

that and respond to it and work very hard to

makesure thatwehelpourcustomers through

what are challenging times for them.We have

agoodsetofEuropeanbusinesses. InGermany

we are number two in themarket and number

one in the revolving credit market in

Scandinavia.We’re also the third largest credit

card issuer in Sweden, the second largest in

Norway, the sixth inDenmark.Wehave business-

es in France, Portugal, Italy andSpain andwebe-

lieve we will continue to grow those businesses

over time.Obviously that growthwillmoderate in

thecurrenteconomicclimatebutaseconomiesre-

cover across Europe, the growthwill resume.

We’re very happy with our business in the US.

We’ve becomeone of the 10 largest credit card is-

suers in the United States and we also have very

strongbusiness inSouthAfrica, inDubai and India

and, of course, the international growth and our

ability totransferskillsandexpertsacrossthose

markets isakey factor inoursuccess.

As any CEO you have to think about the long

termaswellastheshortterm. Inmanyways we

have to thinkabout everythingwehave todo in

the next 60 to 72 months as well as today. At

Barclaycardwealwaysthinkaboutourbusiness

inabalancedway.Wethinkaboutourcustomers

andwhatwehave to deliver for them.We think

aboutour colleaguesandour communities and

our responsibilities in termsof howweact as a

responsible lenderandapaymentprovider.

THE FIVE-MINUTE EXEC

22The innovative thinkerBarclaycard was the first company to launch credit cards in the UK but todaythe firm is investing millions in contactless technology that could lead to thedemise of plastic payments. CEO Antony Jenkins explains more


23www.usfst.com

THEBIGGESTLOSER

It’s a sad fact, but rogue trading

makes headlines. The idea of a single

person losing millions or billions of

cash is always interesting, but even

more so when that person is losing other

people’s money. When a trader feels that

he or she has a special gift for sniffing out

money-making positions, it can be a dan-

gerous situation. Unfortunately, luck is a

fickle friend. When these formerly ‘magi-

cal’ traders start losing, they often look

for ways to magnify their bets and win

back their losses. Aside from the financial

damages that rogue traders inflict upon

the market, they do serve one very im-

portant function: they remind us that

seeking exceptional returnsmeans taking

on equally exceptional risk.

Because of this, take a look at five

tradersandfundmanagersthathavebecome

very famous for their verypublic losses.

1

4

3

5

2

Source: www.investopedia.com

HUNTBROTHERSLost UndisclosedAmountHaving attempted to corner the silvermarket by purchasing approximately100 million ounces of silver bullionthroughout the 1970s, brothersNelson and William witnessed silverprices crash onMarch 27 1980, a daynow deemed as Silver Thursday.Nelson was fined $10 million for at-tempting to control silver prices.

PETERYOUNGLost$580MillionIn 1996,Youngsecretly created sever-al companies in order to exercisestock warrants for his own benefit.Two years later, he was charged withconspiracy to defraud, but was foundmentally ill and unfit to stand trial. Atonecourt appearancehewasdressedasawomanandansweredonly to thename ‘Elizabeth’.

JULIANROBERTSONLost$16.3BillionRobertson started the hedge fund firmTigerManagement in1980andturneda$7.6million investment into $6.8 billion.However, he failed to participate in thetech-stockcraze,whichhedeemedirra-tional. As a result, Tiger Managementsufferedmassive losses,with all fundsclosing at a value of $5.7 billion (previ-ouslyworth$22billion in1998).

JEROMEKÉRVIÉLLost$6.6BillionThe SocGen rogue trader Kérviél’slossesoccurred fromanunauthorizedspeculation inEuropean futures.Sincehewas initially employedwithSociétéGénéralebeforebecominga trader,hewas, for a time,able tomanipulate thesystemand hide his losses.

JOHNMERIWETHERLost$5.5BillionIn1994,Meriwether founded theLong-Term Capital Management (LTCM)hedgefund,whichmanagedmorethan$96 billion in assets. In 1998, LTCMmadeabet that thetroubledRussianfi-nancial markets would revert back tonormal,andtooka large,unhedgedpo-sitioning Russian debt. The fund ulti-matelycollapsedandLTCMwasforcedinto liquidation in early 2000.

NOMOREAID

San Francisco-basedWells Fargo –

the second-largest US home

lender–hasreported itsfirstquar-

terly losssince2001becauseofun-

paid loans inherited with the acquisition of

WachoviaCorp.

According to the statement, Wachovia

recordeda loss of $11.2 billion. It added that

Wells Fargo doesn’t plan to seek additional

governmentfunds.Previously,WellsFargohad

received$25billionaspartoftheTreasury’sin-

dustry bailout and raised $12.6 billion in a

stockofferingthefollowingmonth.

After sidesteppingmuchof theworst of

the crunch for most of 2008, Wells Fargo is

nowbeinghithardwitha42percentcollapse

in Californian housing prices compared to a

year ago. The bank is also grappling with

debtsacquired in its$12.7billionpurchaseof

Wachovia.

This new statementmakesWells Fargo

thelastof thefourbiggestUSbankstoreport

fourth-quarter results. Of its three top com-

petitors, only JPMorgan Chase reported a

profit, with earnings declining 76 percent.

Citigroupposted an$8.29 billion loss,while

BankofAmerica lost$1.79billion,not includ-

inga$15.3billiondeficitatMerrillLynch&Co.

Wachovia recordeda loss of

Wells Fargo is nowbeing hit hard with a

collapse in house prices

$11.2bn

JPMorgan Chase report-ed a profit, with earnings

declining

76%

42%


COMPANY INDEXQ1 2009

24 Companies in this issue are indexed to the first page of thearticle in which each is mentioned

Aberdeen GroupADFLOW NetworksAdobeAdoreAIGAIIMAmazon.comAmerican Broadcasting CompanyAmeriCreditAnixterApplied DiscoveryAPWGATB FinancialAutonomyAviva CanadaBanco Bilbao Vizcaya ArgentariaBanco SantanderBank of AmericaBank of Clark CountyBanque SafdieBarclaycardBarclaysBear StearnsBernard L Madoff Investment SecuritiesBest BuyBlackRockBloombergBNP ParibasCACapital One FinancialCaptive Indoor MediaCasitaCBC InnovisCCSCelentCGI TechnologiesChevronCitadel Investment GroupCitigroup

9011099134136106

42, 11014122

11, 489352

68, 829, 1001243838

14, 64, 102143814142

26, 136384214143882141101345426821174238

14, 26

ConocoPhillipsCPRCredit AgricoleCredit SuisseCyberArkDecisionPoint MediaDeutsche BankDigital Signage AssociationDisneyDolce & GabbanaDunhillEarly Warning ServicesEastman KodakeBayeBureauLLCEED IncEquifaxEuropean Central Bank 36ExperianFacebookFair IsaacFASTFederal Reserve Bank of New YorkFedexFerguson Wellman Capital ManagementFinancial InsightsFinancial Services CommitteeFinancial TimesFirst AmericanFitch RatingsFortisFour SeasonsFRCPGE Commercial FinanceGoldman Sachs GroupGrupo SantanderHBOSHigashiyama GantanHSBC

4210014

14, 32, 381411102611013413413454574254945413654945497

58, 13612814821361454143813410072

14, 1428214213426

Huntington BancsharesIBMID AnalyticsID InsightsIDCInfosys Technologies LimitedInternational PaperJimmy ChooJPMorgan ChaseJuniper NetworksKeio PlazaKeywest TechnologyLehman BrothersLexisNexisLiberty MutualLloyds TSBLong-Term Capital ManagementLRNMarsh & McLennanMastercardMerrill LynchMessageLabsMetatomixMonsantoMorgan StanleyNanonationNational Bank of CommerceNCRNew York TimesNomura HoldingsNew York UniversityNordstromNorthern RockOpenLinkOsterman ResearchPayPalPilot Fish TechnologyPivotalPNC Financial Services Group

86IFC5454828242134

14, 26, 4231, 8013411026

4, 7011814214

13, 159663

14, 1362

10942

14, 14211014132

14, 38142612814

6, 62, OBC60

42, 4612712114

Porsche DesignPRBCRepublic Bank of ChicagoRetail Customer Experience MagazineReutersRoyal Bank of ScotlandSafeNetScreenRedSearsSECServiceMasterSigneraSociété GénéraleSouthwest AirlinesStarbucksState StreetSunTrust BanksSymantecTargetTCS Financial SolutionsThe Clearing HouseThe Full PictureThunderheadTidal SoftwareTiger ManagementTowerGroupTransUnionTraveler's GroupUBSUmpqua BankUniversity of TokyoUS BancorpWall Street JournalWal-MartWells FargoWindows FSWolters Kluwer Financial ServicesXenosYves Saint Laurent

1345414110141425011042384211314128421414

25, 89, 108, 144, IBC428258110104

18, 1914

26, 5454261421413414

14, 38, 1364214374579134


25www.usfst.com

• It’sofficial.OnDecember12008theBusinessCycleDatingCommittee

oftheNationalBureauofEconomicResearch–widelyacknowledged

arbitersofwhentheUSeconomyentersandexitseconomicdownturns

–peggedthestartofthecurrentUSslumptoDecember2007.

• UnderpressurefromPresidentObama,Citigroupannouncedthatitwill

nottakedeliveryofthejetithadplannedtopurchasebeforethecredit

crisisunfolded.Thecanceleddealcameasmanypoliticiansvoicedcon-

cernabouthowbanksarespendinggovernmentbailoutmoney.

NEWSBITES

Veteran Hollywood actress Zsa Zsa

Gabor is said to have lost at least

$7 million as a result of invest-

ments with accused US business-

man Bernard Madoff.

Gabor, who turns 92 this

year, is amonganumberof

celebrities affected by the

alleged scam.

A lawyer for Gabor

said the actress had dis-

covered her losses in the

last few weeks, adding that she may have

lost asmuch as $10m. The Hungarian-born

actress starred in films such as Moulin

Rouge, Lili and Touch of Evil but is most fa-

mous for her long listwealthyhusbands, in-

cluding All About Eve actor George Sanders.

It seems that Gabor is not the only

Hollywood figure apparently to have suf-

fered losses because of an investment con-

nected to Madoff, with a

foundation run by the

Oscar-winning film direc-

tor Steven Spielberg, and

the actor Kevin Bacon and

his wife, also reportedly

fallen victim.

Madoff, a former chair-

manof theNASDAQstockmarket,wasarrest-

ed and chargedwith fraud last December in.

If convicted,Madoff,whowasarrested at

the end of last year faces up to 20 years in

prison andmillions of dollars in fines.

A TOUCH OF CLAMOR

ZsaZsaGabor issaid tohave lostat least

asa resultof investmentswithBernardMadoff

$7millionEASTERNPROMISES,BROKEN

Nomura Holdings madea net loss of

One off losses for thequarter totalled

243billion yen

$3.8bn

Nomura Holdings, Japan’s No.1 broker-

agehouse, has reportedheavy losses

for thefinal threemonthsof2008,as it

strugglesto integratepartsof failedUS

bank Lehman Brothers. The broker made a net

lossof342.9billionyen($3.8bn)comparedwitha

profitof 21.8billionyenayearago.

The results represent the fourth consecutive

quarterlylossforthecompanyandtotalrevenuefor

theperiodshrankto just2.71billionyen,compared

with400.37billionyenforthefinalquarterof2007.

Nomura’s decision to buy the Asian and

European operations of the collapsed Lehman

Brothers isblamedfor thehardhitearnings.“Last

quarter was extraordinary for our industry and

Nomura was no exception,” said boss Keniche

Watanabe.

ChiefFinancialOfficer,MasafumiNakada,also

noted that this set of resultswas regrettable. The

companywasforcedtoabsorbcostsincurredbythe

Lehmandealatatimewhentheglobalfinancialcri-

sis triggeredbig losseson its investments.

These latest resultshighlight thefact that the

balance of income and costs at Nomura is not

goodand that the companyneeds to cut costs.

You can read more on the Madoff incident in our feature on page 38 of this issue.


Where did it all go wrong for Citigroup? When it was

formed by the merger of Citibank and Traveler’s

Group in 1998, it was envisaged as the epitome of

the modern financial services firm. A one-stop shop

that rolled up credit cards, insurance, retail and in-

vestment banking and wealth management under

one roof. No-one had ever seen something this big before, a financial ser-

vices supermarket where you could take out a loan to buy a new car, or a

new company. Speaking in 1998, Roy Smith, a professor of finance at New

York University, described Citigroup’s genesis as a fundamental game

changer. “This new company will look more like Procter & Gamble than

it will look like a bank,” he said. “That's because what is being created

here is a retail-products-distribution company for people interested in

financial services.”

At first this bold move seemed to be paying off. Citi became the most

successful financial institution in America, reporting a profit of $24.6 bil-

lion in 2005. In that year, the company took second place in the Fortune

500 list, only beaten to the top by oil giant ExxonMobil.

Fast forward to 2009. At the end of January, CEO Vikram Pandit an-

nounced losses of $18.7 billion for the previous year and that Citi would

‘realign’ itself into two separate sections, Citicorp and Citi Holdings. Though

this is officially not yet a full-scale split, the feeling is that this is a precur-

sor to exactly that. The fact that many of Citi’s worst performing business-

es, as well as $300 billion in toxic debt, have been assigned to Citi Holdings

could well be significant, particularly in light of Pandit’s stated intention to

only keep the parts of the organization that ‘work’.

In any case, Citigroup’s fall from grace has been spectacular, and there

is every possibility that it could yet plummet further. Was the company

purely a victim of the credit crunch or one of its major architects? And ex-

actly what were the factors that led to its decline?

“What we are doing is creating a com-pany headquartered in the US thatwill be able to compete very effec-tively all over the world.” SandyWeill, April 1998.

Citi breaks

26 www.usfst.com

A decade after it changed the financial landscape, Citigroup is falling apart.FST editor Huw Thomas traces the decline of a banking giant

COVER STORY

CITI:jan09 28/01/2009 15:49 Page 26

“The specific merger transactionclearly has to be seen to have been amistake. The stockholders have notbenefited, the employees certainlyhave not benefited and I don’t thinkthe customers have benefited becauseour franchises are weaker than theyhave been.” John Reed, April 2008.

Upon its creation, Citigroup’s model of the all-encompassing financial

supermarket was a new paradigm. In bringing together Citibank and

Traveler’s Group co-CEOs Sandy Weill and John Reed redefined what a fi-

nancial organization could be. Citigroup’s birth was a key factor in the re-

peal of the last remnants of the Glass Steagall Act, which restricted the

types of services a single financial institution could offer. This in turn ef-

fectively paved the way for deregulation and the tangled financial environ-

ment we live in today. The Act was introduced in the wake of the Great

Depression in order to prevent any repeat of the large-scale bank failures

of 1929, a fact that will not be lost on connoisseurs of cruel irony.

But at the end of the 20th century, the birth of this gigantic organiza-

tion promised much. Economies of scale would enable huge cost reduc-

tions, while the sheer range of customers touched would provide virtually

limitless options for cross selling. Citi’s share price and

reported results certainly seemed to vindicate the wis-

dom of the model, at least at first. Nonetheless, even a

decade ago, there were certain dissenting voices. “When

you create these oversize companies, they become vul-

nerable by definition," said Porter Bibb, a senior invest-

ment banker at Ladenburg Thalmann back in 1998. For all its benefits, the

size of Citigroup does present certain disadvantages. Maintaining any sort

of agility in such a monumental entity is a major challenge. The ability to

quickly react to changing market requirements could leave Citi trailing be-

hind smaller, more nimble competitors. A good analogy would be that of a

supertanker and a frigate. Sure, the tanker can carry more cargo, but good

luck to you if you need to make a quick turn.

Weill, the architect of the Citi/Traveler’s merger, dismissed such con-

cerns. His theory was that people simply didn’t want to shop around for fi-

nancial products. If they could get a mortgage, credit card, loan and current

account in the same place, then that is exactly what they would do. Such

an attitude now seems dangerously misguided. The way in which the in-

ternet has reshaped not only the financial services industry but business

in general has irrevocably changed things. Quite simply, choice matters.

As the web has gained in sophistication and popularity, it has become in-

creasingly easy for customers to shop around and find the exact products

they are looking for.

27www.usfst.com

CITI:jan09 28/01/2009 15:49 Page 27

John Reed’s departure, I doubt there remained a senior manager who really

understood the firm. So long as the tide was rising, it kept lifting Citi's boat,

but at some point in time, the tide starts going out.” Considering Citigroup’s

ceaseless appetite for expansion through mergers and acquisition, this sce-

nario certainly has the ring of truth. “Citi was a huge beast, devouring very

many businesses in a very short time,” agrees Bob MacDowall, another

Research Director at TowerGroup. “While the legal and regulatory issues were

addressed, culturally I don’t believe they were ever fully integrated.”

The risk for merging institutions that fail to take differing cultures into

consideration is that they simply end up running different brands. Quite sim-

ply, time and effort has to be made stitch disparate elements together, oth-

erwise you wind up with a single entity in name only. “When HSBC bought

CCS in France, they allowed it to run independently for seven years, because

they felt that that was the length of time required for the cultures to merge,”

In fact, technology can be seen as both one Citi’s biggest achievements

and one of its greatest failures. While it undeniably has some of the most

advanced and best-funded IT in the industry, this hasn’t always been to its

advantage. “They spared no expense,” says Ralph Silva, a Research

Director at TowerGroup. “But as a result of all this expense, the only way

they thought they could make their money back was to implement this

technology everywhere. Nobody had a choice.” While it might have been

superior technology, it didn’t necessarily serve the specific need of every

customer everywhere. When you try to make everybody happy, you often

wind up making nobody happy.

Compared to some of its contemporaries, Citi’s ability to respond to

changing market requirements often seemed lacking. “Look at some of

their competitors,” says Silva. “Often they use the same middleware soft-

ware but each implementation has the ability to add in something unique

to their region. Citi never had that.” While it had a far better efficiency ratio

in its IT, it also had far worse customer satisfaction because it lacked the

ability to make changes. These problems are only compounded by current

events. Due to its sprawling technology infrastructure, making even small

changes can be a slow process, often leaving it lagging behind its peers.

“When the economic conditions are like they are, you need to have the abil-

ity change quickly. I don’t think Citi have that now,” confirms Silva.

But Citi’s structural problems aren’t purely a question of technology.

Culturally too, it has often seemed disjointed. According to one former Citi

employee now working at Deutsche Bank, Traveler’s and Citi didn’t really

come together following their merger. “That the two firms were never truly

integrated, and that the resulting entity become too large and cumbersome

for senior managers to really understand the ground realities and operating

environments, is a view that is shared by many Citibankers,” he says. “After

At the heart of Citi’s troubles has been the company’s heavy

involvement in collateralized debt obligations (CDO), a form of

asset-backed security. CDOs bundle up different types of debt,

with varying degrees of risk and gained a great deal of popularity during

the boom time of the early noughties. Despite warnings from certain

quarters, notably legendary investor Warren Buffett, that such

derivatives were greatly increasing risk the market continued to surge.

In 2007 Citigroup was the world’s biggest issuer of CDOs. It accounted

for 11.1 percent of the global market in the instruments, with

investments totaling $49.3 billion. Unfortunately for everybody, subprime

lending was a major component of many CDOs. When the bottom fell

out of that market, something had to give. By mid 2008 the value of

CDOs issued by Citi had dropped to just $5 billion.

INSTRUMENTS OF DESTRUCTION

4 Nov 2007 – CEO Charles Prince resigns asCiti announces $8-$11 billion in writedowns

15 Jan 2008 –Reveals $18.1 billion inwritedowns

A CITI IN DECLINE: KEY DATES

18 Nov 2008 –Announces a further52,000 job cuts,following 23,000earlier in the year

CITI:jan09 28/01/2009 15:50 Page 28

says Ralph Silva. “Citi’s mentality was ‘I’ll buy you on Friday and you’re Citi

on Monday.’ They didn’t give a lot of opportunity for that change.”

“We see a lot of people on the Streetwho are scared. We are not scared.Our team has been through this be-fore.” Charles Prince, Aug 2007

“It is my judgment that given the sizeof the recent losses in our mortgage-backed securities business, the onlyhonorable course for me to take asChief Executive Officer is to stepdown.” Charles Prince, November 2007

Any institution of Citigroup’s size requires an extremely firm hand on

the tiller particularly in trying times. When the bullish Sandy Weill anoint-

ed his protégé Charles Prince as his successor, it was generally seen as a

fairly uncontroversial move. The company was riding a wave of huge profits

and strong share prices and Prince had been a loyal servant. It was only his

lack of a heavyweight financial background that gave any pause. Besides,

Prince would be backed up by plenty of people who did know the money

game inside out, not least Director Robert Rubin, who boasted credentials

as a former Treasury Secretary under president Clinton.

But as the economic winds shifted, Prince’s suitability for the job be-

came less certain. Reports from insiders suggest that he was unaware

of the full extent of Citi’s exposure to the subprime market, only learning

that the bank owned $43 billion in such assets as late as September

2007. No one was necessarily expecting him to be checking up on every

calculation made by his subordinates, but such an oversight made his

ousting from CEOs office a question of ‘when’ rather than ‘if’. “Prince un-

derstood the business but I don’t think he was the right man for the job,”

says Silva. “He’s the perfect strategic thinker, in a good economic situa-

tion he was great. But in this situation what Citi needs is a three star gen-

eral with battlefield experience.” What they got was Vikram Pandit,

undoubtedly a competent and experienced candidate, but perhaps not

one to rally the troops in such a dire climate. Since his appointment, he

has continually been called upon to justify himself, both to shareholders

and the industry at large.

“It would be a shame to see Pandit go because I think the bank would

do very well with him but in a different economic situation,” says Silva. “I

think they should put him one step down, just for a while and get a Norman

Schwarzkopf-type figure who has nothing to lose on a short year contact

and just get it done. Right now they seem to be changing their minds as

often as I change my shoes.”

New chairman Richard Parsons, who succeeds Sir Win Bischoff, cer-

tainly has experience of turning failing companies around, as demonstrat-

ed by his recent work at Time Warner. However, his lack of experience in

the financial space does raise some concerns. It is here that Pandit has the

opportunity to prove his worth. “Parsons background might supply lead-

ership skills but I don’t think is going to lead the strategic initiatives,” says

Bob MacDowall. “I see him almost as mollifying figure. He has had a glit-

tering career, but not in banking, so will have to work closely with the chief

executive on strategy.”

20 Nov 2008 –Share pricesslump 26.4percent, closingat just $4.71

16 Jan 2009 – Announcement thatCitigroup will split into Citicorp andCiti Holdings after losses of $18.7billion the previous year

2 Jan 2009– Citi’s topexecutivesdeclare thatthey willforgo their2008 bonus

CITI:jan09 28/01/2009 15:50 Page 29

make enough money to cover their ongoing expenses.” Right now, the only

source of cash to help them meet their obligations is the state. And as long

as the specter of nationalization hangs in the air, shareholders aren’t going

to part with any more funds. After all, if the government steps in, investors

get zero.

The US has always been extremely hostile to government involvement

in private enterprise, but it has now reached the point where that hostility

will have to be tempered. Citi alone have already accepted $45 billion in gov-

ernment bailouts. It would be astonishingly naïve to think that a new

Democratic administration isn’t going to want something back in return. “At

the end of the day, it’s the taxpayers money,” says MacDowall. “Taxpayers

have rights too and the government will want to see a return on its funds.

These monies are not grants. I suspect it will be a three or five year extrica-

tion. This is not something that’s going to turn around in a year or so.”

So what does a nationalized Citi look like? “If Citi is taken over, I think

its international operations get sold, they get rid of all their fancy products,

you will never get a discount on any Citi product and it will only be a US

bank,” says Silva. From a corporate point of view that’s not great news. But

for a customer who just wants to know their money is safe, it could be the

best possible outcome.

What is certain is that fresh regulation is on the way. Financial institu-

tions are going to face fresh demands for transparency and much tighter con-

trols on the way risk is managed and how they handle the funds entrusted

to them. Citigroup, the institution that put the final nail in the original’s cof-

fin, could well be a key player in the birth of a new Glass Steagall Act. n

“We will continue to move aggressive-ly to get Citi back on the righttrack and return it to a position ofsustainable financial success.” VikramPandit, Jan 2009

“There must be a clear understandingthat government support for any com-pany is an extraordinary action thatmust come with significant restric-tions on the firms that receive sup-port.” Barack Obama, Jan 2009

So what will the future of Citi and the financial industry in general look

like? “I believe that within the next three months we will have significant

ownership by the US government,” states Silva. Looking at the realities of

the situation, such an outcome doesn’t seem as unlikely as it did a few

years ago. Citi is still carrying a lot of toxic debt and it basically has no new

business. If an organization of Citi’s size isn’t growing, it is essentially run-

ning at a loss. “The economic situation has stagnated so much that they’re

not growing their business, so from a revenue perspective they can barely

30 www.usfst.com

CASUALTIES OF THE CRISIS

Bear StearnsWhen Bear was forced into a sale to

JPMorgan Chase in March 2008 for a paltry

$2 per share, it was a clear sign that the

downturn was for real. Essentially a victim

of a lack of confidence rather than a lack of capital, Bear Stearns stock

had been worth $175 only a year before its collapse.

IndyMacWhen this Californian

thrift with assets of

$32 billion and

deposits of $19 billion was taken over by the government in July 2008,

it was the largest failure of an FDIC-insured institution since 1984. After

losing $184.2 million in the first quarter and dropping 95 percent of its

stock price over two years. The final straw came in the bank’s exposure

to the Alt-A mortgage sector.

Lehman BrothersUnfortunately for those at the 158-year old investment bank, it was not

deemed too big to fail, filing for bankruptcy in September 2008. As one

of Wall Street’s biggest fixed-interest traders, it was heavily involved in

the subprime market. As the risks of mortgage-backed securities

became clearer, Lehman’s share price dived by 95 percent and efforts

to find outside investors foundered.VikramPandit

SanfordWeill

CITI:jan09 28/01/2009 15:50 Page 30

Juniper.indd 1 28/1/09 08:19:12

“We are not a serviceprovider; we are anIT organization of afinancial servicesinstitution and weneed to understandour business. Wewalk the talk andwhat we say is whatwe deliver”

KARL LANDERT:jan09 28/01/2009 15:44 Page 32

Asked to define his role as head of Credit Suisse’s IT func-

tion, Landert likens it to being mayor who has to man-

age the different aspects of day-to-day life in a busy city.

“There are dozens of buildings and an infrastructure

which is sometimes old,” he says. “You need to replace

it to cope with growth and the influx of people coming

in from rural areas. Your

role is not purely a technology role anymore.”

If Landert is a mayor, then the city he became

responsible for little over half a year ago is one

located in the middle of a war zone, facing un-

predictable attacks from all sides. Good news

is in short supply in the financial services in-

dustry, with the ongoing credit crisis leading

the Swiss giant to report a third quarter loss of

more than €800 million. Given the situation, a

siege mentality would be understandable.

But if Landert is fazed by this baptism of

fire, he does a good job of hiding it. “It’s been

a challenge because a lot of things have

changed in the first few months,” he confirms.

“But it’s also been highly rewarding. If you

don’t enjoy working with your own people,

your IT organization, but also with your peers

on the business side, don’t do this job. It’s a

people job and with all the challenges that we

are facing and all the bad news, the one most

rewarding thing you have is working with a

good team, having a good spirit, and making

some of the tough decisions you need to make. But as long as the team is

working well, people enjoy working with each other, I think that gives you

a lot of motivation.”

In the choppy waters currently being navigated by those in IT in the fi-

nancial industry, a major challenge is building any kind of long-term strate-

gic plan. When the managers are anxiously awaiting the next bombshell

that threatens to blast them out of their corner office, it can be hard to both

get their attention and convince them to part with jealously guarded funds.

Though Landert is far too discreet to voice such a forthright assessment,

he nonetheless recognizes such pressures. “Given the seismic events we

are seeing right now, we see these profound changes coming along,” he

confirms. “Nobody can afford to have a long-range strategy which is very

detailed. I think one of the common themes

which I see throughout all the things we do in

our long-term strategy is about becoming a

very agile IT division of financial services or of

the bank. The agility has to be within the

whole IT organization in structural technolo-

gy-type of activities, in the way you set up

your operating model in order to react to and

be able to survive some of the volatility we

have and some of the changes which will

come along.” It seems that even the biggest

organizations are going to have put major

plans on the back burner in favour of being

prepared for an increasingly uncertain envi-

ronment.

For Credit Suisse at least, this shift in

focus is already underway. Though, as with

any move that requires a drastic direction

change, it cannot be done overnight. “You

need to look at the way that you do financials

and how you account for IT costs and the in-

vestments you do,” Landert continues.

“You’ve got to tackle some structural aspects

of the organization. You’ve got to look at the operating model that includes

some of the sourcing strategies you have. You’ve got to look at your archi-

tecture and your infrastructure, at technology processes and standards,

and last but not least, at your workforce. It’s the key point that you align

all these activities because they all highly depend on each other and you

cannot change one without affecting another.”

33www.usfst.com

Interesting timesBecoming Credit Suisse CIO in May 2008, Karl Landert’s first few

months in the job have coincided with an unnaturally turbulent periodfor the industry. FST editor Huw Thomas spoke to him about

managing IT in an age of uncertainty

FEATURE

VIRTUAL REALITY

The driving force for any virtualization strategy

comes down to three aspects. First, you want to

employ your machinery better, so that you utilize

your servers to a higher degree than having only

five percent utilisation on them.

Second, you want to reduce power

consumption. We have a lot of power issues and

it’s becoming a driving cost factor. In many areas

of the world it’s a constrained resource. So you

want to reduce your power and with that you also

reduce the power consumption, you reduce the

data centre space you need. You don’t need to go

and construct new data centres and buildings.

Last but not least, it allows you also to

simplify the overall management and systems

management processes. It has an effect on

sustainability, but there are also very good

economic reasons to pursue virtualization.


bringing certain helpdesk functions back in house are currently being ex-

plored. “I think it’s the realization that most companies, although they are

global by nature, have a very big challenge in providing you with a consis-

tent global service,” he explains. “Sometimes you have local champions,

who are better prepared to do that. Secondly, what is driving it is where we

have customer satisfaction issues, which are leading us to this conclusion.

For example, in Europe we ‘re-insourced’ some of the helpdesk and the

desktop end-user computing services, which we had outsourced previously

in some of the European offices. We’re looking at it on a broad scale right

now.” It’s an important consideration. While it can be tempting to go for

the lowest cost option in difficult times, doing so at the risk of alienating

customers can lead to yet bigger headaches.

Credit Suisse operates an integrated bank model with IT acting as a

shared services unit to all the sections of the organization, from asset man-

agement, to private banking, to investment banking. Serving all these spe-

cific needs at a time when financial markets are in such a state of flux must

surely present some problems? “Right now one of the challenges we have

is certainly sizing IT and the way we provide our services to some of the

peak volumes we have seen,” Landert responds. “We have been reacting

very fast to deal with some of the volumes which were created by this mar-

A common response to uncertainty and constrained budgets is a

greater reliance on outsourcing. By not actually owning technology and

processes themselves, organizations can find it that much easier to walk

away if circumstances change suddenly. Landert confirms that this is very

much a part of Credit Suisse’s plans, but that the issue is not as black and

white as it might sometimes appear. “You’ve got to have a clear strategy,

and the clear strategy now regarding outsourcing is what parts of the over-

all value chain you outsource what you keep in-house,” he says. “More and

more you want to keep in-house design knowledge and architectural knowl-

edge, beyond the pure contract management that you always keep in-

house, in the retained organization. And you want to have the ability to do

what is called today multi-sourcing. By keeping that in-house you can uti-

lize different partners and use competition between different partners. But

it’s also easier to switch vendors.” Of course, any decision regarding out-

sourcing has to take geographic and vendor risks into account. The key

issue for Landert is that design and management authority remains inside

the company.

But contrary to the prevailing winds blowing through the industry,

Credit Suisse is even looking at bringing some previously outsourced ele-

ments back into the organization. Landert tells us that the possibility of

34 www.usfst.com

Landert explains the importance ofCredit Suisse’s people

To attract and retain best talent we have what we

call strategic workforce management programs in

every region, which are co-ordinated globally. We

have career development paths and the whole framework

to develop people. It is pretty unique and it’s something

we use globally where to show the career paths which we

have in the company. We have a very good and

successful mobility program for people to move between

the different divisions within the IT organization.

And when I speak about mobility program we are

speaking about an organization of roughly 12,000 people,

including contractors and some of our partners. We’ve

got more than 1000 projects running simultaneously,

more than 1000 applications. There are lots and different

cultures of every multinational environment. This gives

you the ability to attract a lot of talent who will actually

enjoy working in such organizations. I think there’s

another change that is also happening right now; you

need to hire for potential. You need to hire people that

also enjoy moving along the organizations as you start to

be more process-oriented, especially in certain

application development areas. You also need to

specialize people in a certain type of roles, like grouping

together test people and having a quality assurance test

competence centre, which you may locate in whatever

geography. That’s also a change in the way that people

have been working in the past.

IT’S NOT JUST IT


ket volatility and by the events we have seen. Right now the challenge is

how can we sustain the business, how can we make sure that when we

have these events where you triple and quadruple your volumes, that all

the systems are really delivering on their SLAs. Reaction to these events

has kept us pretty busy.”

So what of the future? It’s virtually impossible to open a newspaper

without seeing stories about falling budgets and brutal cost cutting. Speak

to most people working in financial IT and they will tell stories about being

asked to do more with less. While Landert is cautious about sounding too

many alarm bells, he nonetheless acknowledges that the current situation

requires some very careful use of resources. “Going forward I think there

are going to be some of the tough decisions that we need to make about

where we continue to invest and where we reduce investments,” he says.

“That’s not an IT call you make alone; that’s the one you do with your busi-

ness.” Making these kinds of calls really puts a spotlight on the quality of

IT’s governance and its interaction with the business. It’s an area where

Landert believes his team has demonstrated considerable success. “I think

that over the last couple of months, we have made significant progress in

providing the full transparency of the levers we have,” he continues. “This

is a business IT alignment which is absolutely crucial in difficult times. You

have to be agile, to have the full transparency, and to understand the lever-

age you have on what you can do and you cannot do with your IT infra-

structure in supporting the business. That’s going to be very important in

the coming months in deciding where we put your investments and where

we don’t invest.”

In any case, Landert is sanguine about the bank’s ability to weather

any effects a prolonged downturn may bring to technology expenditure,

largely due to the work that has been done recently. “We had the luxury to

be in the situation where we could gain a lot of synergies through combin-

ing all the different IT units whilst at the same time continuing to invest,”

he says. “So we are looking at three or four years of having done healthy

CREDIT SUISSE – EDITED HIGHLIGHTS

1856 – Credit Suisse’s predecessorSchweizerische Kreditanstalt (SKA) is founded

1905 – Opens first branch outside Zurich

1910 – Unveils representative office in Paris

1940 – SKA launches New York Agency

1989 – SKA’s sister company CS Holding becomesparent company of the group

1997 – CS Holding becomes Credit Suisse Group

2005 – Credit Suisse implements its One Bankstrategy by merging its Credit Suisse legal entitiesin Switzerland with Credit Suisse First Boston

“It’s a people job and with allthe challenges that we arefacing and all the bad news,the one most rewarding thingyou have is working with agood team”


36 www.usfst.com

investments and increases in the IT development.” Landert clearly believes

that this groundwork will be enough to see him through, but also seems

generally upbeat that budget cuts won’t have too big an impact on his

work. Though he acknowledges that the current uncertainty will have an

effect, he remains confident that IT will retain the capability to be effective,

simply because IT is so fundamental in coping with some of the challenges

that the industry is facing.

To ensure that the company’s IT doesn’t stagnate, Landert promotes

the concept of managed evolution. It essentially boils down to a constant

evaluation of the bank’s IT assets which enables change to be made with-

out potentially crippling investments. “To sur-

vive and to keep your cost levels acceptable

you need to have a constant process of elimi-

nating your heritage and your end-of-life ap-

plication systems,” he says. The approach

allows the technology portfolio to be con-

tained, both in size and complexity, reducing

redundancy and enabling a much greater level

of component reuse. Key to its success are

solid architecture and strong standards. “That

is one thing we do and we have been very suc-

cessful in it in the last 10 years, in different

parts of the IT organization,” Landert contin-

ues. “Constantly re-engineering and reinvest-

ing in our systems enables us to eliminate

some of the old ones and reduce complexity.

