fstus14

RICHARD SCOTT, GUARDIAN LIFE P64 | JOHN PARKINSON, AXIS CAPITAL P70 | CATE LUZIO, JP MORGAN P74

www.usfst.com • Q1 2011

Wiki...leaked

The fi nancial services industry faces a host of new ‘hacktivist’ threats. Is it ready?

TRUSTWORTHY TITANUS Bancorp’s Richard Davis on why

reputation counts in unsettling times

RECIPE FOR SUCCESSManage the ingredients of risk correctly,

and you’ll be left with a veritable feast

HANDLE WITH CAREHow to maintain diligence when

protecting important fi nancial data

Cover FST.indd 6 25/02/2011 13:45

MICROSOFT AD2.indd 2 22/02/2011 11:05

QUEST AD.indd 1 22/02/2011 11:05

QUEST AD.indd 2 22/02/2011 11:05

ATRADIUS DPS1.indd 1 22/02/2011 11:04

ATRADIUS DPS1.indd 2 22/02/2011 11:04

RIM.indd 2 17/11/2010 09:34

RIM.indd 3 17/11/2010 09:34

McAFEE AD.indd 1 15/02/2011 15:09

As I’m typing this, the internet in the offi ce has just gone down. Server maintenance? Data packet overload? Faulty network connection? Or something more sinister?

In the current climate where online threats abound, it’s easy to feel paranoid. In the past year alone we've had the Stuxnet Worm, the WikiLeaks affair, China originating attacks against Google and others, and the Egyptian internet blackout. And while cyber security never really went away, it’s true to say that given the events of recent months it’s now fi rmly back on top of the fi nancial industry’s list of priorities.

It’s not simply a case of same shit, different day either: the threats fi nancial institutions face today are light years removed from those of even just a few years ago. Botnets, Trojans, viruses and worms are still prevalent, but they’ve now been supplemented by techniques such as spear-phishing and click-jacking. The rise of social networking has also opened companies and individuals to threats from a variety of hackers, spammers and plain old crooks.

Indeed, all the corporate soul searching and mandated risk assessments that have sprung up in the wake of such attacks have made one thing painfully clear: some of the most damaging security breaches originate from inside an organization’s own fi rewall. And it’s not just careless Facebookers who are causing the damage. According to the 2011 Cyber Security Watch Survey conducted by CSO magazine, security breaches caused by once-trusted employees and contractors account for one in fi ve attacks across all industry sectors. Moreover, the consequences of such events can be signifi cant: insider security breaches are more costly than those by outside hackers, according to one-third of the survey’s respondents.

So what can banks do to mitigate the threat? In this issue of FST, we take a look at both the threats and the possible solutions. Our cover story examines what the fallout from the WikiLeaks affair means for fi nancial institutions, while elsewhere we look at the steps – both obvious and more complex – banks need to take to ensure security is an integral part of the organizational culture. We also hear from Annelie Schnaar-Campbell, Group Director of Risk Management at Standard Bank, on why banks need to take a new approach to risk in the wake of recent incidents.

Financial services are increasingly dependent on interlinked high-frequency transactional systems – exactly the type of globally connected platforms that cyber malcontents like to hit – and as such institutions need to beef up their resilience to potential assaults. It’s a major challenge, because if we don't get better with security, we run the risk of people losing trust in the internet – and by extension, in the fi nancial services industry itself.

Following hot on the heels of the reputational damage caused by the fi nancial crisis, that’s a scenario the sector just cannot afford.

“A bank is a safe haven when you don’t have a place to put your money, a place to go when you have a dream you need to accomplish, and a collection of people who independently have a mission greater than funding and collecting deposits because they’re changing the world a little bit”Richard Davis, CEO of US Bancorp (p32)

FROM THE EDITOR 9

Ben Th ompsonManaging Editor

An ever-evolving threatAs security re-emerges as a corporate priority following the Wikileaks DDoS attacks and other recent events, how are fi nancial institutions responding?

Ed Note.indd 9 25/02/2011 13:35

NCR MULTI AD.indd 1 15/02/2011 15:09

38

CONTENTS 11

Know your enemyMark Logsdon of Barclays discusses the need for a tough approach when battling against security threats, and explains how his organization is winning the war

46

32

Under attackSubsequent attacks following the WikiLeaks fall out caused a furore in the fi nancial services industry. Lorna Davies asks: Is there anything organizations can do to protect themselves?

52

In safe handsManaging Editor Ben Thompson looks at how US Bancorp is plotting a steady course through the recession that has both customers and investors purring

Th e right ingredientsRisk is a standard ingredient in the recipe of any bank, but as Annelie Schnaar-Campbell explains, it’s how you manage those risks that will leave you with the taste of success or failure

CONTENTS.indd 11 25/02/2011 13:50

STISYSTEM AD.indd 1 15/02/2011 15:10

CONTENTS 13

60 Facing down the security threatIn the battle to beat security fraudsters, banks increasingly have to pull rabbits out of hats

64 It’s all in the teamworkBeing the CTO of a national organization working with thousands of employees is no mean feat. Richard Scott of Guardian Life Insurance tells FST how he stays on top of the challenge

70 Th e sandbox systemAXIS Capital’s John Parkinson outlines how important the role of innovation is becoming for fi nancial institutions

74 Th e new migrationCate Luzio, Head of International Commercial Cards at JP Morgan, explains why global card programs bring great benefi ts

82 Agility: the insurer’s insurance policyA new report highlights key drivers to promote growth for insurers in 2011

86 Business as usualVinod Kachroo of MetLife talks to FST about the importance of leveraging new technologies in order to maintain and improve your organization’s ‘business as usual’ objectives

68 Experiencing turbulence Citigroup’s Christine Kincaid fans away the confusion to unveil the true core of cloud computing

74 In profi lePaypal’s President Scott Thompson

INDUSTRY INSIGHT 58 Venkat Mullur, Tibco44 Tim Upton, TITUS44 Anthony Macciola, Kofax

EXECUTIVE INTERVIEW56 Brian Contos, McAfee80 Bob Tramontano, NCR

ASK THE EXPERT50 Allan Carey, Netwitness72 Barry McCarthy, First Data84 Doug Cox, GMC Software

Technology

DETAILS94 Top tips for today’s leader96 City guide99 Books100 Objects of desire102 Agenda104 Photo fi nish

96

70

64

CONTENTS.indd 13 25/02/2011 13:51

Chairman/Publisher Spencer GreenWorldwide Sales Director Oliver SmartFinance Director Jamie CantillonDesign Director James West

Managing Editor Ben ThompsonEditor Lorna DaviesContributors Ian Clover, Lucy Douglas, Nicholas Pryke, Sharon Stephenson

Print Director Andrew HobsonAssociate Designers Dan Clayton, Élise Gilbert, Michael Hall, Crystal Mather, Cliff Newman, Catherine Wilson

Online Editor Jana Grune

Project Director Heather C. BridenSales Manager Lee CarlsonSales Executives Lauren Mittleberg,Brandon Harp, Rebecca Sachs

Production Director Lauren HealProduction Coordinators Renata Okrajni, Aimee Whitehead

VP North America Jason GreenOperations Director Ben KellyIT Director Karen BoparoyMarketing Director Jake Mazan

Legal InformationThe advertising and articles appearing within this publication refl ect the opinions and attitudes of their respective authors and not necessarily those of the publisher or editors. We are not to be held accountable for unsolicited manuscripts, transparencies or photographs. All material within this magazine is ©2011 FST.

Subscription Enquiries +44 117 9214000, www.usfst.comGeneral Enquiries [email protected] (Please put the magazine name in the subject line)Letters to the Editor [email protected]

GDS InternationalGDS Publishing, Queen Square House18-21 QueenSquare, Bristol, BS1 4NHTel: +44 117 9214000E-mail: [email protected]

A Proven FormatThis inspired and professional format has been used by over 100 executives as a rewarding platform for discussion and learning.

It is a C-level event reserved for 100 participants that includes expert workshops, facilitated roundtables, peer-to-peer networking, and coordinated technology meetings.

A Controlled, Professional and Focused Environment

The FST Summit is a three-day critical information gathering of the most infl uential and important executives from across America. The FST Summit is an opportunity to debate, benchmark and learn from other industry leaders.

5-7 April 2011

Find Out More – Contact FST (+1) 212 796 2952

The Four Seasons Hotel, Miami

www.fstsummitus.com

CREDITS.indd 14 25/02/2011 13:27

SIEMENS AD.indd 1 24/02/2011 10:00

CUTTINGWhat does President Obama’s 2011 Budget Proposal reveal about the state of America’s fi nances?

22

28

UPFRONT

19

31

FSTUS 14 UPFRONT.indd 16 25/02/2011 14:54

G TOO DEEP?

NEW

S IN BR

IEF

17


NEW

S IN

BR

IEF

18

Obama must remember his former voice to enable long-term sustainability

n the day when many awoke to red roses from loved ones or were manically spend-

ing their hard-earned dollars on expensive candy, President Obama had more strin-gent spending in mind. He proposed his 10-year budget plan on Valentine’s Day,

Monday February 14, and spent the next few days defending it.

Touting his $3.73 trillion budget, Obama urged the kind of teamwork that was achieved

late last year in extending tax cuts for Americans. “I recognize that there are going to be plenty of arguments in the months to come, and everybody’s going to have to give a little bit,” he said in the hour-long news conference.

Mr Obama’s budget proposal is seen as an opening bid in the long process of negotiation with House and Senate leaders of both par-ties as Republicans press for deeper cuts. “I think it is important to make sure that we don’t use a series of symbolic cuts,” the president urged. “It’s going to be about everybody having a serious conversa-tion about where we want to go, and ultimately getting in that boat at the same time so it doesn’t tip over.”

Working together seemed to be top of the president’s agenda, or was it? Hours after Obama said he wanted to work with Republicans

to reduce the defi cit he threatened to veto a Republican bill to reduce spending. It all shows how diffi cult it’s going to be to fi nd a common ground to reduce the nation’s $14 trillion debt. “Let’s use a scalpel, let’s not use a machete,” said the president, but Republican’s are asking, is this enough?

Amid harsh criticism that it does little to rein in the burgeoning US defi cit and costly entitlement programs such as Medicare and Medicaid, the President came to the defense of his 2012 budget. The proposal aims to cut $1.1 from the nation’s defi cit over the decade. “You cut back on what you can afford to focus on, what you can’t do without. And that’s what we’ve done with this year’s budget,” the president said in his fi rst news conference of the year. “What my budget does is to put forward some tough choices, some signifi cant spending cuts, so that by the middle of this decade, our annual spend-ing will match our annual revenues. We will not be adding more to the national debt,” he said when asked about the GOP criticism. “We’re not going to be running up the credit card anymore.”

Obama describes the proposal as a “down payment” on future cuts to the US budget defi cit. He said “we can’t sacrifi ce future” with drastic cuts, a view the Republicans do not agree with. “Presidents are elected to lead and address big challenges,” Republican House budget committee chairman Paul Ryan of Wisconsin told reporters. “The big challenge facing our economy today is that our country


NEW

S IN BR

IEF

19

tomorrow is facing this debt crisis. He’s making it worse, not better.” This more gentle approach is in contrast to the president’s 2009

comments. Upon taking offi ce, Obama promised that his administra-tion would confront diffi cult challenges and not “kick the can down the road.”

In 2010, under pressure to honor this promise, he created a bi-partisan defi cit commission to address the unsustainable spending growth in programs such as Social Security, Medicare and Medicaid. “This can’t be one of those Washington gimmicks that lets us pretend we solved a problem,” he said at the time. “I refuse to pass this prob-lem on to another generation of Americans.”

In 2011, after the commission reported specifi c entitlement reforms, Obama is, effectively, kicking the can down the road. The Washington Post gave the opinion that Obama, faced with permanent trillion-dollar defi cits, produced a budget that abandoned the reforms of Social Security, Medicare and Medicaid necessary to prevent an eventual fi scal and economic calamity.

Defi cit commission co-chairman Erskine Bowles concluded that the president’s budget is “nowhere near where they will have to go to resolve our fi scal nightmare.” Senate Budget Committee Chairman Kent Conrad, North Dakota Democrat, added that the budget pro-posal “puts at risk the economic security of this country” and “cannot be the answer for this country’s fi scal future.”

Countries that fi nance US debt certainly noted that Mr. Obama‘s budget includes no plan for long-term fi scal sustainability. The ques-tion is how long they will continue lending to a government that us making smaller cuts rather than confronting budgetary reality.

In the absence of entitlement reform, Mr. Obama touted his proposed fi ve-year freeze of non-security discretionary spending – a freeze that he says eventually would reduce this spending to 1950s levels as a share of the economy.

Mandatory spending is expected to continue to rise. The proposal includes cuts to low income home energy assistance and community service lock grants as well as cuts in the Environmental Protection Agency’s budget – including reducing funds restore the Great Lakes’ environmental health. Mr. Obama wants to spend more on educa-tion, announcing plans to spend more to train math, science and engineering teachers and to expand effective programs. The Energy Department gained a boost to its budget, with a 12 percent increase from 2010 – including increases for clean energy programs. These new priorities see areas long favored by Democrats slashed to make room for increases aimed at boosting the economy.

After months of trying to forge a friendlier relationship with the business community, Obama’s new budget plan is a worrying deja-vu for many executives. Oil and gas companies, banks and multinational fi rms have to face more than $200 billion in higher taxes – an idea that has previosuly infl amed corporate America.

With law makers and Republicans clamoring for bold action, Obama’s cautious proposal has ruffl ed feathers. He has left many big decisions out – how to hold back rising health care costs, how to make Social Security self-sustaining, how to pay for new transportation projects, but would Republicans be happy if harsher cuts were made? The budget will still leave spending at historically high levels because of mushrooming health and retirement programs, but it will reduce the federal defi cit over time. Although unlikely, if Congress accept all the president’s proposals and the economy recovered, the federal defi cit would fall from 10.9 percent of GDP this year to three percent, Obama’s goal in 2017 – an optomistic thought.

President Barack Obama’s budget proposal for the fi scal year 2012

Media queue up to receive advance copies of President Obama’s fi scal year Budget

Under scrutiny: US Senate Budget Committee staff assistant Sam Ar-mocido unpacks President Obama’s fi scal year 2011 Budget


FRANCEFrench search engine 1plusV is the latest to join a rally of complaints surround-ing search engine giant Google. The complaint about Google’s alleged anti-competitive behavior follows similar complaints from price comparison site Foundem and legal search ejushice.fr last year. These complaints triggered the ongoing European Commission probe into Google’s business practices. Google said that it was working with the EC, adding that there was “always room for improvement” .“We have been working closely with the European Commission to explain many different parts of our business,” the fi rm said in a statement. 1plusV – the parent company of eJustice.fr – said that between 2008 and 2010 Google prevented vertical search fi rms from using it’s online advertising service AdSense.

International News

GUINEAGuinea’s President Alpha Conde has said the military junta that held power before he was elected has left the country bankrupt. Mr Conde told the BBC the army leaders had spent more money in two years than in the 50 years from independence in 1958. “It was like they were spending money as if there is no tomorrow,” he said. In December, Mr Conde, a veteran opposition leader, was declared the winner of Guinea’s fi rst democratic election in 52 years. He took over from the military junta that had seized power in December 2008 on the death of the previous president, Lansana Conte, who had ruled for 24 years.

UKGoldman Sachs is buying a minority stake in AppSense for $70m and putting managing director Peter Perrone on the British software company’s board. The money will be used to expand AppSense in the US, in a sector expected to boom to as much as $2bn in the coming years. AppSense, based in Warrington, England, specializes in “user virtualization” software, which allows a company’s employees to access documents and programs in any location on any device. The 12-year-old company already has offi ces in the US, Germany, Australia and the UK, and is on track for 60 percent revenue growth this year.

INTE

RN

ATI

ON

AL

NEW

S

20


LIBYATensions rise and fi ghting continues between opposition and supporters of Colonel Muammar al-Gadaffi in Libya. The leader of 41 years has so far denied reports he’s fl ed the country. He gave a brief statement saying: “I am in Tripoli and not in Venezuela. Don’t believe those dogs.” Wheat has extended a collapse and corn and soya beans also fell as traders speculated that a jump in energy costs caused by protests across North Africa and the Middle East will curb growth in demand for grains. Riots already ousted leaders in Egypt, the world’s biggest wheat importer, and in Tunisia, and opposition groups have seized control of eastern cities in Libya.

CHINAWorkers in China injured while making touchscreens for cellphones – including iPhones – have written to Apple chief executive Steve Jobs asking him to do more to help them. Around 137 workers suffered adverse health effects follow-ing exposure to a chemical, known as n-hexane. The Taiwanese factory owner, Wintek, has given compensation – but they say it’s not enough. Wintek said that it used the chemical in place of alcohol because it evaporated more quickly, thus speeding up touchscreen production. It has now reverted back to alcohol after workers experienced faintness and tired-ness, sweaty hands and feet, numbness in hands and swelling and pain in feet. Some claim they are still suffering ill effects.

JAPANMoody’s Investor Services has cut its out-look on Japan’s credit rating to “negative” from “stable” causing concerns about the country’s debt levels. Moody’s currently rates Japan’s government debt at an Aa2 level. In January, Standard & Poor’s – a rival company to Moody’s – downgraded Japan’s credit rating from AA to AA-, also citing debt concerns. The heightened concern that Japan’s economic and fi scal policies may not prove strong enough to achieve its defi cit reduction target prompted the action.


ww

What would you say are the biggest trends and challenges aff ecting the research industry right now?

Over recent years, real estate has become established as the dominant ‘alternative’ asset, driven by its perfor-mance behavior and attractiveness to institutional inves-tors around the world. But it remains an ‘alternative’ and has been deeply impacted by the global fi nancial crisis, so research continues to play a big role in helping the industry to mature. Th is revolves around improved understanding and better risk management throughout the industry.

How has IPD tackled these challenges and grown throughout the global fi nancial crisis?