That allows you to become more flexible and

agile and to also meet business needs in a

faster way.”

It is maintaining this overarching philoso-

phy which is key to Landert’s role. Returning to

the idea of what the modern CIO actually is and

what responsibilities the IT function has, he of-

fers a stark assessment. “We are not a service

provider; we are an IT organization of a finan-

cial services institution and we need to under-

stand our business,” he says. “We need to be

respected and accepted by our counterparts

and our colleagues in the business, and we

need to speak with them in the same language.

We walk the talk and what we say is what we

deliver. These are some of the key principles.”

As stated earlier, Landert sees being a

CIO as like being a mayor. Making sure there

aren’t potholes in the roads and that the

buses run on times. To do this requires the

ability to get a good overview of the busi-

ness, to avoid getting bogged down in de-

tails. “At this level I don’t want to make a call

about which kind of technology we want to

use or what application we want to build,”

he says. “You need to have a view on how

you spend and how you prioritize spend

along the business areas you are supporting. You need to have a view

about what kind of skills you need today, what you will need in the fu-

ture and how it will develop.”

Perhaps most importantly, it is about setting the right tone. In times

as trying as those we now face, it is essential that management leads from

the front and brings together all the disparate elements of this global or-

ganization. “These interdependencies are what you need to manage be-

sides the people side and interfacing with the business and working with

your people to keep them engaged,” Landert concludes. “Engagement of

the organization is a key factor in being successful.” n


Windows.indd 1 28/1/09 08:22:37

38 www.usfst.com

FEATURE

Following last December’s arrest of Bernie Madoff and thediscovery of history’s largest Ponzi scheme, FST’s Matt Buttelllooks at how its repercussions are likely to reshape the industry foryears to come

Over the hedge?

Madoff ED:25JUNE 28/1/09 16:16 Page 38

It was in 1960, at the age of just 22, that Bernie Madoff

began his financial career by taking the $5000 he had

saved from summer jobs as a lifeguard and a sprinkler

system installer and setting up the investment firm

Bernard LMadoff Investment Securities LLC.

The beginning of his story reads like the perfect urban

fairytale: a man realizing that he has a talent for making

money and applying it in a realistic and sensible fashion.

Over time, Madoff went on to chair the NASDAQ stock ex-

change, aswell as continuinghis responsibilities as the chair

of his own firm, gaining a trustworthy reputation among in-

dustry insiders and investors alike.

Then, on the 11 December 2008, Madoff was charged

with perpetrating the largest investor fraud ever committed

by a single individual this urban fairytale exploded into glob-

al news.

Madoff's assets and those of the firm were frozen and

according to federal charges Madoff himself admitted that

his firm has “liabilities of approximately $50 billion”. Since

the case has come to light many banks, including several

fromoutside theUS, have reported that they have potential-

ly lost billions of dollars as a result of fraudulent activities.

Many investors, journalists and economists are already

questioningMadoff's statement that he alone is responsible

for the large-scaleoperation, and investigators are looking to

determine if therewereothers involved in the scheme.As the

investigation continues,much of this remains unanswered.

One thing, however, is obvious: the mess couldn’t have

come at a worse time. And during a period when stock mar-

kets are falling, it does beg the question of why so many

wealthy and sophisticated savers were conned into believ-

ing that Madoff had come up with an investment strategy

that allowed him to pay such handsome returns? After all, if

something in this world sounds too good to be true that’s

usually because it is too good to be true. One unnamed se-

nior regulator, who has been involved in formulating public

policy for many years, was quoted in the New York Times as

saying the reason these people were conned is depressing-

ly simple: “People are prone to believewhat theywant to be-

lieve,” he said, “and in rising markets a kind of irrational

euphoria takes hold in which we are not inclined to ask our-

selves difficult questions.”

ScrutinyThemassive bailout of the American financial system in

October last year demonstrated the concept that our banks

are ‘too big to fail’. In other words, banks are of such im-

portance to the world's financial system that governments

would rather prop them up with public money than allow

them to suffer the consequences of their own greed or in-

competence and – in his own way – Madoff is the same as

these banks: an investment advisor too respectable to

scrutinize.

39www.usfst.com


scandal continues to grow, hopes for the future of hedge funds looks in-

creasingly bleak. Reports now indicate that investor confidence has sunk

to an all-time low, and it could take years for managers to regain the

trust they once had. Economists have gone on to predict that the indus-

try that emerges from the other side of this crisis will most likely be con-

siderably smaller, humbler and cheaper than the one that began 2008,

with near $2 trillion in assets. And Claude Le Ber, CEO of Geneva-based

Banque Safdie SA, who three years ago withdrew money invested with

Madoff, has said that the scandal will likely mean considerably more

hedge fund regulation.

“WhatMadoff has done is highlight the lack of regulation,” LeBer said

during a recent press conference in Geneva. “There’s going to be a shake

out. Even beforeMadoff, the hedge fund industrywas seeing redemptions

and wasn’t producing absolute returns.” Safdie, with $5.9 billion under

management at the end of 2007, is the second Swiss bank after Credit

Suisse Group AG to disclose withdrawals of money before Madoff con-

fessed to swindling investors.

“A lot of Swiss private banks were hurt,” Le Ber continued. “He was

able to cultivate a circuit and put people in a position where they felt that

opening an account was doing them a favor.” he added that Bank Safdie

withdrew money that it had placed with Madoff back in October 2005 be-

cause it wasn’t getting enough information about the investment.

Global ramificationsOn December 15, three days after Madoff’s arrest, a number of

Europe’s largest financial companies revealed their exposure – most no-

tably Spain’s Banco Santander, Iberian rival Banco Bilbao Vizcaya

Argentaria and France's BNP Paribas, who all confirmed losses to ad-

dress the growing concerns of their investors. Later, troubled Benelux

bank Fortis said that its Dutch subsidiary had indirect exposure of some-

Andnow,as if thehousingcrisis, liquidity freeze,deepeningrecessionand

aprospectofdeflationweren’tenough for theworld’sfinancial systemtodeal

with,wealsohave theMadoff affair pulling at the stringsof our economy.

Hedge funds for example have been in a downward spiral formonths,

as, in response to the worrying economy, investors have been pulling

moneyout fast. Even supposedly untouchable portfolios such as those at

Citadel Investment Group have lost half their value over the past 12

months. Nonetheless,Wall Street had remained optimistic that investors

would stick by hedge funds if the markets stabilized, thereby buoying

the industry’s fortunes. But as the list of victims affected by the Madoff

40 www.usfst.com

APonzi scheme is a fraudulent investment operation that pays re-

turns to investors out of the money paid in by subsequent in-

vestors rather than profit.

The Ponzi scheme usually offers abnormally high short-term

returns in order to entice new investors. The perpetuation of the

high returns that a Ponzi scheme advertises and pays requires an

ever-increasing flow ofmoney from investors in order to keep the

scheme going.

The system is destined to collapse because the earnings, if

any, are less than the payments.

The scheme is named after Charles Ponzi, who became noto-

rious for using the technique after emigrating from Italy to the

UnitedStates in 1903.ThoughPonzi did not invent the scheme, his

operation took in so much money that it was the first to become

known throughout the US. It was, in theory, based on arbitraging

international reply coupons for postage stamps, but soon divert-

ed investors'money to support payments to earlier investors and

Ponzi's personal wealth.

CLOSE-UP:WHAT IS A PONZI SCHEME?


where between $1.17 billion and $1.38 billion to Madoff's investments,

while French insurance giant AXA also revealed potential losses in the

range of $136million.

What’s more, even those who pulled out of Madoff’s funds before the

blow-up even happened could be forced to return their proceeds and prin-

cipal. Just a fewmonths beforeMadoff’s arrest, the FortWorth Employees’

Retirement Fund pulled $10 million out of a hedge fund that invested ex-

clusively withMadoff. But now themanagers face the possibility of having

to give back themoney – a sum that includes all of the pension's purport-

ed gains over the years, plus its initial investment.

The consequences of theMadoff scandal are running far and wide. At

the beginning of January, at the first hearing of the Financial Services

Committee on the alleged fraud, both Republican and Democratic House

members said the debacle surrounding Madoff reflected deep, systemic

problems of the US Securities and Exchange Commission.

“Clearly our regulatory system has failedmiserably and wemust now

rebuild it,” said Representative Paul Kanjorski, aDemocratwho chaired the

hearing, adding that the scandal, “fell through the cracks” of the regulato-

ry system. “It nowappears that regulators shouldhavedetected theMadoff

wrongdoing earlier because of the red flags raised by others.”

With a continuing investigation, it is hard tomakeany solid predictions

regarding how the Madoff scandal will ultimately impact our economy.

However, already it is clear that the ramifications will be felt for years

to come. Without the huge source of ready money, both from funds of

funds and bank credit line hedge fund returns will suffer even after the

markets eventually bounce bank. �

41www.usfst.com

In the case of Bernie Madoff, there have been some

notably high-profile victims. Here, FST takes a look at

some of the most prolific.

• Director Steven Spielberg’s charity, Wunderkinder

Foundation, ‘appears to have invested a significant

portion of its assets with Madoff, based on regulatory

filings,’ according to the Wall Street Journal.

• Real estate and publishing magnate Mort

Zuckerman had a large amount tied up in a fund that

invested heavily in Madoff's firm.

• Nobel laureate Elie Wiesel’s charity organization,

Foundation For Humanity, reportedly had $10

million tied up in Madoff's organization.

• Lawyers for Sen. Frank Lautenberg said they

weren’t sure how much the senator’s charitable

organization has lost but said ‘the bulk of its

investments had been handled by Madoff.’

VICTIMS OF MADOFF

For over a decade and a half, regulators fromthe SEC and other agencies conductednumerous examinations at Madoff’s offices,but failed to uncover fraud.

1992NY SEC sues four individuals for illegally raising $440

million in what was thought to be a massive Ponzi

scheme apparently unrelated to Madoff. The money,

however, is managed by Madoff, and is both intact

and redistributed back to investors.

1999SEC in Washington DC opens limited examinations

into Madoff and two other firms to review trading

practices. SEC finds violations in trade executions and

Madoff says he will address them.

2004SEC in Washington DC opens a limited exam looking

into whether Madoff is front-running his market-making

trades to benefit hedge fund clients. SEC finds no

violations and refers the case to its New York office.

2005NY SEC opens a limited examination looking into

suspicious emails found during the review of a hedge

fund as well as news stories that raised questions

about Madoff’s consistent returns. The SEC issues a

delinquency letter citing execution and trading

violations.

2005SEC investigators in New York meet with Harry

Markopolos, a former executive of Madoff’s who, in a

21-page presentation, suggests Madoff is running the

world’s largest Ponzi scheme

2006SEC NT staff opens an enforcement investigation.

The SEC finds that Madoff and one of his clients

misled the agency about investors in the past and

about its money-management business. Madoff

agrees to register as an adviser and the SEC

closes the investigation 22 months later.

16 YEARS OF INVESTIGATION


42 www.usfst.com

PLAY YOUR CARDS RIGHT

Organizations are increasingly taking steps to cut costs

and bring greater control over spending. In today’s

highly regulated environment where the main focus

is on compliance and auditing controls, a purchasing

card program provides the foundation and visibility

tools to better manage corporate spending.

By following the best practices and innovative strategies

shared by some of JPMorgan’s purchasing card customers, corpo-

rations are better positioned to launch an effective card program,

improve compliance and auditing processes and practices, and

further accelerate efficiency.

The risks of ineffi ciency are signifi cant. A university employee in

Georgia was recently indicted for ringing up more than $300,000 in

personal charges on a state-issued purchasing card. Items acquired

included foosball tables, season tickets to football games and a

$1900 frozen drink machine. A state audit report blamed the univer-

sity for its lax supervision of the card program.

In Tennessee, county employees resigned amid a purchasing

card scandal that included close to $50,000 in undocumented or in-

adequately documented expenses; reports of fabricated receipts; pur-

chases of cruises, alcohol, lobster dinners and family members’ plane

tickets; as well as gas purchases for private cars.

Though such cases of fl agrant misuse are fairly iso-

lated, hearing such stories causes treasurers and purchas-

ing card administrators to pause and question. No matter the

industry, market segment or program size, concerns regarding

out-of-policy spending, fraud detection and card misuse remain the

same. Here are some key steps to take to ensure that your program is

up to par.

Establish checks and balancesA set of checks and balances and a segregation of duties must be

established between the various individuals involved in card program

management. No matter how clearly roles and responsibilities are

Building solid purchasing card programs requires careful planning. JPMorgan’s Eduardo Vergara reveals the best practices of several leading companies.

CARD PURCHASING

EduardoVergara.indd 42 28/1/09 15:53:45

43www.usfst.com

Establish protective controls upfrontAll successful purchasing card programs are safeguarded with

a combination of upfront controls and back-end auditing practices.

In addition to required training, some common upfront measures

include the establishment of cardholder transaction limits, monthly

spending limits and the blocking of unauthorized Merchant Category

Codes (MCCs). An increasing number of companies have deployed

single-use or limited-use account technology to bring greater control

over spending.

ServiceMaster, the parent company of pest control business Termi-

nix, has implemented single-use account technology to bring greater

spend control and efficiency to its payment processes. The company

is using the technology throughout its network of Terminix branches

as a means to make one-time payments to its subcontractors. Once a

Terminix subcontractor’s work is complete and the associated claim

has been approved by ServiceMaster, a limited-use account number is

issued to securely pay the subcontractor’s approved claim.

In the past, ServiceMaster would pay its Terminix subcontrac-

tors by giving them a credit card number and expiration date. Ser-

viceMaster would have no control over how often the subcontractor

could charge the card or how much they charged. According to Mike

Gaffney, ServiceMaster’s Director of Card Services: “We were running

into situations where subcontractors would double charge us or they

would charge us before the work was complete. The control is now

very tight.”

Use technology to streamline back-end auditingTechnology is key to helping card administrators more effectively

pinpoint potential card misuse and guide the back-end auditing pro-

cess. Corporations should seek to partner with an issuer that provides

web-based payment management tools designed to support all areas

of card program administration, including enhanced reporting and

real-time visibility into spending.

Best-in-class systems enable administrators to block unauthor-

ized purchase categories, monitor corporate compliance, modify

spending limits and cancel cards. Administrators should have access

to a variety of standard reports that provide the transaction detail

needed, including vendor analysis, unusual activity analysis and de-

linquency reports. Cardholders can assist with compliance efforts by

viewing their statement information in real-time.

Raymond Williams, accounts payable manager at coffee giant

Starbucks, oversees a program with 4300 cardholders and approxi-

mately 45,000 expense reports per year. Williams and his team use an

online reporting tool on a daily basis to oversee spending in real-time.

A specialist identifies transactions that fall under certain restricted

Merchant Category Codes (MCCs), as well as merchant names that have

been placed on Starbuck’s high-risk transaction list or ‘Hot List’. Four

documented, they will prove ineffective in mitigating risk unless there

is logical segregation of duties. At a minimum, cardholders should not

be their own approving manager or approving executive. Separate in-

dividuals must be identified for card program responsibilities related

to requests, authorization and execution.

Pam Henton, director of accounts payable and card services for

energy company ConocoPhillips, manages about 13,500 cardholders

and 120,000 expense reports per year. All expense reports and as-

sociated receipts must be reviewed and approved by the cardholder’s

direct manager. By placing some burden on the manager, expense

reports have already been through one review cycle.

Establish consistent policies The development of policies should support various aspects of

card program control including establishing card issuance guidelines,

transaction controls, and rules for card usage, documentation and

record retention. No matter how the management of your card pro-

gram is structured, the same policies and processes should apply to all

cardholders. Whether your company is acquiring an established

business or if you have oversight of a single program based in

one location or multiple programs spread across a number of

business units, be consistent when establishing parameters.

Only then can rules be enforced without confusion.

According to Sears card manager Wayne Randall: “When

Sears Holdings Corporation acquired Kmart and Land’s End, we real-

ized from the onset that our purchasing card policies and procedures

differed in a number of ways. Some of the initial goals were to gain

buy-in to the program, establish consensus with a companywide

policy and roll out the cards to leverage the already established

spending practices. We audited 100 percent of all new cardholders for

the first few months to inform, educate and enforce compliance during

their transition to a new corporate culture. If out-of-policy spending

occurred, an email was sent to the cardholder outlining existing poli-

cies. New cardholders quickly adapted.”

Mandate training before a card is issuedEducation and a clear understanding of cardholder roles and

responsibilities are vital to any program. Once an application is re-

ceived, companies should consider having card applicants participate

in some form of training course before they receive their card. While

training in-person or via conference call could be offered every month

or so, companies may want to consider establishing a brief online

course or quiz. A record of those who took the course or passed the

quiz can be maintained to further support your company’s Sarbanes-

Oxley initiatives.

Chevron Corporation employees are required to take a training

course every two years to continue using the card. Monsanto Com-

pany requires that its cardholders take a computer-based training

course and receive a score of 100 percent in order to apply for their

card. Upon completion of the course, users receive a ‘digital diploma’

or certificate that then must be submitted along with their applica-

tion. Cardholders who are on a watch list as a result of multiple audits

are required to take the course again.

No matter the industry, market segment or program size, concerns regarding out-of-policy spending,

fraud detection and card misuse remain the same


44 www.usfst.com

or five emails are sent out each day asking

cardholders for additional information on

questionable transactions. The cardholder’s

manager is copied on these messages. Ac-

cording to Williams, “It is an effective con-

trol if employees sense that their spending

is being monitored. The card is for business

purposes only, not for personal use.”

Audit beyond the traditionalBest-in-class organizations enhance

their traditional auditing practices by look-

ing beyond spend limit and MCC violations.

Additional controls also may need to be

established depending on your industry.

Some companies conduct audits on pur-

chases that are made in the evening or on

weekends. Purchases that are shipped to

an individual’s home as opposed to campus

are also investigated. Other items that are

red-flagged: personal technology purchas-

es such as computers, cell phones or PDAs,

and items acquired through PayPal. Many

companies focus on retail spending by au-

diting statements that include purchases

from Amazon.com, Best Buy, eBay, Target

or Wal-Mart. Audits are also conducted on

purchases made outside of its published

list of preferred suppliers.

Sears Holdings Corporation focuses on

the travel-related practices of its OneCard

users. When renting an automobile, card-

holders should not sign up for the rental

agency’s fueling option. In order for meals

to be reimbursed, cardholders must be on

overnight status. Cardholders must provide

supporting documentation to demonstrate

that an overnight trip occurred.

Foster positive relationships While monitoring and enforcement

are vital to success, it is important that card program administrators

not be viewed as the enemy. In order for your program to grow and

succeed, positive, interactive relationships must be established with

your cardholder base. Take a consultative approach. Create an envi-

ronment where cardholders feel comfortable reaching out to you with

questions and issues. Sometimes spend limits or other restrictions

need to be loosened in order for cardholders to be more effective in

their job.

The purchasing card manager at a major US airline reviews de-

cline reports daily and proactively investigates why such declines

occurred. Perhaps MCCs should be unblocked for certain buyers

or spending limits need to be raised. Perhaps a cardholder needs

to be further educated on policies. The company also reviews its

spending reports daily. If a cardholder has accidentally used the

company card to buy a personal item, they

should self-report immediately to demon-

strate that they are operating within the

spirit of the program and not engaged in

suspicious activity.

According to the airline’s purchasing

card manager: “We are very parental in a

number of ways. If you have used the card

in a non-compliant manner, we can work

out the issue if you are honest upfront. Ev-

eryone is human and mistakes can occur.

But we will monitor your reports more

closely over the coming months to make

sure that your behavior has improved.

Like baseball, we have a ‘three strikes

and you’re out’ approach. After the third

strike, you lose card privileges and dis-

ciplinary action will be taken. But if you

have received one strike and proven over

the following months that you are follow-

ing policies correctly, that one strike may

be removed from your record.”

Periodic peer reviews To mitigate improper card use and

help support Sarbanes-Oxley, best-in-

class organizations also perform ongoing

peer reviews of purchasing practices well

in advance of regularly scheduled audits.

Sarbanes-Oxley Section 404 requires

management to report on the adequacy

of their company’s internal control over fi-

nancial reporting. Informal, periodic peer

reviews can help determine any program

weaknesses while promoting efficiencies,

ongoing training and limiting overall risk.

International Paper’s purchasing

card practices are audited every other year by internal audit. These

audits take place at each of International Paper’s seven divisions.

In anticipation of these audits, cursory peer reviews are conducted

annually at each location. Divisions also perform monthly transac-

tional reviews.

The purchasing card program at Monsanto is audited at least twice

a year, once by an internal team and once by an external firm. Card ad-

ministrators prepare for these audits by conducting approximately eight

random audits per month and reviewing at least 40 percent of spend.

Card program policies should be reviewed and updated peri-

odically to reflect any changes in the company that affect the use of

the card. Despite the existence of written policies in the majority of

companies surveyed by the Association of Financial Professionals,

only 38 percent of those companies update their policies annually.

At a minimum, it is recommended that reviews of the card program

policies should be scheduled on an annual basis. n

Eduardo Vergara is a Managing Director in Treasury

Services and Global Commercial Card Executive. He

is responsible for the day-to-day management of

the global commercial card business and for setting

and implementing Treasury Services’ strategic vision

for its card products. He also provides industry

leadership and helps grow the business by expanding

its international card platform and Order-To-Pay and

emerging Procure-To-Pay product capabilities.

Vergara joined the firm in 2008, from American

Express, where he was the global head of Product

Management & Marketing for the Global Commercial

Card business. Prior to American Express, Mr.

Vergara worked for Bank of America, where his

roles included head of international Business

Development, Latin America, and Canada, global

Treasury Services, head of Prepaid Cards and head

of International Remittances.


Wolters.indd 1 28/1/09 08:22:52

46 www.usfst.com

LOCKDOWNThe so-called ‘rock star’ of the security industry, Bruce Schneier, exclusively reveals some interesting thoughts regarding current security issues

You’re on record criticizing post 9/11 airport

security measures as little more than window

dressing that don’t actually make passen-

gers safer. Do you see any similarities to this

situation and the steps fi nancial companies

take to protect their customers?

Bruce Schneier. The phrase I use is ‘security

theater’, and one of the reasons we fall for

it in airline security is that attacks are very,

very rare. Security theater is exposed when

it’s obvious that it’s not working, and there

simply isn’t the attack data to assess the

effectiveness of bag screening, liquid con-

fi scation, photo ID checks and other useless

security measures.

Financial fraud is different, because

there is a measurable crime rate that reacts

as security countermeasures are applied.

Financial companies know what is and isn’t

working. They may decide not to tell their

customers and keep up a charade of security

theater, but that only works in the short term.

So while there certainly is security theater in

the fi nancial industry, it won’t last. People

will, for example, eventually fi gure out that

two-factor authentication doesn’t reduce

identity theft and fraud.

What do you see as the key security issues

currently facing fi nancial institutions and

their customers?

BS. Crime. Crime, crime, crime. Crime in the

form of fraud. It may come with the fancy

name of identity theft, but it’s really just

fraud due to impersonation. That’s the key

issue, and it’s not changing. The tactics of

fraud might change – phishing, pharming,

key logging, social engineering, password

guessing, whatever – as security measures

make some tactics harder and others easier,

but the underlying issue is constant.

Are customers concerns about online secu-

rity matched by that of their banks and credit

providers or is there any disconnect with

what consumers want and what companies

are prepared to do?

BS. There is always a mismatch, and you can

easily see it when you look at where the li-

abilities are. If fi nancial institutions manage

to pass off the cost of fraud onto consumers,

then of course the consumers will want more

recourse than the banks provide. Think of a

Bruce Schneier Ed P46-47.indd 46 29/1/09 09:05:50

47www.usfst.com

has done more to improve credit card secu-

rity than anything else.

FST. What needs to be done to truly create

an environment where customers are pro-

tected from threats such as identity theft?

Are banks and other financial institutions

capable of achieving this on their own or will

outside influence be required?

BS. It’s easy. Make banks responsible for all

the costs of identity theft. Once you set the

economic incentives properly, the market-

place will come up with all sort of technical

and procedural solutions.

Do you see any particularly striking new se-

curity threats emerging at the moment?

BS. No. I’m asked to make predictions like

this regularly, but honestly, I think we’re

going to see more of the same for the fore-

seeable future.

Does the increased ubiquity of online com-

merce mean that resolving new security

threats is a purely technological issue or is

there other aspects to consider?

BS. Mitigating security threats is never a

purely technological issue. Security always

involves people – people doing the attacking,

and people as the victims – so security will

always have a people component. And actu-

ally, one of the reasons online crime is so suc-

situation where someone steals a customer’s

password, breaks into a customer’s account,

and steals money. It’s far cheaper for the

bank to foist the cost of that fraud onto the

consumer. But the consumer is perfectly

right when he says: ‘What do you mean, it’s

my fault? I wasn’t involved.’ The best way to

mitigate security risks is to have the entity

best situated to mitigate the risk be respon-

sible for the risk. Customers can’t improve

a bank’s computer security, so it makes no

sense to give them the risk. The bank can

improve security, so it should be responsible

for the risk, regardless of who is at fault.

Think about credit card security. In the

UK the law states that customers are only

responsible for the first £50 of card-present

fraud, and not at all for card-not-present

fraud, even if they were at fault. That law

cessful is that so much security tries to take

people out of the equation. Technology can do

a lot to improve security, but it can only aug-

ment what people do, not replace them.

We recently spoke with PayPal’s CISO Mi-

chael Barrett. He believes that the war on

phishing is winnable, but it will require a

great deal of hard work and coordination be-

tween many different parties. What is your

feeling on the subject?

BS. I think that comment illustrates a lot of

what’s wrong with current security thinking.

It’s not a war on phishing, it’s a war on fraud.

Phishing is just a tactic, and if you concen-

trate your effort on defeating that particular

tactic – something I agree is possible but will

take a great deal of hard work and coordina-

tion – the criminals will just move to another

tactic. If we’re ever going to truly reduce

fraud, we need to look beyond tactics and

deal with the economic motivations of both

the criminals and the victims. n

Bruce Schneier is an internationally

renowned security technologist and

author. Described by The Economist as

a ‘security guru,’ he is best known as a

refreshingly candid and lucid security

critic and commentator. The best

selling author of eight books, he has

written articles and commentary that

have appeared in numerous prominent

publications. Regularly quoted in the

media, he has testified on security before

the United States Congress and is also

Chief Security Technology Officer of BT.

In recent weeks a worm, a malicious software program,

has swept through corporate, educational and public

computer networks around the world. Known as Conficker

or Downadup, it is spread by a recently discovered Microsoft

Windows vulnerability, by guessing network passwords and

by hand-carried consumer gadgets like USB keys.

Experts say it is the worst infection since the Slammer

worm exploded through the internet in January 2003,

and it may have infected as many as nine million personal

computers around the world.

Worms like Conficker not only ricochet around the

internet at lightning speed, they harness infected computers

into unified systems called botnets, which can then accept

programming instructions from their masters.

Many computer users may not notice that their machines

have been infected, and computer security researchers

said they were waiting for the instructions to materialize, to

determine what impact the botnet will have on PC users.

It might operate in the background, using the infected

computer to send spam or infect other computers, or it

might steal the PC user’s personal information.

Microsoft rushed an emergency patch to defend the

Windows operating systems against this vulnerability in

October, yet the worm has continued to spread even as the

level of warnings has grown in recent weeks.

Earlier this month, security researchers at Qualys, a

Silicon Valley security firm, estimated that about 30 percent

of Windows-based computers attached to the internet

remain vulnerable to infection because they have not been

updated with the patch, despite the fact that it was made

available in October last year. The firm’s estimate is based

on a survey of nine million internet addresses.

Wormhole: security in action

“The tactics of fraud might change as security measures make some tactics harder and others easier, but the underlying issue is constant”

Bruce Schneier Ed P46-47.indd 47 28/1/09 15:44:12

With more than three trillion bits of

data created every second, the

world’s appetite for more fea-

ture-rich information keeps

growing, and with it comes the need for data

centers to store and process that information.

Consequently, the data center growth rate is

roughly 50 percent a year. However, as the

worldwide pool of data grows, corporations

are increasingly consolidating and centralizing

data center operations to save costs associat-

ed with their operation andmaintenance, such

as real estate, taxes, utilities and other physi-

cal support groups. These new high-density

data centers save on physical costs by reduc-

ing equipment and floor space costs for

servers in remote offices, cutting software li-

censes and distribution costs and reducing op-

erating expenses.

One consolidation strategy is server virtu-

alization, which harnesses the computing

power of multiple servers into logical group-

ings, known as virtual servers, running concur-

rently on the corporate network. Virtualization

essentially breaks the link of the physical

server and the software applications that run

on it. Because the software applications run

on virtual machines, virtualization realizes

greater computing and power efficiencies by

maximizing the utilization of the physical

servers that support the software.

Virtualization provides network administra-

tors with essential flexibility and agility in

managing data center environments while de-

livering rapid deployment, rapid adoption of

change and flexible disaster recovery.

From a physical hardware perspective, the

use of high-density blade server technology fa-

cilitates server virtualization. By containing

multiple servers in a single chassis-based en-

closure, blade servers maximize CPU process-

ing power per watt of power consumed.

However, its higher density platform changes

the design paradigm on which traditional data

centers were built. As computing resources

consolidate into smaller physical footprints,

the kW usage per square foot increases as

does the associated cooling requirements.

With next-generation data centers consuming

upward of onemegawatt of electricity and pro-

ducing as much as 20kW of heat on a per cabi-

net basis, data center managers will need to

contend with power and thermal management

challenges as well as increased distances be-

tween standalone and redundant data centers.

Even with these concerns, organizations are

finding it increasingly difficult to maintain a

network of servers distributed across the coun-

try or world and are turning to data center con-

solidation to cut IT costs, tighten data security,

meet regulatory requirements and improve op-

erational efficiency.

To fully realize themanyorganizational ben-

efits of consolidation and virtualization, there

are inherent design challenges that must be

overcome. An understanding of the complexi-

ties associated with provisioning of high-out-

put, high-efficiency 3-phase power distribution

systems used to support blade server technol-

ogy is essential. Once the power requirements

for supporting the computing load is under-

stood, the correct thermal management or

cooling strategy can then be developed. A pas-

sive or active cooling solution with the ability

to provide enough capacity for upwards of

20kW a cabinet heat loads will be needed.

Virtualization also requires an improvement of

network bandwidth and latency performance.

High-bandwidth technologies such as 10

Gigabit Ethernet using laser-optimized 50-mi-

cron fiber (ISO OM3) and Category 6A (ISO

Class EA) twisted-pair cabling will alleviate the

potential bottlenecks associated with aggre-

gating computing resources using virtualized

servers and storage platforms. Lastly, following

the TIA-942 and other global data center stan-

dards will ensure the cabling infrastructure is

designed to effectively support virtualized

server environments as well as scale with net-

work growth. �

Designer trends

48 www.usfst.com

Andy Jimenez, Anixter VP of Technology, looks at what IT managers need to be aware ofwhen designing and managing a data center

Andy Jimenez is Vice President

of Technology, Enterprise Cabling

Solutions and has over 19 years

experience in the fields of

telecommunications testing and

product certification. He has held

various engineering and

management positions with test

laboratories specializing in the

certification of voice/data

communications systems and

components. He has also given

numerous technical presentations

at trade shows, and is a regular

speaker at Anixter's National

Seminar Series.

ASK THE EXPERT

For more details on industry standards, go toanixter.com/standards to order your copy of the Anixter StandardsReference Guide.

Anixter ATE:25JUNE 29/1/09 08:58 Page 48

Anixter2.indd 1 28/1/09 08:17:10

The ecomonic distress of the financial com-

munity has added new dimensions to the

protection of sensitive information.

Always of the highest priority, the financial com-

munity has to protect the privacy of personal in-

formation and institutional data while securely

transacting all forms of commerce. Now, with

consolidations and take-overs occurring at a

breathtaking pace, there is an even greater chal-

lenge – combining institutions in a manner that

is rapid and cost effective without jeopardizing

the sensitive data. It is more important than ever

to find ways to cut costs, retain customers,

maintain business processes and demonstrate

a positive return on investment to stakeholders

even while incompatible systems and infra-

structures are being merged.

For years, financial institutions have fo-

cused on security solutions that thwart the ever-

increasing number of serious threats to sensitive

data assets. However, during transitional times,

institutions are once again vulnerable to threats

as data is consolidated amongst multiple het-

erogenous systems that are complex, often in-

compatible and difficult to secure.

Over the coming months, as IT departments

bring together these vast amounts of data, con-

solidate IT systems and develop new business

processes, they need to consider solutions that

provide business efficiency, scalability and con-

tinuity of information. And, with a heightened

level of scrutiny on technology purchase deci-

sions in the areas of goverance, risk manage-

ment and compliance, it is important for

financial institutions to take an enterprise ap-

proach to establishing their new combined in-

frastructure to maximize IT investments and

protect sensitive data.

In the past, most organizations were able to

establish a perimeter defense, employing fire-

walls, intrusion detection and antivirus software

to keep threats to information at bay and meet

compliance requirements. But now, with more

than 50 percent of security breaches perpetrat-

ed internally, perimeter security mechanisms

are no longer sufficient for addressing the many

threats to sensitive data. Additionally, compa-

nies are required to extend their data infra-

structure across business units, partners,

suppliers, customers and an increasingly mo-

bile workforce. The outsider is now an insider,

and, here again, the perimeter security is no

longer sufficient.

All this is further exacerbated when multiple,

disparate products create security gaps and het-

erogenousenvironments,whicharecostly toman-

age, create vulnerabilities and inhibit business.

Protecting the information withinin the en-

terprise is the only way to provide core to edge

protection. Encrypted information, integrated

under a centralized security platform, provides

seamless, cost-efficient management of data

across databases, applications, networks and

endpoint devices. Securing data at all times – at

rest, in motion, and in use.

Protecting the information within the enter-

prise extends security and compliance across all

systems where data resides – network, applica-

tion, database, or storage. The overall security

model will determine the points of protection,

which then determines the scope of the integra-

tion task. Typically, modes of implementation for

a data protection solution vary in terms of secu-

rity model, but each have strong commonalities

that represent the essential building blocks of

data privacy implementations:

• Cryptographic operations

• Secure key management

• Specialized, dedicated hardware

• Authentication and authorization

• Logging, auditing, and management

• Backup and recovery

In essence, an effective and comprehensive

data protection solution must follow the data

from the core, where key data repositories exist,

to the edge, where the data is used. When se-

lecting a data protection solution – especially in

times of transition or consolidation – you should

know the fundamental elements that make up

the solution, be sure to leverage standards-

based technologies and ensure that the proper

planning and cooperation occurs within and

across the enterprise. Doing so will ensure an ef-

fective solution that meets security require-

ments, reduces the overall complexity,

management, and maintenance costs of the or-

ganization’s IT infrastructure, and provides a

foundation for addressing future data protection

needs, business processes and regulatory com-

pliance requirements. �

Reducing the cost and complexityof consolidation

50 www.usfst.com

Chris Fedde discusses the best practice strategies for ensuring efficient businessprocesses and security during consolidation

Chris Fedde was named President and

Chief Operating Officer of SafeNet in

October 2006. Throughout his tenure at

SafeNet, which began in February of

2001 as Director of Corporate Product

Management and Business

Development, Fedde has been a key

contributor to building the company’s

security presence in the Federal

Government and the financial

community. During this time, SafeNet

has seen a significant increase in

demand for the company’s technology

solutions and managed services.

INDUSTRY INSIGHT

Safenet:25JUNE 28/1/09 16:22 Page 50

SafeNet.indd 1 28/1/09 08:20:44

52 www.usfst.com

When I founded the Anti-Phishing Working Group in 2003, I

thought that we would have eliminated phishing by mid-

2004. How wrong I was.

The Anti-Phishing Working Group (APWG) was founded to bring to-

gether the diverse communities of banks, ISPs, e-commerce companies,

security vendors and law enforcement agencies. Our core philosophy

was to create a forum where these diverse players could talk frankly

and honestly about the evolving phishing attack situation, without fear

that these conversations would become public. This format proved to

be immensely successful, and the APWG now has over 1500 member

companies and government agencies.