Th e fi nancial crisis has generated signifi cant stress throughout the industry. Th is stress has increased demand for better information and improved risk management, and IPD has responded to these trends by focusing its ac-

Peter Hobbs has widespread experience of advising investors across European, US and Asian markets. As Senior Director of Group Business Development at IPD (Investment Property Databank), he is focused on developing the commercial strategy of the company. Th is includes responsibility for three main areas of IPD: product development, marketing and overall research. FST asked him to share some of his expertise in heading up a successful company in this challenging time.

w

WH

AT

DO

I K

NO

W?

22

tivities on those markets (such as US and UK) and industry sectors (such as banks and global real estate managers) with the greatest need for assistance in these areas.

What advice would you give to those in the fi nancial services industry wishing to succeed in a harsh economic climate?

Th e experience of IPD through the crisis reaffi rms three important themes that have driven IPD’s growth through its history. First: strong technical development to enable the creation of innovative business tools and appli-cations. Second: a focus on the needs of customers and the ways they vary through the economic cycle, from country to country and by segment. Th ird: the building of a well-co-ordinated and collaborative team straddling global markets, to ensure local innovation whilst preserving a strong global framework and brand.

Founded in the UK in 1985, IPD began by compiling data and developing benchmarking services for leading commercial property investors. Building up its property-by-property information, IPD soon became the UK’s fi rst reliable index of property returns, and the approach started to be deployed in markets outside of the UK. Today, with a staff of over 300, we operate in over 20 countries including US, Canada, Australia, New Zealand and Japan. Earlier this year we were awarded the Queens Award for International Trade, aft er already having received the award in 2005.

BREAKING BOUNDARIES

Research

Development


Just as the Industrial Revolution advanced methods and accelerated assembly from single to mass production in the 19th century, today’s cybercrime industry has similarly transformed and automated itself to improve effi ciency, scalability, and profi tability. The industrialization of hacking coincides with a critical shift in focus. Previously, hackers concentrated attacks on breaking perimeter defenses.

But today, the goal has changed. The objective is no longer perimeter penetration and defense. To paraphrase a popular political slogan, “it’s the data, stupid.” Today’s hacker is intent on seizing control of data and the applications that move this data.

Today’s complex hacking operation now utilizes teamwork, global coordination and sophisticated criminal techniques designed to elude detection. The machine of choice is the botnet – armies of unknowingly enlisted computers controlled by hackers. Modern botnets scan and probe the Web seeking to exploit vulnerabilities and extract valuable data, conduct brute force password attacks, disseminate spam, distribute malware, and manipulate search engine results. Today’s consumer must learn to rely on automatic op-erating system updates and anti-malware softwareto protect personal data and avoid becoming part of the botnet army. The real burden, however, falls on enterprises, which must protect sensitive data and shield applications from malicious attacks. These organizations can adapt to the evolving threatscape by adjusting security strategies to deal with the growing number of automated and high-volume attacks by:

Fighting automated attacks with:• CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans

Apart). This technique attempts to distinguish humans from bots by presenting a dis-torted picture that users must correctly identify before admittance into the application.

An example of CAPTCHA:

• Adaptive authentication: This technique mitigates several automated attacks, includ-ing password and cross-site request forgery attacks. When dealing with highly sensitive transactions and when automation is suspected, applications must be armed with ad-ditional authentication dialogs throughout a user session. These additional authentica-tion steps rely on previously supplied personal information from the user, such as a pet’s name, favorite movie star, or a mother’s maiden name.

• Access and click rate controls: This technique monitors and detects the difference between a human browsing the Web versus faster, automated, botnet-controlled Web browsing.

Quickly identifying and blocking the source of malicious activity: Knowing the IP address of commonly used attack platforms can quickly reduce attack volume.

Strategically enhancing defenses with forensics from recent attacks and introducing reputation based controls:Leveraging unique and identifi able characteristics from third party attacks to better help fi lter Web traffi c.

Today’s cyber warriors cannot use yesterday’s technology to fi ght tomorrow’s cyber war. Attack campaigns are constantly launched not only against high profi le applications but against any available target. An application may be attacked for the value of the information it stores or for the purpose of turning it into yet another attack platform. Protecting data using database and application level security solutions is a must for any organization to succeed against a strengthening foe.

About Imperva Imperva is the global leader in data security. Our customers include leading enter-

prises, government organizations and managed service providers who rely on Imperva to prevent sensitive data theft by hackers and insiders. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring for databases, Web applications and fi le systems. To learn more about Imperva’s solution visit http://www.imperva.com.

Th e industrialization of hacking

Prior to joining IPD, Dr. Hobbs was Managing Director at Deutsche Bank, working as Global Head of Real Estate Research for RREEF, the real estate division of Deutsche Asset Management. He was respon-sible for leading the company’s global research coverage.

IPD is a global real estate infor-mation business with services re-lated to the commercial real estate market, producing research and analysis for some of the world’s leading real estate investors, oc-cupiers, advisors, lenders, analysts and researchers.

Th e company is the world leader in performance analysis for the owners, investors, managers and occupiers of real estate. To guar-antee independence IPD do not participate in real estate investment markets and do not off er consultan-cy advice on investment decisions or other real estate issues.

IPD off er: real estate performance analysis; market indices; research and publications; and events and training in most of the real estate markets it operates in.

“Th e way we work is designed to give you clear, timely information and the research and the training you need to understand the world of real estate and performance analy-sis and making it work for you. In order to meet your evolving needs we are continually refi ning our services and adhere to the highest standards of real estate data col-lection, validation, processing and reporting.” IPD says.


Mark Madoff, the eldest son of disgraced fi nancer Bernard, was found hanged in his Manhattan apartment in December.

This latest casualty is another in the saga that sent Bernard Madoff to prison and swindled

thousands of their life savings. The suicide took place on Saturday December 11 – the second anniversary of his fathers arrest for the worst investment fraud in American history. Mark Madoff, 46, was found dead in the living room of his Soho loft. He was hanging from a black dog leash while his 2-year-old son slept nearby.

Those closest to Mark Madoff said he was despondent over press coverage of his father’s case, an ongoing criminal investigation of Madoff family members in the multibillion-dollar scheme and his struggle to rebuild his life.

The convicted Ponzi-schemer Bernard will not attend the funeral of his son out of consideration for his daughter-in-law and grand-children, attorney Ira Sorkin said. Bernard, 71, is at the Butner Federal Correction Complex, a medium security prison in eastern North Carolina, where he is serving a 150-year prison sentence.

Madoff fooled investors out of their money by masquerading as the head of a legitimate investment fi rm while using funds from new inves-tors to send payments to his earlier investors, falsely portraying them as proceeds when they were actually stolen money, prosecutors said.

Madoff’s criminal activities began a tidal wave of civil actions against Mark Madoff, his mother, siblings and hundreds of other defendants, accused of profi ting off the Ponzi scheme by withdraw-ing more money from Madoff’s fund than they invested, money they presumably thought was investment income.

Mark Madoff suicide

NEW

S IN

BR

EIF

24

We’re still spending too much

pparently nothing can stop the majority of U.S. inhab-itants from overspending at the mall.

Consumer spending rose 0.7 percent at the end of 2010 – a bigger jump than expected and more

than double the 0.3 percent rise in the month before. The problem lies in the fact that the income of the average American only rose 0.4

percent – meaning spending rose nearly twice as fast as income. Top US GDP forecaster Herrmann says the world’s largest econ-

omy will expand in 2011 at the fastest pace in six years as American consumers boost spending. John Herrmann, a senior fi xed-income strategist at State Street Global Markets LLC, forecasts for gross domestic products. His estimates were the most accurate over the past year according to data compiled by Bloomberg News. He now estimates that all goods and services produced will grow three per-cent this year, the most since 2005. He said household purchases will also climb three percent after rising 1.8 percent in 2010, the fi rst gain in three years.

It appears well off shop-pers are driving the increase in consumer spending with sales up at Tiffany & Co. and Coach Inc., helped by demand for $6000 diamond pendants and $1200 leather handbags

as stock-market surge lines the wallets of the wealthy.

At the other end of the spec-trum – Wal-Mart Stores Inc., the world’s largest discount retailer has reported that “everyday Americans” are living paycheck to paycheck as they await an im-provement on job prospects.

Factfact

Th e number of bank branches in the US fell from 99,950 to 98,517 last year, offi cial fi gures show, the fi rst drop in 15 years. However, the data shows that while banks closed in poorer areas, they expanded in wealthier ones, despite complaints about regulation.

Bank closures in poorer places


NEW

S IN BR

EIF

25

Businesses work their cash

Standard & Poor’s 500 companies have reduced cash and short-term investments to $2.4 trillion from a record $2.46 trillion, the fi rst decline since mid-2009.

The data compiled by Bloomberg from their most recent quarterly reports also showed that Capital spending increased $22.3 billion, the biggest quarter-to-quarter jump since the end of

2004, to $142.8 billion, the highest level in two years. S&P bellwethers Cisco Systems Inc., General Electric Co. and Coca-Cola

Co. have increased budgets for stores and new plants and distribution centers. While some money is being sent abroad, company offi cials say they are dipping in to the home turf budget as well. A rebound economic demand, President Barack Obama’s efforts this year to court business leaders, and Republican gains in Congress have helped build confi dence to invest and start adding jobs, executives and investors said.

Cisco Chief Executive Offi cer, John Chambers said: “What you’re seeing is business and government learning to work together. There are good steps starting to occur, but they are just initial steps,” in an interview with Bloomberg.

Cisco is the largest provider of networking equipment. The company had $326 million in capital spending in each of its two most recent quarters, the most since the height of the global fi nancial crisis in October 2008. Last year US companies’ accumulated record cash last year after they slashed pending, shut factories and fi red workers in 2008 and 2009 to cope with the worst recession since the 1930s.

The lack of investment took its toll on the nations job market, with the unemployment rate averaging at 9.6 percent in 2010. An increase on spending this year may help lower the rate to 9.2 percent, the average estimate of 87 economists in a Bloomberg poll.

The US fi nancial system is fi tter than it was before the recession and is well placed to provide the funding needed for the economic expansion, Treasury Secretary Timothy F. Geithner has said.

“The core of the American fi nancial system is in a much stronger position than it was before the crisis,” Geithner told reporters in Washington.

US banks had a net income of $87.5 billion in 2010, the highest since 2007, the Federal Insurance Corp. said. The Standard & Poor’s 500 index has jumped 64 percent since March 2009, and corporate bond spreads have narrowed. “We can say with much more confi dence now that the US banking system and the US capital market are much more likely to be in a position to fi nance the capital needs that come with recovery,” Geithner said.

Head to headApple is still the No. 1 smartphone manu-

facturer, as it has been for over a year, but there are signs that the iPhone is

approaching saturation in the de-veloper community. In a Millenial

survey, Android was the No. 1 platform developers plan to support in 2011, with Microsoft’s Window Phone 7 and the iPad tied for second. The iPhone was relegated to fourth place, after the Blackberry.

The extraordinary growth of Google’s Android phones can be traced in six months of smartphone advertising data from Millenial Media, the largest independent mobile ad network.

Through a series of pie charts, they show Android overtaking Research in Motion’s (RIMM) Blackberry between June and July in ad impres-sions, gaining rapidly on Apple’s iPhone between July and September and fi nally coming even with iOS in October with a 37 percent share apiece.

However, Millenial’s November report shows that Android and iOS tied for the second month in a row, at 38 percent each. After six months of gains, there is now something that looks like equilibrium.

FactfactWall Street paid out $20.8 billion in cash bonus-es in 2010, the fi fth-highest amount on record, though the average payout fell 9 percent from a year earlier as fi nancial reform drove banks to offer higher base salaries and defer more com-pensation. The average cash bonus in 2010 was $128,530, according to a report by New York state comptroller Thomas DiNapoli.


COMPANY INDEX Q1 2011

CO

MPA

NY

IND

EX

26

Google unveils One Pass system

Google has launched a new payment system that allows users to subscribe to online content for a 10 percent commission fee.

The move comes after rival Apple was criticized for charging 30 percent of the sale price for its pay-

ment system. One Pass will work on tablets, smartphones and Google-related websites and will launch initially here in the USA, as well as Canada, the UK, France, Germany, Italy and Spain.

The announcement was made on Thursday, February 16 – just one day after Apple announced new rules for publishers selling subscriptions on its iOS platform. Apple says companies must now offer users the option to buy directly through an iTunes account – handing 30 percent of the price to Apple.

Previously, vendors were allowed to direct customers to an ex-ternal website, keeping all the profi ts. Lee Shirani, the company’s director of business product management, wrote on a blog post-ing: “Publishers can customize how and when they pay for content while experimenting with different models to see what works best for them.”

Google’s new approach is being described as a competitive blow aimed directly at Apple’s online subscription business.

The search engine giant describes One Pass as: “A payment system that enables publishers to set the terms for access to their digital content. It offers purchase-once, view-anywhere function-ality, so users can view the content they buy across all of their devices,” on the offi cial Google blog – where the new service was fi rst introduced.

Users will have single password access to content on mobile, tablet or online to access all their content. The intention is that current subscribers won’t have to re-subscribe when access-ing content in different ways. One pass will allow customizable methods of charging for content “offering subscriptions, metered access, ‘freemium’ content or even single articles for sale from their website or mobile apps.” Google hopes that the service will help increase the number of publishers currently cautious of creat-ing paid for digital content.

Google Checkout integration will mean that payment will be processed and managed via One Pass, so doing away with the need for third party payment systems.

Developers opting for One Pass will fi nd they retain 20 percent more revenue than what Apple will keep from in app subscriptions. Apple may face competition investigation over their demands, which may lead them unfairly dominating the market.

The Wall Street Journal has said: “Publishers, for example, might claim that Apple dominates the market for consumer tablet

computers and that it has allegedly used that commanding position

to restrict competition. Apple, in turn, might defi ne the

market to include all digital and print media, and coun-

ter that any publisher not happy with Apple’s terms is

free to still reach its customer through many other print and

digital outlets.”

Companies in this issue are indexed to the fi rst page of the article in which each is mentioned.

Don’t miss…Leveraging new technologies to improve your business (p86)Top tips to be a better leader (p94)

General Motors has reported its fi rst annual profi t since 2004, topping an impressive turnaround for an automaker previ-ously plagues with troubles.

The profi t has come from a rebound in US sales, strong growth in China – now GM’s largest market – and a much lower cost structure after a 2009 journey through bankruptcy.

GM’s bankruptcy was fi nanced by the US and Canadian govern-ments and allowed the company to get rid of mounting debt, four of its weaker brands, excess factories and many other costs. The nation’s largest automaker, GM earned $4.7 billion for the year. This total ends a string of fi ve years of losses during which the debt topped $100 bil-lion. The profi t was the biggest at the company since 1999.

General Motors back on track

Atradius ................................................................................................................................................ 4Amazon ............................................................................................................................................... 38Axis Capital ........................................................................................................................................70Barclays ................................................................................................................................................46Berkshire Consultant Ltd ...............................................................................................................94Blackberry ............................................................................................................................................. 6Cap Gemini ......................................................................................................................................... 82Cisco .....................................................................................................................................................88Citigroup ............................................................................................................................................68First Data ...................................................................................................................................... 72, 73Frost & Sullivan ................................................................................................................................ 60GMC Software ........................................................................................................................... 84, 85Guardian Life Insurance .................................................................................................................64Imperva ........................................................................................................................................ 23, 27iStrategy ............................................................................................................................................. 92JP Morgan .......................................................................................................................................... 74Kofax ..................................................................................................................................90, 91, OBCMasterCard ........................................................................................................................................ 38McAfee ..................................................................................................................................... 8, 55, 56Meettheboss TV ............................................................................................................................... 101MetLife ................................................................................................................................................86Microsoft ...........................................................................................................................................IFCMoody’s Analytics ......................................................................................................................... IBCNuance ................................................................................................................................................98NCR ......................................................................................................................................... 10, 80, 81NetWitness .................................................................................................................................. 50, 51PayPal ............................................................................................................................................38, 78 PWC ..................................................................................................................................................... 60Quest Software ...................................................................................................................................2Radware .............................................................................................................................................. 38Siemens ............................................................................................................................................... 15STI Systems ...................................................................................................................................12, 83Standard Bank ....................................................................................................................................52Tibco ..............................................................................................................................................58, 59TITUS ............................................................................................................................................ 44, 45Unisys ..................................................................................................................................................66US Bancorp .........................................................................................................................................32Vendorcom ........................................................................................................................................ 38Visa ...................................................................................................................................................... 38Xerox ............................................................................................................................................. 37, 42


IMPERVA AD.indd 1 22/02/2011 09:10

Top 10 emerging fi nancial centers

TOP

10

28

TorontoThe city recently unveiled a plan to become “one of the two leading fi nancial clusters in North America and one of the top fi ve to seven global centers.” In regional terms, Toronto is already a player: it’s the third largest North American fi nancial services center after New York and Chicago, based on direct employment, as well as the fastest-growing. It’s also the hub for Canada’s banks, security fi rms, insurers and mutual funds.

LuxembourgLuxembourg is growing as a fi nancial center because of its Swiss-like secrecy rules. There’s plenty to fi nd attractive: it claims to be the second largest investment fund centre in the world after the United States, the premier captive reinsurance market in the European Union and the premier private banking center in the Eurozone. It’s also the second-larg-est mutual fund market after the US.

Sao PauloAs Brazil emerges as Latin America’s leading economy, investors are increasingly looking to Sao Paulo. Brazil’s bank-

ing sector is relatively underdeveloped and security remains a concern in Sao Paulo, but there’s much on the upside: the country has exhibited stability across its banking system through the current crisis, and a high degree of IPO activity means it is strong in non-banking fi nancial services too.

ZurichAs British regulators continue to go after bonuses, bankers are fl eeing to Switzerland. Long a fi nancial center known for equity and foreign exchange markets, Zurich does well in international rankings, with traditional strengths in asset management and private banking sectors. However, Switzerland’s competitiveness has been impacted somewhat by the continuing diffi culties experienced by major Swiss banks.

ShanghaiIn April 2009, the Chinese government declared it wanted to make Shanghai an international fi nancial center by 2020. And when the Chinese government declares something, it usually makes it happen. Adding to the surge is China’s

1

2

3

5

4


5TO

P 10

29

continued economic growth and potential fi nancial reforms, like index-tracking ETF funds, foreign companies listing on local exchanges and fi nancial and commodity futures.

Hong KongHong Kong has long been an Asian fi nancial hub because of its gateway role to China and banking-friendly special administrative status. Hit by the fi nancial crisis, it still had the most IPO proceeds in the world last year, plus strong hedge fund and M&A activity. It has a deeper pool of fi nancial services than Shanghai, with insur-ance, law, accounting and other professional service fi rms already well established.

SingaporeSingapore’s developed and effi cient bank-ing sector make it an important player on the global stage. An October 2009 Bloomberg Global Poll found that the tiny country had topped New York as investors’ preferred place for doing business, second only to London. Still, Singapore’s playing catch-up to Hong Kong: the special Chinese region has more hedge fund, IPO and M&A activity.

TokyoTokyo remains a critical Asian fi nancial center despite doubts about Japan’s economy, which

is reeling from the fi nancial crisis and faces crushing government debt. But Japan’s fi nan-cial sector is healthy, the country’s banks are sizeable and effi cient and similar strengths are seen across non-banking fi nancial services such as IPO and M&A activities and insurance. It’s still an important regional hub.

Johannesburg Unusually, Johannesburg is poised to be the fi nancial hub of a whole continent – a region that represents more than 900 million consumers and is one of the world’s fastest growing markets. The South African city has the most developed business infrastructure south of the Sahara, and South Africa generally gets strong marks for its fi nancial sophistication.

DubaiIn 2009 Dubai was forced to take a $10 billion bailout from Abu Dhabi and remains in serious fi nancial trouble. Still, it is the regional headquarters for fi nancial power-houses like Goldman Sachs, Citi and JPMorgan Chase, and the Dubai International Financial Center offers perks including 100 percent foreign ownership, zero percent tax on income and profi t, no restriction on foreign exchange and the freedom to repatri-ate capital and profi ts without restrictions.

6

7

8

10

9


Apple puts sharp focus on camera development

Apple have released a fl urry of imaging related patents showcasing the effort it’s putting in to improve the camera on the iPhone.

The development came out on top of the iPhone’s High Dynamic Range feature that Steve Jobs demoed last September. They indicate, as Patently Apple’s Jack Purcher put its, “the importance that Apple is facing on cameras within the context of the greater iOS device revolution.”

Purcher highlights three of the patents: One for cor-recting blurry photos, another for masking skin tones and a third for reducing radically-based chroma noise.

Apple’s iPad lost by a hair to number one Chatrouletee in Google’s list of the fastest rising search terms for 2010.

Twitter was number eight and Facebook number ten. Android did not make the list.

In the consumer electronics category, the iPad was number one and the iPhone 4 number two. Android didn’t make this list either, but an Android phone- the HTC Evo 4G- did.

Google’s most searched

Nokia Siemens Networks Chief Executive Offi cer Rajeev Suri said the joint venture of Nokia Oyj and Siemens AG is in talks

with “a few” private equity fi rms. If the pair were to add another owner the benefi ts would include new capital for “strategic fl exibility” and “expertise and knowledge” including advice on purchases to round out the company’s portfolio, Suri told reporters in Espoo, Finland on Tuesday, February 22. Investment from private equity fi rms doesn’t necessarily imply a rejection by the parent companies, Suri said. He didn’t comment on the timetable for talks.

Nokia Siemens in talk

NEW

S IN

BR

EIF

30


espite women taking up almost 50 percent of management positions in professional industries throughout the US a mere six percent of Fortune

500 companies have women as their top earners. And it’s not just at the very

top of the pay scale that gender divisions exist – throughout every level of the employment tree women are either underpaid or under-recognized, reveals a report by recruitment giants Adecco.

The recent Adecco survey, conducted among British, American and German female workers, fi nds that a third of those questioned believed they were being underpaid by as much as 25 percent when compared to a male counterpart performing an identical or similar role. The same study also showed that a third of women are hankering after a pay increase of up to four percent this year, which is slightly more than the pay aspirations of men.

In contrast, men were shown to be more likely to know what they should be earning, and were more likely to bring the matter to the attention of their bosses should they feel their contributions were being undervalued. “It’s particularly disturbing that female workers have the perception that they are underpaid but are not confi dent in understanding what they may be worth in the jobs market,” said Andy Powell of Adecco. “We would actively encour-age both male and female workers to understand what the market rate is for their role, taking a real-istic view of their skills and experience.”

Over the past month, the number of people applying for jobless benefi ts has averaged 402,000, marking the

lowest level since July 2008, according to Labor Department data.

New applications fell by 22,000 between 14th-22nd of February to 391,000 – suggesting that a slow but steady improvement in the US labor market remains on track. Economists has expected fi rst-time jobless claims in the week ended February 19 to fall

to a seasonably adjusted 405,000, when polled by MarketWatch.

In recent US trading, stocks fell as investors concentrated their atten-tions on the rising price of oil amid the latest reports of unrest in Libya. Over the past six months weekly claims have fallen gradually from a peak of 503,000 last summer. At cur-rent levels, claims appear to be con-sistent with a modest pace of hiring. The economy’s gained an average of 83,000 jobs a month over the past three months.

Jobless claims reduced

A New York Bankruptcy judge has rejected claims that

Barclays Bank cheated Lehman’s creditors out of billions of dollars during the chaos in the week after the investment banks collapse, and that it should be ordered to pay an additional $1.1 billion.

The victory means an end to concerns that Barclays would have to renegotiate the deal that trans-formed it overnight into a Wall Street powerhouse when it brought the Lehman Brothers US broker-dealer business and many of its trading assets out of bankruptcy. The bank should now be able to unlock and revalue some of the disputed assets it bought as part of the deal. Its lawyers and fi nance executives are still working to assess the implications of the complex ruling.

Lehmanlose out

Gender pay gap rears its ugly head

NEW

S IN BR

EIF

31


THE BIG INTERVIEW32

Big Interview.indd 32 25/02/2011 13:50

THE BIG INTERVIEW 33

If banking were a popularity contest, Richard Davis would be feeling plenty of love right now. Th e Chair-man, President and CEO of US Bancorp was recently voted No. 2 on Th eStreet.com’s list of the 10 bank CEOs that analysts and other industry insiders like the most, which described him as “one of the most strategically

focused CEOs” in the business. Th e Minneapolis-based US Bancorp has certainly weathered the recession better than most under the quietly spoken Davis: it earned $2.3 billion in the fi rst nine months of 2010, up 41 percent from a year before, while Wall Street has been wowed by the fact that Davis has US Bank stock trading around $27 per share – nearly back to pre-recession levels. In 2009, the fi rm was named the best bank in the US by Euromoney magazine for its performance throughout the downturn, and Davis is generally seen as a safe pair of hands with a useable balance sheet – perfect qualities for these troubled times.

Trust isn’t necessarily the fi rst word that springs to mind when discussing the nation’s banking fraternity, especially given the events of the past few years and public perceptions of bankers as corporate fat cats. But US Bank’s Richard Davis has been plotting a steady course through the recession that has both customers and investors purring.

By Ben Thompson

IN SA

FEHA

NDS


THE BIG INTERVIEW34

Indeed, in an industry that in recent years has been characterized by freewheeling speculation and spectacular falls from grace, the few banks that eschewed such unnec-essary risks are now seen as paragons of virtue. Foreclosure activity, subprime lending, making loans with asset-based lending to customers who were counting on property values rising rather than cash fl ow: the long list of things that US Bank could’ve done but didn’t in the last few years largely explains why America’s fi ft h largest lender has emerged from the fi nancial crisis with its reputation (not to mention its assets) intact. And as the fi rm’s unassuming yet candid chief executive explains in a recent interview, that focus on sound fi nancials has allowed it to capitalize on the recent recession better than many of its competitors.

“We didn’t do a lot of the things a few years ago that we would’ve made a lot of money doing, and therefore we don’t have the consequence today of either trying to replace it and not being able to, or having to pay for it because we made mistakes,” he says. “My point isn’t: ‘look how smart we were’; we were luckier than we were smart, it was the hand we were dealt. But since the recession started, we actually have been spending and investing and acquiring and growing through this whole three-year period. We’ve been able to reset our foundation and reset our trajectory coming out of the recession. Instead of locking down, we said ‘Let’s actually go do something when it seems least likely to do it’. I liken the recession to a headwind. It’s hard to walk into a headwind but if you’re going to fl y, you actu-ally look for the headwind because you intend to use it.”

It’s a key part of Davis’ strategy for US Bank: turning the company from a walker into a fl yer. “We’re not afraid to talk about it or leverage it, because our shareholders de-serve it,” he insists. “Th ey were with us three or four years ago when people were asking ‘Why aren’t you growing like everyone else, why aren’t you making all these loans?’ We just said, ‘We don’t know how they’re doing this, we’re just doing it our own old-fashioned way’. So we’ve actually become more aggressive in a period of time when others aren’t. And I think that should serve us quite well.”

A changing landscapeIndeed, just because US Bank is retaining a focus on its

traditional values – fi nancial security, prudent investment, reasonable returns – it doesn’t mean the organization is not responding to the changing fi nancial landscape. And it will need to: according to Davis, attitudes to credit, risk and personal fi nancial security have been irrevocably altered by the crisis. “We are looking at things that we didn’t look at before, because we’re looking at situations we’ve never seen before,” he stresses.

One such trend is the almost unprecedented levels of public saving banks are currently witnessing. “As a bank, we have an insight based on people’s willingness to borrow and willingness to save. And we’re seeing unprecedented savings levels, where people are holding onto money. I think it’s because they are afraid not to have the money in case they need it – it’s a defensive posture. Mohamed El-Erian from PIMCO calls it ‘self-insurance’. His perspective

AT A GLANCEMinneapolis-based US Bancorp, with $308 billion in assets, is the parent company of US Bank National Association, the fi fth-largest commercial bank in the United States. The company operates 3069 banking offi ces, 5310 ATMs in 25 states, and provides a comprehensive line of banking, brokerage, insurance, investment, mortgage, trust and payment services products to consumers, businesses and institutions.


THE BIG INTERVIEW 35

is that it will force us into a double dip – he’s quite negative about it. Th e point is that it’s a signifi cant measure – we’ve never seen such levels of cash before.”

Th e amount of people not taking advantage of existing lines of credit is also growing. For example, Davis explains that two years ago just 37 percent of customers didn’t use their credit lines, but that now that fi gure stands at 42 per-cent. “People who have access to credit are choosing not to use it; the corollary to that is they are putting more cash on the balance sheet and they’re not stretching it or trying to do anything they haven’t done before. Th ey’re simply hoarding cash.”

Such a scenario will not only prove challenging for fi -nancial institutions as an increasing number of consumers resist the urge to sign-up for new fi nancial products, but could also provide a threat to the economic recovery itself. Davis likens it to the years following the Great Depression, when an entire generation of consumers was left mentally scarred by the prospect of fi nancial ruin. “I was raised by parents who were Depression-era children: we didn’t use anything that we didn’t need and we saved everything we had,” he explains. “My parents were victims of that moment in time that says ‘I’m just never going to be caught unaware again’. In the same way, for the younger people who went through this current recession, it will forever have an impact on the way they behave, the way they incur debt, the way they spend, the way they save. It will be a permanent change. And generally things are going to be painfully slow.”

Below: At a recent White House meeting, CEOs from some of the nation’s largest banks told President Obama that their companies are vital to the economic recovery – and that they want to work with the government to achieve it. From left: Ed Yingling, President of the American Bankers Association; Robert Kelly, CEO of Bank of New York Mellon; John Stumpf, CEO of Wells Fargo; and Richard Davis, CEO of US Bancorp.

It’s a problem exacerbated by current attitudes to ef-fi ciency amongst the business community, he adds. “Busi-nesses, both small and large, have started to test themselves on just how productive and effi cient they can be, how far can they go without adding one more person, one more plant, or one more PC. Th ey realized about a year ago: ‘Wow, we’re still thriving and we’re amazingly more ef-fi cient’, and now they’re banking on it and putting it into their new operating models. Th ey’ll save longer, they’ll incur less debt and they’ll be more effi cient. We’re seeing that behavior across the board.”

The age of austerityIn fact, Davis believes we are entering what he calls an

austerity decade. “Around the globe we will reset what we do, how much we spend, how much we use and what we expect,” he says. “And it’s going to slow everything down.”

And while he insists the future is not all doom and gloom, suggesting that “probably 85 percent of the world will be largely unaff ected by what happens”, he is realistic enough to acknowledge that those “on the edges” will be aff ected greatly. For one thing, access to fi nancial services for those already struggling will be greatly reduced. “We’re going to make it very, very diffi cult for people on the mar-ginal fi nancial edges to get banking services; that’s not a threat, it’s an absolute fact,” he warns. “Credit cards and checking accounts will all be less available. So if you’re in the mainstream, you’ll feel a little diff erence, and the slowing economy will be troublesome, but you aren’t out


THE BIG INTERVIEW36

of a job and you’re not without viability. But if you are on the edges, it’s like bobbing your head above the water. If you’re well above the water, you can handle a wave. But if you’re gasping for your last breath and a big wave comes by, you are pretty much gone. So I think it’s going to move the margin line way up, and leave a lot of people unbanked and unemployed.

“Th e new cost of doing business means I can’t aff ord to have a marginal customer who will either create a fraud loss or a charge-off loss for me if I can’t fi nd a way to create an insurance policy against having a charge for that,” he continues. “So I just won’t. My shareholders didn’t ask me to subsidize anybody and so that will be part of the exag-geration of the divide between the haves and have-nots.”

And while that’s bad news for those already on the edge, what it will mean for organizations such as US Ban-corp is the emergence of a key strategic opportunity: what Davis calls ‘”fl ight-to-quality”, as more customers look to bank with institutions that off er a safe haven for their hard-earned investments. “Every time there’s a story writ-ten about the banks that did well and are going to do well, we keep showing up, locking in our position in the eyes of consumers and businesses as a safer place to either put your money or to get your money,” he explains.

Such factors become more important in tough times – much more so than innovative bells and whistles around new product off erings. In fact, Davis believes that in an industry as traditionally conservative as fi nancial ser-vices, new product innovation can oft en be seen as clut-ter. “Th is industry isn’t that innovative by defi nition: it’s been around hundreds of years, and it hasn’t particularly changed what it does,” he insists. “It’s a gatherer of deposits for safekeeping and a lender of monies to those who look like they could pay it back. We make leverage of 1-to-7 on that deal – end of story. All the other stuff is just making it noisy.”

What has changed, however, is the channels them-selves. “It’s not just about traditional branches anymore. It’s about branches in grocery stores, in airports or in uni-versities. We have the largest number of non-traditional branches of any bank in America – around 840. We’ll see if that pays off or not. We thought years ago that a branch in the corner next to the mall was no longer as appropriate as having a branch where you work or where you’re going to be all the time. We’ll see.”

And the next step beyond the non-traditional branch is mobile banking and the advent of transaction-based activi-ties, including banking on the move – something US bank has been investing heavily in. “Five years ago we would not have been investing but waiting for others to do it fi rst before being a quick follower. So I’ve actually changed the company, taking it into the fi rst group of adopters – not bleeding-edge, but no longer waiting for others. So we’re more involved now in that, but innovation isn’t going to save banking, it’s going to be a defensive act every step of the way. It’s not going to change – I’m not going to get 20 million more customers because I’m the fi rst with some-thing, but I might lose customers if I’m third or fourth.’

Investing in peopleFor Davis, then, it’s all about taking calculated risks

– which of course, is essentially what fi nancial services is all about. “I come to work every day to make sure that whoever invests in this company gets their return, and a better one than they could anywhere else. Th at’s what I live for: the shareholder,” he says. However, he is at pains to point out that shareholders can only achieve true value if the company engages other key stakeholders eff ectively.

“We have four constituencies: employees, customers, shareholders and communities,” he explains. “We never were an employee-focused company, but in this recession we decided to invest in that. Now I start everything with the employees to ensure that they are engaged, feel positive about what they do, that quality work comes through and their pride comes through, and the shareholder becomes the benefi ciary if we do these other things right.”

For instance, fi ve years ago at the height of the boom when US Bank was refusing loans that its competitors were saying ‘yes’ to, Davis says he could understand why em-ployees (who got paid on the basis of whether those loans got sold or not) might have questioned why they worked for the company rather than its rivals; he sees the fact that a lot of them didn’t leave, however, as proof that many of them knew the more stringent provisos in place at US Bank were actually a smarter way to do business.

“I think the employees are here because they decided on it intentionally,” he explains. “Th ey want to be part of this company, doing this mission, doing it this way. My value proposition for the employees is no longer ‘it’s not better somewhere else’, it’s ‘this is the place you want to be part of ’. So our value proposition has changed: it is not about the shareholders at all costs. It’s employees who will aff ect customers, which will change the community view, all of which will feed the shareholder.”

It is that idea of community – of employees, custom-ers, shareholders and local partners all coming together to make things happen – that really drives Davis’ outlook. As co-chair of the Twin Cities’ United Way eff ort, he is in-tensely aware of the diff erence an active and engaged com-munity can make, as well as the important role banks have to play with those communities. “We have always been a community partner,” he concludes. “Th at’s what banks are – the place you go to get things done. Of course, as CEOs we’ll always have responsibilities to our shareholders, but if we can get there by being good community stewards – I’ll call it social partners – I think there’s room for that. A bank is a safe haven when you don’t have a place to put your money, a place to go when you have a dream you need to accomplish and you can prove you’ve got the wherewithal to do it, and a collection of people who independently have a mission greater than funding and collecting deposits because they’re changing the world a little bit. And for me that value proposition didn’t change; it just got crystallized by the downturn.”