In 2003, phishing attacks spread from attacks against eBay and

PayPal customers to a wave of coordinated attacks against the custom-

ers of Australian financial institutions. In the summer of 2003, these

attacks were then aimed against customers of UK financial institutions

and in late 2003 US banking customers began to be targeted.

This global pattern indicated that cyber criminals were becoming

just as organized as traditional crime gangs. They were testing new

techniques in smaller markets like Australia, where users are easily

targeted by both their network address and because there are a smaller

number of financial institutions. The model was then perfected and ex-

panded in the UK, where there were still a small number of institutions,

and an easily targeted customer base. The scam was then scaled up to

the US market, particularly targeting customers of the top few banks.

It became clear that one particular group could not solve the phish-

ing problem on their own. It would require cross-industry collaboration.

Thus the APWG was formed.

As phishing scams became ever more sophisticated and profes-

sional, members of the APWG were able to discuss the evolving tac-

tics and best practices for detecting these attacks, shutting down the

phishing sites and tracking and reducing losses. In closed-door APWG

meetings, members were able to discuss the indirect financial losses

from phishing attacks, for example the costs of call centers receiving

tens of thousands of phone calls from consumers when a major attack

was launched.

The APWG publishes monthly reports that track phishing statistics

around the globe. These statistics allowed us to see patterns where

some financial institutions would be attacked with much more inten-

sity than others. Eventually it became clear that one significant factor

in the number of attacks that an institution faced was related to how

52 www.usfst.com

Phishtales

David Jevans discusses the challenges faced in fighting the global war on phishing and crimeware during the financial crisis

EMAIL SECURITY

Jevans.indd 52 28/1/09 14:31:13

53 www.usfst.com

easily criminals could transfer funds out of compromised customer

accounts. We also began to see cross-channel fraud, where account

numbers and PINs were used to create ‘white plastic’ ATM and debit

cards. Financial institutions started to realize that the phishing prob-

lem spanned all types of fraud, and was involved in ATM, debit card,

check card, wire transfer, ACH and account opening fraud. More re-

cently we have been seeing the telephone banking channel used as an

attack vector, where phishers send out emails requesting customers to

call a fake call center, where the IVR system is used to collect account

numbers and PINs from customers without them ever having to visit a

spoofed bank website.

the cyber criminals fi ght backThrough 2005 and 2006 the security community began to develop

anti-phishing technologies and service offerings such as outsourced

takedown services to get spoofed websites shut down in a timely

fashion. The phishers responded by increasingly hosting their spoofed

websites in foreign countries, making takedowns very time consuming

and requiring foreign language skills and working around the clock to

deal with sites hosted in varying time zones.

For every defensive measure that is put in place by the industry, the

criminals react with a creative new approach to continue their fraudulent

activities. For example, the security and web browser community began

to track known phishing sites and share those web addresses as a block-

list, which would allow browsers and email servers to prevent users from

receiving known phishing emails

or visiting known phishing sites.

One of the prominent phishing

gangs, known as the ‘Rock Phish

Gang’, responded by using tens of

thousands of sub-domains on their

phishing sites, thus overwhelming

the block-lists.

Another example of escalation

in the war against cyber fraud was

the invention of fast-fl ux technol-

ogy by the leading phishing gangs.

Fast-fl ux is a DNS technique used

by botnets to hide phishing and

malware delivery sites behind an

ever-changing network of compro-

mised hosts acting as proxies. A

sophisticated type of fast-fl ux is

when multiple nodes in the fraud

network register and de-register

their addresses as part of the DNS

record list for the DNS zone. This

makes taking down phishing and

crimeware sites extremely diffi cult

as they are hosted on many ma-

chines with changing IP addresses.

The APWG and our members have

been working with ICANN, the Inter-

net Corporation for Assigned Names and Numbers, to create policies for

rapid takedowns of fraudulent domain names that are being used to host

phishing and fast-fl ux sites. This has been a multi-year effort, and there

is still much work to do with policy and education among the registrar and

registry communities.

A very disturbing trend over the last year has been the use of social

networks to spread crimeware and phishing. There have been attacks

against users of MySpace and LinkedIn that have infected tens of thou-

sands, and in some instances up to a million users in a very short time

frame. These attacks do not rely on traditional email, as they spread

inside the social networks using their internal web-based messaging

systems. This can make these attacks very diffi cult to track and profi le.

2009 and beyond We expect that the current global fi nancial crisis will continue to

give phishers new ways to create believable social engineering attacks

to steal account credentials and to spread crimeware. In the fourth

quarter of 2008 there were numerous attacks against customers of

major fi nancial institutions that were being acquired or were in the

news receiving government aide. In 2009 we can expect an increase

in money mule recruitment scams, where criminals recruit unemployed

consumers to act as online funds transfer agents, or to reship goods

that were purchased using stolen credit card numbers.

The rapid and continuous evolution and expansion of online fi nancial

fraud through phishing, crimeware and social engineering is something

that requires a coordinated global

response from the fi nancial services

industry, ISPs, security vendors,

e-commerce merchants and law

enforcement agencies. The APWG

and our members have been work-

ing to expand our systems and tools

for secure collaboration and data

sharing. We have facilitated the

sharing of phishing site URLs be-

tween members, and are expanding

this to allow fi nancial institutions

and security researchers to share

information about fraudulent web-

sites and IP addresses of known and

suspected cyber criminals.

In these challenging fi nancial

times, its more important than ever

for the fi nancial services industry,

the security industry, ISPs and

law enforcement to work together

to share information and pool our

resources to keep our customers

safe, and to secure our assets.

Come and join us.

53 www.usfst.com

David Jevans is the chairman of the Anti-Phishing Working Group. For more information please visit www.antiphishing.org

Over the last several years we have seen phishing be

augmented by the spread of malicious software that is

designed to steal online account credentials. This malicious

software that is designed for electronic crime has been dubbed

‘crimeware’. The crimeware wave seems to have started in Brazil

in the 2003 timeframe, and has naturally spread around the

world. Crimeware variants are merged with remotely controlled

malicious software to create networks of hundreds of thousands

of compromised home computers (botnets) that are used by cyber

criminals to launch phishing, crimeware and spam attacks. The

botnet explosion since 2006 seems to have infected millions of

personal computers around the world that are being used by criminals

without the knowledge of the person who owns the computer.

Recent activity in the crimeware landscape is the evolution of

targeted crimeware that is designed to get onto the computer of a

targeted employee in a large corporation or government agency. Once

that person’s computer is infected, the criminals can upgrade the

crimeware to add new functionality to compromise other computers,

steal intellectual property, create backdoor access paths into the

corporate network, or even to run customized software to generate

transactions inside the company network. This represents the

ultimate professionalism of the cyber crime industry, where crime

gangs are plotting these attacks for many months, and using highly

sophisticated crimeware and targeted social engineering to get this

crimeware into corporate networks. We call this ‘spear phishing’.

CRiMeWaRe esCalatiON

Jevans.indd 53 28/1/09 14:31:14

More than 100 million individuals in the United States

today are considered unbanked, underbanked or

credit underserved. These people have no bank

accounts or far fewer accounts than the average

American. While the US economy is caught up in the

current worldwide credit crisis and recession, some important ques-

tions arise: Are bankers even thinking about the underbanked?

And why should they?

Underbanked consumers have traditionally

relied heavily on a cash-based economy or

alternative, nonbank providers of financial

services to conduct their financial transac-

tions, which are profiting nicely from these

relationships. Traditional financial ser-

vices institutions (FSIs) could be on the

profit side of the equation, but to emerge

from the current credit crisis, they will

need to create the right products and

tools for financially underserved

consumers. For the most part, exist-

ing bank products, including loan

underwriting processes, do not

meet the needs of underbanked

consumers and were not built

with them in mind.

This population typically falls

into one of three categories related

to credit:

• No hits. These individuals have

no record at traditional credit

reporting agencies such as Equi-

fax, Experian and TransUnion.

Approximately 20 million people in

the US are in this group. Without a

record at a credit reporting agency,

they will nearly always be declined

credit by a bank, thrift or credit union

and often will be unable to open a

demand deposit account (DDA) or savings

account.

• Unscorable. The unscorable population includes people with ‘thin’

credit files containing little or no credit history or payment data.

Again, lenders won’t have enough data to score their credit worthi-

ness and/or make a lending decision. Consumers with thin credit

files include young people who have not had time to build a credit

history, recent immigrants who have been in the US only a short

time, and others who are undergoing a life change, such as losing a

spouse whose credit history was tied to theirs.

• Subprime. For each type of loan product, the exact definition of

subprime will vary. In general, the subprime category includes

consumers with unfavorable credit history based on credit bureau

reports. More Americans are falling into this category because of

their delinquent or unpaid credit balances, overextension of credit,

and extreme factors such as defaulted loan accounts and loan fore-

closures, and because bankruptcy is becoming more prevalent.

The regulators and the underbankedIn 1977, the US Congress enacted the Community Reinvestment Act

(CRA) to ensure that banks serve a greater portion of the population.

The intent of the act is to encourage depository institutions to help

meet the credit needs of the communities in which they operate, includ-

ing low- and moderate-income neighborhoods. CRA does not require

institutions to make high-risk loans that will jeopardize their safety.

Today, some would argue that subprime borrowers who benefited

by receiving mortgages from lenders struggling to meet CRA objectives

contributed to the mortgage crisis. However, a study released by the

University of North Carolina at Chapel Hill’s Center for Community Capi-

tal on default rates among low-income and minority homebuyers notes,

“Risky mortgage products, not risky borrowers, are the root cause of

the mortgage default crisis.” The study shows that mortgage borrowers

with similar risk characteristics defaulted at much higher rates if they

took subprime mortgages than if they took loans made under the aus-

pices of CRA. Although not all consumers can afford a home, the actual

mortgage product, features and underwriting guidelines are more the

cause of the default than is the risk profile of borrower.

Banks may be missing an opportunity to serve and profit from the

underbanked markets, but consumers are not going completely without

financial services. Nonbank financial service centers (FSCs) and com-

munity financial centers (CFCs) operate nationwide in around 20,000

physical locations today. Financial Service Centers of America (FiSCA), a

trade association of nonbank FSCs, estimates that 30 million customers

are being served annually through 350 million transactions represent-

ing more than $106 billion in various products and services.

According to a 2007 FiSCA key member survey, some notable

volume estimates for products and services purchased at the associa-

Going underTowerGroup’s Bobbi Britting discusses how financial instutions need to serve the underbanked market during the credit crisis

54 www.usfst.com

ANALYSIS

BRITING.indd 54 28/1/09 16:38:10

55www.usfst.com

tion’s member organizations included 137 million checks cashed, for

$56 billion; 86 million money orders sold, with a value of $17.6 billion;

2.8 million prepaid value cards sold and $5.4 billion transferred to the

cards; 32 million payday advances for a total of $13.2 billion; and 21 mil-

lion wire remittances, with a value of $8.3 billion.

Check-cashing services and payday loans

for small dollar amounts may represent the most

abusive services to the unbanked and are the ones

banking institutions have the greatest opportu-

nity to disrupt. Numerous sources estimate total

payday lending loans at approximately $40 billion

annually. Although loan amounts range from $100

to $1500, the average is just over $400 for the 100

million loans made annually.

How banks can compete for the underserved market

Traditional FSIs need to rethink strategies for

attracting underbanked and credit underserved

populations to compete with these other organiza-

tions. Accessing current practices and realigning their offerings with the

needs and desires of the underbanked and credit underserved markets

will be critical to garnering profitable market share.

To aid in reaching the underbanked, traditional credit reporting

agencies are now providing a variety of risk models using nontra-

ditional data to score no hits and previously unscorable files. New

products typically try to emulate the efforts of traditional scoring

models by rank ordering risk of an applicant, thus offering the ability

to evaluate additional credit applications and increase the lendable

population as well as support lenders’ CRA initiatives and efforts to

serve underbanked consumers.

In addition, a number of nontraditional

providers have entered the market with new

scoring products using nontraditional credit

data to bring new risk management insights

to FSIs. The products offered by both tradi-

tional and nontraditional risk management

providers, are highlighted in Figures 1 and 2.

To compete with nonbanks, traditional

FSIs will need to expand their products’ fea-

tures and offer attractive intangible benefits

to underbanked consumers. This population

needs products and services tailored to their

unique needs, preferences and economic

circumstances rather than ‘stripped-down’

versions of those designed for more affluent

consumers.

The volume of services being provided to underbanked consum-

ers proves the market need, but some important features are typically

missing from traditional FSI product offerings. Underbanked consum-

ers need product features at no or low costs that help them avoid

heavy expenses involved with financial transactions. These include

access to small-dollar, short-term, unsecured credit; ability to build

or rehabilitate credit histories; ability to transact in the internet

FIG 1: Underbanked rIsk manaGemenT prodUcTs and servIces From TradITIonal provIders

vendor prodUcT name parTner addITIonal daTa provIded

Equifax MarketMax LexisNexis

Experian Emerging Credit Score eBureauLLC

Fair Isaac Expansion Score

First American Anthem Score NA

TransUnion Link2Credit

Uses Equifax data as well as LexisNexis on rent utilities, negative information, etc. Score

range is 501-900.

Uses Experian trade and public record data combined with alternative data sets such

as internet catalog and direct mail sales, property and asset information, and utility and

telecom information. Score range is 100-999.

Numerous

data and

distribution

partners

Designed to score ‘not hits’ and ‘unscorable’ records. Rank orders risk incorporating

alternative data such debit, membership, utility, bill payment and public record data and

property and asset information. Score range is 300-850.

For use mainly in mortgage lending, utilizes alternative data such as for payment of

rent, insurance and utilities.

L2C (Thin File

Model)

Combines TransUnion data with L2C data such as that on payday loans, rent, and cellular

and utility payments. Score range is 1-999.

Source: TowerGroup review of the companies

nonbank Fscs serve

30 million customers annually

BRITING.indd 55 28/1/09 16:38:11

56 www.usfst.com

and culture. Many underbanked consumers consider confidentiality

extremely important, possibly because of a previous negative expe-

rience with a bank. Easy access to FSIs’ locations in neighborhoods

where consumers live and work and offices that are open at times

allowing for nontraditional work schedules are also vital. To succeed

in reaching underbanked consumers, FSIs need to provide services in

the languages they speak as well as in English.

ConclusionUnderbanked and credit underserved consumers form a large

portion of the US population, and although the world focuses on FSIs

struggling through the credit crisis, innovative institutions will likely

be positioning themselves to create new products and serve a greater

portion of the population. They will make a full-scale evaluation of the

market and address its unique needs where they operate. For lending

transactions, a number of risk tools using alternative data elements

not previously available for credit evaluation purposes can help FSIs

ascertain the credit worthiness of credit underserved consumers.

They also will be able to consider other aspects to attract this popula-

tion, including office locations and hours, language barriers, market-

ing, account documentation and cultural traditions. n

(noncash) economy; immediate liquidity for paper checks, including

shortening or eliminating hold periods; ability to pay bills at the last

minute to avoid late fees and overdraft fees; wire transfer services;

and low-balance checking and savings accounts with no or very low

fees. Another feature not offered by or thought about at most main-

stream FSIs is the ability to accept alternate forms of identification

that are compliant with the USA PATRIOT Act, such as the Mexican

Matricula Consular Card or the Guatemalan Consular ID card.

As important as responding to unique product needs of the vast

array of underbanked consumers is understanding other intangible

characteristics of the market and meeting those needs as well. Fac-

tors include trust, which requires banks to show respect for the

customer while offering acceptance and understanding of customs

This article is based on research by the consumer lending service at TowerGroup, a leading research and advisory services firm focused exclusively on the global financial services industry. To learn more please contact [email protected]

FIG 2: New rIsk maNaGemeNt produCts aNd servICes For the uNderbaNked

LexisNexis RiskView

ID Insights Safe2Change Address change verification and compliance with Red Flags Rules.

ID Analytics Credit Optics ID verification, fraud, Red Flags analysis. Offers visibility into the stability of an individual by

Examining changes to identity and credit risk over time.

NA

CBC Innovis NA Fourth credit bureau.

Payment Reporting

Builds Credit

(PRBC)

Additional tools and data for the underbanked, fraud and identification that are not available through

the bureaus: Alternative data can include information from private and public records, utility

companies’ payments data, bankruptcies and liens and licensing information.

Early Warning

Services (EWS)Industry co-operative focused on fraud management, including internal and employee theft

identification.

PRBC Reports Consumer credit reports incorporating self-reported and third-party-verified data on rent, mortgage,

mobile home payments, utilities, and insurance and bill payment data from FSI bill pay services,

money service providers, and lenders. Also PRBC report with FICO Expansion Score.

Bill Payment Score

(BPS)BPS takes a time-series bill payment history using a weighted scorecard.

Score range is 100-1000.

veNdor produCt Name addItIoNal data provIded

“underbanked and credit underserved consumers

form a large portion of the us population”

BRITING.indd 56 28/1/09 16:40:43

CheckScanning Ad_OL.indd 71 28/1/09 08:38:42

58 www.usfst.com

In less than two years, the nation’s major wire transfer systems,

the Fedwire Funds Service and CHIPS, are set to deliver signifi -

cant new functionality that will streamline the wire transfer pro-

cess for corporations.

By the end of 2010, US dollar wire transfer systems will

be upgraded to allow invoice and other business remittance

information to fl ow along with wire transfer payments, a signifi cant

improvement that will enable corporate customers to reconcile their

payments with much greater effi ciency. This will save corporations

time and money by eliminating the source of confusion about why a

wire transfer was sent.

The business challengePayments professionals at US corporations have expressed

frustration for years about their inability to apply wire payments to

appropriate accounts/bills because wire payments arrive with lim-

ited remittance information. For corporations, there simply wasn’t

The road ahead

Hank Farrar and Lauren Hargraves explain how the Federal Reserve Banks and The Clearing House are creating value for banks and their corporate clients

suffi cient space or structure in a wire transfer message to carry the

necessary information. At the prompting of these professionals, the

Federal Reserve Banks and The Clearing House worked with fi nancial

institutions, global payments systems operators, corporations and

software companies over the past two years to create this much-

desired enhancement.

The Federal Reserve Banks and The Clearing House worked to-

gether with the Association for Financial Professionals (AFP), a leading

trade association for treasury management professionals, to verify

and better understand the demand for an expanded wire transfer mes-

sage that could carry standard business remittance information, such

as invoice numbers.

The Federal Reserve Banks and The Clearing House validated

demand for this enhancement through a joint research project. Together,

they retained Granite Research Consulting and conducted a nationwide

study from February to August 2006. A total of 381 questionnaires were

completed by companies that sent and/or received at least 10 wire pay-

ments in 12 months and had annual revenues of at least $5 million. As a

follow-up, eight focus groups were held in Dallas, San Francisco, Chicago

and New York to solicit further comment and insight from corporations.

The fi ndings, contained in the October 2006 report Business-to-

Business Wire Transfer Payments: Customer Preferences and Opportu-

nities for Financial Institutions, included the following:

PAYMENTS

greg baradi.indd 58 28/1/09 15:46:54

59www.usfst.com

• A consensus exists among users of wire payments that there is a need

to create a common standard for sending and receiving remittance

information with the wire payment.

• 94 percent of corporate respondents said it is ‘valuable’ to include re-

mittance information with the wire payment; 65 percent said it is ‘very

valuable’ and they are willing to pay for capabilities that streamline

their operations.

• Corporations say that more than 80 percent of their payments (by

volume) are still made by check, in part due to the availability of remit-

tance information on the check stub.

• Most accounting and bank-provided cash management systems do

not work together, making process automation and straight-though

processing of wire transfer payments difficult to achieve today.

In addition to the joint research, the Federal

Reserve Banks sought feedback in through a web-

based survey sent to thousands of banks that use

the Fedwire Funds Service. The Federal Reserve

Banks reviewed 366 responses from a variety of

users, in a wide range of user categories, includ-

ing high volume users, low volume users, domes-

tically focused users, internationally focused

users, browser-connected users, and computer

interface-connected users.

The results of the survey demonstrated that

banks understand and support the need for this en-

hancement. By a substantial margin, the number of

respondents who were ‘very interested’ or ‘some-

what interested’ in adding business remittance to

a wire transfer message outnumbered those who were ‘not interested’

across every user category that the Federal Reserve Banks analyzed.

New process will bring substantial benefitsThe inclusion of business remittance information with wire transfer

payments is a significant improvement with the potential to save time

and money for corporate users by reducing or eliminating the need to

research incoming wire transfer payments. A 2005 AFP survey found

that corporations typically need to research 17 percent of incoming wire

transfers at an average research cost of $35 and approximately 30 min-

utes of staff time per wire.

The enhancement planned for the Fedwire Funds Service and CHIPS

at year-end 2010 will provide the tools for corporations to reduce or elim-

inate the need to research wire transfers because these payments will

have sufficient information for a corporation to apply these payments

to their accounts receivables systems. Small and large firms alike will

benefit from this change, but IT-savvy corporations have the potential to

benefit the most – they will be able to automate the entire wire transfer

process, if they so desire.

The process improvements will result in substantial benefits. No

longer will corporations incur the time and expense of follow-up phone

calls and emails to match invoice and other key information with wire

payments. For corporations, that means a significant cost reduction

in managing wire transfers. For banks, it means one of their most es-

sential payments products will be even more valuable to their best

corporate clients.

To facilitate adoption of this change, the Federal Reserve Banks

and The Clearing House are enlisting the support of banks, corporations

and technology providers to adapt their processes for the new message

format. As part of the initiative, the Federal Reserve Banks and The

Clearing House are engaging high-value payment system operators from

around the globe to discuss interoperability and global compatibility.

BanksTo take advantage of the opportunity to send remittance informa-

tion with wire transfer payments, banks need to engage with their cor-

porate clients to understand better how customers intend to use these

messages. Banks can make this transition smoother – and perhaps

get an edge on their competition – by increas-

ing staff awareness and understanding of this

enhancement.

CorporationsFor their part, corporations need to engage

with their banks to understand the type of

interfaces to be supported – XML, EDI, and

SWIFT, among others. Corporations should

review how they use their treasury worksta-

tions, cash management software, and en-

terprise resource planning (ERP) software for

these types of wire transfer messages. They

should also work with the providers of these

products to identify, plan for, and implement

the IT changes that will support this initiative.

Corporations looking for ways to ease the transition of paper-

based to electronic payments should evaluate the role that new wire

transfer capabilities could play in that transition. From prior research,

it is known that there are a small percentage of checks that are rela-

tively high dollar, high importance, or time sensitive that continue to

be written in part due to the availability of remittance information on

the check stub. With upcoming enhancements to the US dollar wire

transfer systems, there may be opportunities to improve efficiencies

of some paper-based payments.

Technology providersFinally, technology providers need to identify their bank and corpo-

rate clients that will be affected by these changes, so that the required

functionality is delivered on time.

After many years of discussion and planning, a new era of effi-

ciency is arriving for wire transfer payments. By continuing to work

in the spirit of cooperation, banks, corporations, and technology

providers can realize even more value from the nation’s two major

wire transfer systems. n

Lauren Hargraves is Senior Vice President, Wholesale Product Office, Federal Reserve Bank of New York.. Hank Farrar is Senior Vice President of The Clearing House, responsible for CHIPS.

94% say it is valuable

to include remittance information with wire payments

greg baradi.indd 59 28/1/09 15:46:55

60 www.usfst.com

Consider the facts. According to a 2008 Osterman

Research survey, 100 percent of organizations have

deployed anti-virus capabilities, 99 percent have

deployed anti-spam capabilities and 96 percent have

deployed anti-spyware capabilities.

However, even using a fairly broad interpreta-

tion of data loss prevention (DLP) capabilities, which would include

products that do not provide true DLP functionality, only 49 percent

of organizations have deployed these capabilities. Any organiza-

tion should deploy DLP capabilities, but none more so than the

financial services industry.

Clearly, this data suggests that organizations of all sizes are

well aware of the need to monitor their inbound communica-

tions for spam and malware. However, they are not nearly as

aware of the need to monitor outbound communications, or

they are not taking the threat as seriously as they should.

This, despite the fact that 27 percent of organizations

in the same survey reported that during the previous

12 months data or information was accidentally or

malicously leaked from their organization.

Given the tight regulation of the financial

services industry relative to most others,

coupled with the increased level of

oversight and compliance that will be

required of firms in the financial ser-

vices space in 2009 and beyond, DLP

is not simply an option – it is a busi-

ness requirement.

Knowing the risksOne of the key reasons

that organizations have not

yet deployed DLP systems is

that many decision makers

are simply not aware of the

potential risks they face,

nor might they be aware of

the data breach examples

in their own industries. For

example:

• Employees will often accidentally

send confidential data in an email

– such as credit card numbers, Social Security numbers or other

confidential information – without realizing that the data needs to

be encrypted during transmission.

• There are many cases in which confidential data, un-

beknownst to the sender, is buried in an email

thread that is forwarded to others.

• Email is sometimes sent to the wrong person,

often resulting in the leak of confidential in-

formation.

• Some employees will send confidential data

via personal webmail accounts to others or

to themselves to avoid file size limitations on

attachments or so that they can work on docu-

ments at home.

• Web 2.0 applications represent a significant

potential for data loss. For example, MySpace,

Facebook and other social networking sites have

been on the receiving end of healthcare-related

data. Hidden malware installed on

endpoints has harvested

personal information

like credit card numbers

and quietly uploaded this

content via HTTP/HTTPS.

Serious breachesData breaches are becoming

more numerous and more serious.

For example, the Privacy Rights

Clearinghouse has tracked data

breaches since early 2005 and

has recorded many examples in

which data breaches were caused by

emails sent mistakenly; cases in which

laptops, CD-ROMs and backup tapes

with confidential data were lost or stolen;

employees discarding printed content in

dumpsters or at the curb for trash pickup; and

many other instances in which sensitive data

was compromised.

There are many risks that organizations know about and

often do not address, such as employees who use corporate email

systems in violation of stated policies or who use personal webmail ac-

DATA LOSS

No time to loseData loss is an often overlooked issue that needs to be tackled immediately, says Michael Osterman

Osterman.indd 60 28/1/09 15:51:20

61 www.usfst.com

counts to send company data home – a 2007 Osterman Research survey

found that 47 percent of organization allow employees to use personal

webmail for business purposes. There are also a variety of unknown

risks, such as keystroke loggers that can infect corporate computers and

distribute confi dential data to hackers and others.

It is also important to distinguish between authorized and unau-

thorized data breaches. For example, an employee who is authorized to

place information on a company website or a corporate wiki can mistak-

enly post confi dential information. By contrast, a terminated employee

who is no longer authorized to send email can still use the system to

send trade secrets to competitors or others until their access creden-

tials are removed. Whether inadvertent or intentional, the damage

caused by such breaches can be enormous.

There are many tools and systems from which confi dential or sen-

sitive information can be sent in violation of corporate policy, including

corporate email systems, employees’ home computers, consumer and

enterprise instant messaging systems, personal webmail accounts

used at work, thumbdrives and other portable storage devices, social

networking tools, other web 2.0 applications, including wikis and

blogs, fi le transfer protocol (FTP) tools, chat tools, Skype and other

consumer-oriented VoIP tools, peer-to-peer fi le-sharing tools and mes-

sage boards and forums.

As a result, there are a large number of data sources and communi-

cations tools that organizations must monitor closely in order to protect

corporate data from accidental or unauthorized distribution, although

email and instant message are clearly the most important channels to

monitor given their pervasive and much more frequent use by employ-

ees than most other tools.

Potential problemsData breaches can be very expensive: for example, an Osterman

Research survey found that if a data breach were to occur in which dis-

closure of the breach would have to be made to customers and other

external contacts, nearly two-thirds of organizations estimated that

a single such breach would cost their organization at least $100,000,

not to mention other operational costs, damage to their brand and

other problems.

Organizations that do not properly address DLP can suffer a vari-

ety of problems, including:

• Loss of intellectual property

• Loss of reputation

• Harmful legal judgments

• Compromise of corporate security

• Violation of statutes and compliance requirements

California’s SB1386 (the Database Security Breach Notifi cation

Act) is a far reaching law that requires any holder of personal informa-

tion about a California resident to notify each resident whose infor-

mation may have been compromised in some way. This requirement

makes it important to retain and transmit records in an encrypted

form, since doing so exempts an organization from the reporting re-

quirement in the event of a breach.

Since California passed its groundbreaking data breach notifi ca-

tion law, most other US states have passed similar laws. For example,

Nevada put into effect a law (NRS 597.970) on October 1, 2008 that

that requires protection of confi dential information. Massachusetts

has passed a similar, but more restrictive law that went into effect on

January 1, 2009.

Osterman Research believes that most organizations are waking

up to the fact that they need to implement DLP capabilities. For exam-

ple, a survey that Osterman Research conducted in 2008 found that

53 percent of mid-sized and large organizations in North America will

very likely invest in DLP capabilities through the fi rst quarter of 2009.

Further, the same survey found that 68 percent of organizations plan

to have some of DLP capability in place by the end of 2009.

Michael Osterman is President of Osterman Research, a leading analyst fi rm in the messaging and collaboration space.

WHAT CAN BE DONE?

There are a number of steps that organizations should undertake

as they attempt to prevent data leaks in their organizations:

The fi rst step that decision makers may want to take to solve the

data breach problem is to audit the current state of electronic

communication and fi le management in the organization. Doing

so will reveal the extent of the risks that an organization faces

and will help to make real the problem to IT management,

as well as senior line-of-business decision makers. In many

cases, this will help an organization to realize that the risks

and problems it faces are not merely a potential, theoretical

problem, but are instead a real and present business danger

that it must address. While this is not always a necessary

step given the abundance of evidence that exists for the data

breach problem, it may be required by some organizations in

order to convince senior managers of the extent of their own

organization’s problems.

After the audit has been completed and digested by senior

managers, an organization should establish very detailed

and thorough corporate policies that focus on all of the

issues related to the use of electronic communication and fi le

management capabilities.

Develop country-specifi c requirements, since organizations

must understand any regulations that govern monitoring

polices, particularly in countries that place restrictions on how

monitoring practices may be carried out.

The next step is to deploy the technologies that will enforce

the corporate policies that have been established. While policies

are necessary to establish what an organization needs to

protect, they will be ineffective at solving all of the data breach

problems an organization might experience.

?

Osterman.indd 61 28/1/09 15:51:20

Risk managers have found themselves in

a tailspin formuch of the last 18months.

While not exactly forgotten, it’s fair to say

that risks beyond market risk are now much

more clearly in focus than they were before the

financial crisis began.

Banks’willingness to lend toborrowerswith

lower credit quality and buy into securitizations

of this credit risk, alongside inadequate borrow-

er documentationanddatamanagement are ex-

emplars of the credit risk and operational risk

management challenges that lay at the heart of

the US subprimemortgage crisis.

We’ve also witnessed numerous examples

of how one form of risk can quickly transform

into another. For example, how:

• Heightenedmarket risk can prompt poor op-

erational risk to accentuate credit risk. Just

think about the several headline-grabbing

instances when financial and corporate

treasury groups have found themselves

nursing huge losses, as extreme market

volatility has exposed unauthorized deriva-

tives trading activity.

• Concern about credit risk can lead to greater

market risk, and vice versa. Hedge funds, for

instance, have sufferedasheightenedmarket

risk prompts investment strategies to unrav-

el, prime brokers to reel in credit and in-

vestors to scramble for the exits. Similarly,

this de-leveraging has amplified market

volatility and stressed liquidity further, and so

the cycle continues.

Regulators and politicians are understand-

ably focusing a lot of their attention on the key

roles that regulation, executive compensation

and government-induced moral hazard have

played in creating and exacerbating the crisis.

Perhaps equally significant is the role of risk

management. It could be argued that the sever-

ity of the US subprime crisis – one of the initial

catalysts of our current financial woes – might

have been lessened if banks hadbetter appreci-

ated that lax operational processeswere expos-

ing them tomuchmore credit risk thanmight be

apparent. It has therefore become abundantly

clear that to be measured and managed effec-

tively, market, credit and operational risksmust

be dealt with in a holistic manner.

But as somefirmsmayhave alsodiscovered

during the financial crisis, market stress can ex-

pose shortcomings in trading and risk manage-

ment approaches and solutions that, although

effective in someways, are not truly integrated.

The value proposition of truly integrated

and extensible risk management technologies

such as those created by leading New York-

based vendor, OpenLink, has never been more

compelling. OpenLink’s Findur and Endur solu-

tionsare targetedatfinancial capitalmarketsand

energy markets participants, respectively. Both

are built upon the same core architecture and

functionality and allow users to manage the en-

tire lifecycle of a trade: from deal entry right

through to settlement and accounting.

There is a definite industry-wide desire to

improve risk management. According to an

American Banker/Greenwich Associates

Executive Forum, 52percent of participants said

that their company had plans to improve their

operational riskmanagement effort, and57per-

cent of these said they would do so by mid-

2009. From OpenLink’s perspective, we’ve wit-

nessed a definite upswing in end-user interest

in making greater use of workflow functionality

and our solution’s collateralmanagement capa-

bilities – especially in light of the emergent dy-

namic policies and processes that have

developed in the current market environment.

Usingoureasy-to-implement ‘point-and-click’

interface, exceptions-based management is

straightforward–hopefullyenablingusers topre-

ventunauthorized tradingactivity fromescalating

intoamajorexposure,by triggeringadditional lev-

els of review prior to automatic confirmation and

settlementwhenuser-defined triggers are hit.

We believe that this kind of functionality is

liberating. It empowers clients to dynamically

implement their own business controls and

monitoring processes and not be constrained,

as has oftenbeen the case, by a technology that

assumes standard trade processing. Echoing

our earlier discussion of the transformation and

overlapof risks, user-definedworkflows canalso

be a powerful tool to deploy at the intersection

of operational and credit risk. Rules could, for

example, be set up so that a particularworkflow

is invoked when the credit rating of a specific

counterparty is changed or put under review.

The failureofmajorderivativecounterparties

and heightened systemic counterparty credit risk

concerns are naturally leading to increased inter-

est inmeasures that lookat thesensitivityof cred-

it exposures tomarket rates and thedownstream

impacts of credit andmarket events on liquidity.

Recognition of the imperative to fold collateral

management into an overall risk management

framework is growing too.

These developments and recentmarket ex-

perience have demonstrated beyond a doubt

that effective risk management can only be

achieved when you have a truly integrated and

adaptable system in place. �

An integrated approach

62 www.usfst.com

Ken Knowles of OpenLink explains how a unified future may be the best thing forbetter credit and operational risk management

INDUSTRY INSIGHT

Ken Knowles, EVP, Risk Management and Analytics, has fullresponsibility for the risk and analytic elements of OpenLink’ssolution sets. These include the management and oversight of amulti-functional team of developers, consultants, and Ph.D’s.

Openlink ED:25JUNE 28/1/09 16:17 Page 62

Mastercard.indd 102 28/1/09 08:39:49

Let me start off by talking about the operational risk model that we

have for the bank. Within Bank of America we have three lines of

defense. The first line of defense is that risk management is every-

one’s responsibility.

The second line of defense is comprised of operational risk and com-

pliance that builds the enterprise risk program and works with the first line

to implement those risk management practices. They work with the indi-

vidual lines of businesses to look for deficiencies and control risk and also

look at emerging risk. This line reports to the enterprise risk function and

to the risk officer.

The third line of defense is internal audit: an independent group that

provides the oversight for the entire risk management program and as-

sesses the control environment for the bank. This line reports to the audit

committee.

My function is to build the risk governance process controls that are

aligned to the enterprise risk function. What risk management means to

me and to our business is fundamentally to make sure that we protect our

customers, that we comply with the laws and regulations and that all the

customer information is protected. We aim to ensure that as a Bank of

America customer you have a very secure environment in which to conduct

your financial business.

The need for structureWe have a very structured program around policies and procedures, the

elements within the risk and compliance program and related training. We

have certain training sessions in which all associates are required to do

some risk related training – for example, on ethics and money laundering.

We at Bank of America touch about 50 percent of the US population

in some fashion. So customer experience and customer satisfaction are

fundamental to us. We want to make sure that we care about our cus-

tomers, that we know them and act for them in everything we do. With a

model like that we have to not only look within the financial industry, we

also have to look at some of the other best practices and benchmarks that

are outstanding.