This article is based on an interview given for PwC’s 14th Annual Growth Survey. For the full interview, please visit: www.pwc.com/gx/en/ceo-survey

“Th is industry isn’t that innovative by defi nition: it’s been around hundreds of years, and it hasn’t particularly changed what it does”


Xerox ads.indd 1 24/02/2011 10:00

Under attack

Financial services have become resilient in protecting themselves against most security breaches. ‘Hacktivism’ – the new term referring to hackers wishing to make a point rather gain fi nancial benefi ts – has a different agenda in mind. Lorna Davies

explores the truth behind the headlines.

CYBER SECURITY38

Wikileak.indd 38 25/02/2011 13:42

CYBER SECURITY 39

The recent cyber demonstrators who aff ected websites and card payment services in revenge for cutting off services to the whistle-blowing website created by Julian Assange, WikiLeaks, caused a storm in fi nancial services organi-

zations. Th e ‘hacktivists’, known as Anonymous, have warned they will continue their campaign for total internet freedom. Th e group disrupted sites belonging to fi nance giants MasterCard and Visa by bombarding their websites with millions of bogus visits during a campaign they called ‘Operation: Payback’. Th e attacks came aft er the credit card companies and PayPal announced they would no longer process donations to the anti-secrecy organization.

While most countries have plowed much more atten-tion and resources into cyber security in recent years, most of the debate has focused on the threat from militant groups such as Al Qaeda or mainstream state-on-state confl ict. But attempts to silence WikiLeaks aft er the leaking of some 250,000 classifi ed State Department cables seems to have produced a popular rebellion amongst hundreds and thou-sands of tech-savvy activists.

Anonymous appeared to be using social networking site Twitter to coordinate attacks on websites belonging to enti-ties it viewed as trying to silence WikiLeaks.

Senator Joe Lieberman, Sarah Palin and others who criticized Wikileaks or stopped doing business with the document-sharing project were also hit. Th e WikiLeaks fall out has gone into a frenzy since the site began releasing dip-lomatic cables in November that have proved embarrassing for the US government’s diplomatic eff orts.

At the time of FST going to print seven people accused of being connected with the attacks had already been arrest-ed. Police in the Netherlands arrested two teenagers in early December suspected for participating in the Anonymous

‘Operation: Payback’ attacks. Th e pair is awaiting trial for computer crimes. UK police arrested fi ve males suspected of being part of Anonymous in January.

Th ese new threats showcase a new wave of cyber activ-ity. While the motivation of attackers has evolved in recent years into typically one of fi nancial gain, ‘hacktivism’ has been treated as a non-fi nancial motivation. However, this latest example shows us that hacktivism is growing and can now be considered a synonym of cyber-retaliation.

Botnet attacksLast year WikiLeaks came under intense pressure to

stop publishing secret United States diplomatic cables. Corporations either stopped working with or froze dona-tions to the website, bowing to government pressure. Th is then caused the botnet attacks. Botnets are usually created by criminals who use viruses and other methods to sneak malware onto computers that then allows them to comman-deer the machines for distributed denial-of-service (DOS) attacks without the computer owners knowing it. But within the Anonymous attack botnets took on a diff erent role. “It’s usually somebody that’s created the soft ware who can download it onto lots of host machines around the world, and normally that happens through scam e-mail attacks and people open the link and they don’t realize that a piece of soft ware is being downloaded onto their machine,” Paul Rogers, the Chairman of Vendorcom, a membership orga-nization that represents key stakeholders in the cards and payments industry, explains. “But in this particular case the malicious soft ware is knowingly downloaded by members of the public who want to make a protest, want to make a point, particularly to the larger card brands that are taking down the service to WikiLeaks. Th ere are usually a whole variety of malicious soft ware tools that attack computers in diff er-ent ways. But this is a very concentrated attack, focusing on card schemes and PayPal.” Th is is what makes these attacks more interesting and, perhaps, more daunting – because in the past, dot-net-style attacks have usually happened where computers are taken over and the owner is innocent, un-knowingly downloading the virus. Th is is a situation where many of the perpetrators have purposely downloaded the malicious soft ware onto their computer, to participate in hacktivism.

Th e hacktivist activity poses several threats to the card payments industry. Th e fi rst being denial of service – as op-posed to the fi nancially motivated attacks the industry is used to. “Th is is the fi rst time that we see that the attacks were not targeting any fi nancial target,” agrees Ron Meyran, Director of security products marketing at Radware. “So I think that the threat today is that cyberspace is becoming like a playground where activists are the gangsters. Th ey don’t like something, and then they misbehave or take the law into their hands.”

Th ese attacks have certainly fi lled column inches and made headlines, revealing the importance of the card pay-ment system to our everyday lives. Rogers says that the impact to the infrastructure of the industry in terms of pro-cessing transactions has been slight. “It can only register in

On Tuesday, February 15, US Representative Peter King, Chairman of the Committee on Homeland Security, re-introduced legislation that will give the Department of Justice additional tools to prosecute future disclosures by WikiLeaks founder Julian Assange or similar organizations.

‘The SHIELD Act’ (The Securing Human Intelligence and Enforcing Lawful Dissemination Act) HR 705, amends the current law to clarify that it is an act of espionage to publish the protected names of American intelligence sources who collaborate with the US military or intelligence community. King has previously called for the arrest of Assange – calling on Attorney General Eric Holder to prosecute the WikiLeaks founder under the Espionage Act.

Update

Wikileak.indd 39 25/02/2011 13:43

CYBER SECURITY40

terms of annoyance and minor inconvenience. Th at’s not to dismiss the eff ect that any delay might have cardholders who expect instant access and speedy payment processing. Any impact of this type, however minor, is something that every-one involved in providing a safe and reliable card payment processing service strives every day to eliminate.” But how did the hackivists go about attacking card payment giants such as Mastercard? Th e attacks created a huge amount of data and traffi c on the victims website. “In the case of the card schemes, this would’ve been diff erent sorts of inquiries, it could be very simple things, but it’s just a lot of communi-cation hitting those servers,” Rogers explains.

Riot readyRather than bringing the industry to its knees, howev-

er, Rogers argues the attacks proved the ready-for-anything attitude of card payment industry. “Th e cards and payments industry is well used to these sort of attacks. Th ese are not new. Th ey’re not common, but they are to be expected, but obviously they’re not perpetrated by the type of people we’re seeing these attacks being perpetrated by; they nor-mally originate from fraudsters that are intent on credit card fraud.” Th e media was, however, full of headlines like,

‘Mastercard down – WikiLeaks responsible’, so something must have happened that was substantially noticeable for consumers. Th e attacks hit the card scheme servers hard due to the sheer level of traffi c to the sites – in particular in relation to e-commerce transactions. Th e servers ran slower than usual, meaning many cardholders thought the ser-vices were unavailable. “From having spoken to banks and payment processors and to one of the card schemes, I can

Julian Assange – simultaneously one of the most hated and revered people in the world – was arrested in London in December on a Swedish accusation of sexual assault. The US government has indicated that Assange could be in legal jeopardy for disclosing classifi ed information because he’s “not a journalist”. The federal government may seek his extradition to the United States, which has reportedly already been the topic of discussions between US and Swedish offi cials.

“Th ese attacks have certainly fi lled column inches and made headlines, revealing the importance of the card payment system to our everyday lives”

Wikileak.indd 40 25/02/2011 13:43

Xerox ads.indd 2 24/02/2011 10:00

CYBER SECURITY42

attacks ignited by WikiLeak fans, and what has enabled Rad-ware’s customer to prevail against them.”

Tech-savvy WikiLeak supporters also set up ‘mirror sites’ for WikiLeaks in response to various domain name services and data visualization companies refusing to sup-port the site. From all the new sites continually being set up and taken down again the question remained as to the identity of many of Anonymous. Th e attackers could be traced, but as the attack was very distributed there were tens of thousands of sources to be plowed through to search the users at fault. Th e sources were also widespread globally – not just in the US – but also the UK, Russia, China and Japan – again complicating the web of sources for prosecu-tors to trawl through. Th en there is the question of an actual crime – no information was stolen, no ransom was requested and no user account breached. Th e attacks were a protest, people wanting to make a point, but the outcome for the card payment industry could have resulted in some fi nancial loss or – perhaps more importantly – the trust of consumers for their security.

Alongside possible fi nancial losses from sites being taken down, the potential reputational damage to fi rms

say that there was at no time a situation where cardhold-ers were unable to process safe and secure transactions,” Rogers assures.

Th e nature of the attacks is such that standard network security tools like fi rewall and intrusion prevention systems are unable to prevent intrusion. “Companies aff ected, such as Amazon, MasterCard, Visa and the Swiss Bank, must have the best fi rewalls and intrusion prevention systems in place, but yet they’ve been down for hours and more than once,” Meyran explains. What advice for organizations hoping to prevent themselves from this new kind of attack would Radware recommend? “To successfully mitigate against these attacks requires multiple network security tools and technologies including signature detection technology (IPS); hardware accelerated DoS protection to mitigate net-work fl ood attacks; and network behavioural analysis (NBA) with real-time signature to mitigate application misuse attacks, all part of Radware’s DefensePro patented technol-ogy. Human experts that gather intelligence are also key,” he says. “Th is combination is what provides the appropriate and eff ective ammunition to win the battle against new and emerging network attacks, including the destructive DDoS

“Th e nature of the attacks is such that standard network security tools like fi rewall and intrusion prevention systems are unable to prevent intrusion”

New evidence leaked online by the Anonymous collective seems to indicate that well-connected private security fi rms were targeting journalists sympathetic to WikiLeaks. The news comes as corporations, governments and web collectives such as WikiLeaks and Anonymous engage in continued online combat.

Emails hacked from corporate security fi rm HBGary Federal that targeted Anonymous imply that they and others were pitching hit pieces on journalist Glenn Greenwald of Salon.com and monitoring James Ball of The Guardian and Jennifer Lee of the New York Times, along with other journalists.

HBGary Federal’s computer systems were hacked by Anonymous after the fi rm publicly announced they were close to unmasking the identities of high-ranking members. Shortly after the announcement, Anonymous members posted a cache of 60,000 emails belonging to HBGray Federal CEO executive Aaron Barr on the popular The Pirate Bay website as well as others.

Source: Fastcompany.com

News

SUNDAY, NOVEMBER 28 2010DDoS attack hits WikiLeaks as fi rst set of US diplomatic cables is published.

WIKILEAKS UNDER ATTACK: TIMELINE

WEDNESDAY, DECEMBER 1 2010Tableau Software removes public views of graphics built using information about diplomatic cables – the fi rst company to distance itself from WikiLeaks.

Lieberman calls for WikiLeaks to be taken offl ine.

Amazon removes WikiLeak’s content from its EC2 cloud service.

FRIDAY, DECEMBER 3 2010WikiLeaks.org stops working after everyDNS.com ends support. WikiLeaks shifts to Swedish domain.

SATURDAY, DECEMBER 4 2010PayPal permanently restricts account used by WikiLeaks.

Wikileak.indd 42 25/02/2011 13:43

CYBER SECURITY 43

Paul Rogers is the Chairman of Vendorcom, a membership organization that represents key stakeholders in the cards and payments industry in Europe. Its primary aim is to promote innovation, create a platform for thought leadership, provide a forum for knowledge sharing and issues resolution for its members and encourage capability development across the cards and payments industry.

Ron Meyran is the Director of security products marketing at Radware. He leads the strategic plan of Radware’s IPS solutions for the enterprise, eCommerce and carrier markets. He has also been published in IT and security industry magazines and represents Radware at various industry events and trainings. Prior to joining Radware as Product Manager in 2003, Meyran worked at BrightCom Technologies, where he served as Product Manager for the company’s Bluetooth product line based on a fabricated chipset and software.

is massive. MasterCard has been mocked widely across the net as users re-worded its distinct advertising slogans: “Freedom of speech: priceless. For everything else there’s MasterCard.” Th is behavior highlights the importance of the prevention of attacks such as this. Th e education and training of staff plays a vital role. Staff today must be aware of this new kind of threat – meaning human resources and technology play hand-in-hand. “You need both a human factor and technology for behavioral analysis of incoming traffi c sources,” says Meyran. “In many companies they concentrate on technology but they don’t invest in the human factor, so they fi nd out that even though you have the tools, you don’t have the people behind them to operate them eff ectively. Th e traffi c should be suspected, and then it will be prevented.”

Mobile threatWhile most denial of service attacks use botnets to

hijack other computers to overload websites, Meyran suggests these attacks were diff erent as attackers were using their own computers, downloading soft ware from Anonymous. With mobile banking becoming increasingly common, will users be more at risk from attacks? Meyran thinks so. Th e banking industry is one of the prime targets of cyber attacks and although technology has just caught up with installing fi rewalls and other protective agents onto computers, there is not the same protection for iPhones and Android devices. “Th e danger falls on mobile banking simply for the reason that new devices are introduced with lower security,” says Meyran. “People are less aware of the risks of low security mobile devices – so I don’t think it’s going to slow down the trend [of mobile banking].”

Th e attacks have sparked a trend that is growing rap-idly – attacks on business applications that are not neces-sarily out to shut down organizations but to misuse them. “So if there’s a gaming site or a gambling site, there will be fake users which will start playing in gaming codes, or if its an online business they will become new users, adding un-wanted traffi c to the site,” Meyran explains. “Every work-

place would like to believe that the users accessing their websites are real users, but machines can be controlled by the competition. We [Radware] are developing the technol-ogy that would let businesses identify whether the sources or the users that are generating transactions are real or fake.” New awareness, technology and education will aid a successful protection for the card payment industry.

Th e website attacks launched by supporters of WikiLeaks show 21st-century cyber warfare evolving into a more amateur and anarchic aff air than many predicted.

Cyber security has taken on a new meaning and must evolve to counter a phenomenon that is set to become an actual method of hostile engagement.

MONDAY, DECEMBER 6 2010Mastercard withdraws ability to make donations to WikiLeaks.

Postfi nance shuts down one of Assange’s bank accounts.

TUESDAY, DECEMBER 7 2010Visa withdraws ability to make donations or payments to WikiLeaks.

TUESDAY, DECEMBER 21 2010Apple removes an unoffi cial WikiLeaks app from sale in the iTunes App Store just three days after it went live.

SATURDAY. JANUARY 8 2011

It emerges that the US justice system has obtained a court subpoena demanding that Twitter hand over all details of the accounts and private messages of fi ve WikiLeaks supporters and members – including Assange as well as Bradley Manning (the alleged army leaker) and Icelandic MP Brigitta Jonsdottir.

The FBI has executed more than 40 search

warrents in the US in its Anonymous

investigation

Wikileak.indd 43 25/02/2011 13:43

INDUSTRY INSIGHT44

Don’t be the next WikiLeak: preventing document leaks starts with your usersTim Upton explains how recent security breaches highlight the need for fi nancial services to step up their data loss prevention, and it starts with their own employees.

Last December, both MasterCard and Visa’s web-sites were sabotaged by supporters of WikiLeaks aft er the companies opted to no longer off er card processing services for those donating to the con-

troversial organization. Th ese high profi le attacks, along with the WikiLeaks phenomenon overall, serve to illus-trate how very vulnerable fi nancial services organizations actually are.

While these attacks were denial of service attacks that shut down both company’s websites, the single biggest vulnerability within a fi nancial services organization is not outside hackers, but their own employees. Th e damage to the organization, both fi nancially and to its reputation, when a public leak occurs is just too great to ignore.

Understanding data loss prevention Currently, most fi nancial services organizations have

technologies in place to prevent malicious, intentional attacks such as the ones faced by Visa and MasterCard, but these attacks account for less than one percent of data breaches. Th e single greatest risk of data loss is from the authorized user, who mistakenly sends a document or email to the wrong person. Usually is it a harmless mis-take, but it can have serious repercussions including loss of money and customers, public embarrassment, fi nes, lawsuits and more.

Th e stark reality is that Data Loss Prevention (DLP) is a major concern for fi nancial services institutions. Th e 2010 Financial Services Global Security Th reat survey con-ducted by Deloitte found that DLP is the second highest priority aft er preventing external attacks, and that data loss prevention technologies will be one of the most pi-loted technologies in 2011.

From a technology point of view, many fi nancial services companies have deployed large scale DLP solu-tions in an eff ort to address this issue. Traditional DLP solutions, while largely eff ective at the server level, fail to address a critical piece of the DLP puzzle – the user. User driven security solutions which actively engage and edu-cate employees on how to manage data is needed to create a complete approach to preventing data loss.

Furthermore, information has to be shared quickly and eff ectively, or business suff ers. Financial services companies need to be able to send emails, documents and customer information to their various stakeholders with-out worrying about the information getting into the wrong hands. Th e business should not be delayed because a DLP solution has quarantined or prevented communications.

Building a secure information sharing environment

Data leakage prevention eff orts should be focused on building an end-to-end approach to handling sensi-tive documents and emails – an approach that includes users. Users are the key to stemming the tide of data leakage.

While traditional DLP technology is an integral part of secure information sharing, the value of these systems should be extended through the addition of classifi cation and labelling technology at the user level. Th is technology should be intuitive and easy to use so it speeds up the process of sharing information. DLP solutions alone are simply not suffi cient in the current regulatory and security environment. Systems need to be able to accurately identify risks and violations with-out disrupting productivity. Additionally, this approach provides security offi cers with greater visibility into whether or not leaks are happening, and provides them with the ability to address issues before then can turn into a public disaster.

Oft en, employee education concerning security policies and how to handle data has been done via proce-dural manuals, employee orientation or emails from the IT team. Security policy on the whole has always been a challenge for fi nancial institutions as busy employees simply may not be thinking about security on a day-to-day basis. User driven security solutions actively engage users in the organization’s fi ght against data leakage.

Information workers or content owners within the fi nancial services industry deal with sensitive informa-tion every day and are best equipped to determine the level of sensitivity of the information being handled. Engaging users in the process enables the organization to actively and consistently educate them about the or-ganization’s policies, while protecting the organization against inadvertent policy violations.

SummaryIn the current regulatory and security climate, fi -

nancial institutions need to step up their eff orts around document leakage or risk the costs of recovering from such an incident. Extending current investments in data leakage prevention, though the addition of user d riven security technology as well as classifi cation and labelling solutions, deliver a proven and practical way to create a secure information architecture, while increasing end user awareness and engagement in preventing leaks.

Tim Upton is Founder, President and CEO of TITUS, a company that provides security and compliance solutions for email and documents to large enterprises, military and government around the world. He has an extensive background in security and information protection best practices, and provides the overall vision for TITUS products and services.

Titus.indd 44 25/02/2011 13:53

TITUS AD.indd 1 15/02/2011 15:10

ENEMYKNOW YOUR

INFORMATION SECURITY46

Mark Logsdon.indd 46 25/02/2011 13:36

INFORMATION SECURITY 47

Any information loss at a bank can escalate into a serious incident and a loss of cus-tomer confi dence. Does the myriad of threats to data make you slightly paranoid or keep you awake at night?Mark Logsdon. I’m always a reasonable sleeper so the threats don’t keep me awake. However, we need to be on our toes collectively and understand the risks that are out there and ensure we’ve got suffi cient controls to manage the risks accordingly. We’ve got a great team that help us do that and this helps me sleep a little easier, although one is never complacent, not even for a millisecond. We continue to monitor the threats so that we hopefully don’t get caught out. Th ere is a whole [response] team here who are able to instantly respond to an incident. Th ey are constantly monitoring systems and events as we speak and use some sophisticated programmes around fraud detection and prevention.

As the bank’s Head of Information Risk Management, what are the main challenges you face at Barclays when tackling the issue of information security? ML. Dear old Willie Sutton (American bank robber and gangster during the Great Depres-sion) was once asked why he robbed all the banks that he did and his response was ‘Because that’s where all the money is, stupid’. I think that’s still the case today. We are naturally a target because we’ve got money that people are going to seek to steal. Th at said, we’ve still got a lot of people’s personal data and it’s important to us that having been entrusted with that data by our clients, that we protect it in a manner entirely appropriate to make sure that it’s not lost. Th e traditional electronic scams like phishing and now social engineering have been around for a while just the same as con men, fraudsters and tricksters have been. What I call old fashioned crime is still committed today but people are more tempted to do it electronically. And there is still the problem of disgruntled insiders although instances of that are rare.

One important things is to ensure that we do have secure technologies and that we have great processes around them because if there’s a weakness in the process it can circumvent all that great technology and the controls. We also spend an awful lot of time making sure that people are aware of the risks that we potentially face, and that they know how to respond and deal with them, should they either suspect or spot something. So we have a huge aware-ness campaign in place that helps them to understand the risks and what they should do accordingly.

When you mention threats to people’s personal bank information, people may think of external attacks from ‘hackers’ but data loss is more likely to come from within. How do you protect against these risks?ML. Th e particular risk of data loss has always been with us; it’s not a new risk. If one thinks about it, letters have always gone missing in the post. Th e fi le in your fi ling cabinet – we’ve always lost them. And there has always been the risk of the fax machine where someone inadvertently punches in a wrong digit and the document gets sent to the wrong number. So there has always been that case for a genuine mistake or a momentary lapse of concentration

and I don’t think it is any diff erent today. Th e diff erence now is that there is more chance to lose data quicker; one can keep an awful lot information on a memory stick as opposed to in a fi le.

Barclays’ Mark Logsdon is on the frontline in the bank’s fight against internal and external threats to its all-important data. It’s a war Barclays is winning, but Logsdon says he won’t allow complacency to catch the bank off guard – ”not even for a millisecond”.


INFORMATION SECURITY48

How do you combat it? ML. We have some good technologies that help us to con-trol things and make sure that in cases where colleagues have got access to some sensitive data they can’t just simply plug a USB stick in and download it all from their laptop or desktop. It comes back to awareness of the issues. Mistakes will always happen and there always will be that momentary lapse of concentration. We all have them. We didn’t mean to send an email, but, unfortunately, we did. With those col-leagues around particular sensitive areas of the bank, those with privileged access, there are further controls to ensure what they’re doing is appropriate, that monitoring tools are there and that they’re backed up with good HR-type poli-cies. It’s about good technologies, good processes and good people management. I don’t think there’s anything new in that. I think that the danger is that there’s just a focus on one of those things, technology.

And the other risk is that people don’t join the three things up, and they happen a little bit in isolation and are not joined up to manage the risk appropriately. Our job here is to ensure that with information risk management we look at all kinds of information in whatever form it resides, be it in people, hard copy or electronic and that we try and join all these things up.

And there is no patch for stupidity, as the saying goes within IT security circles. ML. Th at is an old quote from [ex-hacker] Kevin Mitnick. I think there is merit in it but I prefer to call it a momen-tary lapse in concentration. At Barclays we employ bright, committed people who, given the right information at the right time, will make the right decisions. Our job is to give them that information so when they do happen to have that momentary lapse of concentration, which hopefully is very rare, at least they know what to do next to try and minimize what happens next.

The public sector has seen its fair share of spectacular data losses. How do you get staff to appreciate the value of data and educate them on correct procedures?ML. Let’s be clear, I’m not saying this has happened in Bar-clays but people with good intentions send documents from A to B but with no thought about what happens if they go missing in the post. Th ey are not aware that they might need to encrypt the documents. Th e reason they did not follow the correct process might be because it was so cumbersome and so inhibitive that it prohibited the business from doing what it was seeking to do. In my view, there has got be a balance of pragmatism against the need for control. In some cases, the need for control wins but users will fi nd a way around it if they can. As I said, a lot of the time it comes down to genuine mistakes. For instance, how many times do we see the phone left outside somebody’s household address? It con-tains people’s names and addresses, right?

It comes down to user education; they oft en don’t know they are supposed to put these things on an encrypted disk, use a double envelope of whatever it might be. Th ey don’t understand what is expected of them in this day and age

”We employ bright committed people who, given the right information at the right time, will make the right decisions”

Above: Mark Logsdon, Barclays’ Head of Information Risk Management

and make an honest mistake. While the technology and processes might be right, do the people understand what is expected of them?

How do you deal with staff mobility and work being car-ried out on laptops, smartphones and now tablets, 24/7 globally? ML. Staff mobility presents us with magnifi cent opportuni-ties for ways of working. Sure, sometimes there are challenges around the way we do things, but we have to manage those challenges in a pragmatic way which enables a business to meet and realize some of the opportunities mobility allows. It is about a risk-based approach because for some people in some jobs it may not be appropriate for them to have remote access in an internet café. For other people in other parts of the business, it may be because the information they’ve got access to isn’t particularly sensitive at all. So we need to manage it appropriately but not in a way that stops the busi-ness from realizing the opportunities.

We have a big push at the moment exploring the use of iPads but we need to manage it in an appropriate way because it may be right for some staff to use them and others to stick with a desktop. It needs to be managed accordingly without saying to people, ‘You can’t have that or you can’t have that’. It’s about risk managing the process.

Data losses can also occur when operations are out-sourced. How do you approach this to ensure informa-tion doesn’t fall into the wrong hands?ML. Th is is a third-party risk and we share this concern. More recently, we have off ered some awareness material, free of charge, to third parties looking aft er our data so they are aware of what we expect of them. Th is isn’t aimed at the


INFORMATION SECURITY 49

Seeking securityThe web has become a playground for hackers and malcontents eager to phish, defraud and steal wherever and whenever they can. Policing this landscape is a logistical nightmare, and battle lines are being drawn and redrawn many thousands of times a day – which perhaps hints at why many millions of us are a little uncomfortable with the idea of storing our sensitive data in third-party environments.

“The security space is a tough problem, and it’s going to be a tough problem for quite some time,” believes Crawford del Prete, Chief Research Offi cer at IDC. “You have many complex forces coming together, and the threats are changing dramatically because they involve people and the way people approach attacks – and people can be very clever. As a result, online security will continue to evolve for quite some time; it will not commoditize anytime soon, which is why it represents an attractive area for companies to invest in.”

The mobile nature of most next-gen devices has opened up the security perimeter of the internet to previously unheralded outposts, an evolution that has made it even harder to secure. Businesses reliant on the convenience of these devices are becoming more exposed to the dangers lurking out there. “We now have mobile devices that are truly becoming handheld computers,” says del Prete. “If you look at Nokia’s N900 Smartphone, it is a 32 gigabyte device. It wasn’t so long ago that 32 gigabytes was on your desktop or laptop. The company has also just announced their new operating system, with native USB support, so you will soon be able to plug a USB drive into a Nokia phone and it will recognize it as another disk drive, further increasing portability. So securing this data at the very edges is going to be an immense challenge.”

Current security methods range from the incredibly ingenious to the incredibly crude. “I know of security guys who literally squirt epoxy resin into their USB ports so that they become unusable,” says del Prete. “But we now have to become much smarter. We have to develop software tools that allow CIOs and their staff to effectively know what is being put out to ports, and the ability to remotely turn ports on and off. This is going to happen on mobile phones as well, where things like remote kills become increasingly prevalent and important. The next big hurdle is going to be securing the data that is on these truly mobile computers that are in people’s pockets. There are tools to do this, but they are not nearly sophisticated or widely deployed enough.”

large companies but more towards the SMEs who haven’t necessarily got the resources to spend on that sort of stuff . It’s also targeted at the people on the ground handling our data. We mandate that high and medium-risk suppliers are properly trained and it has proven to be hugely successful.

Th e myriad of consultants and contractors that are constantly working with us and provide an invaluable service have an account on the network just like I have too. So you need to understand what sorts of third par-ties you are talking about because the risk profi le might be diff erent and the controls you put around them as a consequence might change as well. With regard to what information they have access to, we have a segregation tool that allows us to make that call. We put the suppliers into high, medium and low risk categories and the controls we put into place around this refl ect the risk potential they pose to us. Of course, we back this up with a performance review to ensure they are doing the right things. We’ll go back at a later stage and say, ‘You said you’re doing X, but can you prove it to us?’

What key trends do you foresee in information risk management over the next few years? Where will the threats come from?ML. Th e traditional threats will stay the same – fraudsters, organized criminals and insiders – and these threats will remain constant. Another is around consumerization and the plethora of devices people are wanting to bring into the organizaton and use, which creates some interesting chal-lenges. Th e one that interests me, going forward, is around identity and people accessing networks. If you think about it, we all have multiple identities. I just wonder how this can be sustained so we might have to look at that.


NETWITNESS AD.indd 1 15/02/2011 15:10

Visibly transform security

Allan Carey explains how enterprises are becoming more agile to defend against a dynamic threat landscape.

Cyber security has maintained a heightened level of attention in the media. Wikileaks and its aft ermath, Stuxnet, Aurora, and other attacks against corporate and government entities have

clearly demonstrated an increasing level of sophistication by adversaries. Modern network-based emerging threats initiated by state-sponsored actors and organized crimi-nal communities are utilizing a combination of cyber and social obfuscation techniques to completely evade current security prevention techniques.

Facing this level of sophistication, enterprises can no longer aff ord to wait months, weeks, or even days before new threat vectors are identifi ed and made public. Ac-cording to the Growing Risk of Advanced Th reats study by the Ponemon Institute, 80 percent of respondents said it takes a day or longer to detect an advanced threat and 46 percent said it takes 30 days or longer. If an information security strategy involves waiting until security vendors release signature updates or soft ware vendors release patches to close the gap on exposed vulnerabilities, the enterprise is already compromised.

Today’s enterprises employ a variety of preventative security tools that have been perimeter-based, primarily at Layers 3 and 4, and require signatures or a foreknowledge of an attack before action could be taken. Th ese network defenses do not provide adequate visibility into the current threat landscape or allow a security team to be nimble in their response. Combating advanced threats requires a new strategy with more focus on detection than prevention.

For detection of advanced problems, such as zero-day malware, command and control traffi c and sensitive data exfi ltration, enterprises need complete visibility into what is happening across the network at all times. Th is can only be achieved through a network security monitoring ca-pability that accurately analyzes all network traffi c, fuses threat intelligence from the global security community, and gathers data generated by applications, networks, users, and security systems in real-time. Th is capability includes the requirement for visibility into threats and encrypted malicious traffi c hiding in approved traffi c types, and using approved ports and services.

Many seasoned security experts have used network data for forensics purposes for years. Historically, most network forensics work has been associated with small-scale, post-facto analysis in support of incident investigations, or in less frequent situations, as part of an organized cyber threat intelligence team. As a result, automated threat intelligence and real-time network forensics have grown to be critical

components of defense in depth and continuous network security monitoring strategies. During the last few years, top security teams across critical infrastructure organizations such as communications, fi nancial services and government have adopted real-time network security monitoring as an absolute requirement for day-to-day security operations.

Network security monitoring is not the same as log management or security information and event manage-ment (SIEM), which are valuable to the extent that data sources have useful information and are properly integrated, but they lack event context. With network security monitor-ing, the security team is working with full packet data which contains the richest network data with traffi c reconstruction and provides context to all data sources. Forward-thinking organizations have benefi ted from integrating their SIEM with a network security monitoring capability to create pre-cise real-time analytics and actionable intelligence that drive more eff ective and effi cient remediation eff orts and support the organization’s security objectives.

A successful strategy against cyber threats begins with the recognition that your organization will be compro-mised. Th e challenge is to develop a comprehensive network security monitoring program that incorporates the best aspects of existing investments with exciting innovative ap-proaches to network visibility and data analysis to achieve real-time, precise advanced threat detection and incident response. Real-time network security monitoring provides a new and powerful capability for security teams to obtain the level of visibility and agility necessary to confront com-plex IT security issues. Security teams can be empowered to dramatically improve existing incident management, investigations, and overall security operations, and achieve a powerful advantage toward mitigating signifi cant risks to the organization.

Allan Carey is currently a Director at NetWitness. He has previously advised Fortune 1000 organizations on information security strategies through in-depth market analysis and industry intelligence.

ASK THE EXPERT 51

Netwitness.indd 51 25/02/2011 13:52

RISK52

In the world of banking, risk is king. Get it right and watch as your profi ts soar and cli-ents stick to you like glue; get it wrong and watch as the proverbial dealer swipes your

chips off the table and moves swift ly on. Th ere are those who thrive on risk, and those who rely on it – but regardless of perspective, all know the golden rule: there is never a guarantee.

And while that rule is as poignant now as it was last decade, the brains working with risk have learnt how to manage it exponentially better. Algorithms, IT architecture and a more confi dent grasp of risk traits have all pushed the envelope of risk management – and for some countries, it has quite literally evolved their markets. Nowhere is this more prevalent than South Africa, a nation tarred by the interna-tional press in years gone by with the brushes of racism, violence, crime and political instability.

But things are on the up once more, and for Annelie Schnaar-Campbell, Director of Group Risk Management at Standard Bank, that equates to more challenges and the chance to implement further risk management pro-grammes on a global scale from the bank’s Johannesburg-based headquarters, benefi tting not only the company, but its clients and secu-rity frameworks too.

“To me, one of the key reasons we have big programs for risk management is because we are a global bank, we have lots of operations to geo-graphically disperse across the globe,” begins Schnaar-Campbell. “So what these big programs

enable us to do is to set a minimum of standards and frame-works in place, which further enables us to ensure a consistent approach to risk management. One of the benefi ts of using this type of program is that we then have the ability to build up a pool of resources, which we can allocate to these big projects. In doing so, we can develop the com-ponents that we need for eff ective risk manage-ment quicker than if we had to conduct separate, smaller projects instead.”

Essentially, as Schnaar-Campbell puts it, employing bigger projects opens up the doors to think more strategically. By combining smaller projects, which take up more time and tend to be disparate in nature, she believes you can look at the overall approach and outcome, in turn help-ing to prioritize resources appropriately and to build something that would make more of an impact in the long-term. Indeed, one of the key priorities for Schnaar-Campbell right now is in-terpreting the requirements and proposals that have been defi ned by the banking committee.

Overcoming hurdles“We analyze all of them as they become

available and make sure that we know poten-tial changes would need to be made to our risk management framework. We’re also focused on making sure we have an integrated view of risk – both in terms of the legal entities within our

SchnaarCampbell_V2.indd 52 25/02/2011 13:57

RISK 53

seen that fraud is moving from credit cards to debit cards, so I think whenever the bank closes gaps in being able to identify and frustrate fraud, then people move to a diff erent area and con-tinue their business. In terms of physical crime, we’ve also seen what we call associated robbery, where people are approached by criminals close to the location of the bank or near ATMs.”

Another obvious area for criminal exploi-tation is e-crime. With many presuming that because it’s online, companies can implement tools and technologies to up security measures and manage risks, the reality is that it af-fords the criminal element the same leverage. Schnaar-Campbell cites developing the right security technologies at the right time and ex-ecuting them with precision as one of two ways to protect customers from e-crime and continue to make secure online transactions; the other being education.

“Many times it’s ensuring the customers are also aware of the situation, so that means help-ing them to become more aware of the potential risks and being more cautious about what they do. For example, it doesn’t matter if you’ve got a fantastic system – it’s more about taking the technology as far as you possibly can to protect the information of the customer while still en-suring that the customer is up to date about what they should be looking out for.”

But in the current business climate, get-ting the balance right between potential risk and compliance programs and their fi nancial implications is pivotal to maintaining success across the board: effi ciency is key. “Th e key thing is to understand exactly where the biggest benefi ts are and that you’re focused on those,” explains Schnaar-Campbell. “To me, everything we do from a compliance point of view has to be looked at to assess how it strategically fi ts in with the overall risk management objectives that we have, and ensure that the programs achieve the outcomes to benefi t the business or risk manage-ment in question. Essentially, when you imple-ment something, implement it well – but from the start, make sure that you get the optimal benefi t from doing that.”