For example, Ritz-Carlton is known for their customer satisfaction, and

we do look at the level of service they provide. It doesn’t mean that we have

to operate like a hotel, but there are certain key aspects that we can learn

Challenging markets are changing the rulesof the game. By Nick Jayanetti, SVP forOperational Risk at Bank of America

LINE OF

RISK MANAGEMENT

JAYANETTI:jan09 28/01/2009 15:42 Page 64

from a company like that in servicing and how we could deal with cus-

tomers that are appealing to our clients.

During the past few years we have become increasingly customer-cen-

tric and customer-focused. If you look at most of the recent products that we’ve

come out with – for example, Keep the Change, No Fee Mortgage, Zero Dollar

Trades – they’re all based on customer feedback and aimed at providing bet-

ter solutions to our customers. We wanted to make sure that a customer who

goes through the Bank of America experience walks away delighted.

From a customer experience to an activity that a Bank of America as-

sociate performs in a backend operation, we had to make sure we had that

link. I may never interact with a customer, but the work that I do in some

form or fashion impacts the customer. Everything I do today looks at, ‘How

is my work going to impact the customer and how are we going to improve

that customer experience?’

Measuring successThere are several different measures of success. We look at customer

experience, at surveys that are conducted in industry, and then more locally

and personally there are certain performance metrics that I look for within

my group more around risk controls – the time it takes to resolve certain is-

sues and how many problems we are identifying internally.

We consider that as a success metric. If we encourage our associates

to identify problems and if we can get those problems resolved in a very

quick and efficient way, that’s a success metric that we look for. We also

look for associate satisfaction. Almost all of our associates are also cus-

tomers and we do look at associate experience, not only as a customer but

also as an associate.

In terms of possibilities for improvement, we look for some key indi-

cators and we measure that almost on a weekly basis. If you think of what

we do, we are primarily a consumer bank and we also have a lot of differ-

ent areas – for example, investment banking, commercial banking and so

on. The way each area looks at and measures customer experience could

be quite different.

Within each business there are certain indicators that we look for.

Depending on how those indicators are performing we change our ini-

tiatives, keeping in mind that by the time we see a change in an indica-

tor it may be somewhat lagging. We change the way we do things to

make sure that they are supporting a move in the right direction or a cus-

tomer expectation.

These changes can be bi-directional. We follow a top-down plan. The

CEO, Ken Lewis, has a plan for the year that encompasses his goals at a very

high level, and then each one of the businesses support those goals. For

DEFENSE


particular risk. That’s how you can insulate yourself from potential break-

downs and potential risk. Coupled with this, you need to have a program

to monitor the existing controls to make sure that the people are doing

what they’re supposed to do: monitoring the processes and making sure

that the controls are effective. If you have those two components, you

should be able to prevent 99.999 percent of risk and potential failures.

Technology advantageTechnology is the way to go to limit variation. Wherever you have peo-

ple involved, obviously there’s a lot more variation. You need to look at the

controls you have in a business and try to use technology as much as pos-

sible to monitor and assess your controls. That’s a very efficient method

and is obviously cost effective.

Of course there are areas where you don’t have the luxury of using

technology, and that’s where you’re depending on the associates or the

human element. Having the right people, providing people with the right

training and having the right oversight and a dual level of control to make

sure people are doing what they’re supposed to be doing

is the correct approach. In a way, technology is the easy

part. The real challenge comes when you are dealing with

operations in which you have a lot of associates and

you’re depending on the variation in what they do, and

then you multiply that by thousands.

It can be difficult to control risk without stifling it. If

you look at some of the risk we have today, it’s very dif-

ferent from the types of risk we had a year ago or five

years ago or 10 years ago. As technology changes, risk changes. You can

look at risk as a cat and mouse game, where you’re upgrading certain con-

trols to mitigate certain risk.

We will always need risk management. We will never be able to say,

‘I’ve mitigated all the risk and I can now sit back and relax.’ Unfortunately

that won’t be the case. It’s the nature of things; things are always going to

change.

As technology changes, as people change, as the landscape

changes, risk changes, and we have to continuously go after it. We have

to have the right people, the tools and the technology to continuously

look for emerging risk. One of the key components is to make sure that

you’re not reacting to what’s happening today but that you’re looking at

the environment and you’re looking at future trends. The differentiating

factor between a risk mindset company and one that is not would be a

company that looks for emerging risk and puts controls in place today to

mitigate future risk. n

example, the activities I carry out in my function as well as those of the as-

sociates in my group eventually support the plan for our company. It’s a

tiered approach – everything flows up. The work we do on a day-and-day

basis needs to support the overall objectives of the company.

Managing through turbulenceIn challenging times there’s a danger of becoming risk-averse. The way

I look at it, risk is something we always have to keep in the forefront of our

business. It’s not something that you need to keep changing depending

on the market commissions or the environment. You always have to make

a risk/reward tradeoff. Publicly traded companies have certain responsi-

bilities to our shareholders, and in everything we do we have to make cer-

tain risk/reward tradeoffs.

Considering the current market environment, there are certain types

of risk that you may need to pay more attention to. For example, if you look

at the current market conditions you would probably see more fraudulent

activities, so you may want to strengthen your controls in fraud detection.

Also, if you look at historically what’s

happened with the credit crunch and

the mortgage industry there are obvi-

ously lessons to be learned.

I don’t think you necessarily need

to change your risk practices, but you

may need to be more in tune with some

of you risk practices and also pay more

attention to existing controls that you

perhaps haven’t examined closely in

the past. The mortgage industry is a

good example. If you were to look at the

control environment for some of the fi-

nancial organizations that are in trouble

on the mortgage side, you would prob-

ably say, ‘We wish we had paid more at-

tention to them, from a risk perspective.

We wish we had guided and influenced

those organizations a little differently.’

Maybe this is one case where the

risk/reward tradeoff didn’t pay off. It’s not necessarily a matter of chang-

ing but paying more attention to certain controls and practices.

One of the things I’m building is proactive monitoring. With risk man-

agement, you’re trying to prevent something from occurring. If you’re very

successful at it, you prevent potential problems or breakdowns or issues. If

you have a very effective risk management program, obviously you have the

right tools, and you would have the right people looking at the right areas.

Fundamentally, you need to understand all the activities within the or-

ganization and then be able to look at those individual activities and come

up with potential failures. If you have the right people with the right risk mind-

set and then you have the people that understand the process, you can mesh

the two and say, ‘What can go wrong here? What are all the different poten-

tial failure modes?’ Based on those potential failure modes, you need to ask

yourself, ‘Do I have the right controls to mitigate those failures?’

If you do, then you need to see how effective they are. If you don’t, then

you have a potential gap and you need to build a control to mitigate that

66 www.usfst.com

“Fundamentally, you need tounderstand all the activitieswithin the organization andthen be able to look at thoseindividual activities and comeup with potential failures”

Nick Jayanetti


gdsinternational www.gdsinternational.com

Europe

Editio

n

US Editio

n

Your World. CoveredFrom the people you hire to the products you sell, if you’re in business, we’ve got it covered...

Financial ServicesTechnologyProviding for its customer’s needs anddemands is the goal of financialinstitutions now more than ever. But itis a tricky remit to fulfill. Yourcustomers want it all – security, cost-efficiency, speed, added functionalityand, most of all, convenience.

Can it be done? Read FST to find out…

Find out more: www.usfst.com Available for:US, Europe

CXOTechnology leadership is merging with strategic and financialleadership, and senior management is being called into apartnership for the future.

CXO brings together a range of voices with one sharedvision: to develop a strategy that considers business needsand technology’s role in moving your company forward.

Available for: US, Europe, Asia-Pacific

Find out more: www.cxoamerica.com

Next Generation PharmaceuticalApproximately 50% of new drug development fails in the latestages of phase 3 – while the cost of getting a drug to marketcontinues to rise.

NGP is written by pharmaceutical experts from the discovery,technology, business, outsourcing, and manufacturingsectors. It is committed to providing information for everystep of the pharmaceutical development path.

Available for: US, Europe, Asia-Pacific

Find out more: www.ngpharma.com

Business ManagementWhat business processes work? What are the proven,successful strategies for taking advantage of domestic andinternational markets?

Business Management is about real, daily managementchallenges. It is a targeted blend of leadership and learningfor key decision makers in government and privateenterprise.

Available for: US, Middle East, Russia

Find out more: www.busmanagement.com

Executive Healthcare ManagementThe healthcare industry is changing. Understanding how toimprove clinical processes, meet industry standards andmerge the maze of disparate systems is vital.

EHM combines unbiased industry news with thoughtleadership from the most respected executives in healthcare,providing a platform for strategy and learning.

Available for: US

Find out more: www.executivehm.com

HRManagementHR needs three eyes: one on the past – don’t lose sight ofthe systems that generate value; one on the present –determine if current processes are efficient; and one on thefuture – be proactive in meeting new challenges.

HRManagement concentrates on the development of HRstrategies, directions and architectures.

Available for: US, Europe

Find out more: www.hrmreport.com

Oil & GasCollaboration between Government and multinationals toensure the energy supply is developing on two fronts. O&G isthe definitive publication for stakeholders and servicecompanies to read about the regional projects, technologiesand strategies affecting their group.

Available for: US, MENA, Russia

Find out more: www.ngoilgas.com

CATALOGUE PAGE FSTUS10:jan09 28/01/2009 16:37 Page 67

At ATB Financial we have a two-pronged approach to our

overall strategy. One is that we are in the process of re-

placing our core banking application; we recently put a

deal together with SAP and are now implementing that

end-to-end across our entire enterprise. In conjunction

with that, what we want to do is replace our infrastructure

so that over the next 18 months, as we refresh, we can effectively over-

lay the SAP application so that it runs very effectively in our overall pro-

duction environment.

We’re actually in the enviable position that we’re small enough, in

comparison to the big banks, where we believe we can take out our old

application and put in the new application, and yes, there will be risks

associated with data conversion, but we actually have a pretty large team

in place focused on the areas where we think we’re going to have risk.

It’s not the technology that’s going to be difficult, it’s actually how the

people are going to associate with the data and use that technology that

is going to be the challenge for us. Ultimately, this is not an IT project, this

comes straight from our CEO that this is a business transformation pro-

ject – it’s just that the technology enables it to make the difference. This

is driven out of the business, for the business and IT will support the busi-

ness units to make it successful.

The way we look at it is that we have an architectural team that is

actively involved in the core banking transformation project and that

team is helping us define what our strategy and our direction will be ar-

chitecturally across the enterprise going forward. Given the order of

magnitude around our efforts in SAP, it only makes sense to say that if

you’re going build that solid foundation, take that and leverage it going

forward.

I firmly believe that the CIO function starts right with the core data

itself. Data is at the heart of running our business. We can have technol-

ogy challenges all we want, but if we have an issue with our customers’

data, we have a much bigger challenge inside the marketplace.

Everything is encompassed by data privacy, compliance and how we

leverage that data, what we do with it, the storage of it and so forth. The

bottom level is around the CIO’s function of how that data is distributed

and shared inside the lines of business. What’s more, research shows

68 www.usfst.com

Over the last 18 months we have become accustomed to hearing about how someof the world’s biggest banks are suffering at the hands of the economic crisis.

Perhaps then, current markets provide some opportunity for smaller organizations toshoot for the moon? ATB Financial’s VP and CTO Mike Redeker seems to thinks so

ONE SMALL STEP, ONE GIANT LEAP

TRANSFORMATION

REDEKER:25JUNE 28/01/2009 15:46 Page 68

that nearly $30 billion was spent on compliance alone back in 2000, and

that is clearly an unsustainable situation. The reason we’re seeing such

a huge spend is because of minimal efforts in the past, so a number of

my peers inside the banking industry are trying to catch up with compli-

ance and move forward.

In addition, many analysts are now predicting increased outsourc-

ing in financial services. I consider myself pretty lucky because I have a

background where I have been in the outsourcing space for the last

decade, first as a vendor with IBM Global Services and now as a cus-

tomer. Also about 10 years ago, ATB Financial outsourced a huge portion

of its operations, and we have slowly but surely brought services back

in-house. Outsourcing provides a lot of benefits to our organization, but

you have to look at the risk associated with that. You do lose intellectual

capital, a certain amount of control and a certain amount of the abilities

associated with ensuring you’re maintaining industry compliance. So

while I do see how outsourcing may continue to grow because of the

downturn in the economy, with people looking at it as an avenue to save

on their costs, I think that if the balance isn’t right, it just creates a sig-

nificant number of other challenges going forward.

If you outsource a number of products and services, by default you

lose that intellectual capital and you’re not going to be any different from

anybody else. However, if you maintain that intellectual capital it allows

you to be flexible, innovative and provide products and services that your

competition doesn’t bring to the table. That’s what makes us different. n

69www.usfst.com

It sounds so simple, so why do so many IT projects fail?

Mike Redeker. I think a large number of IT projects fail

because nobody really wants to say no. If you look at most

of the successful IT projects, it’s because there’s a

governance model in place with leadership inside the

organization that is willing to say, ‘No, this is the box we’ve

agreed to build within, and that’s what we’re going to go

forward with.’

The harsh reality is that the business units often say,

‘Now that I understand what that box looks like, I actually

want it to be bigger’. And if you’re not careful, you

allow that project to get bigger and you end up

tripping over yourself.

How do you stop that from happening?

MR. In my mind its about leadership and it’s about

communication. That’s leadership from the

perspective that says, ‘We need to manage this as a

collective leadership team inside that bank’; that says,

‘We’ve got to manage it to ensures success’.

It’s also about building a collaborative relationship

with your business units and having a trusting

relationship that is committed to delivering on a

smaller scope to build a solution that meets 100

percent of the business requirements.

It is interesting then that IT leadership is clearly a

key issue. How do you achieve that business

acumen within the IT space?

MR. I think it’s about who is actually in the CIO position,

who’s in your CTO position and so forth. I’m of the opinion

that technology will always work; that’s not the issue. What

is the issue is having the right team, the right ROI and the

right relationship with the business units. If you address

those things, then you can build a collaborative relationship

with your lines of business, and then you can build a

trusting relationship that will enable you to manage the

projects to a smaller scope, delivering expectations and

addressing additional business requirements as you move

forward. It’s not about the technology; it’s about the people.

Mike Redeker is responsible for

providing IT leadership in the

areas of computing operations,

security, architecture and disaster

recovery for IT services and

communications networks, as well

as corporate project management

implementation and tracking to all

business units. He joined ATB

Financial in 2007, having

previously spent 11 years with

IBM Canada, where he focused

on delivering quality Information

Technology services within the

Financial Services Industry.

IF AT FIRST YOUDON’T SUCCEED�

According to Peter Weill in his, somesay, definitive book on the subject, ITgovernance must account for threequestions. He says, “What decisionsneed to be made? Who’s accountablefor making those decisions? How willthose decisions be made?”

“We’re actually in the enviableposition that we’re smallenough, in comparison to thebig banks, where we believe wecan take out our old applicationand put in the new application”

REDEKER:25JUNE 28/01/2009 15:46 Page 69

70 www.usfst.com

Getting startedThe good news is that financial institu-

tions should not have to start from scratch.

You should be able to leverage current pro-

grams – CIP, credit card fraud prevention, data

privacy, multi-factor authentication and online

banking, among others – to cover a significant

portion of these new requirements.

An enterprise-wide, cross-channel ap-

proach to your Identity Theft Prevention

Program will build the foundation for a sound

program. We expect compliance will evolve

as this new regulation is further defined. n

to protect customer information. A smart ap-

proach is to look at each and every service

provider and determine how much data they

handle and any points of weakness. Audit

your service providers to determine whether

they have policies and procedures to ad-

equately guard against identity theft.

If any service providers are not willing

to share their Identity Theft Red Flags Rule

program information, or if their programs

fall considerably short of your requirements,

begin formal discussions about your pro-

gram requirements and how that impacts

your vendor selection. Be sure to document

these conversations.

Initial examinationsEarly reviews are likely to seek evidence

of evolutionary progress toward a compre-

hensive program rather than a completed

program. Initially, most examiners will want

to see that you conducted an enterprise-

wide risk assessment, developed a written

program, obtained board approval and

completed sufficient training to implement

an effective program.

Document all conversations and efforts

pertaining to your program: project plans, risk

assessments, meeting minutes, departmental

procedures, training materials, documenta-

tion of training, board minutes, service pro-

vider contracts, etc. Some of our clients create

a book for examiners that is very much like a

training manual you would give to a new hire.

By compiling this information into a single

document, you can provide your examiners a

tangible guide that walks them through your

program and leaves little to question.

Most financial institutions are regu-

lated by federal functional regula-

tors and are therefore still subject

to the original November 1, 2008, deadline.

Fortunately, there are several strategies to

help ensure your organization is fully compli-

ant with the regulation when the examiners

arrive at your doorstep.

Implement a cross-channel approach

Identity theft occurs in many industries

– in any type of organization, in many depart-

ments and at any time during the customer

lifecycle. In fact, fraud, and identity theft in

particular, often involve multiple channels.

This helps explain why a cross-channel ap-

proach is expected. For example, addressing

identity fraud only in internet banking may

fail to address identity theft in credit card

fraud or mortgage fraud.

Compliance with the Identity Theft Red

Flags regulation should involve looking across

your entire organization and bringing together

efforts to mitigate risk. A cross-channel ap-

proach should help drive programs at your

institution to better protect the customer and

ultimately lead to lower risk for the organiza-

tion – which is simply good business.

Review Even if you outsource your operations to

one or more service providers, you remain

ultimately responsible for compliance with

the rules.

Service providers often have access to

your customers’ private information. This can

seriously compromise or hinder your efforts

The eleventh hour of complianceDebra Geister discusses last-minute strategies that financial institutions can follow to help ensure Identity Theft Red Flags Rule compliance

Debra Geister manages the

development of fraud prevention

and compliance solutions for the

Risk and Information Analytics

Group of LexisNexis. She spends

most of her time working with

customers to understand their

needs, challenges and business

processes. She also works with

the ABA, other industry groups

and the regulatory community.

“Fraud, and identity theft in particular, often involve multiple channels. Addressing identity fraud only in internet banking may fail to address identity theft in credit card fraud or mortgage fraud”

Choice Point Ed P70.indd 70 28/1/09 15:50:51

CHoicePoint2.indd 1 28/1/09 08:18:32

Take a look at General Electric’s company overview and you’re

faced with a rather extensive list of disciplines and work areas.

Fromjetengines topowergeneration,financial services towater

processing, and medical imaging to media content, GE claims

that its people are dedicated to turning imaginative ideas into

leadingproductsandservices,which in turnhelp tosolvesome

of theworld’s toughestproblems. Furthermore, theorganizationcontinues to

pride itself on its slogan ‘imagination at work’.

That’s all well and good, except that in today’s climate the ‘world’s

toughest problems’are massive, and the idea of ‘imagination at work’– for

many – undoubtedly seems a little stifling.

Headquartered in Norwalk, Connecticut, is GE Commercial Finance, de-

scribed as one of General Electric’s largest ‘growth engines’. With lending

products, growth capital, revolving lines of credit, equipment leasing, cash

flow programs, asset financing and more, GE Commercial Finance plays a

key role for client businesses in over 35 countries. The industries served in-

clude healthcare, manufacturing, fleet management, communications, con-

struction, energy, aviation, infrastructure and equipment, and as a main

component of GE Capital – General Electric's financing unit that serves con-

sumers, retailers and businesses around the globe – GE Commercial

Finance has assets of over $276 billion.

You have to admit, it’s a pretty impressive portfolio. Especially given

the current state of our economy. But such achievements don’t come with-

out their challenges, as CISO James Beeson is only too aware of: “It’s cer-

tainly a big stumbling block if we have a major breach somewhere. For a

company like GE that trust and reputation is absolutely critical. We’ve got

one of the best known brand names in the world and the last thing we want

to do is harm that reputation. Building trust is a big piece of that.”

Do you think that it’s your role to bring in new technology ap-

proaches and do you ever look outside of banking’s four walls for

best practices?

I would argue that our job is to enable the business to take a risk. That re-

quires us to bring new ideas in to the business and to say to management,

‘Here’s a way that you could take a bigger risk’, and that’s a massive part

of our job to do that.

72 www.usfst.com

James Beeson of GE Commercial Finance answers our questions on riskmanagement and technology advancement, and tells us how looking at GE'sglobal set-up can provide real ROI

FEATURE

Beeson ED:25JUNE 29/1/09 09:19 Page 72

73www.usfst.com

The way we go about it is through various methods.We cer-

tainly look within the financial services arena for best practice,

but of course, beingGE,we’re part of this huge conglomeratewith

stuff in aerospace and healthcare andwe have a very diverse set

of product lines that we can look into and get best practices that

we may not otherwise have thought of using in the information

security space.

Of course, most of the things that you’re battling against in

information security are commonalities, regardless of what kind

of business you’re in. Some businesses may have more physical

threat than logical threat, but still, when youget down to it, we’re

mostly fighting the same bad guys.We look everywhere for best

practices andopportunities to collaborateon solutions thatmight

help us be more secure or improve our posture. We go out and

we look at government and do collaborative work with govern-

ment and academia to seewhat things are coming thatwemight

be able to take advantage of. We look everywhere. We leave no

stone unturned.

What lessons has GE Commercial Finance taken on during your

tenure?

There is certainlymore focusonawareness andeducation. I know

one of the things that we have found is that education is a tough

thing to sell on. We’ve learned from a lot of statistics out there

that people will click through things, and everybody certainly

does that at home: ‘Oh, I know there’s a security warning, but I

don’t care. I just want to get to whatever I want to get to.’

What we have found is that one useful way to help educate

people is to bring it closer to home, so we will have brownbag

lunches at our facilities and thedraw is ‘Comeon in andwe’ll give

you some suggestions or ideas as to how to better protect your-

self on your home PCs or protect your children on the internet.’

Amazingly enough, we get a lot more interest from people

who’ve got kids and who’ve got PCs at home who want to know

how to set up awireless network andhow to secure that network

to keep their kids from going to all the bad sites on the internet.

And even though it’s not really got anything to do with business

security per se, the fact is we’ve found that when we get them in

that mindset at home, they begin to think smarter in the work-

“The more you share and virtualize,the more risk you have as you putall your eggs in a single basket; onthe other hand, the more autonomyyou give people, the more they’relikely to bring in extra threats thatyou’re not aware of”


constantly merging, etc.? They may outsource to another third party –

how do you maintain that?

It’s a problem across all industries and there’s not a good process for

dealingwith that. Surewe can go out andwe do due diligences but as soon

as you’vedone that, tomorrow itmaynot still be theway theyhandle things.

In this day and age we can quite happily say that everybody has security

software. Yet there are still these very public security breaches. What is

missing from the overall picture? Is it the people or the processes?

It’s probably a mixture of those things. There’s no simple answer. I don’t

think there’s a silver bullet towhat’smissing. The SocGen incident is an ex-

cellent example of what has got everybody scared right now.

There, there were billions of dollars that this one individual was

able to perpetrate from within the organization and all of a sudden an-

tifraud committees across the board found some energy. I’m no expert,

but it was probably all of those things that made up that particular

issue at SocGen – and so we have to continue to look at all of them. We

have to get access controls, process controls and people controls in

place. You have to have it all.

Of course, themore complex the environment becomes and themore

bad guys come that into the environment, the harder the job is tomaintain

those controls. Currently, there’s somewhere in the region of 800,000 to a

million newpeople that comeonto the internet every day, 365 days a year,

and somepercentage of those are bad guys. And so on top of that, and the

fact that you’ve nowgot organized crime supporting these guys, all you can

do is just try to stay on top of it as best you can.

And as things like the BlackBerry and the iPhone continually pave new

consumer experiences, the demand for technological change is happen-

ing farmore rapidly thanbusinesses are comfortablewith and reacting to.

How do you as the CISO face that challenge?

While I think most CIOs are going to react by saying ‘Keep them out.

Block them. Don’t let employees have these devices’, I don’t necessar-

ily think that is the best option. While I agree that you have to take pre-

cautions to not cause a problem, I think what you really need to do is

take the other side of that and say, ‘How can we make this work to our

advantage?What new technologies can we bring?What can the suppli-

ers and vendors bring that will help us enable the business to take more

risk with these devices?’

place too. They usemore common sense around security and they tend to

then take better care of GE’s proprietary data and information.

AsCISO, there’s often a real danger of only seeing symptomsandnot caus-

es. How do you work around this?

You have to deal with both. We ‘patch’ our systems, but we don’t patch

thembased onwhat’s actually being taken advantage of but based on vul-

nerabilities.

Just because there’s a vulnerability doesn’tmean somebody’s exploit-

ing the system, and I think that’s what’s driven us into this area of treating

the symptom instead of the cause.We need to figure out how to shift that

and become more focused. That doesn’t mean we can ignore vulnerabili-

ties all together, but we do need to getmore focused onwhere the threats

are coming from.

And how do you ensure that focus and then move towards a more cause-

centric solution?

I thinkwe have to get smarter at using the tools and the information that’s

out there. There’s a huge amount of information today that companies are

getting from different sources and we don’t necessarily take advantage of

pulling that information together and putting things against that to allow

us to correlate the information andhelp us predict what’s going tohappen.

The other way is that we have to collaborate more with each other as

well as with the information that is out there. The public, private and even

the academic side of the equation need to pull together and collaborate

more.We don’t do enough of that today.

What are the greatest risks that you face from an information security

standpoint?

My spin is that education is still probably the number one risk, andmaking

sure thatusersunderstandwhat those risks look like.Wehave tospend time

and resources educating people and making sure they understand that.

Number two is the issues surrounding third parties, and asmore andmore

companiesareoutsourcinga lotof informationwehave tomakesure thatwe

haveprocesses inplace thatensure these thirdparties,whoarestoring,using

andprocessing our information, are handling it appropriately.

This is an even bigger challenge given the thousands of third parties

that most big companies have. Something that I loose sleep over is how

you maintain that, in a really dynamic space, where third parties are

74 www.usfst.com

James Beeson has been with General Electric for 11 years. He started as aTechnical Services Manager in GE Capital, Vendor Financial Services, movedinto Information Security in 2000 with responsibility for Mid-Market Finance, andis now responsible for Information Security and Data Protection globally atGeneral Electric - Commercial Finance.Prior to that, he worked at Trinity Industries, Inc., a Fortune 500 Dallas based

manufacturing company, for eight years in a variety of IT leadership positions.


75www.usfst.com

We’re kidding ourselves in the business world if we don’t realize that

this generation that is coming into the workforce aren’t going to want to

use these devices. Soweneed to figure out how to enable these new tech-

nologies because we’re going down a path that would suggest that we’re

going to get to a timewhere a newemployeewill say, “I’ve already got one

or twodevices. They’remy little personal devices and I don’t want aGEma-

chine anymore. Just letme accesswhat I need to access throughwhatever

device I’m comfortable with’.

How do you balance the need for autonomy in technology solutions by

each business line with the demand and need for synergy across the

whole enterprise?

For us, we have obviously a lot of divisions or subdivisions within the

commercial finance business and I tend to frame it up in my mind as

a target.

Thequestion really is howdoyoufind the right balance between those

things and typically it’s about flexibility. You want them to be able to be

more agile andmorequickly respond to abusiness needand, again, there’s

no simple formula for what’s the right balance. You have to understand

what those business processes look like out at the front edge of the busi-

ness and understandwhat your businessmodel is.

From a security perspective there’s also two sides to the puzzle: The

more you share and virtualize, the more risk you have as you put all your

eggs in a single basket; on the other hand, the more autonomy you give

people, themore they’re likely to bring in extra threats that you’re not aware

of. You just have to find the right balance.

The key lies in sitting down with the business partners and under-

standing how, operationally, the business is run and not just having your

‘IT blinders’ on. You have to take these off and look at the business

processes and understand them from a universal perspective. �

THE GE PORTFOLIO• ENERGY INFRASTRUCTUREGE’s Energy Infrastructure segment is leading the field in

the development, implementation and improvement of

the products and technologies that harness our

resources such as wind, oil, gas and water.

• TECHNOLOGY INFRASTRUCTUREAround the world, GE is helping build the healthcare,

transportation and technology infrastructure of the new

century. Many of GE’s fastest growing businesses are in

GE's Technology Infrastructure segment.

• GE CAPITALGE Capital offers an astonishing array of products and

services aimed at enabling commercial businesses and

consumers worldwide to achieve their dreams. Services

include commercial loans, operating leases, fleet

management, financial programs, home loans, insurance,

credit cards, personal loans and other financial services.

• NBC UNIVERSALNBC Universal is one of the world’s leading media and

entertainment companies, developing, producing and

marketing film, television, news, sports and special

events to a huge global audience.

• CONSUMER & INDUSTRIALFrom the familiar light bulb to the latest advancements

in consumer technology, GE Consumer & Industrial

has a long tradition of life changing innovations that

have improved the quality of life for millions of people.


76 www.usfst.com

investment bank to another without anyone overseeing the trades.

Thus, there is no oversight to ensure that the holder of CDS has the

required financial capital to meet losses in case the underlying se-

curity defaults. In the last few years, CDS became very popular with

investment banks as an easy way to make money because in the

booming economic period that we experienced in the last decade or

so, the general perception was that big corporations and/or banks

whose credits were insured via CDS markets were unlikely to fail. No

wonder then that the CDS market has grown very fast and according

to the International Swaps and Derivative Association (ISDA), it is

worth more than $60 trillion which is approximately twice the size

of the US stock market and also dwarfs the $12 trillion US mortgage

market and the $6 trillion UStreasuries market. It is worth mention-

ing that the American Insurance Group (AIG), recently rescued by the

US Federal Reserve through a capital injection of $85bn, had written

off $450bn worth of CDS.

The current financial crisis gripping the investment indus-

try in the US and other parts of the world reminds me of

the ‘pass the parcel’ game that children play at birthday

parties. You probably know the game – a parcel is passed

around and whoever ends up with the parcel in their hands

when the music stops, wins a prize. However, in the case of the invest-

ment industry, the parcel called Credit default swaps (CDS), which

were being passed by one bank to another, contained a ticking time

bomb in the shape of contaminated assets that no bank bothered to

look at since there was plenty of money to be made from this game.

Credit default swaps provide insurance against the potential

losses on the investments in certain assets such as municipal

bonds, corporate bonds, mortgage securities, etc. CDS are similar

to taking home insurance to protect against losses from fire and

other causes. The credit default swaps market is not regulated and

as a consequence, CDS contracts can be traded or swapped by one

With its enthusiastic trade in credit default swaps, the financial industry is playing a deadly version of pass the parcel, says Sunil Poshakwale

A dangerous game

DERIVATIVES

CDS Ed P76-78.indd 76 28/1/09 16:38:32

77www.usfst.com

the quest for more profits, investment managers and traders started

to develop clever trading strategies in a bid to outsmart each other.

This led to the development of proprietary investment strategies that

became too complicated to price for rest of the market.

The vast profit potential led to excessive greed to make maximum

money in the shortest possible time. This short-termist behavior was

encouraged by the compensation packages that were available to the

investment bankers and trading community since more profits directly

translated into higher bonuses. Years of good economic conditions

with low inflation and low in-

terest rates further fueled the

growth of financial markets

and encouraged excessive

risk taking by investment

banks. Investment success

lavishly compensated by Wall

Street and in London plagued

rational decision-making.

Central bank and regula-

tory bodies have been badly

exposed in the current crisis.

To some extent the criticism

of these institutions that have

primary responsibility to reg-

ulate the banking sector and

financial market operations

is justified. In my view, regu-

lators can only effectively

regulate if they understand

what they are regulating.

Therefore, it is not a question

of more or less regulation but

rather how ‘effective’ is the

regulation. Regulatory au-

thorities allowed investment

banks to race ahead with

trading of complex products

and deals without making

sure that both the regulator

and the banks doing such

deals understood the risks

and that the counterparties

involved had the necessary

capital base to take those

risks. There is an urgent need

for governments to ensure that those who are responsible for regula-

tion are either appropriately qualified or trained so that they have a

sound understanding of the underlying risks.

One of the central tenets of the free market economy is that the

markets are generally efficient. It is believed that markets are able to

price risks appropriately and therefore reflect correctly the fair value

of assets being traded in the market. However, markets are made

up of small investors and some very large and influential investors.

Besides the CDS, the market for securitized assets such as the

Collateralized Debt Obligations (CDO) has also been growing over

the years. CDOs are attractive investments for investment banks and

hedge funds because of the high potential to make large profits, and

like CDS, markets for CDOs are unregulated. CDOs comprise a port-

folio of fixed-income assets which are divided into different tranches

based on the credit ratings of the underlying mortgages. For example,

an AAA rated CDO is considered safer compared to a BB rated CDO

because the exposure to losses is greater in the BB rated CDO com-

pared to the AAA rated CDO.

Over the years, CDOs have

become an important vehicle

for funding of fixed-income

assets. Around April 2006,

the rating agencies began to

re-rate the BB rated bonds

as they sensed that given the

higher risk, returns on these

bonds were not high enough.

As a consequence, the

spreads on mortgages began

to widen and the investors

began to leave the BB rated

bond market. Around the

same period, the subprime

residential mortgage market

in the US started to experi-

ence high defaults, which

caused lenders to become

more risk averse. The inves-

tors perceived higher risk in

holding CDO backed bonds.

Consequently, availability

of credit became scarce and

bond yields (return required

by investors from investing in

bonds) started to rise. One of

the reasons for the downfall

of Lehman Brothers was that

they had a high exposure to

the CDO market. It is estimat-

ed that Lehman’s exposure

to all outstanding corporate

CDOs is nearly 60 percent.

Many commentators and

financial experts have been blaming the derivative markets for the cur-

rent financial crisis. However, in my view, derivative products such as

options, futures, swaps and their complex combinations were primarily

invented to hedge risk. However, since most derivative instruments

principally rely on leverage, the investment industry started to use

derivatives to make money and quite rightly so. Soon the profit making

potential began to dominate the hedging motive and greed overtook

rational behavior. The results are for everyone to see. Besides this, in

2001 2002 2003 2004 2005 2006 2007 2008 2009

$890 billion

$2.1 trillion

$3.7 trillion

$8.1 trillion

$16.6 trillion

$33.4 trillion

$60.3 trillion

$52 trillion

credit default swapgrowing fast

The CDS market is worth nearly $50 trillion

CDS Ed P76-78.indd 77 28/1/09 16:38:36

78 www.usfst.com

capital to businesses. This may adversely affect new investments and

growth. The slowdown resulting from the scarce availability of capital

for businesses may lead to higher future job losses. The scarcity of fi-

nance would lead to an increase in the cost of capital, which will mean

that businesses will have to tighten their operating costs or else they

will be reporting lower future profits. Prospects of lower corporate

profits will adversely affect stock values. Thus the stock markets are

unlikely to reach the heady levels that we

have experienced in the last few years.

Large falls in the equity markets are

bad news for the average person on the

street, even if he/she had nothing to do

with the subprime mortgages. Losses

on equity investments would reduce the

value of portfolio investments held by

pension funds and this is the next problem

the governments around the world will

have to deal with. If pension funds suffer

losses on their investments then those

who are dependent on the pension income

are likely to suffer too. Many others who

may have bought additional residential

properties with an aim to use the sale

proceeds in lieu of pension income in the

next five years or so will find that they may

not be able to afford the luxurious holi-

days they had planned. Worst hit will be

those who cashed in by releasing equity

from inflated house prices since they will

find themselves with an expensive loan

that they will have to repay in case house

prices do not regain the same levels which existed before the onset of

the subprime crisis. Less credit availability will also mean a less luxuri-

ous lifestyle since people will find it difficult to borrow money to spend

on luxury goods. This may be good news since less demand will lead to

a fall in prices and those who have the cash will be able to get the best

bargains. After all ‘cash is king’ as they say. Alas, banks did not heed

this age-old advice or else we would not be in this financial mess. n

Unfortunately, the system has allowed some investment banks to

become too powerful. This in itself is a breach of the basic invest-

ment management principle which suggests that diversification is the

key to reducing risks. When some institutions and investment banks

become too influential, the systemic risk increases since they domi-

nate trading volumes and are able to manipulate the asset prices.