Avoid the risk?Th e other side of the coin is compliance – a

hot topic in the general arena of business since the global fi nancial downturn – with many wondering whether compliance can ever com-pletely eliminate risk. But as Schnaar-Campbell explains, the answer isn’t as clear-cut as that, with it being extremely unlikely that risk could ever be completely eliminated. Furthermore, banks are in the business of managing risk and

Risk is a standard ingredient in the recipe of any bank, but as Annelie

Schnaar-Campbell

explains, it’s how you manage those risks that will leave you tasting success or failure.

group as well as having a view of

our consolidated risks across diff erent risk types. So,

we’re looking at ways in which we can pull data from various sources and bring it

together, analyze it and be able to provide the results in the format of a dashboard to the correct management or board committees.”

And, as per usual, standing in the shad-ows of the top priorities are the biggest chal-lenges facing risk and compliance – with new regulations taking the gold in both contexts. But Schnaar-Campbell also cites having operations in more than one company and the need to stay abreast of all relevant requirements as other fac-tors that need consideration.

“Also, if you look at more specifi c risks, the level of sophisticated crime – in the context of syndicates that have created very well organized threats towards banks – is also a problem. And it’s not just about syndicates from South Africa, but also from cross-border threats. We’ve also

SchnaarCampbell_V2.indd 53 25/02/2011 13:57

RISK54

As Schnaar-Campbell affi rms, you can have the best technology in the world, but without educating your customers on the risks of e-crime – and how to overcome them – criminal activity will continue to prevail at a blistering pace.

With that in mind, back in May of this year Standard Bank became the fi rst South African bank to provide its customers with free anti-phishing software that also protects against online fraud by malware, by offering protection against divulging sensitive fi nancial details to unscrupulous third parties when banking online.

Itumeleng Monale, Standard Bank Director of Self Service Banking, said: “Phishing globally costs customers and the fi nancial industry billions of dollars annually. While fi nancial institutions like Standard Bank have spent a great deal of time on consumer education and internal mechanisms to secure our systems, customers still fi nd themselves out of pocket when defrauded by unscrupulous fraudsters over the internet when responding to phishing emails.

“Standard Bank believes that with the introduction of the free Rapport secure browsing software, it has provided our customers with an effective mechanism that will help prevent them from divulging sensitive and personal fi nancial information to third parties over the internet.”

And, with over 500,000 phishing sites identifi ed across the web in 2009 – with an average of 294 fi nancial institutions targeted globally – Standard Bank is certainly putting the best foot forward for its customers. Unlike conventional security software, which blocks known attacks but can’t keep up with the sophistication and speed of new ones, Standard Bank’s online banking software can detect new threats where conventional applications like anti-virus software often fail to detect a phishing threat. On top of that, the software also has the capacity to inform the bank of potential bogus sites so that the bank’s security division can take proactive action to prevent further acts of fraud.

“Very often customers have little recourse in claiming back funds from banks if they have compromised their personal fi nancial details over the internet. Standard Bank believes that the introduction of our new security software will greatly reduce customer exposure to online threats like phishing,” concluded Monale.

using it to leverage opportunities – so it wouldn’t be in their best interests to eliminate it even if it was a possibility.

“I think it’s more up to the board, as well as senior management, to ensure that there’s actu-ally a risk culture in the bank. In addition, ethics training is absolutely key – and that should never be about compliance. It should be about the best risk management that a bank can pro-duce. For me, it’s more about risk management than trying to eliminate risk, and banks are in the best possible position to do that – something compliance alone could never achieve.

“We need to be able to have a forward-looking view of what the potential risks that we have to face are; that we can measure it in a way that makes sense to us; we can price it and we can then use it to our competitive advantage. So we really need to be able to track areas where there may be potential risks arising so we can measure and manage it. Th at’s more important than trying to avoid it.”

Of course, the idea of banks preferring to manage risk as opposed to attempting to avoid it is far from being groundbreaking news, but with risk becoming far more diverse and quicker to prevail in the current climate, perhaps the wish of companies like Standard Bank has come a little too true. But for Schnaar-Campbell, more risk translates into more opportunity. So where does she see priorities moving over the next 18 months?

“Well, it’s looking at the integration, con-solidation and aggregation of risk information across geographically split areas, as well as across risk from a systems point of view, tracking the new BCBS proposed changes to the regulations. What we’re also focusing on is looking at data rationalization and making sure that we have the data available for management decisions at the right time, so making our systems more effi cient in order to get the information available as fast as possible. Th at’s from a systems point of view.

“From a governance point of view, if I can call it that, we’re interested in streamlining the decision-making process, and for that we need to have the information available in a format that can be understood and analyzed very quickly in order to be incorporated into the decision-making process. Delving into more specifi c areas, we’re also dealing with ongoing methodologies. We started conducting stress testing by building specifi c pockets of stress tests, for example in market risk, which has al-ready been a requirement for a couple of years. As we’ve become more and more sophisticated in our stress testing, we’ve also seen a very good group level entity stress test with results, which we can then measure back against risk.”

For Schnaar-Campbell, the remaining focus centers around coming up with the appropriate stress correlations between risk types: how to aggregate the diff erent risk stress results in the best possible way – from the macro-economic to a complete stress event – enables a better perspec-tive of the complete picture. Indeed, as Schnaar-Campbell asserts, they already have a total picture available, leaving them enough maneuverability to work with the next level of stress tests.

“Our other focus is in the bank,” contin-ues Schnaar-Campbell. “At the moment, we’re busy implementing the AMA approach for operational risks, so we started with a formal program in January last year – and it’s now one of the biggest programs we have running. Obviously, that takes plenty of resources and a

lot of focus, but again, it comes down to making sure that we get the right benefi ts and the opti-mal value out of that.

“For me, the key is whenever you do some-thing, make sure it fi ts in with your risk manage-ment vision and framework, and don’t do things in isolation,” concludes Schnaar-Campbell. “But I also believe that these are the key risks that inter-national active banking groups with banks in dif-ferent locations have to face at the moment. Make sure that you’re able to get your data quickly and are able to analyze it and provide it in a way that people can make those key decisions as fast as possible. Th at’s what you want to achieve in the end, so make sure that every component you’ve bought is aligned to that overall vision or frame-work that you have.”

The fi ght against e-crime

SchnaarCampbell_RISK.indd 54 25/02/2011 13:46

McAFEE AD.indd 1 15/02/2011 15:09

EXECUTIVE INTERVIEW56

The consumerization of IT within the fi nancial services industry: ready or not here it isBrian Contos explains why it is imperative for fi nancial institutions to embrace IT consumerization into their overall strategic objectives.

What is the consumerization of IT?Brian Contos. Th e division between end-user devices being supplied by corporate IT and consumer electronics that employees feel they need to conduct business, has blurred. Users are fi nding that the laptops, tablets and smartphones they purchase for personal use are generally more power-ful, capable and all around ‘sexier’ than what is supplied by their employers. From techies to business executives, this has resulted in explosive growth in the use of personal technology for business.

Th e needs of today’s users have evolved past tradi-tional computers and PDAs. Users require more versatile devices such as those off ered by application-ready tablets and smartphones, as well as the cloud-based services those devices are designed with in mind. Th ese devices and the services they use overlap personal and business use. Th e solutions are viral; once a few people fi nd that a certain device and or application makes their life better, or im-proves business productivity, adoption explodes.

What are the business benefi ts?BC. Th ere are several business advantages to the con-sumerization of IT such as enhanced productivity, lower organizational procurement costs brought upon by BYOC or bring your own computer, and less demand on IT for endpoint support. Th ese advantages can be realized across three areas commonly associated with the consumeriza-tion of IT: mobile devices, laptops and desktops, and vir-tual desktops.

Many fi nancial services organizations have developed custom applications that are optimized for mobile devices, giving employees a competitive edge: fi rst to get back to a client with an answer, fi rst to update the database, fi rst to solve the problem. From collaboration tools like email and calendaring to line of business applications such as CRM and enterprise databases, designing solutions that give em-ployees access regardless of their device or location makes business sense.

In addition to custom applications for employees, many public applications also yield value. Many in the sales force live and die by contacts in the cloud such as those off ered by LinkedIn. Human resources likely uses Facebook as part of the recruiting process, and marketing no doubt leverages services such as YouTube and SlideShare.

With the next generation of customers viewing tra-ditional websites and email like cave paintings and hand written letters, mobile applications are also becoming

McAfee.indd 56 25/02/2011 13:52

EXECUTIVE INTERVIEW 57

customer facing. It was once big news to have customer self-service portals; those are now evolving into sites opti-mized for mobile devices to check account statuses, receive updates, transfer funds, trade stocks and more.

While this mobilization of applications and corporate data has a positive impact on productivity and IT resource utilization, it’s not without is challenges. A very common, important question is: “How can we protect our assets and sensitive data when personal devices are connecting?”

What are the security risks intrinsic to the fi nancial services industry?BC. Th e fi nancial services industry encompasses a wide range of businesses from commercial and private banking to stock brokerages and hedge fund management. Because the nature of the business is complex, highly sensitive and personal, fi nancial institutions are heavily regulated with national and international mandates, industry regulations, state disclosure requirements and internal governance. In support of new business initiatives, fi nancial services orga-nizations have been leveraging security controls to protect sensitive information and achieve compliance for years.

Th e last few years, however, have introduced new challenges. From the mortgage collapse to diminishing customer loyalty, fi nancial services organizations are searching for ways to address these issues by achieving greater profi tability and better serving their customers. Th e consumerization of IT is one logical solution, but this embrace is not without risks.

Th e ‘consumerization of IT’ challenge isn’t enabling email delivery to mobile phones. Th e challenges are rooted in two key areas: protecting how data is being manipulated and controlling network access across mobile devices, lap-tops and desktops, and virtual desktops.

Tasks that have been rudimentary for traditional corporate-owned, end-user devices such as provisioning and revocation, are now opaque because it’s not always clear who owns the device, and further who owns the data on that device.

How can risk be mitigated?BC. Th ere are three areas across the consumerization of IT that need to be looked at in order to address the pri-mary issues: mobile devices, laptops and desktops, and virtual desktops.

Mobile devices require scalable solutions that help IT secure and manage the entire device and the data. IT needs a centralized way to enable easy, self-service provisioning to included access mechanisms like VPN and Wi-Fi, set and enforce policies independent of the ever-growing end-point types, and do so in a way that is persistent and can’t be undone by users through careless or intentional acts. Th ere also has to be accountability for the employee device. During the initial authentica-tion process when accessing the corporate network each device needs a unique ID that is associated with a particu-lar user, and as such, that user’s groups, roles and permis-sions. With these dots connected, determining network

access, and access to enterprise and line of business applications, risk can be mitigated. From a compliance perspective, consider the Sarbanes-Oxley requirements around tracking changes to fi nancials. Regardless of an employee accessing fi nancials and making changes from a traditional desktop or smartphone, the actions are associ-ated with an individual per the mandate.

Other capabilities should allow IT to perform full or partial data wipes. Partial wipes are critical for employee-owned devices where only corporate data should be removed, thus preserveing photos, music, applications and other non-corporate resources. Remotely tracking the phone’s location, locking it, and performing backups and restoration are also important mobile device security capabilities.

Laptops and desktops can be controlled by leverag-ing network access control (or NAC) with multiple zones based on access criteria. For example, a visitor with an un-managed device may get internet access via an un-trusted guest network but no internal access. Old anti-virus.DATs or an un-patched OS may get a device on the trusted net-work, but deny access to sensitive business assets. Only when full system interrogation evaluated against policies is preformed, is full, trusted access provided – and even then, only within the limits of the user’s identity and role. Th us regardless of managed or un-managed laptops or desktops, or end-point types, access can be controlled.

Virtual desktops are a common mechanism for mitigating risks surrounding the consumerization of IT. A virtual image can be installed atop a smartphone, tablet, laptop, etc. A user leveraging a virtual image can interact with the corporate network and sensitive data based on policies and permissions that might limit the ability to download data, take screen captures, access certain ap-plications, etc. While a powerful control, the virtualiza-tion promise of any device anywhere has historically been limited by traditional security controls. For example, installing anti-virus on every virtual image is a network, system, and virtual image density drain. Virtual images should be used in conjunction with specialized security so-lutions designed to optimize virtual environments. Some examples of this optimization are offl oading anti-virus from individual virtual images to a dedicated image, intel-ligently caching so for example when HR sends a PDF to 1000 employees, it is scanned only once for malware, and the result is distributed to the other images, and standard-izing end-point security by moving anti-virus solutions off the end-point and into the data center.

Th e consumerization of IT should be embraced. Saying ‘no’ won’t scale, and could lead to missed business opportunities. By focusing on mobile devices, laptops and desktops, and virtual desktops it is possible to mount an eff ective risk mitigation strategy built atop mobile device management, NAC and security for virtual images that also yields operational effi ciencies. Users need easy and secure solutions. IT needs centralized, scalable and integrated solutions that address security and compliance across net-works, end-points and content security controls.

Brian Contos, CISSP, is director of global security strategy at McAfee. He is a recognized security expert with more than 15 years of security engineering and management expertise. He is a published author, Ponemon Institute Fellow, and graduate of the University of Arizona.

McAfee.indd 57 25/02/2011 13:52

INDUSTRY INSIGHT58

Spanning the analytics spectrum

Venkat Mullur explains how fi nancial services fi rms continue to evolve from reports to self-service analytics.

The transformation of data into information should be seen as a continuum, from static reporting (which still has its place in most businesses), dash-boards (mainstay in managing repeatable opera-

tions), to more sophisticated self-service analytics tools that answer forward-looking questions.

Timely and accurate data has always been critical to fi nancial operations such as trading, lending, hedging and disclosure. Over time, the types of questions business users have come to ask of data have changed, and business soft -ware has evolved accordingly. Timely insights are now criti-cal to a sustainable competitive advantage.

Th e fi rst generation of data queries sought to gain an ac-curate picture of the business, mostly from a historical per-spective – “which region performed best in Q4?”, or “what was the revenue from credit cards, for each month in the preceding 12 months?” Accurate source systems and robust databases capable of returning results fast was the need of the hour. Th e soft ware industry responded and we saw a boom, from about 1980 to 1998, in enterprise databases and reporting systems.

Th e next generation of data queries involved more sophisticated questions that sought to glean second-order insights from data. Financial institutions, faced with in-creasing competition caused by deregulation, were seeking new ways to be profi table independent of business cycles. Business users were forced to look at performance metrics both temporally and across other classifi cations. So ques-tions oft en took the form of “what are my top three prod-ucts, both across a line of business and across geographies?”, “what was the daily 200-day moving average for treasury yields over the past two years, and on what days did yields fall fi ve percent below and rise fi ve percent above that aver-age?” As a result, the boom in reporting soft ware soon gave way to business intelligence soft ware, or BI, characterized by dashboards, pivot tables and multidimensional data cubes.

But despite the massive investment in business intelli-gence soft ware since 1997, fi nancial services fi rms have con-tinued to rely on aft er-mart approaches to extracting more insights out of data. Th e most famous of these approaches involves the pervasive use of spreadsheets to conduct ad-hoc analysis, perform statistical transformations and study the eff ect of core assumptions – involving such metrics as inter-est rates, infl ation rate or correlations – on entire portfolios of assets. While this is not the article to discuss the pros and cons of using spreadsheets, it is fair to say that it takes sig-nifi cant skill and persistence to extract critical third-order insights buried in spreadsheet data.

Optimal decision-making hinges on a thorough under-standing of underlying causes behind observed metrics, un-derstanding relationships between performance measures and cost drivers, visualizing risk drivers and their eff ect on measures, and gaining suffi cient confi dence to assign cau-sality. Such questions have applications in risk management, profi tability analysis, and most importantly, in shaping future investments and new growth strategies. Examples are “what would demand be for our products in the coming quarters or years?”; “will our insurance premiums be suffi -cient to pay out claims over a period of fi ve years?”; “who is most likely to respond to credit card off ers?”

While high-end statistical and optimization soft ware do exist to answer such questions, the specialized skills needed are oft en beyond the average business user.

Th is situation is untenable because the chasm between those that provide the answers (modelers) and those that act on the answers oft en results in sub-optimal, or even wrong, decisions. As an example, absent knowledge of stochastic distributions, it is hard to intuit that VaR at 99.99 percent confi dence level can be fi ve times the VaR at a 95 percent confi dence level! Understanding this is crucial to an accu-rate estimation of economic capital at a bank!

Analytics tools that interpret complex quantitative measures and present the ramifi cations to end-users in an easy to interpret format represent the next generation of business intelligence tools. Th e separation between reports, dashboards, and analysis is fast blurring, and we are now witnessing the fi rst generation of tools that span the analyt-ics spectrum and still appeal to the broadest range of busi-ness users.

Venkat Mullur is an experienced business consultant and leader in the business analytics space. He has been a consultant and advisor to global banks, and specializes in risk and compliance issues. Mullur holds an MBA (fi nance) from Northwestern University’s Kellogg School of Management (USA), is an accredited risk manager, and has held the FRM designation since 2002.

Tibco.indd 58 25/02/2011 13:52

TIBCO AD.indd 1 22/02/2011 09:14

SECURITY60

By Sharon Stephenson

In the battle with security fraudsters, banks increasingly have to pull rabbits out of hats.

Facing down the

security attack

SECURITY60

FINANCIAL SERVICES.indd 60 25/02/2011 13:44

SECURITY 61

As urban myths go, this one is a beauty: some time ago, a large African nation introduced a biometric element to the delivery of its welfare payments. Benefi -ciaries, so the story goes, were required to be fi ngerprinted and swipe their right

index fi nger on an ATM machine every time they claimed their weekly payments.

Human nature being what it is, some unscrupulous in-dividuals decided a good way to defraud the system would be to murder people, cut off their right index fi ngers and use these to claim additional payments.

Fact or fi ction, this grisly story is a salutary tale of the lengths some people will go to subvert the system. And of the need for fi nancial institutions to stay several steps ahead the criminal fraternity when it comes to data secu-rity and fraud issues.

It’s no secret that fi nancial institutions are great movers and repositories of sensitive and valuable data, which makes them an attractive target for criminals. Ac-cording to soft ware company Symantec, fi nancial institu-tions are among the most frequently targeted industries and the severity of fraud is oft en greater as they are more likely to be a target for profi t versus nuisance.

Globally, there’s little doubt that fi nancial institutions are struggling to keep pace with the increasing frequency and severity of information security risks and online fraud. Indeed, security and fraud management is one of the top 10 strategic IT priorities identifi ed worldwide by research company Financial Insights, while recent studies indicate that security-enhancement technologies, data warehous-ing and content/document management technologies are among the top investment priorities for European banks.

It’s a sentiment shared by Allen Chilver, Senior Con-sultant - Advisory at PricewaterhouseCoopers (PwC) who says European fi nancial institutions’ data security faces attack on four fronts.

“Th ere’s the loss of data from staff or customers that creates a data protection breach, as well as the loss of cus-tomer identifi cation credentials that facilitate unauthor-ized payments from customer accounts such as card and other channels including the internet and telephone bank-ing,” says Allen. “Two additional threats are the loss of data that exposes a bank’s trading positions, which allows com-petitors to trade against them knowing what their trading positions are, and the loss of the bank’s own confi dential data which may compromise its strategic plans.”

Th e key issues that result from such data loss are oft en “depressingly mundane” rather than high tech, says Chil-ver, and include data leakage through insecure systems, oft en not the bank’s own, as well as data leakage because of dishonest staff , particularly in UK and overseas-based call centers where low-paid staff and high turnover can be an unfortunate combination.

“We know that criminal gangs will actively place people working for them in call centers with the deliberate

intent of retrieving confi dential data. It’s becoming more prevalent and has put the focus onto staff recruitment screening techniques to target those issues.”

Signifi cant amounts of data can also be lost through an institution’s lax processes, such as inadequate waste disposal, transporting or careless handling of information.

Of these, probably the most signifi cant criminally fraudulent practices in terms of visible mitigation are card and internet fraud, otherwise known as ‘phishing’.

Matia Grossi, Research Manager for Physical Security at Frost & Sullivan, says phishing involves trying to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication exchange. “Communica-tions pretending to be from popular social websites, auc-tion sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public,” says Grossi. “Phishing is typically carried out by email and it oft en directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.”

Or via the telephone where the caller asks for some-one’s bank details and/or to verify personal identifi cation numbers (PINs).

“Despite banks continually telling customers never to give their details over the phone, they still do. One Eu-ropean bank recently conducted a fake trial where it rang customers and asked them for their PIN and something like 20 out of 100 people gave their details straight away.”

Surprisingly, there is little diff erence between Euro-pean nations when it comes to banking fraud.

“Take the credit card area, for example, which is a global issue,” says Chilver. “Any bank anywhere could potentially fi nd itself in a position where its card data was being compromised because the point of compromise isn’t necessarily linked to the bank nor to the country in which the bank operates. In many cases, internet banking fraud is perpetrated overseas perhaps in Eastern Europe or in South East Asia.”

One of the major strides made by banks in the past few years in the fi ght-back against payment fraud has been the introduction of chip and PIN technology. Chil-ver estimates this has reduced the incidence of such fraud from around 18 basis points of turnover in 2001 to 12 basis points in 2008.

“Basically we’re talking about combating the physical counterfeiting of cards. It’s possible to skim, or illicitly take a copy of the magnetic stripe data on a card and transfer that onto a counterfeit card that can then be used at the point of sale. If you could also compromise the customer’s PIN, you could then use the card in an ATM. What chip and PIN technology has done is to introduce a much more sophisticated way for the card to prove that it’s genuine – ie data authentication.”

Th ere are two types of data authentication, Static Data Authentication (SDA) and Dynamic Data Authentication (DDA). Th e former uses chip data in the form of a digital

SECURITY 61


SECURITY62

signature that allows the point of sale terminal or ATM to validate it using a technology called Public P Cryptogra-phy. With SDA, the signature is pre-calculated by the bank and written to the chip, so it is always the same and the counterfeiter can record it from a genuine card and play it back from a counterfeit card.

Th e second, DDA, actually calculates a diff erent digital signature each time, which makes it a much more powerful authentication mechanism. It is able to defeat any type of skimming attack because it can’t be predicted by the counterfeiter.

Initially, most European-issued credit cards featured the static authentication method, mainly because of the time taken to personalise each card (it’s around eight times slower to produce a DDA card than an SDA card) and the cost of chips, which require an additional component to calculate the signature. However, the costs are coming down and Chilver says vendors such as Visa and Master-Card have already mandated their members to use DDA for all offl ine-capable cards issued aft er 01 January 2011.

“It’s important, though, to recognise that chip and PIN isn’t a silver bullet. What it has done is to eliminate spe-cifi c types of threat, but then the threat has simply shift ed elsewhere, namely to card-not-present fraud which has ex-panded signifi cantly since chip and PIN was implemented in the UK.”

Likewise, in countries that don’t use this technology, namely the US, card skimming remains a very real threat.

“Th e US doesn’t have chip and PIN technology and may not adopt it because of the sheer complexity of getting thousands of merchants, third-party processors and other stakeholders who don’t come under a single regulatory um-brella and who may not have any kind of fi nancial incentive to adopt this technology.”

When it comes to delivering sensitive security infor-mation such as PINs and other credentials, mail is still the preferred channel for most fi nancial institutions. Th is, of course, leaves such information vulnerable to mail inter-

cept. “Banks will normally use tamper evident documenta-tion, but even then they are well aware of the threat of mail interception particularly with certain destinations such as shared accommodation which history tells us are particu-larly vulnerable to mail intercept.”

Banking is, however, increasingly challenging mail as banks’ preferred channel to communicate statements, payments and servicing information to customers where, says Chilver, the security issue is serious enough for larger banks to deploy security units devoted full time to counter the threat. “Th e basic need is for some kind of trusted way

“One European bank recently conducted a fake trial where it rang customers and asked them for their PIN and something like 20 out of 100 people gave their details straight away”

to achieve a relationship with the customer and communi-cate with them. Th e issue is how to achieve that other than through some kind of physical means of transfer.”

Step on up, biometrics. Many banks have either dab-bled in, or are enthusiastic users of, biometrics as a form of online security and although they’ve been around for some time, the big hitters remain fi ngerprint and voice recogni-tion because of their ability to identify customers without requiring those customers to do too much.

“Of course, there is the initialization or registration process that requires a physical interaction between the customer and the bank. But once that is completed, having your voice or fi ngerprints on your credit card can support a virtual relationship that may extend long into the future.”

Ditto voice authentication technology where custom-ers can speak to an ATM, to a phone or to a teller without the need for verifi cation of signatures. It is designed so that at any point, the relationship between the bank and its cus-tomers should be easier and less time consuming.

However, both Chilver and Grossi say full implemen-tation of voice authentication is still some way off .

“Th ere’s an awful lot of downstream technological changes that have to happened in order to translate this into reality,” says Grossi. “For example, you need technol-ogy in every branch as well as a considerable amount of back-end infrastructure to be able to record voices, turn them into a digital pattern and compare them to a voice on a database.”

And then there’s the issue of speech/voice interpreta-tion. Says Chilver: “You have to get this right before you use voice authentication. So I’d want to know that the bank understands and clearly interprets what I’m saying to them before I use voice authentication. Th is creates huge secu-rity issues for banks because they need to be very, very sure that they reliably authenticate genuine customers before a transaction takes place.”

Likewise, when customers use internet capabilities to phone their banks (Voice Over Internet Protocols or VOIP),

it means that the call is not being routed through the tradi-tional telephone exchange but through the Internet. “VOIP uses open internet protocols and was never designed with security in mind, so it presents all sorts of challenges for both banks and customers. All manner of interception and call spoofi ng techniques that are now happening over the internet which have serious consequences for how to manage these risks.”

Another new generation technology aimed at making life easier for the customer and bank and harder for the fraudster is contact-less ATMs which can, for example,


SECURITY 63

be accessed via cell phones. Th ese could do away with the need for the customer to collect something physical from the bank because they’ll have their own cell phone through which they can virtually deploy the necessary information and credentials to the customer.

“Instead of inserting a card and tapping out a PIN you do the actual authentication using your cell phone while you’re waiting in the queue waiting to withdraw cash. Th en when you get to the front of the queue, instead of inserting a card all you do is tap your cell phone on the contact-less pad on the ATM and it dispenses your cash.”

Of course the drawback is the cost of technology for each ATM, which runs to around $1700. But Chilver pre-dicts that as the price per unit drops, touch-screen ATMs could go the way of Tyrannosaurus Rex.

Contact-less cards are also the next big thing, and they are already being deployed by Barclays Bank in the UK.

Any debit card you now get from Barclays has contact-less capability so that the user doesn’t physically have to insert it into a device in order to make a payment. Th ey just have to tap a reader with the card and key in the pin.

One security-based technology still in the nascent stage of development that has experts excited is DNA bio-metrics. According to Grossi, this has huge potential for large-scale applications in the next 15-20 years.

“Th e integration of iris and retina recognition bio-metric systems and 2D and 3D face recognition systems are anticipated to gain widespread adoption in the next seven to 10 years with their low error rates. Multimodal biometrics such as fi ngerprint, face and iris are expected to become the standard biometric for high-end applications in government, border control and airport security by 2020. And the banking sector probably won’t be too much further behind…”


TECHNOLOGY FOCUS64

IT’S ALL IN THE

TEAMWORKBeing the CTO of a national organization with thousands of employees and a constantly evolving technology base is no mean feat. Richard Scott of Guardian Life Insurance explains how he stays on top of the challenge.

In case you didn’t get the memo, the world of IT is in the midst of a transformation. Again. A constantly evolving sphere of clouds, virtualized data-centers and revolutionary devices, today’s technology land-scape is rife with challenges for the IT executive, and

while the likes of Google, Microsoft and other major play-ers in the tech sector are paving the way for the future of the industry, keeping abreast of that innovation and in-tegration in a business that uses technology but does not produce it is no mean feat. So how can corporations worth billions of dollars, and with a staff base in the thousands, manage the constantly evolving technology across the whole organization?

“Th at’s a huge challenge,” says Richard Scott, CTO at Guardian Life Insurance Company of America. For Guardian, an insurance fi rm with around 5400 members of staff , technology is a key enabler of the business strat-egy. “We’re not unlike a lot of companies where we have individual lines of business that all have their own driving forces,” says Scott, adding that the key to implementing innovation and development is socialization: ensuring that there is a constant conversation between the various departments of the organization to develop the best strat-egy for the whole business. “We’ve got to be out there,” he says. “We’ve got to be talking to the lines of the business – the tier business people, the application side – and then look for the greater good. Th at’s not always possible. You can’t always have a solution that meets everybody’s needs, but to the extent that we can, that’s what we focus on.”

Still, in order for innovative new technologies to be implemented throughout the business, they have to be present in the fi rst place. “For us it’s about unleashing the creative power of our organization and enabling people to innovate,” explains Scott. “We encourage people to go out

to diff erent vendors to look at the trends in the industry. We will support them in internal trials, but we also have a strong governance process that requires any new technol-ogy to go through a series of vetting steps before it can be made live or get into an area where it might impact our compliance or regulatory reporting requirements. It’s really just allowing people to do it rather than trying to confi ne innovation to a group of three or four people in the R&D team. Th at doesn’t work very well.”

Th e pendulum can swing both ways though, and while Scott actively encourages an innovative culture, there comes a point where the best interests of the business take precedence. Scott explains that only once an idea has reached maturity can it be considered for implementation across the organization. It is at that stage, he explains, that the collaborative internal culture kicks in. “Th at’s when we bring in diff erent departments to look at this as a group,” he explains. “We have representatives from all diff erent areas that come together and say, “Is this a technology that can benefi t Guardian as a whole?”

Th is seems to be a recurring concern for Scott in his capacity as CTO. Taking what he describes himself as a “horizontal view of all of IT”, he is fi rm to ensure that new technologies are benefi cial to the greater interests of the whole fi rm, and he highlights that Guardian operates a governance process to ensure the right technologies are emerging into the business. “It’s not one person saying, ‘You can’t do that’, and putting the hammer down,” he explains. “We have a representative group from business, from technology, security, infrastructure, all these diff er-ent areas asking, ‘Is that really in the best interests of the company as a whole?’”

And in the two years since this process has been operating, Scott explains that Guardian is reaping the rewards. “Just knowing that the process is in place has caused people to rethink trying to introduce anything and everything to the business, just for the sake of it. Ideas are very well-vetted before they get to that level, and they tend to go straight through because they are well-defi ned, well thought through and clearly address a business need.”

Clouds aheadWith regard to the technologies that are currently

revolutionizing the business world, Scott speaks candidly. “I personally don’t like the term ‘the cloud’,” he reveals. “It means too many things to diff erent people. I like to look at

Guardian Life.indd 64 25/02/2011 13:51

TECHNOLOGY FOCUS 65

REAPING THE BENEFITS

According to a report published by the Center for Economics and Business Research, cloud computing will allow fi nancial services business to break free from the shackles of old legacy IT, generating some $250bn and creating a staggering 207,000 jobs.

Cloud computing is transforming the way companies consume and pay for IT. Under the cloud model, IT applications and services are provided by a third-party over the internet, and by buying up server space and computer applications as a service via the web, banking tech teams can bypass old systems.

Alan Goldstein, CIO for BNY Mellon Asset Management, believes cloud computing allows banks to provide IT resources quickly, increasing their business agility. “From an institutional standpoint, the benefi ts of cloud computing are concrete. You’re able to more rapidly deploy infrastructure and applications and to scale-up horizontally.” That means you cut the time it takes to get a product to market, he adds.

The advance of cloud computing also means businesses no longer have to buy or develop costly proprietary IT systems and applications, and can consume tech services on a pay-as-you-go basis. Although slower to adopt the technology than some other sectors, the fi nancial services industry is beginning to embrace the phenomenon and is set to reap major benefi ts in terms of saved costs, increased productivity and job-creation. CEBR’s Cloud Dividend report predicts that 60-80 percent of all businesses in the banking, fi nancial and business services sector will have adopted some form of cloud computing by 2015.

But not everyone is convinced. According to one head of equities trading technology at a major broker, cloud computing is not yet robust enough to apply to all areas of the fi nancial services environment, and many banks will continue to deploy and run their services in-house, particularly in the IT-intensive trading space. Michael Fahy, Global Head of IT Infrastructure at investment bank Nomura, adds that the cloud-computing pay-as-you-go commercial model also needs time to mature. “The commercial model is not yet suffi ciently developed to operate on the scale we want to operate on, and there are still questions around data security.”

the cloud as a utility. We look at where the cloud is taking us, and it’s becoming a commodity; so if I need to run a business process, I’ll simply reach out and run it on the cheapest commodity-based compute, platform I can fi nd out there, or if I need storage for the business, I’m going to fi nd the least expensive storage option available to me.”

Like his approach to innovation, Scott sees little to be gained from just adopting a new cloud-based system for the sake of doing so. “I envisage that within the next 12-18 months we’ll probably dip our toe into the world of devel-opment,” he says, underlining his fi rm’s caution when it comes to taking on a new technology infrastructure that might compromise sensitive company information. “I couldn’t take, for instance, some of the customer data we deal with and put that in the cloud today,” he says. “It’s just not mature enough.”

He also highlights the concern many technology ex-ecutives share: will external soft ware providers have the fi rm’s best interests at heart? “If we pick a vendor to host

our stuff , are they going to have the right maturity, the right service levels, the ability to pay the same amount of attention as we do to our own environments today?” asks Scott. “Are we going to get the same or better or a guaran-teed level of service?”

Still, Scott is optimistic that these are just kinks that will work themselves out with time. “As the technology evolves and security techniques become tried and tested and the comfort level raises, these concerns will go away. I don’t think that there’s anything that will stop this, but it is a concern today.”

He remains realistic that a move to the cloud is an ultimate inevitability for businesses’ IT infrastructure, and explains that despite his reservations, his department is looking towards it as the next generation of technology platform. “We’ll try to get some of our IT folks to begin to make provisions for environments in one or two cloud providers so we can begin to free up our own infrastruc-ture for production use, and have this more dynamic in-frastructure in the cloud for development. It’ll probably go from development to test to user acceptance testing and one day to production.

“I still can’t forecast when that production date is. Th ere’s some neat technologies that are being introduced today that will allow us to do some of this work inter-nally before we push it out, and then seamlessly move the workload into the cloud without a lot of modifi cations. Our focus is going to be on investing in and preparing ourselves for that eventual date. It’s going to happen. We need to do what we can to prepare ourselves to make that transition as seamless and painless as possible.”

“We have representatives from all diff erent areas that come together and say, “Is this a technology that can benefi t Guardian as a whole?”

Guardian Life.indd 65 25/02/2011 13:51

UNISYS AD.indd 1 24/02/2011 10:00

UNISYS AD.indd 2 24/02/2011 10:00

CLOUD COMPUTING68

EXPERIENCING TURBULENCE

As cloud computing continues its sometimes-confusing march towards industry ubiquity, Nick

Pryke helps identity its silver lining.

In the overlapping worlds of commerce, where defi ni-tion is currency and understanding unveils the path of profi t, there remains a no man’s land fi lled with confu-sion and frustration – partly because it’s not land at all. It’s a cloud. And just like those white balls of weathered noise that fl oat on by above our heads, the world of cloud

computing continues to rain down confl icting standards, diff ering technologies and a plethora of methodologies that serve to obstruct our ability to fully decipher it.

So whilst we can grasp it’s principles, understanding ex-actly how it can add to the industry while remaining business specifi c is not such an easy task – and becomes all the more diffi cult when put into the context of fi nancial services. Of course, we all know the underlying idea of the cloud as we made it, but its implementation has caused countless heads to be scratched and meetings to be called in a bid to work it out.