There would be widespread implications of the financial markets

meltdown in the US and the UK. One of

the reasons for recent takeovers (Merrill

Lynch by Bank of America in the US and

HBOS by Lloyds TSB in the UK) was that

both Merrill Lynch and HBOS would have

found it difficult to raise further capital

on their own. Both have perfectly viable

and possibly profitable businesses but

because of the credit crunch, they would

not have been able to borrow the re-

quired money from the market because

of the lower capital base caused by the

write-downs of bad assets in their bal-

ance sheets. Some European banks – for

example, Fortis in Europe, Bradford and

Bingley in the UK, Wachovia in the US

(and the list is growing every day) – have

found themselves in a similar predica-

ment. It is worth noting that collectively,

European banks together had €258bn

worth of maturing debt in 2008 alone. In

the case of HBOS, it needed to rollover

debt worth €1.6bn maturing in 2008.

Thus one of the major consequences of

the credit crunch is that the banks will have to de-leverage their

balance sheets. De-leveraging would require infusion of additional

capital so that maturing debts could be paid and debt to capital ratio

is lowered.

Second, because of the high levels of debts on banks’ balance

sheets, the shareholders will demand a higher risk premium on the

banking sector shares. It is not surprising therefore, that the banking

stocks have been the loss leaders on Wall Street and London as well

as in other markets.

Third, though bonds are considered much safer compared to

investing in equity shares because bondholders have the first claim

on a company’s assets, currently high levels of defaults on bonds

would make it very difficult for banks and corporations to raise

capital by issuing bonds. As a consequence the bond yields will

continue to rise and so will the cost of borrowing.

Fourth, the whole finance industry will shrink in size because

as the market values of overvalued assets fall, the value of capital

required to finance the new levels of investments will also have

to fall. There will be consolidation, as we are witnessing, and

fewer big players in the banking industry in future.

There are some serious implications of the credit crunch for

the real economy. To start with, there will be reduced availability of

Sunil Poshakwale is Professor of

International Finance at Cranfrield School of

Management.

CDS Ed P76-78.indd 78 28/1/09 16:38:41

Xenos.indd 63 28/1/09 08:42:00

What can you tell us about the current drivers

for NAC solutions?

SanjayBeri.New technologies are beingutilized

that enable businesses to operate differently

than they have until now. Organizations want to

take advantage of these changes to achieve a

competitive advantage, but changes can also in-

troduce risks and threats. For example, organiza-

tions want to move faster by enabling outsiders

likepartners, suppliersorcustomers toaccess the

network directly. Or they may want to allow em-

ployeeswhowork remotely to connect to thenet-

work after using their computers outside the

perimeter. Inbothcases,anorganizationcan’tpre-

dict how users will behave or know the state of

theirmachines.Youwant to takeadvantageof the

speed and flexibility technology offers, but you

have to maintain control over your critical re-

sourcesandpreventdata loss.Accesscontrol lets

you do this. This is especially important in finan-

cial services organizations, where companies

need to fiercely protect their reputation, as well

as comply with regulations and defend against

cyber terrorism. So the drivers include guest ac-

cess, insider threats, off shoring/outsourcing

and compliancemonitoring and enforcement.

How does network access control solve this

problem?

SB. Network access control solutions manage

access to thenetwork and its applications based

on user and/or device compliance against a se-

ries of enterprise-defined network and security

policies. Criteria for network and security poli-

cies include things likeuser identity, device iden-

tity, health, security state and network location.

Policies to be enforced may include users and

their devices adhering to and maintaining a

baseline of criteria definedby the enterprise and

making sure only authorized users are access-

ing networks and applications.

Furthermore, a NAC solution can ensure

that access is allowed only to authorized corpo-

rate resources, and all corporate authentication

and security policies aremet before the network

is accessedandduring thedurationof a session.

Therefore you can make sure that the account-

ing department only accesses financial records

and HR and the person the records belong to

only access records.

Do NAC solutions replace existing security so-

lutions like firewalls, VPNs and antivirus?

SB.A comprehensive access control solution ac-

tually leverages and extends existing security

solutions like firewalls and VPNs. For example,

Juniper’s Unified Access Control (UAC) solution

uses Juniper’s firewalls as enforcement points to

stop unauthorized traffic where the firewalls re-

side. Likewise, access control policies can be

shared between UAC and Juniper’s Secure

Access SSLVPN appliances to centralize provi-

sioning of access control and ensure consistent

policies for both remote and local access. This

simplifies policy development and manage-

ment, which results in cost savings.

What does Juniper’s NAC solution look like?

SB. Juniper’s Unified Access Control is com-

prised of a number of components. All access

policy is implemented by the Infranet Controller –

UAC's hardened, centralized policy server; and

user identity,devicesecuritystateandnetwork lo-

cationaredeterminedbytheUACAgent–which is

availableasa lightweight,dynamicallydownload-

able agent with cross-platform support for

MicrosoftWindows,AppleMacOSandLinuxplat-

forms,aswell asanagent-lessmode, forwhen in-

stalling a software client is not feasible.

Juniper Networks Unified Access Control is

based on open industry standards and field-

tested components that leverage existing enter-

prise network infrastructure, delivering solid

investment protection. UAC reduces access con-

trol deployment complexity and cost, while in-

creasing operational efficiencies. �

ACCESS ALL AREAS

80 www.usfst.com

With security becoming more and more important to financial institutions, the conceptof Network Access Control (NAC) aims to do exactly what its name implies: controlaccess to a network with policies, including security checks and post-admissioncontrols, over where users can go and what they can do. Sanjay Beri explains more

EXECUTIVE INTERVIEW

Sanjay Beri is Vice President,

Access Solutions Business Unit at

Juniper Networks and has more than

10 years of experience in the high-

tech industry including key roles at

such companies as Microsoft,

Newbridge Networks (now Alcatel)

and McAfee. Prior to Juniper, he was

a co-founder of Ingrian Networks, a

leader in providing solutions to

secure data in transit and storage.

Beri holds a Masters in Electrical

Engineering from Stanford University,

and an MBA from Berkeley.

“You want to take advantage of thespeed and flexibility technologyoffers, but you have to maintaincontrol over your critical resourcesand prevent data loss”

Juniper Networks:25JUNE 28/1/09 16:14 Page 80

Juniper.indd 1 28/1/09 08:19:12

82 www.usfst.com

Core banking systems are key to banks fl ourishing in this

intensely competitive banking landscape – come rain or

(eventually!) shine.

They can facilitate high growth business initiatives,

providing agility and fl exibility for tapping new oppor-

tunities, meet compliance and regulatory

requirements, improve risk management

effectiveness and bring about operational

and process effi ciencies. The problem is

that most don’t.

“When we talk about core banking

systems, we are referring to those back-end

systems that do the day-to-day transac-

tion processing, statement generation and

reporting for the bank,” says Bart Narter, a

Senior Analyst at Celent.

“These systems tend to be written in

COBOL, perhaps with a bit of assembler

thrown in to optimize batch runs. They run

in batch mode, so that transactions are posted nightly. They have been

running at the bank for 20 or 30 years – yet the fact that they have been

running for so many years is both a blessing and a curse. The blessing is

that they are scalable, reliable, stable systems, with some rare excep-

tions. Whatever else people might say about their core systems, they do

the job day in and day out. The curse is that they are saddled with old

technology that make the systems very infl exible, hard to communicate

with and diffi cult to maintain.”

How important is good core banking technology? Santander’s José

María Fuster was named CIO of the Year 2007 by The Banker. The year

before, it had awarded Santander the Core Banking Systems Innovation

award for its new core banking system.

Coincidence? Fuster doesn’t think so.

Though the group’s roots are in

Spain, it has a strong presence across

the world (it is Europe’s largest bank).

This has been built through a number

of acquisitions in the last few years,

including Sovereign Bancorp in the US

and Abbey in the UK. “Business and

geographical diversifi cation is an oppor-

tunity to improve our technology with

functionalities from different markets,”

Fuster states. “It has helped our core

banking system to become one of the

most technically and functionally advanced in the industry.”

Fuster claims that technology is never a constraint in the decision

making process. “On the contrary, we were very confi dent [during the

Abbey acquisition] that our core banking system would accelerate Ab-

bey’s integration in the group,” he says. “At the same time, it generated

synergies by transferring our deep expertise in commercializing fi nancial

core transformation – evolution, revolution,

or die?

“existing core systems often hamstring the

operations of the bank and the business

of the bank”

Jeanne capachin

Nearly one quarter of all banks are considering replacement of core systems within the next three years according to a recent study by Financial Insights, an IDC company. The question is how (rip and replace, or gradual modernization?) and not why. You’re either re-architecting today, or it may already be too late. By Adam Burns, Senior Editor

CORE BANKING

CA.indd 82 28/1/09 15:42:55

83www.usfst.com

products and services. In essence, our core system allows us to export

our way of doing banking.”

Why change now?Jeanne Capachin is Lead Analyst on core systems transformation

for Financial Insights, an IDC company. According to a recent Financial

Insights study, nearly one quarter of all banks are considering replace-

ment of core systems within the next three years. This is not a decision

to be taken lightly – the cost of transformation is high, as are the risks

– especially in light of current economic conditions. So if core bank-

ing systems are what keeps the lights on, and the lights are on, why

change things now?

“Certainly the core bank systems that we have today are very ef-

ficient if we look strictly at transaction processing,” says Capachin.

“But, as soon as we try to change those systems or get at the data

that’s stored in the monolithic code, that’s when we start to run into

problems. This isn’t the core system that’s going to form the basis of

the bank in the future.”

“It’s hard to serve your customers with the core banking systems

that we have now. It’s also very difficult to make changes to those sys-

tems, to introduce new products. So, the core systems that we have often

hamstring the operations of the bank and the business of the bank.”

“By investing in new core banking technology, they have more flex-

ible organizations. They can serve their customers better and they can

improve the processes of the bank – many of which are in as a result of the

core technologies, not because that’s the way we serve our customers.”

Dave DeCamp is a Vice President and the Chief Solution Architect

for Worldwide Financial Services at CA. He agrees that the reasons for

transformation extend way beyond cost.

“Many banks recently have tried to look at this purely as an eco-

nomic oriented decision – i.e. that we will be able to save X number of

hundreds of millions of dollars over Y number of years if we implement

a new integrated core,” he explains.

“In many cases, it’s not the outright short-term economic benefits

in ‘classic’ ROI. It’s the ability to improve competitive positioning, cus-

tomer service and business process optimization that’s really driving

their decision.”

For every bankATB Financial is not Grupo Santander, but the largest Alberta-based

financial institution does have a very enviable record – since 1997, it has

reported a profit in every quarter. To continue in that successful vein, ATB

is in the process of replacing its core banking application.

What is the role oF an it vendor such as ca?

By dave decamp, vP, chief solution architect, Worldwide Financial services, ca

There are many very strong, healthy companies that really had

minimal exposure to the particular financial instruments that

caused so many balance sheets to implode and has resulted in this

increased wave of mergers and rescues and bailouts. There are

many regional banks who really had no exposure to that market,

that have already been through an IT belt-tightening cycle. They’re

looking at this as a golden opportunity to jump ahead of the pack.

Although, we don’t yet have public references for how we’ve

worked with these banks, there are a number of them that fall into

a couple of categories. One notable example is a midsize bank,

located in North America.

They happened to be an established user of many of

our EITM solutions, in particular our application performance

management, IT governance, network management and service

level management technologies.

They already had a well-oiled EITM machine for managing

their current legacy application environment, but they’d taken

those apps as far as they could possibly go without doing

something fundamental.

They were in a position where they had those foundational

IT capabilities in place and operating smoothly, enabled by good

IT management solutions to allow them to more aggressively

consider deploying a core banking replacement.

There are other examples, where the banking vendor

has gotten engaged with the customer and started the

implementation. Suddenly, in the midst of the implementation,

they find that they’re having performance related issues – or

there is a perception on the client’s part that their application

is causing degraded services levels or poor application or

transaction performance.

In many cases we know, it’s probably not the application.

Just because a new application was put in to production doesn’t

mean the new application is to blame. There’s countless other

factors that could come into play. If the shop is immature from an

enterprise IT management perspective, they simply may not have

the tools in place to be able to conclusively isolate the problem

to either the new application stack or something else in their

infrastructure.

In those cases, we’ve partnered with the application vendors

who’ve asked us to come in and using tools like our application

performance and transaction management, be able to watch that

whole end-to-end transaction. And conclusively demonstrate

much to the core banking vendor’s delight that it really isn’t their

application in most cases and that we helped them find other ways

where they can improve the integration to the legacy environment.

“Just because the app was put in doesn’t mean the app is to blame”

dave decamp

CA.indd 83 28/1/09 15:42:56

84 www.usfst.com

private banks, who didn’t have quite the ‘footprint’ as a more traditional

government bank, they took on transformation very quickly, leaving the

government-sector banks behind,” explains Roman. “That became a cat-

alytic event for the government banks to then take it on and do the same

thing, which they have done and regained much of their market share.

“In Europe they were converting to the Euro and incorporating the

eastern block, and that kept them pretty busy. They took on transforma-

tion as a key enabler to get these things done.”

In North America, however, banks – and the decision makers driving

banks – have a very different profile. “Just as an example, the CIOs tend

to be a little older here than maybe they are in some of the BRIC coun-

tries. And those countries tend to be a little bit more risk sympathetic

than maybe we are here.”

What is the key factor? “It’s also true in the United States that, while

the technology tends to be quite old, it’s getting the job done.” Perhaps

true, as the ‘job’ is currently defined, but the job description appears to

be changing rapidly.

Now that US institutions have their own ‘external force’ – and the

financial crisis is a doozy – getting the job done is not enough. Transfor-

mation is vital.

“I think the US market personifies best of breed much more than any

other part of the world,” says Sanat Rao, Global Head of Finacle Sales for

Infosys Technologies Limited. “Therefore, for a long time, I think banks

in North America were really wondering, ‘do I need to change at all?’ It’s

our belief that a lot more banks in this part of the world now are indeed

conscious about the fact that they need to make a change – and they’re

grappling with the issue of how.”

Good practiceAccording to Jeanne Capachin, to succeed, core systems transforma-

tion must have agreement from the whole organization. “It’s not just the

CIO’s decision. It’s not going to fly. Everyone needs to buy into this. We’ve

seen projects fail here in the US for that very reason – what seemed like a

good idea to a portion of the organization really wasn’t fully supported.”

Capachin also believes in managing expectations – “What are the

top three or even two things you expect to get from this? Make sure that’s

what you scale the project to and focus on, so that you can realize what-

ever is most important to your organization” – and the importance of a

According to Mike Redeker, Vice President and CTO, this move is for

the business, by the business.

“We probably spent about eight to 12 months just doing planning,

going through RFP processes and so forth,” he says. “In January 2008, we

made the decision to proceed, and we expect to go live April 2010.

“This is not an IT project. This is straight from our CEO down. This is a

business transformation project – and core banking technology enables

you to make the difference.”

What about the risks in these famously risk-averse times? “We’re in

the enviable position that we’re small enough in comparison to the big

banks where we believe we can take out our old application and put in the

new application,” explains Redeker. “Yes, there will be risks associated

with data conversion, some of the business transformation and so forth,

but we have a pretty large team in place, focused on the areas where we

think we’re going to face risk, such as data conversion, business transfor-

mation and so forth.”

evolution or revolution?In the last seven to eight years, many Chinese, Indian and European

banks have affected a very revolutionary approach to their core banking

transformation. In contrast, a lot of North American banks have not. So,

beyond simple geographical separation and sovereign boundaries, what

are the principle reasons for such a stark dichotomy?

Dennis Roman is Chief Marketing Officer for TCS Financial Solutions,

a transformation solution vendor. He believes that the different ap-

proaches are down to external forces and one key factor.

“In India there were many private banks and government banks. And

when India deregulated, there was a lot of pressure for innovation. The

the

Pane

l

“We were very confident that our core banking system would accelerate abbey’s integration in the group”

José María Fuster

dave decamp, VP, Chief Solution Architect,

Worldwide Financial Services, CA

Mike redeker, Vice President and CTO,

ATB Financial

CA.indd 84 28/1/09 15:42:57

85www.usfst.com

clear roadmap to make sure the project isn’t ‘going off course’ or extend-

ing ‘what might be a 24-month project to a 36-month project’.

When all of this is in place, start thinking about the IT side and,

in particular, having a good enterprise IT management (or EITM)

framework.

“Really, that’s where our focus has

been at CA, being an enterprise IT manage-

ment solution vendor,” says Dave DeCamp.

“Looking at the opportunities that we have

to partner with some of these core banking

application providers, as well as the ulti-

mate customer who’s deploying that core

banking solution.”

According to DeCamp, what CA have

found is a lot of “very siloed, very frag-

mented” application environments. “There

are a lot of very deep, complex legacy de-

pendencies that contribute to that whole bad

economic model of spending 80¢ of every IT

dollar on keeping the lights on,” he explains.

“And only 10 or 15 percent on investing for

strategic growth and competitive advantage.”

Then there are the additional headaches associated with integrat-

ing a core banking solution. “It brings a lot of additional overhead com-

plexity from a security perspective,” says DeCamp. “Who are the IDs

that are coming in and out of the application? How do they get passed

down to the legacy applications in a seamless and integrated way,

especially while a bank is in that ‘ugly in-between state’, where they

have started to implement a new core system, but have to continue to

integrate with legacy environments.”

To help, CA have worked with the application vendors to identify the

key IT capabilities that will support mitigating risks associated with core

banking transformation.

Key it capabilitiesThe first capability relates to the sheer size and complexity of

these long, multi-year projects with multiple phases, gates, deliver-

ables and resources.

“That demands the CIO have a solid IT governance and dashboard

technology in place that can give detailed, granular information about

the status of the project and all those ‘what if’ scenarios. For example:

what if we have to add a phase or an integration that we didn’t initially

account for?” says DeCamp. “IT governance,

project portfolio management, and financial

management are a core capability there.”

“Another risk is that involved in simply in-

troducing a brand new technology stack. I put in

the core banking system and suddenly nothing

performs well anymore, so it must be the bank-

ing application that’s causing the problem.”

“There are so many other things that an

implementation could actually draw out in terms

of transaction performance and efficiency,” ex-

plains DeCamp. “Most banks lack the domain

management discipline to be able to look at

an entire transaction across an integrated core

banking platform and their legacy environment,

so there’s a constant battle back and forth, over

who’s at fault.”

Good application performance management and transaction man-

agement solutions, that are capable of following a transaction from end-

to-end through the new core system will allow both the software vendor

and the client to agree where problems are, and whether they are in the

core banking application at all.

Because you’re worth itChanging out core systems is never going to be easy. Both evolution-

ary and revolutionary approaches have their share of risks – but neither

is as risky as ignoring the problem.

Jeanne Capachin explains: “In the year 2000, we had the Y2K bug,

which financial institutions needed to address. There was no alternative.

We had to make the necessary investments.

“We like to think of this as a Legacy bug that we’re all suffering with,

but we don’t have an end date in place that we need to get to. The ques-

tion is: when is that Legacy bug going to explode for financial institu-

tions?” The answer is simple – lose the rotten core. n

“this is not an it project. this is straight from

our ceo down. this is a business transformation

project – and core banking technology

enables you to make the difference”

Mike redeker

Jeanne capachin, Lead Analyst on core systems transformation,

Financial Insights, an IDC company

José María Fuster, CIO,

Grupo Santander

CA.indd 85 28/1/09 15:42:59

86 www.usfst.com

r o U T e

C A U S E S

How do you navigate through the

toughest six months the industry has

faced in decades? For Huntington

Bancshares CIO Zahid afzal, it’s all

about knowing where you’re going

Zahid Afzal Ed P86-89.indd 86 28/1/09 16:26:50

87www.usfst.com

Our first encounter with Zahid Afzal comes in August

2008. The credit crisis is gaining momentum daily and

it is starting to become clear that this isn’t going to be

a mere blip. Bear Stearns and IndyMac have already

fallen while Lehman Brothers’ demise is just around

the corner. Despite the hostile environment, the CIO

is in a fairly buoyant mood. While he acknowledges the challenges

that the industry is facing, he remains confident that his organiza-

tion can keep its head above water, even continuing to innovate and

grow. Six months later, we decided to follow up with Afzal and see if

the intervening period had dented his optimism.

The question of whether the gathering storm would lead to

long-term plans being forsaken in favor of short-term gains is one

that continues to be asked throughout the industry. Last year, we

addressed the issue with Afzal, who acknowledged that there were

certain concerns. “We took a look at our portfolio of strategic initia-

tives very carefully, and we cut back a little bit on certain strategies

but not the ones that have the bigger impact for us over a long period

of time,” he said. “To give you an idea, we went from about 30 ini-

tiatives down to 19 on the strategic side, but those 19 are the ones

that we believe are the most critical for us, not only short-term but

long-term.”

During our more recent

meeting, we ask if the worsen-

ing situation over the past half

a year has forced any further

sacrifices. “The process we

used was to make sure we don’t

walk away from any critical stra-

tegic investments,” he replies.

“So, we did not put on hold or

revise or cancel any of those.

We went through the process of

looking at things that we could

defer or reduce the scope of. We were able to be free up the dollars

we needed to meet our targets.” Inevitably, certain projects fell

by the wayside, but some are already getting back on the agenda.

“Probably the biggest one I could tell you about was our telephony

initiative, moving our voice telecom over to voice over IP,” Afzal

continues. “That’s something we did defer, but there were other

reasons for it besides economic reasons.” Telephony is now firmly

on the priority list for 2009 and significant advances have already

been made (see Then and Now).

One element that remains constant during both our meetings is

the emphasis Afzal places on aligning IT with business. It’s always

been a key challenge for technology professionals, but it takes on

a particular significance when times are tough and budgets are

stretched. Afzal tells us that he spends perhaps 50 to 55 percent of

his time on these alignment efforts, working closely with the business

leaders on strategic initiatives. “Last time we spoke, I alluded to some

of the strategic planning sessions we were planning to kick off,” he

says. “We started a series of efforts we call blueprinting, which is a

technology grouping thing. We start out with the business planning

In August of 2008 Afzal identified talent management, telecommunications and virtualization as his key priorities. Six months later, we find out how these initiatives are progressing.

Talent managementWe have a talent management process rolled out.

In fact, we’re going through our incentive payout right

now and we’re using that talent management process to

assign ratings and so forth. We did some restructuring

and we used the talent management process to take our

top talent and give them the opportunity. Now, we’ve

created a function called ‘resource management,’ and

we’re tying that to the talent management process to

start to build career paths for our top talent. We make

sure that we’re ‘growing’ them and they’re not just

stagnating in their current positions. With our support

and partnership with our HR organization, that has

actually gone extremely well.

TelecomsWe’ve made great progress there. We completed a

full roll out of the MPLS network, which is the network

that we are basically streamlining and standardizing

across the enterprise. We’ve done the data side of the

network. We made that voice and video enabled and

rolled it out across the franchise. Hence, our voice over

IP roll out is a much simpler and cost-effective plan that

we’re now starting to execute. We’ve got about 1000

phones rolled out already. We’ve got a way to go, but

we’re on our way.

VirtualizationLast year we achieved about 25 percent reduction

in our server environment. We had over 1000 servers

and cut down by about 250 servers. We’ve made about

$4 million in terms of net saves on an annual basis. That

comes from not only the hardware and the software, but

also the cooling, heating, electricity and space required.

We have targets to reduce another 25 percent this year

and that’s moving in a very good direction. It’s tied to

our green IT initiative because as we start to cut back on

these things, it’s also helping us to use less power and

less cooling and, obviously, that helps the environment.

There are a lot of benefits there.

Then and now

“My view of IT organization is that it is not a back office operation. It’s a very strategic element of the company’s success”


88 www.usfst.com

To promote this understanding, Afzal conducts quarterly reviews

with all of Huntington’s management. “The primary reason for it is

to make sure they understand the value not in words, but in reality,”

he explains. “Translating those into a business value framework is

critical.”

Afzal is firm in his belief that it is the modern CIO’s duty to

speak the language of business, something that technology pro-

fessionals have not always excelled at. “I don’t believe that CIOs

or IT managers do a very good job translating value,” he says. “So,

we laid out a service delivery model where I meet with every senior

leader, one-on-one on a quarterly basis, including our CEO. I also

spend some time with the board members, presenting to them what

is it that we’re doing, what our priorities are and what the value is.

aspects of it and then go back and assess the architecture. We now

have six of those going on, where we’re spending a lot of time.”

Obviously, quite a bit of that time gets spent looking at current

market conditions, seeing where things can be made more effi cient,

where cost reductions or opportunities exist to enable growth. “We

did several of those last year and that helped us in the deposit side in

the landing area, as well as in the areas of credit risk and regulatory

compliance risk,” Afzal continues.

Key to Afzal’s approach to IT in the fi nancial institution is the ne-

cessity that it is understood and supported by senior management.

This doesn’t only apply to the nuts and bolts aspects of keeping the

lights on, but also to the specifi c business benefi ts that it can bring.

Communicating this is an ongoing process and while some are alive

to technology’s possibilities, not everybody is on the same page. “I

wouldn’t say that everyone is, because there are some that are further

along than others,” he confesses. “Some have more engagement and

more interest. Some looked at it and said, ‘Just go do what you need to

do.’ As long as systems are stable and things are getting done, that’s

all they care about. I operate very differently. My view of the IT orga-

nization is that it is not a back offi ce operation. It’s a very strategic

element of the company’s success.”

POLITICALLY MOTIVATED

“”

Afzal gives his thoughts on how the new administration is going to affect the fi nancial services industry

One of the areas where I see that Mr Obama

can help is obviously the economy itself. The

second part of that would be that there will be

a lot more regulatory controls. We anticipate that this

will happen, as we look at some of the credit issues

and what went on with the securities environment.

Even though we as a company were not involved

in any of those practices, we will be impacted by

having to put additional controls in place. Obviously

that puts a lot of burden on technology to automate

those controls and those are resources that should be

working on the growth of the company too. That’s an

impact I see coming. The FDIC has things they want

us to take care of right away, but it’s a pretty huge

effort. It’s not a situation where we can just cut the

programmers loose. We’ve got to work out analysis to

make sure all the controls are in place correctly. On

the positive side though, I do see President Obama

as being a lot more technology savvy. I’m hopeful that

he will stir the growth through some of the technology

initiatives he talked about during his campaign. That

would have a positive impact not only on the economy

but on us as well.

“What I do on a day-to-day basis has less and less to do with technology, although that still needs to be part of the core responsibility”

Zahid Afzal


What is clear from both our con-

versations with Afzal is that he places

a great deal of value on consistency.

While the current climate could lead

some to make decisions focused only on

the short-term, his IT governance model

prizes structure and stability, which

seems to be enabling Huntington to

negotiate some choppy waters. True, as

a more regional institution, Huntington

doesn’t face quite the same challenges

as a Citi or a Bank of America, but it is

nonetheless operating in an extremely

hostile environment and doing so with

some success.

Asked to finally sum up the key

qualities and responsibilities of the

modern CIO, Afzal is unhesitating in

his response. “What I do on a day-to-day basis has less and less to

do with technology, although that still needs to be part of the core

responsibility,” he says. “But do I need to be a technologist to be

successful? In my view, the answer is no. It’s all about the people

skills, processes skills and, most importantly, the business leader-

ship skills that are a must.” n

I translate it to corporate value, share-

holder value, things of that nature. “

These quarterly reviews are extreme-

ly helpful in generating valuable feedback

from the business. They also enable Afzal

to educate the company’s leaders about

exactly why IT is so important. This edu-

cation is critical. Otherwise, technology

will remain a back office function, rather

than taking its rightful place on the front

line of the enterprise.

An unexpected and atypically welcome

side effect of the credit crunch has been to

make certain sectors of management more

receptive to some of IT’s potential benefits.

“I think it has helped,” says Afzal. “For ex-

ample, when I was with Bank of America

and trying to implement an IT governance

structure, there was a lot of resistance earlier on and it took a long time

for our business leaders to truly see the value in economic terms. When

you translate those into dollars and cents it is just unbelievable. It just

speaks for itself and it opens people’s eyes. The tough economic times

do help with that, because when dollars are tight you have to tighten

your belt and these types of processes do help a lot.”

A $54 billion regional bank holding

company headquartered in Columbus, Ohio

It has 604 branches and 1384 aTMs

Presence in 6 Us sTaTes: Indiana,

Kentucky, Michigan, Ohio, Pennsylvania,

and West Virginia

Founded as P. W. hUnTingTon &

coMPany in 1866

Employs 12,000 associaTes

hunTIngTon by nuMbers


90 www.usfst.com

E-discovery solutions offer better effi ciency and can help reduce IT costs, say Jeffrey Hill and Andrew Stamer

With the average legal discovery costing around $130,000,

many companies seek a solution to reduce costs and ex-

trapolate data that can be used as evidence in a criminal

or civil legal case more effi ciently.

Companies implementing electronic discovery (e-discovery)

solutions save an average of 29 percent in legal discovery costs,

or more than $37,000 per discovery, according to recent Aberdeen

Group research.

E-DISCOVERY

OnTheLookOut.indd 90 28/1/09 16:08:38

91www.usfst.com

easily found and retrieved as needed. Organizations that are able

to manage their archives with a consistent and well-defined set of

policies are well-positioned to minimize litigation costs and to meet

governmental regulations.

The top three pressures (Figure 1) leading the finance sector to

implement such archiving technology were to minimize risk of data

loss (63 percent, compared to all others at 20 percent), improve

operational efficiency (44 percent, compared to all others at 34 per-

cent), and to minimize litigation risk (42 percent, compared to all

others 12 percent), according to the Aberdeen Group study, Strategic

Archiving Decisions: Retaining and Retrieving Company Information.

Notably, the top 20 percent of aggregate performance scorers

for the December 2007 Aberdeen Group report, e-Discovery and

Message Archiving: Can Your Business Afford to be Served?, stated

operational efficiency as the top pressure, which shows that this

remains an important topic area when discussing solutions.

While the third pressure addresses amendments to the FRCP

rules, these rules only set penalties if a company fails to pro-

duce evidence for discovery in a timely fashion or is unable to

produce required evidence, but does not set up a framework

for compliance.

E-discovery, in this case, is just one solution that helps form the

basis of an archiving strategy that minimizes the risk of losing valu-

able data as well as making data easier to locate when needed.

Because requests for data can come from just about anywhere,

companies need to have the ability to respond to legal discovery

requests within a specified timeframe. The top 20 percent of com-

panies in the e-Discovery and Message Archiving study were able

to recover archived data, records and messages on average within

one hour 100 percent of the time. For large companies with over $1

billion in revenues, this amounted to an average savings of almost $1

million from e-discovery yearly.

But a year after amendments to FRCP were made, 59 percent of

survey respondents for e-Discovery and Message Archiving did not

have an e-discovery and message archiving strategy in place.

Recent market volatility and the well-publicized difficulties of

companies in the financial services sector have led many to look at the

industry under a microscope. And by the time all is said and done, few

balance sheets will be left unturned in an attempt to explain to regula-

tors, investors, and eventually the courts, what happened. It will be a

testing ground to see which solutions work best, and if the benefits of

e-discovery move beyond that of its traditional counterpart.

As the downturn has worsened and layoffs have occurred

throughout the financial industry, companies will be forced to main-

tain standards, regulations and regular business functions with fewer

people. If there is an upside to the current economic situation, it is the

opportunity for businesses to get back to basics and increase profit-

ability through increased efficiency – or at least the ability to maintain

status quo as companies restructure.

In the realm of data archiving, one way to increase efficiency is

to use a hosted archiving solution as opposed to an internally hosted

solution. This is a tempting alternative because fewer IT resources are

required to implement it, deployments are generally faster and it has

the ability to support unique business processes.

There are also any number of compliance-related issues surround-

ing the archiving and retrieval of data, from amendments to the Federal

Rules for Civil Procedures (FRCP) in 2006, to Securities and Exchange

Commission (SEC) and Financial Industry Regulatory Authority (FINRA)

rules, as well as many others. Compliance issues increase the need

for secure and effective archiving solutions, especially in the financial

sector where the cost of non-compliance can far outweigh the cost of

implementing an effective and secure archiving solution.

The same research showed that achieving compliance with these

regulations was a major driver for deploying governance software

and solutions for 64 percent of respondents. Without a well-defined

and executed strategy for archiving and managing electronic records

(such as email messages) companies may be unable to quickly find,

retrieve and protect related documents as part of a legal discovery

or regulatory compliance review process. These companies then face

significant litigation and regulatory compliance risks, which e-discov-

ery can help complete in a more efficient and cost effective manner

than what has been traditionally done.

Pressures facing businessAs IT struggles to deal with a seemingly unending flood of data,

CIOs, CEOs and General Counsels increasingly recognize the poten-

tial risks to the corporation of not implementing a managed data

archive that keeps valuable corporate information where it can be

Jeffrey Hill is Sr. Research

Analyst, Data Management and

Storage at Aberdeen Group. He

focuses on technologies and

market trends in the area of data

management and storage.

Improve corporate governance

Minimize ligation cost

Minimize litigation risk

Increase operational efficiency

Minimize risk of data loss20%

63%

34%44%

12%42%

9%33%

22%1%

Source: Aberdeen Group, September 2008

Figure 1: Comparison of archiving business pressures

All others

Financial services


92 www.usfst.com

Andrew Stamer is Aberdeen Group’s

Research Associate, Technology

Markets. He is responsible for research

and analysis in the Technology Markets

group. Topics he has covered include

business intelligence, governance,

risk management and compliance, and

data management and storage.

Hosted solutionsFinancial services companies are using hosted solutions more

often in backup, document and disaster recovery than others sur-

veyed, the sector is using it less than all others with email and

e-discovery (Figure 2).

Because most of the information needed for litigation can be found

within email, it is important for it to be searchable. More emphasis

should be placed on a solution that would turn around the best re-

sults, such as inputting and saving search terms into a data archive

that pulls the most relevant and useful data in a much timelier manner

– reducing discovery time-to-data to hours instead of days or longer.

A hosted archiving and compliance solution also has the benefit of

requiring fewer IT resources, which has appeal to both large and small

companies alike.

Hosted solutions also duplicate, and in some instances can

exceed, the capabilities offered by in-house archiving solutions. A

hosted solution costs less than organizational IT resources, and be-

cause the framework for such solutions already exists, implementa-

tions are quicker. Internal IT solutions’ saving grace is their ability to

support the unique business processes of their organization, though

externally hosted solutions have the same capability. Because of

lower costs through human capital, fewer resources spent on IT

development and implementation, and the ability to support the

uniqueness of each organization’s business processes, a hosted solu-

tion offers cash-strapped financial services companies a way to become

more fiscally responsible at a time when it is severely needed.

Even those companies that have put such solutions in place, only

1.4 percent were using a hosted e-discovery as part of a hosted solu-

tion, as reported in Strategic Archiving Decisions.

Given the inevitability of IT cutbacks and cutbacks in general for

researching and retrieving business and compliance critical data, this

offers the opportunity for these solutions to expand into the financial

services sector.

Of course, before a company decides on any on solution, it should

perform a complete cost-benefit analysis to see if a hosted, Software-

as-a-Service (SaaS) archiving solution, or internally hosted solution

will work best for the company.

RecommendationsWithout a well-defined and executed strategy for identification,

protection, archiving and management of electronic records such

as email messages, documents and transactional data, companies

expose themselves to unnecessary risk.

In this instance, the financial services sector should increase or

maintain operational efficiency through employing a hosted archiving

system to do the work staff were previously responsible for. They

should also maintain compliance with federal and industry standards

for litigation by using hosted solution for discovery.

From the end user’s perspective, the key benefits to initiating a

strategy of data archiving include:

• Formalizing data storage, archiving and retention policies

• Minimizing the risk of loss for all types of data archives

• Increasing the manageability of data archives

• Reducing the amount of time required to access archived data

• Increasing the efficiency and manageability of the storage infra-

structure, by moving persistent data to less costly storage systems

While the economic downturn has its unfortunate side-effects, it

offers financial services companies the opportunity to look into tech-

nology solutions that offer increased efficiency in an area where this

sector feels increasing pressure. Hosted solutions offer improved

operational efficiency with less staff and all the functionality of in-

ternal solutions and can offer a more efficient and effective way to

remain compliant. n

Source: Aberdeen Group, September 2008

Offsite storage

Disaster recovery

Email

Records management

site replication

E-Discovery

Document

Back up

Not using hosted solution52%

67%

17%33%

14%33%

25%

14%22%

18%11%

11%11%

9%11%

2%

0%

22%

All others

Financial services

Figure 2: Hosted solution landscape


AppliedDiscovery.indd 1 30/1/09 09:10:58

Given the current state of the economy,

the risks and costs for financial services

providers faced with requests for elec-

tronic discovery have never been high-

er. These realities are forcing most corporate

counsel to look for alternatives to the model of

outsourcing the management and execution of

eDiscovery to outside counsel and third party ser-

vice providers. Due to the complexity, however, in-

sourcing the entire process isn’t a realistic or

effective option for most organizations.

For the majority of cases, corporations can

in-source early-stage components of discovery.

Once litigation has begun (or is reasonably like-

ly to begin), corporate counsel must first identi-

fy and notify all potential corporate witnesses

and/or systems administrators to preserve evi-

dence. This custodian notification process must

be auditable so that it can be defended if chal-

lenged in court. Once custodians have been no-

tified, corporate counsel must implement the

legal hold process in order to preserve all po-

tentially responsive paper and electronically

stored information.

By deploying an in-house application that is

either built on an existing enterprise content man-

agement (ECM) platform or a stand-alone system,

corporate counsel can efficiently and effectively

in-source custodian hold notification, identifica-

tion of data sources, automated hold and preser-

vation notices, with a process that is auditable.

The strategic alignment of eDiscovery software on

existing ECM investments enables corporate legal

departments to effectively preserve electronic

content for compliance, investigation and poten-

tial litigation needs, while saving IT from having

to support additional applications.

The next step is to collect the information.

In general, for small cases and minor litigation,

in-house technology is effective for the docu-

ment collection process, and some of the more

advanced ECM systems offer this capability. The

scope and subject matter in larger cases, how-

ever, brings greater risk of challenge and error,

and therefore corporations will most likely con-

tinue to rely on third-party consultants who spe-

cialize in the collection and management of large

amounts of data.

Failing to collect potentially responsive con-

tent or accidentally destroying content has re-

sulted in major sanctions and fines in recent

cases and can adversely affect the defense of the

merits. For example, judgments handed down

against corporate defendants in highly publicized

cases – $29 million against UBS in the Zubalake

case and $1.45 billion in Ronald Perelman’s law-

suit against Morgan Stanley in the Coleman case

– were largely driven by eDiscovery missteps (al-

though the Coleman case was later reversed for

reasons unrelated to the eDiscovery issues). For

matters that represent significant financial expo-

sure or involve an allegation of fraud among key

employees, it is recommended to hire an outside

data expert – with experience in testifying – to

oversee and/or execute data collection.

Corporations can cut costs by minimizing the

number of documents reviewed. Outsourcing the

legal document review process to outside coun-

sel is, on average, 70 percent of the cost of the

total eDiscovery process. Many top-tier

eDiscovery vendors offer consulting services and

strategies to help corporate counsel reduce the

data set before review. These strategies may in-

clude maximizing the use of in-sourced culling

technology or the initial culling of data by the

eDiscovery provider using sophisticated search

technology.

The best way to minimize the costs and

risks of litigation for the corporation is to cre-

ate a well-documented, enforceable eDiscovery

strategy and response plan that incorporates:

(1) an early assessment of the severity and ex-

posure in the case, (2) a process for effecting

custodian notification of a litigation hold for

those cases that require such action, (3) a plan

for whether to collect data internally or

whether to contact outside experts and (4) a

consistent plan to cull data to limit the amount

that requires review. Having these best prac-

tices in place, combined with the appropriate

balance of in-sourcing and outsourcing, will ad-

vance your efforts to create and maintain the

most effective and efficient eDiscovery process

for your organization. n

A hybrid approach to eDiscovery

94 www.usfst.com

A look at how combining in-sourced software and out-sourced servicescan lead to lower cost and less risk

INDUSTRY INSIGHT

For more information, please visit www.eedinc.com.

STEVESTEIN

Steve Stein is Vice President of eDiscovery

Consulting, Electronic Evidence Discovery

(EED), Inc.

Stein leads EED’s national eDiscovery

consulting practice, having worked with

corporations and law firms on eDiscovery

issues since 2000. As an eDiscovery

consultant, he works with many clients to

scope and implement work flow solutions

for the retention, collection, review and

production of electronic data. Stein brings

to this practice the perspective of extensive

hands-on trial experience, having first-

chaired 10 jury trials and second-chaired

some 20 more.

“Failing to collect potentially responsivecontent or accidentally destroyingcontent has resulted in major sanctionsand fines in recent cases”

EED:25JUNE 28/01/2009 14:49 Page 94

EED.indd 1 28/1/09 08:18:46

96 www.usfst.com

E-DISCOVERY

In a global economy, e-discovery is far from a purely technical issue. Alison Brecher untangles the legal complexities

An email can travel just as quickly from New

York to Miami as it can from New York to

Paris. Yet, these communication technolo-

gies that have fostered our global economy

can wreak havoc when it comes to litigation.

That’s because data protection laws in some

countries prohibit the transfer of certain data

to the United States.

Take the following not-so-hypothetical situation and it is

easy to understand why companies that have not yet encoun-

tered the issue will likely do so soon. An employee of Megacorp,

a fi nancial services company based in Germany, relocates to

Megacorp’s New York offi ce. He then sues Megacorp in the

Southern District of New York alleging that he was discriminated

against on the basis of his country of origin. Megacorp, in order

to defend the action, wants to obtain emails from the plaintiff’s

supervisor and co-workers who are based in Germany and other

EU member states and the plaintiff’s performance reviews which

are stored on servers located outside of London.

The Federal Rules of Civil Procedure clearly requires parties to

preserve the performance reviews, email and compensation, but

the law in some other countries is equally clear that preserving or

collecting that data and transferring it to the United States – even

THE LAW OFTHE LAND

Alison Breecher.indd 96 28/1/09 15:39:54

FAst.indd 1 28/1/09 08:18:58

98 www.usfst.com

using ASCII, which does not recognize special characters of some lan-

guages. Instead, look for a vendor or software that supports Unicode.

Unicode recognizes more than one million possible characters and

easily accommodates symbol-based languages like Hebrew and Japa-

nese. Also, some languages like Japanese and Thai do not have spaces

between words. The vendor should be capable of reading not just the

characters, but also the context of foreign

languages.

Then there is the logistical issue of

translating the documents into English and

converting them into a standard format

that can searched using the attorney’s pre-

ferred review tool. In general, translating

documents is expensive and the strategy

is usually to limit the number of documents

that has to be manually translated. To that

end, counsel can use software to automate

the translation of documents during the

fi rst pass review stage; the software will

produce a far less than perfect translation,

but one that is adequate enough to identify

which documents are privileged or relevant

so as to be reviewed further.

Keeping track of relevant metadata

is especially important in international

data collections. Certain characters in

other languages may not function properly on a US-based operating

system. For instance, emails in HTML cannot always be viewed ac-

curately. Consider sending your e-discovery vendor a sample set of

data in multiple languages so that any glitches can be identifi ed and

resolved as soon as possible. The time lost will be more than made up

for in speedier review.

International e-discovery presents a host of issues. It is best to raise

all of them during the Rule 16 conference. Even the smallest detail can

cause major (and expensive) disputes later on in the litigation.

if used solely to defend the litigation – may violate international data

protection laws. These laws impose fi nancial and, in some instances,

criminal sanctions for transporting certain data to the United States.

Unfortunately, the relatively few published opinions are of little

assistance in navigating between this rock and a hard place. Some

courts found that data must be produced in the litigation notwithstand-

ing the international laws (in one

reported decision, the court ordered

the production even though the

French statute at issue allowed for

the imposition of criminal sanctions)

and other courts ruling that the con-

fl icting international law presents

an undue burden so as to relieve the

party of having to produce the data.

Generally, courts invoke a balancing

test to determine the reasonable-

ness of compelling foreign discovery

by considering several factors such

as the importance of the data to the

litigation, whether alternative means

exist to obtain the information, and

the hardship of compliance.

Rather than risk being compelled

to produce foreign data in the US in

violation of international law, counsel

has a few options. If the organization is regulated by the United States

Department of Commerce it can get certifi ed pursuant to the Depart-

ment’s Safe Harbor program which examines whether the organiza-

tion has adequate safeguards to transport foreign data securely to the

United States.

Financial services companies are generally not regulated by the De-

partment of Commerce, but other alternatives are available. Data protec-

tion laws in some countries allow data to be processed and transported

to the United States when consent has been obtained from the individual

whose data is sought. Obtaining the consent can be tricky. Each country

usually has slightly different laws or interpretations of them, so con-

sider retaining local counsel for advice on how to draft a proper consent

form. Local law may also require notice to the individual and regulatory

authority about the data collection. In some countries there is consider-

able debate about whether consent can ever be freely given when the

request is made by the individual’s employer. As a practical matter, it is

usually best to involve the individuals whose data could be subject to

production in the United States as early in the litigation as possible to

allow them time to consider how to respond to the request for consent.

Also, consider contacting the international regulator. The European Com-

mission recently developed a series of model contracts that allow for the

transport of data to the United States for use in litigation.

Even after fi guring out a way to navigate the legal confl ict between

international privacy laws and document preservations obligations,

there are additional logistical issues. First, since the documents may be

in one or more languages, your selection of an e-discovery vendor could

be affected. Many software tools and vendors only support documents

Alison Brecher is experienced commercial litigation attorney,

having served as lead counsel in over 35 bench and jury trials

and taken/defended hundreds of fact and expert witness

depositions. She joined Marsh & McLennan, a Fortune 200

fi nancial services company, in 2002. Brecher was one of the

fi rst in-house counsels in the country promoted to manage

electronic discovery activities. Since 2006, she has managed all

aspects of MMC’s e-discovery for litigation and investigations

involving more than 50,000 employees in over 100 countries.

In partnership with IT and other business functions she has

developed and implemented global corporate policies and

procedures around new technologies, including voicemail,

instant messaging, VOIP, unifi ed messaging, email retention,

data privacy, and related compliance issues.

“Communication technologies that have fostered our global economy

can wreak havoc when it comes to litigation”

Alison Breecher.indd 98 28/1/09 15:39:54

Adobe.indd 12 28/1/09 08:38:07

What are the challenges and risks in monitor-

ing, managing and storing unstructured data?

JackHalprin.More information is nowbeing cre-

ated in more file formats and languages than

ever before. This enormous growth in unstruc-

tured information – the information explosion –

has resulted in a number of issues: rising infra-

structure costs; increased risk of failure in the

identification, preservation, collection and dis-

position of information which could lead to evi-

dentiary sanctionsor largefines in litigation; and

managing this data effectively across borders

and jurisdictions to comply with differing rules

and regulations regarding electronically stored

information (ESI).

Though most institutions have systems

for compliance, supervision and eDiscovery in

place, they are typically point solutions lack-

ing integration. Additionally, many of these

systems rely on manual efforts that cannot

scale and simply cannot handle the volume of

information that’s being produced today. This

lack of unification is particularly troubling

when conducting pan-enterprise business

processes such as eDiscovery, information

governance and regulatory audits. A more

holistic, unified approach is needed.

The global financial crisis has triggered unpar-

alleled mergers and acquisitions and unfortu-

nately massive litigation. What can financial

institutions and their counsel do to meet com-

pliance requirements andmanage high-stakes

litigation?

JH. It is true that litigation and investigation are

exploding as a result of recent turmoil in the fi-

nancialmarkets, butmore troubling is that these

cases are complex and involve tremendous

amounts of unstructured and structured data.

This data must be quickly identified and ana-

lyzed tomeetFRCPandregulatorydeadlines,and

recent events havehighlighted the fact that regu-

lators and the companies themselves often don’t

knowwhat’shappening in theirenvironmentsuntil

it’s too late.Aholistic,proactivestrategywouldad-

dress issues before failures occur. The right solu-

tion enables legal and compliance to knowwhat

an email says – when it is sent – and determine

whether it presents a legal or regulatory issue.

What is a defensible eDiscovery process?

JH. In the US and the UK, the legal bar has been

raised substantially by amendments to the FRCP

and the CPR in order to streamline themanage-

ment of ESI and encourage compliance.

A defensible process requires a systemized

and repeatable approach toward eDiscovery.

Preservation requirements demand that all data

sources be searched, including voice and video,

and courts are beginning to recognize the useful-

nessof advanced search technology toovercome

thedeficiencieswithkeywordandBooleansearch

techniques. This same process will prepare your

organization for future regulatory changes.

Howcan technology create adefensible process

andavoid repercussions that include sanctions,

fines and jail sentences?

JH. Technology must provide uniform coverage

across all sources, formats and languages. Using

sophisticated analytics to quickly cull, prioritize

and understand themeaning of content provides

adefensibleprocess forcompliance, litigationand

investigations while helping avoid unnecessary

repercussions fromprocess failures.

What does Autonomy offer that is unique?

JH. Autonomy is the only vendor to offer a

comprehensive end-to-end platform for

Enterprise Search, Information Governance,

Compliance and eDiscovery. The FRCP-com-

pliant platform is based on our IDOL engine,

which is used by more than 17,000 customers

worldwide. IDOL is language independent,

can read and analyze more than 1000 file

types and connect to 400 repositories, in-

cluding laptops and desktops. Our solutions

are available as either a licensed or hosted

offering and our five world-class data centers

host over 7.1 petabytes of data, process more

than one billion documents a month, and pro-

vide industry-leading solutions for the largest

and most complex legal and regulatory mat-

ters to nine of the top 10 banks and 10 of the

top 10 law firms. �

A WORLD OF DISCOVERY

100 www.usfst.com

While the increased use of email, IM, audio, video, blogs and wikis can provide richnessto organizations and offer leverage for business success, this unstructured informationintroduces a host of new challenges and risks regarding operations, regulations andlitigation. FST speaks with Jack Halprin about reducing risk, complying with regulationsand controlling costs through a defensible eDiscovery process

ASK THE EXPERT

Jack Halprin is Vice President of

eDiscovery and Compliance at

Autonomy. Widely considered a subject

matter expert, Halprin assists clients

with building best practices and

defensible processes. He works with

the EDRM standards body and

previously held eDiscovery positions at

Guidance Software, LexisNexis and

was a litigation associate at Haight,

Brown & Bonesteel.

Zantaz:25JUNE 28/1/09 16:21 Page 100

Zantaz2.indd 1 28/1/09 08:23:24

102 www.usfst.com

makes it paralyzing. These are all opportunities for us, and we’re

actually excited about those environments.

These growing reserves of data also have an impact from an

environmental perspective. When you take a look at being green, it

always parallels just being economic in your consumption of any kind

of commodity. The nice thing is that if you pursue a logical business

path related to expense reduction and you understand all the exter-

nalities of that, it’s going to be green. Also, if you properly classify

and categorize data, then you’re going to destroy it and eliminate it at

the appropriate retention cycle, which is going to reduce your storage,

your need for space, and consumption of energy and hardware.

There are literally hundreds of bottom-line benefi ts from more

sustainable practices. Our online banking is a great example of this.

This is a scenario where you provide customers with very robust, agile

information 24 hours a day, seven days a week, from any place in the

world where they can get internet connectivity. Why is there a need

to have a physical statement sent to those people? For some it might

have value, but for a large population of online banking customers,

it’s almost an irritant. The elimination of all that paper has a huge

environmental benefi t. So that effi ciency that we provided them also

creates effi ciency for us and an environmental benefi t.

Green IT has to be more than just green wash. Under our Electron-

ifi cation of Paper program, we look at paper in large concentra-

tions along with other kinds of commodity spend as indicators

of non-lean process. We then use that data to identify and prioritize

processes that we want to digitize, and use best-in-class technolo-

gies and applications to try and replicate those and ultimately build a

complete enterprise content management architecture.

Leaning process is enormously effective from a cost reduction

standpoint but it also has all kinds of productivity gains that are really

hard to predict in a business case prior to going in and actually doing it.

The collapsing of cycle times, the effi ciency and the effectiveness of the

use of information, all those things are really hard to foresee in a model.

But pursuing this is very lucrative in the short run in terms of the elimi-

nation of commodity expends and it also has multipliers of productivity

that are hard to visualize before you go into leaning the process.

Ever increasing volumes of data and stringent compliance

rules all have big implications for my function. Having information

indexed, classifi ed and categorized for reasons of compliance re-

tention, those are all things that help us build our cases to go in

and digitize, making the information that much more agile. If you

don’t make the information accessible, then the abundance of it just

Bank of America’s Robert Kee explains that going green makes sense for the business as well as the environment

WHAT’S THE

COLOR OF MONEY?

Robert Kee Ed P102-103.indd 102 28/1/09 16:14:25

103 www.usfst.com

make immense efforts to be absolutely sure that what we do is prop-

erly vetted. My particular group does a lot of reporting related to CO2

reduction and to the removal of paper from processes, so we use the

EPA methodologies for calculating that. We have third-party entities

that come in and vet our calculations and our statements so that we

know that they’re accurate and will be interpreted properly. and then

ultimately we abide by all the rules and regulations and interpreta-

tions of the GRI report.

The other thing that is really fundamental here is that if a business

goes in and makes their processes more sustainable, it’s more effi cient,

which makes them a better risk to the bank. Quite frankly, we fi nd busi-

nesses that are green generally tend to be

more effi cient and therefore less risky.

One of the most important things to

remember that there are so many opportu-

nities to do things that are both green and

rational from a business standpoint. It’s

even true of our commitment to convert

our builds to LEED certifi ed buildings. It

certainly creates a larger investment for us

on the front end, but the payback on that in energy consumption, in

the health of our employees, our associates and our customers pays

that investment back with a healthy ROI in a very, very quick fashion.

Green is just intelligent.

Another factor is to understand that through your lending portfolio,

that there is some responsibility to direct that to investments that are

more sustainable versus those that are not. Again, that’s not just a green

thing. That is an intelligent thing, because sustainable businesses will

survive and thrive more than those that are not sustainable.

Robert Kee is SVP Process Change Executive within Global Operations at Bank of America

In any case, Bank of America's involvement in the environment

goes way back. It’s one of the things that I've always admired about

the corporation, that they’ve always really had an environmental prin-

ciple that underlay all of their practices. A couple of years ago, our CEO

Ken Lewis committed $20 billion to environmental pursuits. Monies

were set aside so that over the next 10 years, we would be sure that

we made investments in green technologies, green industries, both

from the small business standpoint and from a large business stand-

point. We put caps on the amount of CO2 emissions that we would

generate from our utilities portfolio. We’ve given ourselves percent-

ages in terms of how we were going reduce our energy consumption

across the whole portfolio. So those were

all things that the bank had gone our and

created well before kind of green became

a popular sort of scenario. So the Carbon

Principles we signed up to recently are just

a rational way for us to continue that sup-

port of environmental sustainability.

To guarantee that the money we

spend is used properly we have the Global

Reporting Initiative, which we’ve been a member of for a number of

years. We already have an ethic in our work to be able to assess the

sustainability initiatives and roll them up into this one big picture. The

criteria within our commitment on the $20 billion is tailored for each

one of our business lines. So there is a methodology that’s inherent in

each one of those processes to be sure that we in fact do that.

We also created what we call our Environmental Council, which

is made up of high-ranking executives within the bank and reports

ultimately to Ken Lewis. It makes sure that our policy is consistent,

that it’s accurate across the whole global corporation. We've been

involved in environmental initiatives for over two decades, so we

A couple of years ago we committed

$20 BILLIONto environmental pursuits

Robert Kee Ed P102-103.indd 103 28/1/09 16:14:29

104 www.usfst.com

We are in a time of unprecedent-

ed change for the financial ser-

vice industry, where consumer

confidence is at an all-time low.

One of the realities of today’s financial ser-

vices industry is that it is very difficult to

actually ‘get to know’ customers.

For years now, banks have invested

untold millions in technology to help gather,

analyze and segment customer data. Simply

put, engagement is about putting all of this

customer knowledge to work. Every custom-

er touch point, interaction or communication,

should be infused with this knowledge.

By improving engagement, banks can

provide superior service, enhance loyalty

and better deliver new products and ser-

vices to their customers. Customers will be

less likely to change providers and more

likely to purchase additional products.

What’s more, every customer touch

point or interaction is an opportunity to dem-

onstrate knowledge of this customer. To this

end, many financial services companies have

focused a tremendous amount of time and

effort on improving the customer experience

in their branch and call center operations.

However, many of these same companies

have largely ignored one of their most impor-

tant customer touch points, the documents

and correspondence that they routinely

send. For many customers, their single most

consistent point of interaction with their

bank is written communication.

Therefore, it is critical that financial ser-

vices companies begin to look at their writ-

ten communications as ideal opportunities

for enhancing customer engagement. Every

item of correspondence should incorporate

customer knowledge to ensure that its con-

tent is highly personalized and relevant to

that customer.

Of course, we can clearly see a trend

away from paper-based communications.

Studies show that younger consumers tend

to prefer receiving information electronical-

ly, and this goes beyond email and a bank’s

website. Witness the rise of channels such

as mobile phones and social media sites like

Facebook. Consumers today are interacting

online with their brands more than ever, and

banks that rely on paper are quickly becom-

ing dinosaurs.

Beyond customer engagement, it is im-

portant to note that financial services firms

should aggressively embrace electronic

communications because of enormous

opportunities for cost savings. One of our

clients mails two billion pieces of print

communications, and the cost of printing,

postage and fulfillment is astronomical.

By simply transitioning a small percentage

of these to electronic channels, this client

hopes to save tens of millions annually.

Modern document composition solutions

such as Thunderhead NOW are designed

to help banks and other financial services

firms to produce highly personalized, multi-

channel customer communications, not just

for batch but also real-time needs.

Thunderhead NOW is a rules-based so-

lution that leverages web services to easily

integrate with existing sources of customer

information, like CRM systems. As a result,

every communication the bank produces

can incorporate comprehensive historical

knowledge and information. Thunderhead’s

XML design also means a bank can simplify

delivery of communications across virtually

any channel, paper or electronic. This can be

traditional email or PDF documents, as well

as text messages, RSS feeds or even auto-

mated voice mail output.

And, regardless of whether you are

producing routine communications, like

statements and notices, or one-off customer

correspondence, Thunderhead can help you

do it more easily and efficiently. Believe it or

not, you can get more personal with your cus-

tomers and save money at the same time. n

Getting personalLooking to better engage customers? Start with getting more personal in how you communicate. Increase the relevance of your communications, while embracing new media channels.

Christopher McLaughlin is the

SVP of Marketing and Business

Development at Thunderhead,

a leading enterprise customer

communications software

vendor. He has 15 years of

experience in the ECM market

as both a systems consultant

and software marketing

executive at FileNet. He can

be reached at cmclaughlin@

thunderhead.com

asK the eXpert

Christopher MCLaughLin

“For many customers, their

single most consistent point

of interaction with their bank is written

communication”

thunderhead.indd 104 29/1/09 09:03:25

Thunderhead.indd 1 28/1/09 08:22:11

After 25 years of ECM experience Doug Miles knows a thing or two about how our industry is changing. Here, he tells FST why ECM solutions are so important to today’s economic climate

IT’S NOT ENOUGH TO

MANAGE CONTENT

Organizations, both public and private, are operating in

an era where they are called upon to no longer simply

be ICT enabled, but ‘information management compli-

ant’ as well. The emphasis in these times is about being

able to handle the proliferation of information born as a

result of the increasing number of channels by which individuals and

businesses are able to communicate with each other.

At AIIM, we represent the information management community

as the global association for both users and suppliers of enterprise

content management (ECM) solutions. These are the strategies,

services and technologies that enable organizations to capture,

manage, store, preserve and deliver information to support business

processes, and are the key to successful performance. By staying in

control, organizations are able to maximise effi ciency, productivity

and business continuity. This isn’t easy – which is why AIIM exists.

The here and nowIn today’s markets, everybody in every offi ce, at every

desk, is using computer tools to complete their daily work.

Employees often need two or three different packages in the

106 www.usfst.com

INFORMATION MANAGEMENT

doug miles.indd 106 28/1/09 15:44:31

107 www.usfst.com

Doug Miles is UK Managing Director, AIIM Europe, and

has over 25 years’ experience of working with users and

vendors across a broad spectrum of IT applications.

He was an early pioneer of document management

systems for business and engineering applications

and has been involved in their evolution from technical

solution through business process optimisation to

the current corporate-level concerns of compliance,

continuity, collaboration and cost reduction. Doug

has also worked closely with other enterprise-level

IT systems such as ERP and CRM. He has an MSc in

Communications Engineering and is an MIET.

workplace, and when you occasionally come across terms like

‘typing pools’ you realize that in the past people didn’t gener-

ate their own documentation at all, but had secretaries to do it.

The changes in this process run parallel to ECM development.

What used to be people with fi ling cabinets along the walls and

secretarial assistants to run those fi ling systems, is now people

generating their own documents and fi ling them away in non-offi -

cial systems and against non-offi cial schemes. When I started on

computers, for example, you could only use an eight-character up-

percase fi le name to defi ne a fi le or a document. That’s now moved

on to long fi le names with folders and sub-folders, but we still have

this crazy concept of ‘My Documents’ which has no place in the

business world.

Ultimately, whether a business goal is to meet increasingly com-

plex regulatory requirements or to gain faster access to information,

planning is the key to any successful implementation. At AIIM we

have highlighted four cornerstones of ECM benefi ts – Compliance,

Continuity, Collaboration and Cost Reduction – and we understand

that, as a business makes progress through the project, the ECM

investment should build rewards for the organization, reduce day-

to-day costs, improve customer service and lower the all-too-real

risks of compliance infringement.

While many of the larger fi nancial organizations already under-

stand this and have been dealing with these issues for many years,

once you get down to the mid-market area you see that people actu-

ally look at these compliances as something they do in response to

a particular directive and not as something they should look at on a

day-to-day basis. That’s something that has to change.

What’s more, even the most tech-savvy company has to realize

that, at the end of the day, it’s still the people behind the technol-

ogy that really matter. And while CRM processes cover most of those

issues, banks and insurance companies need to understand the

importance of this and many are subsequently connecting their CRM

systems with their help desks and are now moving toward connect-

ing the document management side of the bank as well. Undeniably,

and especially in today’s unruly markets, organizations are having

to dramatically change their business models in very short periods

CORNERSTONES

Doug Miles explains the four cornerstones of ECM.

Compliance

This has been very much to the fore and very much a

strong driver in the fi nancial sector. With companies

being absorbed into other companies or having to

do joint mergers, you reach a point where the value

of a company is down to its information governance

as much as it is about fi nancial governance and

customer relationships.

Continuity

Being able to store things electronically provides

you with continuity and also helps with continuity

planning so that you can improve access. That offers

its own scenarios in terms of the fact that you can

also outsource offshore processes without needing to

set up physical transference.

Collaboration

This covers everything from shared project sites

through to Web 2.0 and enterprise 2.0, wikis and

blogs and so on. There is an issue there, and the

collaborations going on at the moment aren’t being

handed too well. There are repositories of documents

sitting around in sites that should be made available.

Cost reduction

This covers the obvious productivity benefi t of being

able to move documents through the business

process in a way that allows companies to monitor,

measure and improve the way the process is done.

of time. For example, if you’re merging the headquarters of two dif-

ferent fi nancial institutions, you have to make sure that all the pro-

cedures, processes, documentation, human resources and quality

schemes are made available to everybody involved in that merger.

You then have to quickly roll all of that out across the other busi-

nesses that you’ve acquired or that you’ve merged with, and that’s

a massive challenge.

Key featuresIn terms of fi nancial services environments, records manage-

ment is key for most organizations. They may be storing information

for the short-term or for the very long-term, but either way, what has

changed over the last few year is the fact that there is now a need for

a dialogue between records managers and IT managers. As it stands,

nobody is sure how you store away an electronic record and make

doug miles.indd 107 28/1/09 15:44:32

sure it’s accessible in 15 or 20 years’ time,

but what is clear is that if you are required to

pull some of that material back, or if a cus-

tomer demands to know what information

you hold on them, then trying to pull that out

of a paper system is always going to be hor-

rendously expensive and very, very slow.

In fact, it has almost becoming manda-

tory these days for anybody in those regula-

tory environments to provide solutions that

give organizations the ability to designate

records, store records and pull records back

in a fairly adept way at any point where they

might need to be audited.

Furthermore, anybody who currently

uses X-drives or file-shares to store their

documents rather than keeping them in a

proper ECM system, or anybody who is not

taking measures to store their emails in a

reasonably controlled repository are put-

ting themselves at big risk. As people start

to look at the collaboration benefits and

extend search portals to do things in their

business, then the reuse of knowledge and

the speed at which people can find infor-

mation and respond to data is going be so

much better.

Of course, it could be considered that

these functions will become part of the

operating system and I think we’re moving

to a scenario where content management

services will become more and more part

of the underlying infrastructure. Microsoft

knows that this is what people need to

have and that’s what the company’s Share

Point solution is aspiring towards. But I

think there will be a blurring of the divid-

ing line between what is an ECM overlay

and what is actually provided as a service

within the operating system.

Similarly, on a higher level, compa-

nies are looking to just have one business

process management tool across all de-

partments. They’re looking to standard-

ize their business around a set of tools

and then merge their processes on to

that system. So further down the market,

the sort of exposure that people will get

to these tools will decrease their cost and

it will become the role of ECM to ensure

that every person at every desk has a way

of knowing where to put their documents

– somewhere safe and somewhere acces-

sible in a controlled way. n

Doug Miles

“As it stands, nobody is sure how you store

away an electronic record and make sure it’s accessible in 15 or

20 years’ time”

doug miles.indd 108 28/1/09 15:44:33

Metatomix.indd 1 28/1/09 08:19:45

110 www.usfst.com

The writing is on the wall for static displays. James Bickers and David Drain explain that digital is future for financial institutions

The bank branch, much like any other place of business,

has undergone a radical shift in the past two decades.

For financial institutions, this shift comes at a pivotal

time. Many of the transactions that once required a trip

to the branch are now done from the home computer, and

online financial services providers are snapping at the

heels of large banks, offering attractive rates and terms.

As it has done with retail, digital signage allows banks and finan-

cial institutions to hone the in-store experience with a level of preci-

sion and visual appeal that has never before been possible. It is an

evolution that is in process, and one that will result in the total reinven-

tion of the bank branch.

One of the immediate benefits a digital signage network brings to a

business is the delivery of on-time content. Mike Abbott, vice president

of ADFLOW Networks, says the typical compliance rate for the timely

updating of in-branch POP materials is less than 50 percent. With digital

in-branch media, that instantly becomes 100 percent.

That compliance matters more than ever, as financial institutions

add more and more products and services to their menus. Plus, the in-

tangible nature of financial products means customers will benefit from

seeing their real-world value.

The end is nigh

Digital Signage Ed P.indd 110 28/1/09 15:51:36

111www.usfst.com

Financial institutions face the same dilemma. A passbook sav-

ings account used to be the only real place to stash some money

that needed to stay liquid. But now, a few clicks of the mouse

brings up an unlimited number of options, from hundreds of dif-

ferent providers. The only thing left to count on as a point of dif-

ferentiation is the emotional and physical experience the customer

has with his bank.

“The banking industry, like many others, is changing to adapt to

customers who are more fickle, smarter about what they want and

may not be as loyal,” says Abbott. “Banks have needed to respond by

creating in-branch environments that attract customers and create a

positive retail experience.”

A big part of that change is the physical environment. Douglas

calls it a ‘period of metamorphosis,’ as FIs move away from the

“The financial products provided by banks offer intangible ben-

efits that many times are better illustrated with dynamic pictures and

images than static numbers,” says David Little, director of marketing

for Keywest Technology. “Digital signage can provide meaningful il-

lustrations showing the results of intangible benefits, like the CD that

was cashed in paying off a daughter’s wedding, or the second mort-

gage that just put the children through college. Digital signage can

target rich media at the point patrons are thinking about financial de-

cisions, and that may be just the ticket to arouse need recognition.”

Consumers evidently need all the prodding they can get – in 2005,

the rate of personal savings in the United States was negative 0.5 per-

cent. That’s only the second time in history that the savings rate was

a red number. The other time? The Great Depression.

Clearly, consumers aren’t thinking enough about their financial

futures. Banks have an opportunity to change this, to the ben-

efit of both parties, but first they have to get their attention.

“Despite the advances in internet and phone banking, the

branch remains the No. 1 channel for building sales,” says Brian

Douglas, director of business development and marketing for

ScreenRed. “And banks are far from fully exploiting the value of

the physical channel. Today, only two of 100 branch visitors make

a purchase. The remaining 98 percent represents an enormous

prospect base that can be targeted through POS marketing.”

If all of this sounds a lot like the reasoning behind digital

signage at retail, there’s good reason. Today’s financial institu-

tions are becoming more and more like retail establishments

with every progressive branch re-design and every new flight

of product brochures.

“When it comes to in-branch POP, make no mistake – bank-

ers are indeed retailers,” Abbott confirms. “Many of the same

retail objectives exist for today’s bankers: basket size, conver-

sion rate, cross-selling and up-selling.”

Building a positive in-branch experienceOne of the major changes brought about by the growth of

the internet in modern culture has been the shift in the nature

of business value; specifically, there are many businesses that

once differentiated themselves based on service or availability,

and now do so chiefly on price instead.

Before the dawn of Amazon.com, a reader who wanted a

specific book was likely to visit his local bookstore. If it wasn’t

on the shelf, the bookseller would place a special order. The

result was a full-price sale, and at least two separate visits to

the store. But now that the shopper has literally thousands of

different options for buying any given book, he can look strictly

at hard numbers such as price and shipping date.

Why go Digital?

Brian Nutt, president of Captive Indoor Media, points to four specific reasons why FIs should consider using digital signage to communicate with both customers and employees.

1. TRAining “This is a critical component for banks and credit unions. Most

have several branches and many have dozens or even hundreds spread

across large geographic areas. Banking is also one of the most heavily

regulated industries and many of these complex regulations flow down to the

teller level, where turnover can be as high as 50 percent per year.”

2. CROss-seLLing “The cross-sell is at the core of a financial institution’s

success story. There is substantial research that shows the more products

a person purchases from a financial institution, the less likely that person

will leave for another bank. This is a critical issue, because the ability for

a bank or credit union to effectively execute the cross-sell often falls on

the tellers. Yet the tellers are usually underpaid, understaffed and have not

received an adequate amount of training.”

3. eXPeRienCe “Banking is a commoditized industry which has very few

differentiators outside of the brand experience. That experience starts when

the customer walks through the door and hopefully carries forward with

that person even after they leave the branch. It involves interaction with the

employees of the bank, traditional advertising outlets, the internet and the

interior and exterior of the branch. Digital signage offers the opportunity to

enhance the brand experience that customers receive each time they enter

the branch.”

4. dRiVe-ThRU “The drive-thru is often the most overlooked part of the

digital signage equation in a branch. Yet the statistics prove that it should

be one of the most carefully planned and executed. Our customers tell me

that between 40 and 60 percent of their customers use the drive-thru on

a regular basis. That’s a staggering number, when you again consider the

importance of the cross-sell.”

“Today, only two of 100 branch visitors make a purchase”


112 www.usfst.com

Just how much of an impact digital signage makes on perceived

wait times is up for debate, and so far the numbers are anecdotal – but

all have been positive. Douglas explains that ScreenRed’s research

shows perceived wait time is reduced by half when the digital signs

are on. Steve Harris of The Full Picture says that, in his experience,

wait-warping is “the primary reason banks and credit unions are in-

terested” in digital signage.

“Digital signage can have a big impact on reducing perceived

wait times, but what is most important is that the content has to be

effective,” says Michael Quartarone, director of business develop-

ment for ADFLOW Networks. “If the content is repetitive and boring,

then the customer will lose interest and may have a negative experi-

ence. Making sure the content loops are scheduled to play at the

busy times with content tailored to the right audience demographic

will not only reduce perceived wait times, it will have a positive

impact on customer satisfaction.” n

James Bickers is Editor of Retail Customer Experience Magazine and david drain is Executive Director of the Digital Signage Association.

traditional layout that employed a clear separation of staff

and customer.

“The present and certainly the future have more open en-

vironments where clients are made to feel more comfortable in

pleasant surroundings with soft colors, no barriers or partition

walls and an environment conducive to encouraging a good

relationship,” he said. “Technology is also a much more inte-

grated part of a bank today, with ATMs, telephone banking,

internet and even teller positions offering a more convenient

multichannel experience.”

Even so, he said FIs still struggle with stimulating discus-

sions with customers during their routine, errand-oriented

visits. Digital signage breaks through that struggle by deliver-

ing the desired message in a very convenient, easy-to remem-

ber fashion.

‘Effective digital signage is not CNN and a stock ticker run-

ning on a plasma TV,’ says Brian Ardinger, senior vice president

and chief marketing officer of Nanonation. “Unfortunately,

that’s what most banks are currently doing. Banks that are

taking advantage of the technology are using it to change the

customer experience – targeting information based on time of

day, location and demographics. Utilizing multimedia to tell

more effective stories, changing content more frequently with

greater consistency of service.”

entertainment and ‘wait-warping’Fewer things are more frustrating than waiting in line – which

is precisely why retailers have long stocked queuing areas with

magazines and quick-read books. And if you take a moment to

study the types of magazines placed there, you’ll see that the

titles aren’t chosen at random; not only are they the most attrac-

tive titles visually, but they also cut across all demographics (men,

women, children, etc.). It’s a simple fact of human nature that un-

pleasant tasks appear to go by more quickly when we are mentally

engaged. This perceived decrease in the amount of time spent

waiting, or “wait-warping,” can be exploited in the financial institution

with the judicious use of digital signage content.

“Americans are big media consumers,” says Bill Collins of Deci-

sionPoint Media. “One of the reasons that they pay attention to media

is that it passes the time. Radio passes the time during a long automo-

bile commute. Newspapers and books pass the time in airports and

on airplanes, and chatting on a mobile phone passes the time when

students walk across a campus. So, in a bank, viewing screen media

passes the time as people stand in line.”

“effective digital signage is not Cnn and a stock ticker running on a plasma TV”

the CheCklist

What to consider when implementing a digital signage solution

• Talk to the providers of your existing software. For every bit of mission-critical

software in your organization, get somebody on the phone and ask them about

whether it plays nice with digital signage. You may find that you’ve already got

unused functionality that can power screens; you may find that code will have

to be custom-written to make the connection. Create a list of all of these people

and companies, and make it available to everyone on the digital signage team.

• Find a digital signage provider you trust and want to work with. Ask to see

the provider’s existing work. Fly out to see what it has done for other banks.

Talk to its existing customers. Ask questions, kick tires.

• Get the creative team up to speed. Whether they are employees of the FI

or an outside agency, let the people responsible for your brand assets know

about the upcoming digital screen rollout. Ask them what concerns and

needs they have. Express to them two points that are paramount above all

else: The digital signage content must look great, as it is going to be shown

in hi-def. Also, the content must be 100 percent consistent with all other

brand materials while not directly copying them. Digital signage needs its

own content – under no circumstances can your creative team repurpose

television ads.

• Schedule a meeting with four parties present: your team, your IT people,

your creative people and your chosen digital signage provider. Rent a

conference room for a day and have lunch delivered. Give everybody a

turn, expressing what they need from everybody else to make this work.

Consider what resources in-house can be used and what is best outsourced

to industry leaders. Be realistic about your deployment plan. Consider a

“walk-before-you-run” strategy.

• Start picking out displays and wall mounts and other needed technology.

Please note that this is the last step in the process – not the first.


Signera.indd 89 28/1/09 08:41:44

114 www.usfst.com

stoRage issuesMaxim Samo details the challenges of overseeing two major data center projects for a prominent European bank during an economic downturn

DATA MANAGEMENT

SAMO ED P114-116.indd 114 28/1/09 16:24:53

115 www.usfst.com

The data center build project kicked off back in 2005, when

business was good and the economy was great. Everybody

was looking to expand data center capacity and space was

at a premium. So back at that time we decided to build a new

facility in the United States, a project build in two phases. The

fi rst phase is 4.5 megawatts of capacity and the second phase

is another 4.5 for a site that would be able to fi nally have nine megawatts

of capacity. July 2008 was our live date and we went live with about 2.2

megawatts of capacity. That was always the level we planned to start at, but

now we’ll wait a little longer before ramping up to full phase one capacity.

We didn’t put in the full mechanical and electrical, just because with the

downturn in the economy the demand for all that capacity is no longer as

high as we originally thought it would be.

That actually was one of the big challenges, the complete turn in the

economy. These data center projects are like huge ships, like the Titanic. You

can’t just turn them around from one second to the other. So we basically

had to go through the project and look at where we could defer as much cost

as possible given the new circumstances. Not fully build out the site, but

just kind of put things in where it makes sense. Despite the circumstances,

the project has been successful. It was on time and on budget and the busi-

nesses are happy. Since we have brought that site online we do have people

using it, especially in migrations

from rented colocation sites that we

had. We had to go into colocation

rentals back in 2005 because of the

capacity constraints. Now we have

migrations out of those very expen-

sive rental sites. If we bring them

onto our site now it’s a lot cheaper

for us in the long-term. While a lot

of companies are looking to out-

source things like data storage as

a way of cutting costs, we look at

things case-by-case. We’re actually

working on a study looking at when

we should we go into colocations and when we should build our own data

center? We’re building this for our own company at the lowest cost possible.

If you need a huge chunk of capacity and you know you’re going fi ll that site,

it actually makes sense for you to build it. However, things are different if

you just need a tactical space – for example, at the time we went into the

colocation agreement, we knew that this was going to be temporary. We

knew that once we had the new site we could actually move out of it.

Of course, if the business situation improves, we can quickly scale up

the center’s capacity. The way it is now we can easily scale it up to the full

phase one capacity of 4.5 megawatts. Once we see that we need to activate

phase two, that would obviously be another major undertaking.

Any project like this now has to take environmental concerns into ac-

count. We have something called the platform design committee. In there,

we look at energy effi ciency for our servers and other technologies. How-

ever, we also looked at effi ciency in our plant. We are using state of the art

units with variable speed fans and other features like that so you don’t have

a data center that uses a lot of energy for those servers in there. Even in the

process of construction, together with the general contractor we looked

“these data center projects are like huge ships, like the titanic. You can’t just totally turn them around from one second to the other”

SAMO ED P114-116.indd 115 28/1/09 16:25:02

116 www.usfst.com

at ensuring that resources were as local as possible. We tried to favor

regional traders for all the contracts so that people didn’t have to drive

across the country just to get to the job site.

Obviously we implemented heat exchanges that allow us to do free

cooling during winter. We have carpets made from recycled materials.

We even used recycled steel. Also we’re utilizing company credits from

the utility providers that we get for energy efficient design. Alongside

the environmental benefits we also have to ensure that these kind of

efforts are financially viable. Sometimes it’s hard to quantify. In addi-

tion to program managing these big constructions projects, I’m also the

global head of the data center design team. Something we’re looking at

is going into existing data centers and making the mechanical electrical

plant more efficient and trying to come up with energy savings in our

existing facilities.

The difficulty there is first of all you need a baseline, so you need

to know exactly how much power you’re already drawing. Especially

in buildings that you share with office areas, there’s quite an effort in-

volved in just getting that baseline right. But we are actually running a

pilot in Chicago where we have created our baseline. And what we did

then is we started to go into the raised floor and started to do all the best

practices for energy efficiency. So

we started to plug up all the holes

we had in our raised floor and made

sure we had blanket panels every-

where we could in the cabinets. We

also looked at the CRAC units, their

fan speeds, their humidification,

the sub-points and all that kind of

stuff. We essentially began to opti-

mize the whole system.

We actually managed to create

a business case and this is an initiative that we are looking into rolling

out globally. It’s very hard and you need to put a lot of effort into it. But

if you can correctly set a baseline, you can actually show that there is a

business case there. The trouble is that savings are hard to quantify.

They’re actually very difficult to see. For example, you might start

saving money on your utility bill, but at the same time you still have

people installing new equipment. So maybe even in your existing data

center you will use more energy because you have growing amounts of

equipment. So all your savings are basically gone because somebody

installed a new piece of equipment, and it’s using all that energy that

you just saved. That’s the difficulty. That’s the challenge here. But there

is a business case, even if in trying environments.

Room for improvementAfter the work over in the US I’m now back in Europe working

on the renovation of an existing data center. I believe the building is

somewhere between 15 and 20 years old, so it’s got into its old age.

It’s a shared office and data center. We decided to renovate it because

otherwise we’d have to spend a lot of money getting out of it and re-

locating elsewhere. The project is probably an even bigger challenge

than the new data center because this is open-heart surgery. We have

to replace the electrical system in an existing data center and be very

careful while we do it. You really don’t want to bring the center down

while you do that.

Fortunately we do have some extra space in the building avail-

able. So what we’re doing is building the new electrical plant within

the building while the old plant is running, and then there’s going to

be a switchover phase. That’s going to be the critical moment when

we switch over to the new electrical plant. Once we’ve done that we

can rip out the old electrical plant.

What I learned on the building operation in the US has been very

helpful in this new project. I’m originally a system administrator, and

then I started to work in the applications space so it was my first

real building project. First of all, it was a different culture, working

with different types people. But I did learn a lot. I learned a great

deal about how construction projects work, what the difficulties

are, how the accounting works, how project management works and

what general contractors do. All of that will be of use for me in the

renovation project.

We are still at a very early stage on this project and we’re planning

to have it completed by 2012. This will be happening despite the ongo-

ing economic crisis, though there will likely be some implications. It’s

not as if I have a top-down mandate where I’m told that I need to cut 10

percent of the budget. However, we are revisiting what we are doing.

We’re making sure that we’re not gold plating anything that doesn’t

need to be gold plated. There probably will be some sacrifices once

we actually get into the work. However, even in the difficult times,

now more than ever, stability is absolutely the key to the endeavor.

We cannot make any sacrifices where you would create a risk to the

company. We can’t do that. So operational stability is our number one

priority during this project. n

Maxim Samo is

Director of Information

Technology at a major

international bank.

He has more than a

decade’s experience in

the financial IT space.

PoweRing data: big numbeRs

Between 2000 and 2006 global data center power consumption doubled

Consumption is expected to rise by a further 40 percent by 2010

Data centers account for around 0.5 percent of global electricity production

The average data center consumes as much power as 25,000 households

It costs $5.6 million annually to power a 10,000m2 data center

“we’re looking at is going into existing data centers and making the mechanical electrical plant more efficient and trying to come up with energy savings in our existing facilities”

SAMO ED P114-116.indd 116 29/1/09 09:02:18

CGITech.indd 1 28/1/09 08:17:56

IN THEHOTSEAT

118 www.usfst.com

FST sits down with Liberty Mutual CIO Joanna Young to discussthe issues that are cooking up a storm in both the technology

and insurance space

IT INNOVATION

YOUNG:25JUNE 28/1/09 16:20 Page 118

119www.usfst.com

Since 1912, Massachusetts has been the home to insurance

giant Liberty Mutual. Today, Liberty is a Fortune 500

Company and America’s sixth largest P&C insurance com-

pany. The firm prides itself on its commitment to provide a

broad portfolio of insurance products and services that

meet the ever-changing demands of today’s modern con-

sumer. As the nation’s eighth-largest provider of auto andhome insurance,

the most recent entries into Liberty Mutual’s award cabinet include being

recognized for call center operation customer service excellence anda jump

of 12 places in Business Week’s ‘50 Best Places to Launch a Career’ list.

As Vice President and CIO for Corporate Information Systems and

Enterprise Services at Liberty Mutual, Joanna Young is responsible for all

corporate systemsat the firm.Her goal is to provide best value in this area,

aswell as best value shared services. “We’re very focusedonflexibility and

affordability, together with high quality,” she explains. “We’re also very fo-

cused on some acquisition activity that we have going on at the moment,

aswell as a number of consolidation activities to getmore efficiency out of

our application portfolio.”

Of course, Liberty Mutual is well known for being something of a con-

servative outfit, where there obviously has to be an enormous degree of

care taken in the things that are being implemented. This is especially in-

teresting given today’s unpredictable anderraticmarkets. “The thing is,we

don’t do technology for technology’s sake,” notes Young, “we do it for the

business’ sake.”

Nonetheless, Liberty has proven that it is a combination of this con-

servative approach and the leadership of innovative thinkers such asYoung

herself that has resulted in Liberty’s success. Here sheprovides insight into

why LibertyMutual is right at the top of its game.

ON THE CONCERNS SURROUNDING SPIRALLING IT COSTS

Idon’t think thatcostshavetospiral.Theway Iapproach it is this: Firstofall,whatare therightcon-

trolsforyourbusiness?Thatthengetsyoubacktohavingtounderstandyourbusiness,understand

thegovernment regulationsorother controls that apply to thebusiness, and then, froman ITper-

spective, theCIOneedstoestablishtheright framework.Forexample,COBiTisnowaframeworkthat

manypeopleareaccustomed toand it canworkverywell.Whatwehavedone is taken theapproach

that controls shouldnotbeadditive,but theyhave tobe in linewithcurrentprocesses.

We do dozens and dozens of changes in our IT organization every week, everymonth, and

what we did with the controls around change is figure out how to integrate the control into the

changeprocess.We then applied someautomation so thatwhena technician or analyst ismak-

ing a change, the control aspect is in line with the process.

If a CIO takes the perspective ofmaking sure that the control activity is in linewith the nor-

mal IT activity then you’re going to find you’re able to control those costs better than you other-

wise would.

ON THE TEAMWORK NEEDED BETWEEN IT INNOVATION AND ITSBUSINESS PARTNERS

IT can’t be successful unless it has that incredibly strong relationshipwith its business partners,

whether it’s sales, service or, inmy example, the corporate functionswithin LibertyMutual, and

there’s a number of ways inwhich a really strong partnership ismanifested at Liberty. First and

foremost, eachbusiness unit has adedicated chief informationofficer, andheor she is theprimary

stewardandadvocatefortheirbusinessunit,all thewayfromtheapplicationlayer,all thewaythrough

to the infrastructure. Second, I have directors that are even aligned into specific business units. For

example, I haveadirector that alignswithhuman resources, adirector that alignswithour legal de-

partment, andso that strongalignmentfiltersall theway through theorganization.

In IT, we have four cornerstones, and one of them is insurance knowledge. That’s equiva-

lent to technical skill, sowedeliberately align top-downvery closelywith our business partners,

and then, when you get down to the actual program level on individual projects, we start our

projects with the business and the IT teams working together. I recently had one of my cus-

tomers come to me and say, ‘I think we’d like to do something with document management’.

Well, how we started that was not by implementing a group of document management tech-

nologies but bydoing abusinessprocessmodelling exercise,whereby thebusiness team, using

its Six Sigmamethodology, went through and understood the as-is business process and then

the target business process.

ON THE GROWINGPREVALENCE OF SOFTWAREAS A SERVICE

SaaSisrelativelyearly in thehypecycle.

If you look at it there are certainly

places thatareemerging, forexample

sales compensation and project and pro-

gram management, where you’re seeing

software as a service at differing levels of

maturity. I go back to my experience with

ASPs and what we went through there to

makesure that thosewerepositive, produc-

tive partnerships, and howwe really had to

focus on some very basic things.

First of all, what is the service or the

process that you’re putting into thatmodel,

whether it’s ASP or a SaaS? You need to

have the right contract and the right part-

ner, but even more than that, you have to

have the right IT management structure to

manage the service.

We’veallheardhorrorstorieswherepeo-

ple have gotten themselves into arrange-

mentswherethecontracthasn’tbeenrightor

the service level agreements haven’t been

right, andwhatwe’ve seen is that thesepeo-

pledidn’t thinkcarefullyenoughabout the in-

ternal structure that they would need to

support thatmodel.

SaaSwill only become something to ac-

tivelypursuewhenthebusinesscase is right.

Wedon’tdotechnologyfortechnology’ssake;

we do it for the business’ sake. It’s not that

we’ll never implement SaaS it or that we’ll

never look at other SaaS opportunities, but

rightnowthebusiness case isn’t right.

YOUNG:25JUNE 28/1/09 16:20 Page 119

120 www.usfst.com

While LITcould, in someways, beper-

ceived as outsourcing, there’smore

of a patronage there, and a feeling

that theLibertyMutual is takingownershipand

growingthatcomponent.Thatcertainly isabet-

ter approach for us.

I think we have seen with our quality IT

pool that we get resources faster by conduct-

ing our operations in that way. For example, if

I’m starting on a project and I see that it needs

more Java developers but I don’t have enough

onmy aligned staff, I can call on the develop-

works, part of our human resource systems,

and it is incredibly simple and easy to get

those people integrated into the project.

That’s certainly not to knock our out-

sourcepartners,whowealso value very high-

ly. But there are places where you want that

LibertyMutual expertise, that LibertyMutual

passion, that known affordability, flexibility

andquality applied toprojects—usually pro-

jects that are near and dear us and critical to

us whereas we will use our outsource part-

ners in differentways,maybemore on legacy

or commoditized items, and we tend to see

more value there.

My answer is always that a CIO needs to

focusonrightsourcing,okay? If you lookatany

organization there is always a blend of issues

that are dealt with in-house or through out-

sourcingpartnerships or offshore centers.

What’svery important for a CIO to under-

stand is that spectrumacross theboard. Each

one of my directors has both their directly

aligned staff and a variety of outside relation-

ships—ASPs,offshoredevelopments, various

expert relationshipswithtopconsultingfirms—

and they need to understand how to manage

that across the spectrum. This is the key skill

that any senior ITmanager or executive needs

to have these days: First of all, determining

what needs to be in andwhat needs to be out,

andthenmakingsureyouhavetherightopera-

tionalmanagementstructuretoensurethatset-

up is apositiveone. �

ON THE RELATIONSHIP BETWEEN LIBERTY MUTUAL AND ITSBELFAST-BASED DEVELOPMENT CENTER, LIBERTY IT

Liberty ITwas first started in response to

the IT resourceconstraints in thedotcom

era.We thought wewe’re going to have

troublegettingthe ITskill sets thatweneedand

the numbers that we needed so we looked

aroundtheworldtoseewherewouldbeagood

place for us to have our ownoffshore develop-

ment center. Northern Irelandwas chosen be-

cause they had an excellent education system

that was putting out some top-quality gradu-

ates.Westartedsmall—aboutadozenorso—

andhave nowgrown to close to 250 people to

become a flexible, affordable, high-quality

sourceof IT resources forus.

ment centers, LIT and or the similar develop-

ment center that we have inWisconsin, and I

canget peoplewithin hours onto that project.

We find that the ramp-up time is sig-

nificantly less because chances are we’re

getting someonewhohas alreadyworkedon

a project associated with that business unit,

already understands the application portfo-

lio that we’re dealing with, already under-

stands our infrastructure, already has the

relationships with management and senior

technologists and are already on our net-

ON THE POSSIBILITIES AND ADVANTAGES OF OUTSOURCING

All of our business units use the center and

we have some incredible strengths there.

Almost all ofmynewprojects use the LIT folks to

do the testing and it’s been very valuable to us

because of the quality and the cycle time that

they’ve been able to offer.

But how this has reallymade adifference to

us is in a particularly keyway is that LIThas pro-

vided flexible, affordable, business knowledge-

able, IT employees across a multitude of

projects in the business units. I think what this

has really proven to us is that employee-based

services of this nature are very effective and in

fact incredibly advantageous.

YOUNG:25JUNE 28/1/09 16:20 Page 120

Pivotal.indd 117 28/1/09 08:41:28

While we were attending a con-

ference on pricing optimiza-

tion in financial services last

fall, a colleague of mine made

an interesting observation.

We had spent a day and a half listening to pre-

sentations by industry observers and pricing

practitioners focused on improving business

profitability through the use of scientific pricing.

Each presenter had described the methods and

processes involved, the obstacles overcome, and

to some degree the benefits of adopting this ap-

proach, which is relatively new to the financial

services industry. My colleague’s observation

was essentially, “what we are talking about here

is not just pricing optimization; it’s about opti-

mizing the entire business.” In other words, if we

took the same approach to all aspects of our

business (for example, originations processing

or collections strategy) that we used to improve

our pricing, we would be using analytics to drive

business performance and improve profitability.

I’d like to take a few moments to expand on

this idea, not to take away from the validity of

pricing optimization as a means to increase prof-

itability, but to discuss how the best practices

used to deploy pricing optimization can improve

business operations in a wider sense.

It should be no surprise that executive spon-

sorship is one of the leading factors in a suc-

cessful pricing initiative. In fact, savvy solutions

providers will not proceed on a project that they

perceive to have weak or non-existent executive

sponsorship. Executive sponsorship requires an

executive decision-maker capable of shepherd-

ing the initiative from conception, through the in-

ternal approval process, marshalling internal re-

sources needed for the project, and ensuring

adoption of the solution as a standard business

practice. The executive sponsor can assist in

identifying and addressing change management

concerns by ensuring that the business sponsor

has included all relevant stakeholders in the

process. In the context of a business optimization

initiative, the role of the executive remains the

same – to facilitate acceptance and marshal the

resources needed to accomplish the task. The

risks of pushing forward without strong spon-

sorship include making the business process

worse rather than better, dissatisfaction among

key team members, and unused solutions,

sometimes known as ‘shelf ware’.

The identification and control of pricing ex-

ceptions is where much of the benefit of pricing

improvement initiatives is achieved. Most firms

in the early stages of pricing improvement do not

have the routine ability to define, identify and

take action on pricing exceptions, for example,

rate or fee discounts greater than established

thresholds. The first step is to put the analytics

in place to measure pricing compliance. The next

122 www.usfst.com

The bigger pictureIt’s not just pricing optimization, it’s businessoptimization, says Tom Schwartz

“If we took the sameapproach to all aspects ofour business that we usedto improve our pricing, wewould be using analytics todrive business performance

and improve profitability”

PRICING OPTIMIZATION

TOM SCHWARTZ:25JUNE 28/01/2009 15:47 Page 122

step is to quantify the impact of these exceptions

on business profitability – this will often elimi-

nate much of the resistance to change once the

size of the problem is quantified. The ability to

measure pricing compliance and measure its im-

pact on profitability will lead to data-driven deci-

sions about pricing strategy and policy. By

extension, the application of exception manage-

ment to other business processes—for example

payment deferment processing, credit limit au-

thorization, credit scoring exceptions, and the

quantification of the profit impact on each is the

next logical step in business optimization. By

identifying the key metrics, understanding the

drivers and changes over time, and displaying

them in an easy-to-understand form on a daily

basis, we give ourselves the ability to change

business performance for the better. In many

cases, the solution will not require a new busi-

ness application or initiative, but the fuller uti-

lization of existing data warehouses and

business intelligence applications.

Once you obtain visibility on pricing compli-

ance and its impact on profitability, the next area

for improvement may be the alignment of incen-

tives with performance objectives. One classic

example of misalignment of incentives is the

compensation of a sales force on revenue targets

at the expense of business unit profitability. As

you well know, our teams do what we incent

them to do, and in order to drive business per-

formance incentive programs must be aligned

with the company and business unit perfor-

mance objectives. This alignment process may

include the redesign of the incentive metrics

themselves. For example, our improved measure

of pricing compliance might be used in conjunc-

tion with a revenue target to drive both revenue

and profitability. Designing some flexibility in the

program, for instance, quarterly readjustment of

the incentive matrix, will allow the accommoda-

tion of changing business conditions while pre-

serving the effectiveness of the program. The key

to selling this type of change to both executive

management and the team members affected by

it is the ability to quantify the impact on prof-

itability and make the plan and metrics under-

standable to the users.

Segmentation of the business is one of the

approaches to pricing improvement where sig-

nificant initial gains are often made, often with-

out the benefit of a pricing solution. This is, of

course, due to the fact that more appropriate seg-

mentation causes delivery of more specific and

appropriate pricing to the customer. This seg-

mentation might occur along product lines, geog-

raphy, channels or customer lifestyle segments.

We can readily extend the concept of segmenta-

tion to other areas of the business, for instance,

dealer management or collections strategy. By

segmenting our approach to dealers (key dealer

programs, sales territory alignments) or collec-

tions strategy (identifying accounts or geogra-

phies more likely to be delinquent) we further

optimize our approach to the business and our

expected returns. Developing and testing of im-

proved segmentation often involves changing

processes or infrastructure that had been de-

signed as ‘one size fits all.’ The data upon which

the segmentation is developed will also be use-

ful in estimating the effectiveness and profitabil-

ity of the proposed segmentation approach – pilot

testing or champion/challenger testing of the

segmentation will further improve your estimates

and will help speed adoption. Pilot testing also

provides the opportunity to identify and resolve

unforeseen systems limitations or process issues

before a wider rollout. Regionalizing your origina-

tions or collections strategy not only allows you

to customize your approach to the business as

conditions worsen, but also when conditions im-

prove you will be able to capitalize on them on a

regional basis earlier than competitors operating

with broader or national segmentation.

As mentioned before, the importance of

managing change in any pricing or business op-

timization effort cannot be understated.

Deliberate planning of change management ef-

forts, to include assignment of responsibilities

and a stakeholder analysis, will help ensure un-

derstanding and adoption of the desired busi-

ness process change. The stakeholder analysis

facilitates the identification and inclusion of all

relevant stakeholders at the outset, preventing

the development of objections and obstacles late

in the process. Another key component of the

change management process is the develop-

ment of the communication plan, which includes

consistent and continuous messaging that is tar-

geted to specific audiences, as well as commu-

nications of early successes and lessons learned.

Whether you have already completed a pric-

ing optimization initiative or are in the process of

considering one, your experience with this process

improvement effort can be the prototype for a se-

ries of business improvement initiatives. The prin-

ciples of executive sponsorship, controlling

exceptions, aligning incentives, applying improved

segmentation, and deliberately managing change

will allow you to use analytics to drive business

performance and improve profitability. n

123www.usfst.com

Tom Schwartz is an operations and analytics

executive with experience as a leader and

consultant across financial services, retail,

manufacturing and distribution. His specialty is

the use of analytics to drive business

performance and increase profitability.

Schwartz was most recently SVP of Operations

Analytics at AmeriCredit where he championed

a comprehensive pricing improvement

program. He holds a M.S. in Operations

Research from the Naval Postgraduate School

and is a graduate of Wharton’s Advanced Risk

Management Program. You can contact him at

[email protected].

Five key components ofsuccessful optimization

• Executive sponsorship

• Ability to identify and control exceptions

• Alignment of incentives with performance

goals

• Appropriate segmentation

• Deliberately managing change

TOM SCHWARTZ:25JUNE 28/01/2009 15:47 Page 123

In the markets we are currently operating in, there are a lot of nega-

tive forces hitting banks’ IT organizations and businesses in gener-

al. Consequently, there is a lot of concern that IT

departments show they are providing real business

value. For John Lee, Senior Vice President of IT at

Aviva Canada, one of Canada’s leading property

and casualty insurance groups and a wholly owned sub-

sidiary of Aviva PLC, the world’s fifth largest insurer, this

is his number one concern. “Even though you have all the

economic issues and the challenges in the credit markets,

the ultimate aim for IT is to provide business value,”

notes Lee. “At Aviva, business value is such an important

thing because IT spends, for all these organizations, have

gone up considerably, and the executives are increasingly asking, ‘How

do I know that I spent well in IT?’”

Lee explains that the key thing at Aviva is to make sure the organiza-

tion truly understands IT spend. Achieving that lies in ensuring the IT

function is communicating back to the business. “At the

end of the day, IT can’t function by itself,” Lee explains.

“It has to function tomeet the needs of the business and

tomake sureweare driving forwardwith shareholders and

policyholders.”

In the past, in many insurance companies, the IT de-

partment has been seen to work at quite a distance from

sales. Things are very different in telecoms and software, for

example, where rapid innovation is critical; but what has be-

come crucial for insurance companies is the idea of building

on a sense of teamwork between product development, IT

andsales.AtAviva thereareseveral tactics inplace to fullyachieve this cross-

functionality: “One tacticweuse is to encourageour ITpeople tounderstand

John Lee talks exclusively to FST about the challenges inherent in IT today and the realimportance of cross-functional teamwork

TAKE ONEFOR THE TEAM

www.usfst.com124

AVIVA CANADA HAS

CUSTOMERSMILLION3

INSURANCE

Lee ED:25JUNE 28/1/09 16:15 Page 124

where their paycheck comes from,” says Lee. “IT groups

can at times lose track of why they’re here, so one of the

things wedowith the executives andthe management of

our ITfunction ismakethemlisten toourcall centersand,

by developing that line of sight, they understand the im-

plication of why these processes are important to service our clients.” The

other factor inplaceatAvivaCanada is thedegreeof ITparticipationwithinkey

areas of the business. For example, ITplays a major role in the product devel-

opment group (PDG), the idea being that when the PDG are in the process of

rolling out new products they have IT situated at the forefront, as a partner.

This double-governance then allows for further alignment throughout the in-

frastructure of Aviva.

Interestingly, the firm finds that this training and understanding actu-

ally helps with other business challenges such as retention rates. “It gives

our people the feeling that they make a difference,” says Lee. “The

other benefit is that they can then see how IT is participating with the

business functions and helping to craft things for the business. This

consultative role we’re engaging in ultimately improves customer sat-

isfaction for both the business and for IT.”

Cost controlsWhile all this may indeed be a very powerful tool for Aviva, recent

events across the market have meant that challenges in governance, risk

and compliance have multiplied. This is synonymous with a spiralling of

costs for the IT function and a change in its role. “Yes, there is the increased

cost associated with that, but you’ve got to focus on the fact that the cost

increase IT brings leads to a better environment,” comments Lee. “For ex-

ample, the controls being mandated by FSA and the regulatory bodies all

over the world actually produce a better product.” Lee backs this up by not-

ing that further regulations enforce discipline and tend to make things more

measurable and more documented and ultimately help the business and

the IT group. While Lee does acknowledge the downside of additional costs,

he maintains the belief that building a better IT management structure and

framework needs to stay the top priority. “Ultimately we are trying to pro-

duce systems that tend to be more stable and tend to be governed better

and better documented. That is always going to be more powerful for IT and

the business in general.”

With the crunch in credit markets, there is increasingly a restricted ap-

petite for investment in infrastructure. Because of this there is a growing

prevalence of outsourcing and the priorities of a CIO subsequently are

changing. But as Lee notes, “I think a lot of people are worried about out-

sourcing because of issues related to the lack of control and the flight of

talent and competency; but like any tool, you have to manage it and you

125www.usfst.com

John Lee, Senior Vice President of

Information Technology at Aviva

Canada, has over 25 years of

experience working in the information

services area, managing the IT

operations of leading Canadian

organizations, primarily in the financial

sector. He is responsible for the IT

group of Aviva Canada that supports all of the businesses

of the Canadian operation. Prior to his current role, he was

the Vice President and CIO of Pitney Bowes Canada.

Previously he held the position of Vice President,

eBusiness Division, at Fidelity Investments Canada and

CIO, and previously was Vice President, Information

Technology, at Scotia McLeod Inc.

“At the end of the day, IT can’tfunction by itself”

Lee ED:25JUNE 28/1/09 16:16 Page 125

clients andhenotes how that triggeredmassive growth. Reflecting on that,

he concludes by saying, “I clearly believe that if you do IT right, it will help

you to better service your clients, bemore efficient and offer a competitive

difference. You can then grow from there. I truly believe that.” �

have to understand what the implications are. If you outsource for the

sake of outsourcing, then you’re in the wrong game. You have to out-

source to drive business value.” For example, Aviva just completed a

massive outsourcing deal. The deal drove around $1.5 million a year in

savings, but what it also did for the group was give a competency that

they had previously been unable to get. For example, one of the busi-

nesses wanted this capability, and for five years, the internal group could

not provide it, yet through outsourcing, Aviva was able to get innovation

through the vendors.

Lee explains further: “In this environment you have to leverage your

business, leverage your vendors and leverage other industries to get these

innovations and then use them to get more value for your dollar spend.

“These are some of the tactics you have to use in light of the climate

we are in. You have to understand where you’re going, and you have to

manage the portfolio very carefully, because you’re not going have a lot of

money to do a lot of projects. People are conservative, and there’s also a

lot of risk that you have tomitigate.”

Beating the competitionToday, some industry insiders are arguing thatwehave reachedapoint

where IT is in fact a competitive differentiator within financial services,

but this is something that Lee says he has always believed in. “I’ve been

in IT close to 28 years, and the places that excite me the most in terms

of innovation are where they use innovation to truly drive business

value and I’ve seen many cases where that has driven additional sales

and cost.”

Lee goes on to reference having once worked for a company that was

among the first in the world to use 1-800 phone numbers for servicing

126 www.usfst.com

RUNNING COSTSIf a business is like a car, then IT is its engine. We ask

John Lee about the mechanics of technology and if it’s

best to do running repairs or an extensive overhaul when

you’re planning changes.

“You have to do both. It depends on the business

and the type of technology. For a very large, high-risk

infrastructure, you have to do the dual cost strategy, but

there are times where you can tweak the car in progress.

In this climate of conservative investment, we have to be

very creative in using innovation in smaller packages of

deliveries to modify the car while it’s going, and that can

be done. It’s a little bit more challenging; it requires

creativity, but in a climate where you’re not going to be

able to get major investments, you have to develop this

with a degree of nimbleness and an ability to think

outside of the box. Don’t always go for the big project;

go for a smaller tune-up and do this constant

reengineering, and that can work.

You have to have both because an IT group that

does only major projects won’t be successful, and an IT

group that does no major projects but tweaks, can’t

succeed. As with everything, it’s about having balance in

that portfolio.”

Lee ED:25JUNE 28/1/09 16:16 Page 126

PilotFish.indd 1 28/1/09 08:20:29

FEATURE

KeithDarcy HRM RPT:feb08 28/1/09 16:35 Page 128

129www.usfst.com

a coming together of people helpingother people,” he says. “I realized after

awhile, that nobodyhad topass a companypolicy, or a regulation, or a new

law to tell us what we knewwas the right thing to do.”

It’s fair tosay that this optimismhashad to endure a fewknocks of late.

The financial crisis rumbles on, gathering momentum and threatening to

spill out into thewidermarket. Though its causes are far too complex to at-

tribute to a single source, it is clear that a relentless pursuit of profit, cou-

pledwith a stark disregard for long-termconsequencesplayedamajor role.

Self-interest trumped responsibility andwe could all be paying theprice for

years to come.

Darcy is adamant thatethics,ormoreaccuratelyanabsenceof them,are

at least partly to blame for our current woes. It all comes down to trust. Take

Bear Stearns, one of the credit crunch’s earliest victims. “The government

had to step in and force a merger with JPMorgan Chase,” says Darcy.

“That took place not because there was a lack of capital at Bear

Stearns. There was a lack of confidence, a lack of trust.” According to

Darcy, the inability of investors, depositors and regulators to believe in

the good intentions of these financial institutions has had just as dam-

aging an effect as the well publicized levels of toxic debt. In a climate

where consumers are unusually attentive to any wrongdoing or uncer-

tainty, the issue of trust takes on particular significance.

“Any hint or rumor of an impropriety at your firm and yourmarket cap-

italization goes down,” Darcy continues. “If there’s any substance to it, it

goes downeven further. At a time like thiswhere there is such a crisis, I can

assure you therewill be an intoleranceof thosepeoplewhobreach thepub-

lic trust. It is an environment now that is filled with fear. And people who

breach the public trust are going to be punished swiftly, both by the mar-

ket as well as by public servants.”

You can find inspiration in themost unlikely places.

For KeithDarcy, ExecutiveDirector of theEthics and

Compliance Officers Association, it came during

thedarkest experienceof his life as thehorror of 11

September 2001 unfoldedaroundhim.Thenwork-

ing in New York’s Financial District, he had a front

row seat for one of most terrible events in

American history, even losing his brother in the

collapse of the north tower. He tells us of thenor-

mally bustling Manhattan streets becoming like a

war zone, how the firesburned for fourmonthsand the stenchof deathhung

in the air. But amid the devastation, the fear and the panic, Darcy perceived

somethingelse.Ashedroveacarloadofstrandedemployeesnorthoutof the

city hesawthings thatspoketo theessentialgoodness tobefound inhuman-

ity. “We listenedon the radio to the reports over andover again,watched the

fires burn behind us in silence,” he recounts. “But aswewere stuck in traffic

peoplewouldwalkover tous,andwithoutsayingaword, theywouldhandus

wet towelssowecouldwashall thesootanddebrisoffour faces.Otherscame

over,andagain,withoutcomment, justhandedusbottlesofwatersowecould

clear our throats. At one corner, wewere stuck for 20minutes and I watched

ashoestoreownergiveawayhisentire stockof flatsandsneakers towomen

whowouldhave towalk tensofmiles to get home that evening.”

The followingweeks sawsimilar scenarios being playedout across the

city. People just pulled together and helped share each other’s burdens.

Darcy himself did emotional triage in the lobby of his building, helping

those employeeswho had lost loved ones into one-on-one or group coun-

seling. It was during this time that his essentially optimistic attitude to

humannaturewas confirmed. “I sawsomething that I’ve never seenbefore,

Keith Darcy tells FST editor Huw Thomas that the state of businessethics is inextricably linked to the current financial meltdown

DOTHERIGHT

THING?


“If you had invested one dollar in the stockmarket in 1926 in a bread bas-

ket of stocks youwould have gotten 415 times yourmoney back by 1991.”

On the other hand, had you invested your money in the second best per-

forming companies in each sector, youwouldhavemade973 times your ini-

tial investment. Thatmight seem like a good return but, had you invested in

the top performing companies, you would have made a staggering 6300

timesyour stake.The factor that ties these industry leaders together? “At the

core, ineveryexample,wasavalues-basedcultureembedded in thoseorga-

nizations,”Darcy continues. “Clearly, ethics, valuesandprinciplesaligned to

a culture arewhat builds and sustains great organizations.”

This focus on culture continues to lead to success. Darcy points to a

couple of organizations that embody this fact, Southwest Airlines and the

retailer Nordstrom. “At Southwest Airlines, they know exactly the kind of

person that they want to take into the organization,” he explains. “In fact,

they have a provisional training program only at the end of which do you

find out if you’re a permanent hire.” The results of this attention to detail

are striking. The airline has a staff turnover of just eight percent compared

to a 22 percent industry average and is virtually the only carrier that has

consistently postedprofits, year on year, for decades. ForNordstromevery-

thing is constructedaround customer service. “Yougo intoNordstrom’s and

everybodywants to help you,” saysDarcy. “If one of the salespeople is not

as helpful as the rest think they should be, they’ll speak to that person.

Strong cultures self-regulate.”

The idea of self-regulation should not be underestimated, particularly

in our current climate. “What emerges in strong cultures is, rather than try-

ing to create a compliance based top model program which tells people

what they can and can’t do, people self-regulate the organization,” he con-

At the root of the problem is the approachmany organizations take to

ethics training, particularly in the financial sector. “When you look at the fi-

nancial sector as awhole, it is a heavily regulated one. Therefore, the train-

ing and the monitoring that tends to take place is very regulatory and

compliance focused,” Darcy continues. “What I think we’ve been missing

in the financial sector is attention to ethics.” But this doesn’t only apply to

the financial space. “It is incredibly important, not just to that sector, but to

all companies. There is such a profound lack of trust in our institutions and

in their leaders thatweneed to domuchmore to try and reassure all stake-

holders, employees, customers, investors, suppliers and even regulators

that we are going beyond just mere compliance.”

A common complaint of those resistant to ethics training and legisla-

tion is that an increased focus on doing the right thing could have a nega-

tive impact on profits. With more than three decades of experience in the

financial industry, it’s an attitude that Darcy is extremely familiar with.

“When I would talk about ethics, especially to people directly in theWall

Street community, I would typically get a response, ‘What do you want,

Darcy?Do youwant ethics or profits?’” he says. “Iwould always say, ‘I want

both. This is not an either/or proposition. I want the highest possible finan-

cial outcomes for our organizations at the highest possible standards.’

They’re not mutually exclusive.”

On the contrary, there is strong evidence that a good company culture

is a key differentiator for long-term success. Darcy references a 1994book,

Built To Last by Jim Collins and Jerry Porras, to illustrate the point. “They

studied 18 different sectors over a period from 1926 to 1991,” he explains.

130 www.usfst.com

Keith Darcy is Executive Director of the Ethics and

Compliance Officer Association, the largest association of

ethics and compliance professionals in the world with over

1400 members across six continents. Darcy spent over 30

years in the financial services industry, is a director of

E*Trade Bank, and teaches ethics and leadership at the

Wharton School, University of Pennsylvania.

HOLLYWOOD ENDINGLessons in ethics from the silver screenDarcy: Watch the Tom Hanks movie Castaway. It’s a two-

hour FedEx commercial. The plane is flying over the

Pacific. The plane goes down in a storm. Tom Hanks

grows a beard and long hair. Five years later,

somebody finds him. He gets a shave and a

haircut and what does he do at the end

of the movie? He delivers the

package. I always ask the question,

who does he deliver it to? Well, in fact,

the person wasn’t home, so he left the

note with the package, and the note said

simply, “Thank you. This package saved

my life.” Metaphorically, work gave him

meaning. It kept him alive. He even took a

volleyball, called him Wilson and drew a face

on it because he needed to personify

something. He understood that we do not exist

alone. We exist in relationship to other people. I

realize it’s fiction, but the implications are huge.

Everything we do is done with, by, for and through

people, and so ethics has to relate to that.


tinues. “When you think about it in the larger context, there’s only one al-

ternative to self-regulation, and that’s more regulation.”

It nowseems clear that, particularly for the financial industry,more reg-

ulations are an inevitability. Darcy sees the roots of our current malaise in

the deregulation-fuelled boom of the nineties when the NASDAQ jumped

from453 in 1991 to a high of 5132 in 2000. “Unfortunately, not only didwe

get the growth that came from that, but the energy deregulation also gave

us Enron. The telecom deregulation gave usWorldCom, and we are today

paying the price for banking deregulation,” he says. “I’m a free market

economist by training, I would prefer to see themarketswork in a free sys-

tem. The argument is between idealogues who believe totally in the free

market system and those who have seen the failings of it. We need an ef-

fective balance between the two.”

But it won’t be easy. Despite Darcy’s professed faith in human nature,

nearly two decades of erosion in ethical standards will take some time to

repair. It seems the problem is at risk of moving outside the office and af-

fecting other areas of life. “I like to be anoptimist about the future,” he con-

firms. “My concern is data that says 54percent ofMBAstudents cheat their

way through their degree, that 52 percent of engineering andmasters stu-

dents do the same, where 48 percent of law students cheat their way

through their degree and55percent of high school students admit to cheat-

ing so they can get ahead. I am concerned that somewhere over time we

began to feel like people who were entitled to something, that we would-

n’t have to sacrifice for getting ahead, that somehow life was there to pick

from.With that kind of attitude comes a certain arrogance. I really do think

that we need tomake sure we understand the difference between accept-

able profits and greed, that we understand that there’s no substitute for

hard work and rolling up your sleeves to reach the next level.”

Asked for a prescription to reverse our ethical decline, Darcy can pro-

vide no quick fixes. He talks about the need to remember what people are

capable of achieving and how the positive human spirit must be given the

opportunity to growandexpress itself. On amore conventionally business-

focused level he outlines a requirement to get back to the basic fundamen-

tals: positive cash flow, quality products, good customer service, being

respectful of all stakeholders and rebuilding the trust that has been

broken. “There is amandate today,” he explains. “Companies have

to understand themeaning of trust and the importance of ethical

awareness in their organizations is a differentiator in the mar-

ketplace. It is a differentiator for building enduring great com-

panies. None of this is a six-month rollout. All of this is a

permanent commitment to the future. It’s ethics training.

It’s ethics awareness. It’s raising the consciousness of

people onunderstandingwhat’s the right thing to do

and building cultures therefore that will self-regu-

late over time.”

But even if all this hardwork is successful,

it will require constant vigilance for it to be

maintained.Thinkingback to the collective spirit that

hewitnessed following the attacks onNewYork, Darcy is clear

that such a feeling can evaporate as quickly as it appeared. “I remember

remarking about sixweeks after 9/11 to a group that I was speaking to,” he

recalls. “I said, ‘My biggest fear is that somedaywewill take thismoment,

leave it behind and go back to business as usual.’ Andwe did.” �

131www.usfst.com

FOLLOW THE LEADER

Looking up to a more ethical futureDarcy: We need moral leadership, people who will stand

up and bring voice and action to setting standards of

behavior and conduct. Where are the great moral

leaders today? I can think of two in my lifetime that

stand out. I’m sure there are many more examples, but

Dr. Martin Luther King Jr. was somebody who believed

in something and gave his life for it. And another one

that’s the most extraordinary example of leadership in

my lifetime is Nelson Mandela. He was willing to be put

to death and assumed he would be because the pain of

apartheid was greater than the pain of death. In fact, he

spends 27 years on Robben Island and somehow

emerges from that not only as a free man but becomes

president of the free republic of South Africa. He then

has the audacity to create a truth and reconciliation

commission saying, “We need to be able to tell the

truth in South Africa and forgive ourselves because

unless and until we do, we cannot take our seat at the

table of nations. So we’ve got to get to the truth of

what’s going on here.” It’s long been said that we’re

only as well as our deepest secrets. That is true of

families, it’s true of corporations and it’s true of

society. So we need to address the truth of what ails

us. And I do think at some level that we have to speak

to the moral fiber of this country and get us back to

the basics and the fundamentals that our founding

fathers lived by. When they signed the Declaration of

Independence, they said that they mutually pledged to

each other their lives, their fortunes and their sacred

honor. They were doing something enormously bold at

the risk of failure. They had no real sense that they

could succeed, but they did. But it was built on a

foundation of values. We need to get back to that.

We’ve got to get away from self-interest and promote

the common interest and the common good.


NCR_DPS.indd 2 28/1/09 08:41:05

NCR_DPS.indd 3 28/1/09 08:41:10

134 www.usfst.com

134AwAy On Business

Rising sunOne of the key global centers of financial services, Tokyo is also a dazzling, neon-soaked city of the future. FST checks out what’s on offer once work is over

• Tokyo Disneyland was the first

Disney Park to be built outside of

the US and celebrated its 25th An-

niversary in April of 2008. Special

celebratory events will continue

into this year.

• As one of the most overcrowded

cities in the world, men known as

‘pushers’ are recruited to pack

people onto the city’s trains.

• In the 1920s the University of

Tokyo became one of the first

Imperial universities and houses

institutes for earthquake re-

search, cosmic ray research,

nuclear study, solid-state phys-

ics, applied microbiology, ocean

research and Asian culture.

AboutAlong with New York City and London, Tokyo is

one of three ‘command centers’ for the world

economy. Tokyo has the largest metropolitan

economy in the world and houses several head-

quarters of some of the world’s largest invest-

ment banks and insurance companies. It is also

the main hub for Japan’s transportation, pub-

lishing and broadcasting industries. 50 compa-

nies listed on the Global 500 are based in Tokyo,

almost twice that of the second-placed city.

Getting aroundA network of trains and subways

dominate the public transport

system in Tokyo, with buses, mono-

rails and trams playing a secondary

feeder role to the most extensive

urban rail network in the world. The

Yamanote Loop, which circles the

center of downtown Tokyo, carries

an estimated 3.5 million passen-

gers between its 29 stations every

day. By comparison, the New York

City Subway only carries 5.8 mil-

lion passengers per day across its

entire 26 lines.

From the airportNarita International Airport handles

the majority of international passen-

ger traffic to and from Japan, and is

also a major connecting point for air

traffic between Asia and the Ameri-

cas. Located just 60 kilometers from

downtown Tokyo, access to the city

center is recommended via rail ser-

vice. While taxis and buses are avail-

able, the trains provide a cheaper and

quicker option. The airport currently

has two rail connections, but a third

line is scheduled for 2010.

FAst FActs

AwayOnBusiness.indd 134 28/1/09 15:40:55

135www.usfst.com

Where to make the $The Tokyo Stock Exchange is the second largest in the world, outstripped only by New

York. At present, it lists 2271 domestic companies and 31 foreign companies, with a total

market capitalization of over $5 trillion.

Situated between Tokyo Station and the Tokyo Imperial Palace is Japan’s business

district, Marunouchi. Along with neighbouring Otemachi, this is home to many of Japan’s

largest companies, particularly those from the financial sector. Other business areas

include West Shinjuku, which houses the Metropolitan Government offices. With recent

deregulation easing market entry for foreign companies, Makuhari Messe, halfway be-

tween the city center and Narita Airport, and the new Tokyo Big Sight complex in Tokyo

Bay have also made the city Japan’s major trade fair venue.

Where to spend the $Shibuya – a major shopping area in Tokyo – is a definite place to visit for anyone

interest in Japanese fashion, while Omotesando – a broad, tree-lined avenue

leading downhill from the southern end of the JR Harajuku station – shows the

other side to Harajuku fashion and is not only full of cafés and international

brand clothing boutiques, but also includes the up market Omotesando Hills.

This stylish center is full of the who’s who of world fashion brands including

Yves Saint Laurent, Dolce & Gabbana, Porsche Design, Dunhill, Jimmy Choo

and Adore. The center covers six floors and has a very fashionable interior

design. While Paris and Milan may be the center of world fashion design,

Omotesando is the center of world fashion consumption.

sleepFour Seasons Hotel Tokyo

Located in the Marunouchi central

business district, The Four Seasons

offers a striking, contemporary set-

ting, luxurious rooms, privacy and

exclusivity.

57 rooms available

Double rooms from $752

Keio Plaza Tokyo

Five blocks from Shinjuku Station

and across the street from the Tokyo

Metropolitan Government Building,

this hotel is located in the heart of the

city’s business and political center.

Over 1440 rooms

Japanese Tatami Suite from $1024

EatCasita

Carving its own niche by creating a

tropical atmosphere and a year-round

outdoor deck. Set dinners: $108

Higashiyama Gantan

An industrial-minimalist bar, with pri-

vate dining rooms. Popular with fash-

ionistas. Dinner for two: $90

AwayOnBusiness.indd 135 28/1/09 15:41:00

136 www.usfst.com

136Quote/unQuoteLooking backHindsight is a wonderful thing. While the credit crunch has proven itself to be erratic and unforgiving in its victims, these people really should’ve known better. Here are some of the worst predictions made since the crunch began

“I did express, at some point, my concern about the use of leverage and was politely told to mind my own business.”Former fund manager James O’Shaughnessy at Bear Stearns of his warning to bosses back in 2007.

“I expect there will be some failures but I don’t anticipate any serious problems of that sort among the large internationally active banks.”Nine months after this comment by Federal Reserve Chairman Ben Bernanke and Citigroup became the largest financial institution in US history to fail.

“Freddie Mac and Fannie Mae are fundamentally sound. I think they are in good shape going forward.”

House Financial Services Committee Chairman Barney Frank made this prediction in July 2008. Two months later the

government forced the mortgage giants into conservatorships.

“AIG could have huge gains in the second quarter of this year.”

Analyst Bijan Moazani’s may 2008 prediction was sadly proven very wrong indeed when AIG wound up losing $5 billion in that

quarter and $25 billiom in the next. It has since been taken over by the US Government.

Quotes.indd 136 28/1/09 16:11:25

137www.usfst.com

And now?So have we learnt anything from another 12 months of business in the shadow of the crunch? or are the same outlandish predictions being made for 2009? FST rounds up some of the best of this new Year’s opening gambits

“The financial and economic firestorm we face today poses a serious risk of an extended period of stagnation – a very grim outlook. Even with vigorous Fed action to restore credit flows, an extended period of economic weakness is likely.”Janet Yellen, president of San Francisco Federal Reserve Bank shows her concern.

“It took more than three years for the economy to recover from both the dot.com bust of 2000 and the stock market crash of 1929. So, in our view, hopes that the economy is going to recover as soon as mid-year are likely to be dashed in the coming months.”Merrill Lynch’s US economist David Rosenberg illustrates just how little faith is left.

“Clearly the situation is dire. It is deteriorating and it demands urgent and immediate action.”

It’s a grim outlook as far as European Central Bank President Jean-Claude Trichet is concerned, here speaking at the Bank for

International Settlements talks in January.

“Already the former heads of the Federal Reserve and the Bank of England, have held up their hands to admit

they didn’t understand the risk building up in the financial system. If those in the private sector are to defuse

public anger, they will have to do the same.”The Wall Street Journal think its about time the world’s bankers

learn to say sorry.

Quotes.indd 137 28/1/09 16:11:28

138 www.usfst.com

138FACE OFFChanging lanesWith the inauguration of the 44th American President now complete, many economists are hoping that Obama will bring change to the fi nancial markets. Here, FST looks at what two key players are saying about Obama’s new policies

Earlier this month, at a senate confi rmation hearing, Geithner

said that the Obama administration would unveil a three-

pronged strategy to aid fi nancial fi rms, struggling hom-

eowners and the consumer credit markets by using the remaining

$350 billion of the government’s fi nancial rescue program. “The

ultimate costs of this crisis will be greater if we do not act with

suffi cient strength now,” Geithner told the Senate Finance Com-

mittee. “In a crisis of this magnitude, the most prudent course is

the most forceful.” He promised that the Obama administration

would offer a “clear plan” but provided few specifi cs.

In his previous job as president of the New York Federal

Reserve Bank, Geithner had been a key participant in efforts to

prop up fi nancial markets. He added: “We’ve seen the costs, in

terms of uncertainty created by tentative signals not followed up

by clear actions.” He went on to say that the new administration

was reviewing a “broad range of proposals,” including the option

of setting up a government-run “bad bank” to take toxic assets

off banks’ books.

Geithner also faced tough questions about his role in devis-

ing federal bailouts for Wall Street’s biggest fi rms and his failure

to pay all of his taxes on time between 2001 and 2004. Geithner,

who settled his outstanding taxes only after he was nominated

to the Treasury post, said he signed his tax forms without read-

ing them carefully. “These were careless mistakes,” he admitted,

“they were avoidable mistakes, but they were unintentional.”

He concluded by apologizing to committee members for making

them spend time on his personal history when the nation faced

more pressing issues.

In a post-inauguration interview, Pelosi revealed that she

opposes – at least for now – the idea of Congress approving

another costly bailout for troubled banks. While she has spent

recent days lavishing praise on the new president – she called his

inaugural speech “wonderful” – she’s also said that she won’t

always defer to Obama on key policies.

In the interview, the San Francisco Democrat, who is arguably

the second most powerful person in Washington, sought to quell

expectations about how quickly Congress and President Obama

will address current problems, from a weak economy to an ailing

health care system. “We can’t fi x it all overnight,” she said, “but

we have to start to begin.”

Furthermore, Pelosi looked to downplay the policy rift, sug-

gesting that she and the President may end up on the same page.

“I don’t know that he’s made that decision,” she said, ”but it’s my

view that tax cuts for the wealthy are big contributors to the na-

tional debt.” As doubts continue to grow about the stability of US

markets and foreign banks in general – the United Kingdom have

just approved a new rescue plan for British banks, for example

– the House is already planning to vote on whether to approve

the second $350 billion. In addition there’s already talk that the

Obama administration may need to ask for even more money from

Congress to assure the stability of major banks.

However, Pelosi said she won’t talk about another bailout

package until the new administration shows it will make good use

of the second half of the current $700 billion fi nancial rescue fund.

“How this next money is spent will determine if more money will

be spent down the road,” she said.

Timothy GeithnerSecretary of the Treasury

Nancy PelosiSpeaker of the United States House of Representatives

FaceOff.indd 138 28/1/09 16:04:49

20,000 Challenges. One Industry.20,000 Executives. One Community.

But there’s more. Weekly interviews with industry leaders are webcast on the site’sdedicated channel. These are combined with live, moderated discussion groups,video conferencing, IM and secure e-mail in one easy-to-use app that’s dedicatedto financial services.

Join now: www.meettheboss.com

New York 8:50 a.m.John is upgrading some corebanking functions. He wants toknow how to ensure a smoothtransition, so he calls…

London 1:50 p.m. Dubai 4:50 p.m.Georgina, the turnaround expertwho’s moving on to a new project in Japan, where…

Tokyo 9:50 p.m.

MeettheBoss.com membership reads like a financial services industry who’s who. CEOs, CIOs and other senior executives fromthe leading institutions are just two clicks away.

If your network isn’t focused on your business, change it.

Paul, who has seen the benefitsof an upgrade and is now sharing project management tipswith…

Ringo has the local knowledge.But he’s also planning for tomorrow, and that’s all aboutcore banking…

Dedicated To Finance

MeettheBoss.com is simple, intuitive, unintrusive and secure. It’s also free to use. Membership restrictions apply.

MTB MAG AD:Layout 1 28/01/2009 15:59 Page 139

140 www.usfst.com

140IN REVIEWHot off the pressFST rounds up on some of this quarter’s best business books

Everything I Know About Business I Learned At McDonald’s By Paul Facella and Adina Genn

McDonald’s might not be the fi rst place fi nancial services would think to look for inspiration, but in

this insightful new book, Facella, a former senior McDonald’s executive, explains how this monu-

mental organization has one of the highest employee retention rates of any company, managing

to motivate staff in a fast-paced and potentially stressful environment, in which pay increases and

perks are not readily available as incentives.

FST says: Each chapter of Everything I Know About Business I Learned At McDonald’s features

one of seven leadership principles that drive business success, based on McDonald’s one-of-a-kind

leadership culture.

This simple guide clearly outlines Warren Buffett’s strategies in a way that will appeal to newcom-

ers and seasoned professionals alike. Inspired by the seminal work of Buffett’s mentor, Benjamin

Graham, this book presents Buffett’s interpretation of fi nancial statements with anecdotes and

quotes from the man himself.

FST says: Written both for the laymen and the serious investor, chapters begin with clear defi ni-

tions and explanations of what the master investor is looking for when he sits down to explore a

company’s fi nancial statement. This book is the perfect companion to other titles in the already

acclaimed Buffett series and is likely to become a classic in the world of investment books.

Warren Buffett And The Interpretation Of Financial StatementsBy Mary Buffett and David Clark

Today, people are doing more in the name of personal security than at any other time in history. But,

is it really making a difference? Are people really safer? In this challenging book, Schneier unveils

the reality behind current security practice in a collection of his most recent and important writings.

The collection features some of the most informative security issues and looks at the price people

pay when security fails.

FST says: Schneier on Security not only explores the digital aspects of this important issue, but

the behavioral side too. Topics include everything from identity theft, to the threat of unchecked

presidential power, to why some risks are overestimated and others underestimated. This is a book

for all IT and corporate professionals and those individuals with security concerns.

Schneier On SecurityBy Bruce Schneier

BookReview.indd 140 28/1/09 15:42:01

gal went on, it’s generally accepted that

many of our current problems spring from

certain companies and individuals oper-

ating at the very limits of acceptability.

Huge levels of toxic debt were racked

up, while essentially worthless financial

products were traded with wild abandon.

Since everything started falling apart, the

standard statement has been that no one

could have seen this coming. As explana-

tions go, it’s pretty weak. The average work-

er in the financial industry is no idiot, so the

idea that the credit crisis is one massive sur-

prise is pretty hard to swallow. If that’s the

case, then you have to accept that these

business strategies were pursued even

though the risks involved were understood

by those who were meant to be in charge.

Now put yourself in the position of an

employee who is facing the sack. Chances

are it’s not your fault that your company

is cutting back. The decisions that led to

this predicament were likely taken way

over your head. As the prospect of walk-

ing out of the front door with your posses-

sions in a cardboard box becomes ever

more likely, why wouldn’t you seek to give

yourself every possible advantage? After

all, many of the top people in the industry

have managed to hold onto their jobs dur-

ing this crisis. Even those that have

walked the plank have often done so with

a chunky payoff in their pockets. It hardly

seems fair.

Culture is something that has re-

cently taken on increasing importance in

the business world. A company’s culture

is often held up as a key differentiator in

a competitive market. But culture comes

from the top. If leaders bend the rules for

their own short-term gain, we shouldn’t

be too shocked when employees do so

as well. n

If you knew you were about to lose

your job, what would you do? It

seems that many would make the

pre-emptive move of grabbing all the

company data they can get their hands on

so that it won’t just be the severance

package they walk out with. A new survey

called The Global Recession and its Effect

on Work Ethics by IT Security firm

CyberArk suggests that a surprisingly

large number of employees are prepared

to break the rules in times of crisis.

The figures are striking, more than

half of the respondents, drawn from work-

ers in London, Amsterdam and New York,

admitted that they had already down-

loaded sensitive data that they planned to

use as a bargaining tool in their search for

a new job. Slightly surprisingly given their

reputation for being laid back, the Dutch

were the worst offenders. A staggering 71

percent of respondents in the Netherlands

admitted that they would do this if their

job was hanging in the balance.

But this willingness to bend the rules

also has some more positive impacts, at

least from a business perspective. About

one third of those polled said they would

accept 80-hour work weeks, if that was the

only way to keep their jobs. Around a quar-

ter would accept pay cuts rather than face

redundancy in such a harsh climate. All this

serves to demonstrate exactly how uneasy

workers feel about their current prospects.

Predictably though, it is the stats

about staff stealing data that will draw the

strongest reactions. But perhaps we

shouldn’t be so shocked by these revela-

tions. Desperate times call for desperate

measures and there is very little a human

being won’t do if it feels threatened. There’s

also the uncomfortable feeling that busi-

ness has to bear some responsibility for

this. The reason so many workers are cur-

rently living in fear of losing their jobs is be-

cause of a crisis brought on in large part by

irresponsible business practices. While few

are suggesting that anything outright ille-

OPINIONLeading by examplePerhaps we shouldn’t be so quick to judgeemployees who break the rulesBy Marianne Sorensen

141www.usfst.com

141

SORENSEN:dec08 28/01/2009 16:23 Page 141

142 www.usfst.com

142OPINIONThe onus on bonusAs we waved goodbye to one of the toughest calendar years our global economy has ever faced, many executives learnt that keeping their job was the only bonus they were going to get. FST’s Matt Buttell investigates why

Close up: A look at how two of America’s biggest banks are handling the bonus-crisis, as their CEOs join the ranks of leaders forgoing their year-end bonus.

In a memo to employees on Tuesday January 7 2009, CEO Ken

Lewis recommended the board not award 2008 bonuses to

himself and other senior executives.

“This was a diffi cult decision because we have worked hard and made progress on many projects that will create

value for our company in future years,” the memo, later obtained by Bloomberg News, read. “Nonetheless, we are a

pay-for-performance company.”

Other senior executives are likely to receive lower bonuses and Bank of America is expected to report

disappointing quarterly earnings later this month as the recession deepened late in 2008.

The fi rm did not pay 2008 bonuses to CEO John Mack – he also gave up his

bonus in 2007 – and his two top deputies. It also awarded restricted stock

bonuses worth less than $1 million to four other executives.

The company’s board also approved a change to Morgan Stanley’s pay system, which will let management recoup

payments if employees later turn out to have damaged or discredited the fi rm.

In 2007, end of year payouts on Wall Street were up 14 percent

compared to what they had been in 2006. Goldman Sachs,

Morgan Stanley, Lehman Brothers and Bear Stearns – then

the four largest investment fi rms on Wall Street – handed out

nearly $30 billion in bonuses. To put these kinds of earnings

into perspective, the entire budget for the city of New York,

employing a quarter of a million people, was only $59 billion

for fi scal year 2008. In other words, around Christmas time

2007, Wall Street bonuses alone far surpassed the combined

funds available for the city’s fi re and sanitation departments,

education, health, hospital, welfare, homeless, children’s and

social services for the whole of 2008.

What a difference 12 months makes

Governments across the globe have already injected billions

in an effort to bankroll our fi nancial institutions and there is

now a renewed focus on how these organizations are spending

their money – especially in relation to executive pay. After all,

it would surely have taken a lot of gall to have openly accepted

massive injections of public funds with one hand only to dole

out billions in executive bonuses with the other. Because of

this, many executives at top fi rms across the globe were either

choosing to (or being forced to) forgo their bonuses.

Take Goldman Sachs for example: despite being only one

of two US investments banks left standing through the crunch,

Goldman announced last December that its seven top execu-

tives had refused year-end bonuses. According to the fi rm, the

seven executives made this decision themselves because they

felt it was the right thing to do. Those involved, who, along

with CEO Lloyd Blankfein, included Presidents and Co-Chief

Operating Offi cers Jon Winkelried and Gary Cohn, Vice Chair-

men John Weinberg, J. Michael Evans and Michael Sherwood

and Chief Financial Offi cer David Viniar, all decided to receive

no cash bonuses, no stock and no options for 2008 – just

their salaries.

As well as this, Goldman also announced that it would

impose a major bonus pay cut to about 400 of the bank’s part-

ners after the company recorded its fi rst quarterly loss in the

space of 10 years. In fact in 2007, Goldman’s partners received

a staggering amount from between $5 million to $29 million

in bonus pay outs marking them as both Wall Street and Lon-

don’s highest paid partner executives.

Meanwhile, the CEO of Citigroup, Vikram Pandit, also

agreed not to receive his bonus as the company struggled to

MattsColumn.indd 142 28/1/09 15:50:12

143www.usfst.com

cope with the financial downturn, and Jamie Dimon, chief ex-

ecutive of JPMorgan Chase & Co, reportedly declined his share

of 2008 bonuses which would have amounted to a few million

dollars. Then John Thain at Merrill Lynch followed suit, citing

the acquisition of Merrill by Bank of America last September

15 – the same day Lehman Brothers went bankrupt – as his

main reason for forgoing his bonus.

Elsewhere, on the other side of the Atlantic, Swiss banking

group UBS was the first to announce that top executives would

forgo their year-end bonuses. The bank’s Chairman and Chief

Executive, as well as other members of the board, are now set

to only receive their fixed salaries this year. After UBS shares

slumped to a new all-time low last month, and with the Swiss

government stepping in to assist the ailing bank, it is not

overly surprising that such a decision has been made. What

is surprising though is UBS’s announcement that in 2009 they

will introduce a new compensation model that is set to bring

about a huge cultural shift within the company.

In this new model, while top management will still be eli-

gible to receive both variable cash compensation and variable

equity compensation, a large portion of this will be held in

escrow and will only be paid out if the results of UBS warrant

it. In other words, those who are rewarded will only be those

who deliver good results over several years, without assuming

unnecessary high risk.

From my seat, it seems that the greed of our financial in-

stitutions is finally catching up with them. Nine of the largest

financial institutions on Wall Street – Bank of America, Citi-

group, Bank of New York Mellon, JP Morgan, Merrill, Goldman,

Morgan Stanley, State Street and Wells Fargo – were also the

first nine to receive a combined $125 billion in capital from the

US Treasury Department.

Historically speaking, banks and financial related

companies are usually a generous lot when it comes to

bonus give-out. True enough, many of the bank staff will

find themselves working long and stressful hours: but more

often than not, there will be happy faces as the fiscal year

edges to an end. When it comes to earnings and profits,

banks make most money. And this means a super high year-

end bonus. Bonus payment can be as much as 10 times that

of a banker’s basic salary, or even more. Just clearly not

this year.

In honesty, it’s beginning to feel a little like we’re in a

Hollywood movie. In Oliver Stone’s 1987 smash Wall Street,

Michael Douglas’s character Gordon Gekko tells us ‘Greed

is good’. While on some level this still may be true, it seems

greed also has a tendency to come full circle on us – with

grossly negative implications.

Perhaps this point can be best illustrated by looking at

a speech recently made by Australian Prime Minister Kevin

Rudd. The speech, looking into the state of the global financial

crisis, was entitled ‘The Children of Gordon Gekko’, and in it,

Rudd stated, “It is perhaps time now to admit that we did not

learn the full lessons of the greed-is-good ideology. Today we

continue to clean up the mess of the 21st-century children of

Gordon Gekko.”

Rudd makes an illustrative point – albeit a melodra-

matic one. Just mentioning the words ‘banker’ and ‘bonus’

in the same sentence seems to trigger a political furor these

days. But he is right – no one can deny that we face a global

financial mess. And 2008, at least, showed that executive

bonuses were the first spillage of that mess to be cleaned up.

And as the clean up continues, many of us, I imagine, will be

happy to help scrub the floors. n

MattsColumn.indd 143 28/1/09 15:50:14

144 www.usfst.com

• 76 percent of respondents have imple-

mented some form of endpoint virtualization

technology;

• 31 percent said their organizations spend

at least 21 percent of IT resources managing

incompatibilities between applications on

endpoint devices;

• 36 percent said at least a quarter of their

entire 2009 IT budget is earmarked for end-

point virtualization initiatives.

W ith non-discretionary spending

at financial institutions already

representing a small percent-

age of overall IT budgets, CIOs are under

increased pressure to deliver improved

efficiencies with existing assets. Consol-

idation efforts and M&A activity that con-

tinue to reshape the financial landscape

combined with never before seen trans-

action volumes are challenging organiza-

tions to centrally manage resources and

reduce costs without compromising the

quality and speed of the services that

IT delivers. Endpoint virtualization has

gained a lot of attention within the finan-

cial services community because of its

promise to reduce the total cost of own-

ership (TCO) for enterprise endpoints

and improve employee productivity and

endpoint control.

IT departments are faced with the

challenge of greater complexity and ex-

ponential growth in the number of enter-

prise endpoints that must be supported.

The mobility of the workforce, outsourc-

ing initiatives, new delivery channels and

an increase in shared services are fueling

the rising costs associated with this vast

ocean of PCs, laptops and PDAs.

Endpoint virtualization de-couples

the information that matters from the

underlying systems and software that

deliver it. This makes computing for end-

users extremely portable and flexible,

helping IT to reduce costs and respond

to rapidly changing business needs

while centrally managing the endpoints

for improved control and security.

Symantec recently sponsored a

survey, conducted by Applied Research-

West, to gain insight into the uptake of

endpoint virtualization. Some of the

key findings include:

The information from the survey validates that

endpoint virtualization will play an important

role in how IT departments look to increase

user productivity while lowering IT costs.

In addition to reducing cost and complex-

ity, security, availability of information and

compliance with industry regulations are

among the top reasons institutions consider

endpoint virtualization. Preventing the loss

of sensitive corporate and customer data is

critical for any organization – and even more

so for financial institutions. Compliance with

regulations such as ID Theft Red Flags, GLBA

and PCI demands that today’s financial institu-

tions make investments and put processes in

place to keep customer data safe.

A recent study found that the average

cost of a data breech for financial institutions

is $239 per compromised record. This is 21

percent higher than in other industries. With

almost half of data breaches in 2007 due

to lost or stolen laptops or other mobile

devices, preventing data leakage at the

endpoint is a big challenge. Endpoint

virtualization can help solve the problem

by moving stored sensitive data off the

endpoint device and into the data center

where it can be more easily controlled

and effectively protected.

The Teachers Credit Union (TCU)

in South Bend, Indiana is great ex-

ample of how a financial institution can

implement an endpoint virtualization

strategy to more effectively manage

its software applications and empower

its employees to be more productive.

Looking to eliminate application con-

flicts, automate application deploy-

ments and improve support, TCU turned

to Altiris Client Management Suite and

Software Virtualization Solution (SVS).

Using SVS, The Credit Union is able to

run multiple versions of the same ap-

plication, saving hundreds of hours in

implementation time. It was also able to

complete its migration to Windows XP

under time and budget. Worker produc-

tivity at TCU has improved and support

costs are lower as the volume of IT help

desk calls has decreased. As a result,

TCU’s IT organization is able to do a lot

more in a lot less time.

With many IT projects being put on

hold or re-evaluated during this time of

economic downturn, endpoint virtualiza-

tion appears to be an area where IT de-

partments are still looking to invest. The

strong and immediate ROI is escalating

endpoint virtualization as a priority. It can

be argued that endpoint virtualization, if

it hasn’t already, will soon change the way

software is delivered and consumed. n

For more information please visit www.symantec.com

144Final Word

David Krauss is Senior Manager of Financial

Services at Symantec, where he assesses

business challenges in the financial services

industry and develops technology strategies

or solutions that enable financial institutions

to secure and manage their information-

driven enterprise against more risks at more

points, with greater efficiency, cost savings

and confidence

Endpoint virtualizationSymantec’s David Krauss offers a case for real ROI

Symantec_FinalWord.indd 144 28/1/09 16:26:10

SymantecFULL.indd 1 28/1/09 08:21:55

OpenLink.indd 1 28/1/09 08:20:15