However, for all those head-scratchers, there remain a few who know what needs to be done and the best way to go about doing it. Better placed than most, Christine Kincaid, SVP of Global Security Strategy at Citigroup, understands the need for companies and industry to not only grasp the principles of cloud computing, but run with them until they’ve harnessed their own specialized interpretation of the next generation of network computing.

“We have a lot of the same challenges that plenty of other companies are seeing,” begins a confi dent Kincaid. “Although some of the things Citigroup faces are probably not as common just because of the size and complexity of the company – so when we look at sheer infrastructure and global reach, the only other entities close to our environment are other banks, but even then Bank of America isn’t as big. Chase is probably approaching the complexity because of the way they have other subsidiaries in other countries, but it’s still hard to compare.”

Indeed, one of the areas many companies struggle with cloud computing is trying to compare what another company has done, or intends to do, with their cloud and attempting to tailor it to your needs: like trying to fi t a square block into

ChristoneKistanic.indd 68 25/02/2011 13:40

CLOUD COMPUTING 69

a round hole, it’s just not going to work. So, whilst we refer to it as cloud computing, Kincaid prefers to call it “a really fancy way of saying ‘we’re going to do what we were doing 20 years ago’.

“I have yet to hear clear statements of what is planned or available to be technologically delivered. It’s easy to point to Soft ware as a Service (SaaS) as it makes logical sense to market it. But if you’re looking to leverage and include the potential for virtualized hosting, which is what some of the physical center hosting companies do today – like Rackspace for example – then you’re going to want to have that technol-ogy, but you’re not going to want to hire, build a space for, maintain and ultimately create all that additional overhead. You can talk about cloud until you’re blue in the face, but a hosted environment isn’t really cloud. Hosting companies have been off ering SaaS for a while; it’s a thin client applica-tion delivery that really started 20 years ago with Star Panels and the fact that hard drives didn’t exist. We’re literally watching technology evolve full circle.”

In highlighting this evolutionary circle, Kincaid man-ages to encapsulate part of the problem when it comes to cloud computing confusion. Th e fi rst time round it didn’t work as technology became feature rich, slowing down the inherent processes needed. Or as Kincaid puts it, “it was like trying to suck a tsunami through a straw”, which is exactly why we saw the evolution towards desktop computing and process power.

“Technology to a business can seem like an obstacle; security and compliance governance can seem like that but in reality you do it every day,” continues Kincaid. “Every time you pick up your foot and walk across a room you’re doing all kinds of mathematical equations and physics in your brain that you never think about. If you practice it enough you’ll stop thinking about it and just do it. It’s a natural evolution of technology and computing. We need to stop being naysayers from a compliance, risk and complexity point of view and allow things to enter our business. You have to know that what you are delivering as a core technology or core services are built correctly and with fl exibility. It has to be adaptive so that it can be used and tested on multiple devices.”

Indeed, one of the biggest failings of technology initia-tives is the failure to test them in ‘reality’. Sure, developers and system administrators can test every hour of every day, but ultimately they’re not the end users. “Th ere’s a reason why toymakers build prototypes,” explains Kincaid. “Rapid prototyping in product development is always a smart move as sometimes you have to be able to see it and hold it. When we’re talking about technology it’s very complicated; people’s eyes start to glaze over. You have to understand the language that your company speaks as it delivers to its target market and amongst its peers. You forget that you’re technology. You are the business.”

In a world where business is crying out for simplic-ity, Kincaid believes that simplifi cation can be engineered through technology and at points – such as the ideal of a stan-dardized and comprehensive cloud – make life easier. But fi rst, an understanding also has to be met that sympathizes with the fact that vendors are going to want to sell. “Arm your

business to see you as a resource so that they [the vendor] will trust you to make sure you’re not sold snake oil.

“A lot of technology organizations are still ‘us versus them’, and they get mad at the vendors for talking to the busi-ness. Just because you outsource aspects of your technology organization to third parties who are experts at what they deliver, doesn’t mean that you can do IT without IT”.

Fundamentally for any industry looking to expand into the cloud, it comes down to trusting that it will ultimately allow any given industry to become more technologically agile. As Kincaid analogizes it, instead of every company building their own car and manufacturing their own parts, vendors act as a mechanic – sourcing and acquiring the necessary parts you want on your car and then adjusting it accordingly.

“Cloud should become the ubiquitous ability to pick and choose,” she affi rms. “It’s the free enterprise approach that we’re supposed to get with deregulation of the phone and electrical industries. It takes time and starts as it evolves and learns from its own mistakes and its own processes of adoption. I won’t be a pleasant or smooth transition but I do believe that we’re seeing the next evolution in major technol-ogy strategy – not just from how we build it and what we do with it but how we use it and how we think about it.”

“Stick your toe in the water. Stick your feet in the water. Do it on a small scale and see if it fi ts. Th e fi rst business area or focus area that comes to you and says, ‘Hey, I can do this,’ don’t just automatically kneejerk and say no or that you want to do it internally and build it yourself. Why do we continue to build our own clouds? Why do we continue to rebuild the same thing over and over again? It’s not rocket science. A UNIX server’s a UNIX server. Why do we use UNIX? Well, because it’s an operating system on certain types of hard-ware. It does certain things better than anyone else.

“Microsoft does certain things better than anyone else, as do IBM. Th ey’re there for a reason. Th ere is a selection of ten or less of those companies for a reason. I understand that the cloud has to go through that process too, but right now everybody wants to label whatever they’re doing as being cloud. I’m waiting to see what’s left over.”

It’s a savvy move from Kincaid, as she sticks to her pro-jection that in a few years from now, some of the big compa-nies we’re witnessing at the moment could very well decide to walk away from the situation when they realize that the cloud isn’t their core function. And with such a large uptake of major technology in the past three years through vendor acquisitions, Kincaid is also quick to assert that it makes her nervous.

It wasn’t until our fi nal words passed that the true nature of the cloud as it fl oats now was appreciated. Surprised that Kincaid didn’t use as many acronyms as her peers – a some-what trivial observation – she quickly replied: “I joke at the offi ce, saying ‘Okay guys, I didn’t bring my cereal decoder ring with me. So you’ve got to tell me what that acronym meant’.” Ultimately, in an arena that wants to function ef-fortlessly in the cloud, it’s got to fi rst decipher exactly what everything means. Th en, and only then, can we start to put down our cereal decoders and look at the tasks ahead.

“It’s a natural evolution of

technology and computing. We need to stop being

naysayers from a compliance, risk and complexity

point of view and allow things

to enter our business”

ChristoneKistanic.indd 69 25/02/2011 13:40

IT INNOVATION70

The sandbox system

As comprehensive IT continues to combine with progressive technology to move towards the cloud, AXIS Capital’s John Parkinson outlines how important the role of innovation is becoming – and outlines why the sandbox isn’t just for kids anymore.

Fift een years ago, if you had any workable knowl-edge of IT systems and business computing, it was more than likely that you’d pour it straight into the now legendary back-end MS-DOS. Th at’s right,

that vacant black-screen parading endless lines of blink-ing, emerald-green code that remained about as effi cient as toasting your bread with a lighter. Th ing is, back in those days, MS-DOS was all we had.

Fast-forward to today, and you’d be lucky if a hand-ful of the millennial crowd could even explain the largely defunct program of yesteryear. Yes, today’s technology is fi lled with usability fi rst, understanding a serious second – which works well for consumer technology; but in the

world of business IT and security systems, grasping that understanding is equally as important as maintaining a system’s usability. One without the other, and you’ve got some serious kinks in your cables.

Straightening out those kinks while ensuring the cables are as effi cient as possible is John Parkinson, SVP for AXIS Capital’s Global Program Offi ce. With AXIS sitting between both IT and business levels, Parkinson’s role encompasses every project or program that aff ects either of those runs through the management group that he leads. Th e biggest problem he faces at the moment? Getting the founders of AXIS – “smart people who know exactly what they’re doing in their business context” – to

AXIS Capital.indd 70 25/02/2011 13:50

IT INNOVATION 71

value technology more than they currently do. As Parkin-son explains, as pivotal and knowledgeable as they are, they have no “visceral connection to what technology makes possible”.

“Th e challenge they face today is that that doesn’t scale very well, so they can’t work 24 hours a day. Th e fi rst time that they can’t peer review a risk because there’s no time, they have to start trusting technology to do some of the work”. Th e question that needs answering by Parkin-son is how to educate his superiors to that they become better decision makers about what technology can do to help them do their jobs. Unfortunately, the solution isn’t as clear-cut as the problem.

“We’re still craft ing an answer to that,” admits Par-kinson, “but it’s a combination of implanting technology-savvy, business-focused people into the operating side of the business, so there are voices they trust that they interact with every day. It’s in part listening to how they talk about what they want to do, what they want from a business per-spective, what they want to achieve and then translate that into longer-term architectural and platform decisions that IT can make behind the scenes – building the right plumb-ing, wiring and platforms so that when they come to us in three months, six months or a year, we will already have most of what it will take to satisfy what they need.”

What Parkinson alludes to is a change from IT and operations that have been rather reactive in the past, towards listening to more about the longer-term impli-cations of what the business wants to do. In doing so, it is hoped that Parkinson and his team can become better custodians of the capital that’s entrusted to them to build the technology behind the proverbial scenes. Th e hard part? Well, according to Parkinson – and a sentiment that is obvious to anyone in his shoes across the industry – it continues to come back to annual budgets. But with AXIS functioning specifi cally on a three-year plan now, as op-posed to the traditional one-year plan, looking at results every quarter within that time period, it allows for a slightly longer planning horizon.

“Th e questions that come back to IT and operations about that approach allude to educational opportunities,” continues Parkinson. “Everyone is coming and saying ‘Why are we doing it this way?’ And we have the chance to sit down and say, ‘Well we have to make decisions now that we can’t change easily for three to four years, so we want you to tell us where you think you’re going to be in that time period so we arrive at the same place.’”

In order for this to not only be successful but also as effi cient as possible, Parkinson chopped the budget into a number of diff erent pieces and included a 20 percent portion to ensure space for unallocated capacity into the plan. “If you go back and look at the past fi ve years, every year we’ve done about 20 percent of something that we weren’t told we were going to be doing at the beginning of the year,” explains Parkinson. “So history says that we need that 20 percent.”

But for all the IT systems, allocated budgets and busi-ness motivations fl oating around at AXIS – and there are

a lot – none of it means anything if it isn’t supported by the strongest possible network of innovation. Naturally for a man the likes of Parkinson, this gave him the mo-tivation to truly think outside the box – the “sandbox” to be exact.

“Over 10 years ago when I used to work for Ernst & Young, I ran corporate innovation for a couple of years. I looked at all the literature at the time and decided it was all fantasy. Most people had this consulting model of in-novation, where you build something off to one side and you fed it money and pizza until it turned out great ideas. Th e problem was that never worked.”

Instead, what Parkinson came up with was a grass roots innovation program. Essentially, it involved mining about 5000 ideas from employees across the board – from junior executives through to top management – and then throwing them into a system of group voting. Once the ‘winning’ ideas were extracted, it was time to take them to Parkinson’s business “sandbox” to fi nd out precisely what each idea would need to function on a business level. “We built it deliberately crude with manual tools and process-es, a little bit of technology that would get the ball rolling, and then just saying to someone ‘Okay, go and run a busi-ness in the sandbox for 180 days, and if at the end of it you can show us that you’ve found some customers and the product worked, it was legal and the cost to deliver was less than the cost of all the rest of it’, then we’d put some more money in and we’d launch them as a business. In two years we took $400 million of costs out and built $1 billion in new revenue,” explains Parkinson.

“Out of about 5000 ideas that went through the fi lter, we ended up with about 20 that were worth trying out. Roughly 50 percent of the ideas were health and hygiene – better coff ee, helping with better parking, the elevators don’t work – that kind of thing. We fi xed them easily as they mean a lot and don’t cost much to do and you get a lot of credibility for it. We ended up with about 250 ideas that were about new business, so we went through and conducted adjacent analysis. Aft er that, we carved off about 100 ideas that weren’t bad ideas, but they were never going to be anything we were going to do, so we sold them to business incubators instead.

“Finally, we looked at the rest and ranked them and said, ‘Okay, so if this idea is going to cost $1 million to deploy and it’s going to make us one dollar more, then you know it’s profi table. But then if we had one that cost a dollar but was going to make us $1 million, then obvi-ous that would take priority”. What Parkinson ended up with was a blueprint for working viable innovation into not only technology, the annual budget and the psyche of his superiors – his initial intention – but towards under-standing the importance of IT and secure systems within the context of progressive business. And what does he think of the current situation when it comes to the cloud, perhaps the biggest non-entity being preached cross-industry at the moment? “Lots of vapor”. And from a man who accrued $1 billion in new revenues in two years, his words speak as loud as his actions.

“If you go back and look at the past fi ve years, every year we’ve done about 20 percent of thing that we weren’t told we were going to be doing at the beginning of the year”

AXIS Capital.indd 71 25/02/2011 13:50

ment methods, according to selfserviceworld.com. Today there are about 7 million checkout lanes in US retail establishments that are capable of doing electronic checkout and processing cashless transactions. As consumers, we take these changes for granted, while retailers benefi t from more effi cient and secure transactions.

What can a retailer do now?Here are some practical suggestions for stay-

ing ahead of the curve. Explore ways new POS technologies can make the shopping experience faster and more pleasant for your customers. Consider if there are ways to use new POS tech-nologies to actually expand the reach of your business. Even if you’re just replacing end-of-life POS terminals or buying equipment for new stores, consider incorporating a ‘mobile POS’ mentality into near-term purchase decisions. Recognize that your system has to be open and capable of accepting contactless transactions and transactions from wireless devices. Get the help of payment processing experts, such as First Data, in exploring opportunities and developing a strategic POS plan. Traditional retail points of sale are changing rapidly. To remain competi-tive, merchants must think strategically about this key customer touch point.

Not so many years ago, returning a rental car was oft en an exercise in anxiety and frustration. Typically, you would be racing to the airport to

catch your fl ight. You’d drop off the car, gather up your possessions and drag them to the rental-return counter with paperwork in hand. If you forgot to write your mileage or fuel on the pa-perwork, you would dash back to the car, write down that information and then sprint back to the car-return counter. While completing the paperwork and processing your credit card, the counter attendant might try to engage you in idle chitchat. Meanwhile you were rapidly losing patience.

Those were the daysNow, of course, returning a car is much

simpler. You pull into the lot. An attendant walks over to you, scans a bar code on the car and checks the mileage. Th e attendant asks if you want to keep the charge on your card. He hands you the receipt, and you’re done, almost before you’ve fi nished taking your luggage out of the trunk.

Th is new process seems so natural that it’s easy to forget those not-so-good old days. To-day’s travelers have quickly grown to expect this level of service and even take it for granted.

From the car rental company’s point of view, changing the way it checked in a rental return and completed a sale was inspired by one simple idea: rather than bringing the customer to the point of sale (POS), let’s take the POS to

the customer. New wireless technology made this possible and the results were dramatic.

But that’s not the end of this story. It is, in fact, the beginning of a much bigger story, one that is unfolding right now and will have a pro-found impact on the way many kinds of retailers transact sales and interact with their customers.

What do customers really want?Several years ago, market research fi rm

Yankelovich reported that half of all consumers polled, at all income levels, say lack of time is a bigger problem for them than lack of money. Anything a retailer can do to save shoppers time and make the shopping experience more conve-nient would pay dividends in increased loyalty, greater frequency of visits and fewer lost sales.

Changing POS technology has also changed people’s attitudes about how they pay for things. A Nilson Report found that debit and credit card transactions now account for more than half of all transactions, compared to 29 percent a decade ago. And 90 percent of retail consumers surveyed say they prefer or don’t mind using cashless pay-

The retail point of sale is fundamentally changing. It is moving from traditional checkout lines to wherever the customer may be: shopping on the internet, walking a store’s aisles, traveling, or lounging on the beach. Are you prepared for what this means to capturing and retaining customers? Asks Barry McCarthy

The vanishing checkout lane: will today’s point of sale satisfy tomorrow’s retail customers?

Barry McCarthy leads two key equity alliances in First Data’s Government and Education business and oversees the RAS business in the Asia Pacific region. Previously, McCarthy led the Mobile Commerce Solutions business and Point-of-Sale businesses, working closely with a variety of industry partners including large wireless carriers, young start-ups, technology providers and terminal manufactures.

“A Nilson Report found that debit and credit card transactions now account for more than half of all transactions, compared to 29 percent a decade ago.”

ASK THE EXPERT72

FirstData.indd 72 25/02/2011 13:44

FIRSTDATA AD.indd 1 15/02/2011 15:09

Cate Luzio, Head of International Commercial Cards at JP Morgan, explains why global card programs bring great benefi ts.

Many multinational corporations and regional fi rms are now migrating to regional or global travel and en-tertainment (T&E) card programs. Th is new movement, which has been gathering speed for several

years, is achieving real momentum as the credit crisis in-creases economic pressure on businesses.

Energy providers, banks and airlines were early adopters of global card programs. Now globalization has pushed all industries to achieve economies of scale via

PAYMENT CARDS74

Th e new migration

strategic sourcing and consolidating/centralizing processes throughout the entire procure-to-pay cycle. As companies focus more on optimizing global cash management, every aspect of this activity is being centralized and handled on a regional, if not global, level. Because they off er attractive economies of scale and can signifi cantly leverage travel spend, T&E card programs have typically been included in these initiatives.

As fi rms have globalized over the past decade, the ca-pability of card technology platforms has developed from rudimentary to state-of-the-art. Firms have been able to

JP Morgan.indd 74 25/02/2011 13:41

PAYMENT CARDS 75

enhance their control of T&E as better technology becomes more widely available to track expenses and leverage spend.

Controlling expense now requires data that is more ac-curate and complete – for example, detailed point-of-sale information that is more comprehensive than the simple clearing and settling of a transaction. Th e better the data, the easier it is to ensure travel policy compliance, automate employee expense reporting and negotiate preferred rates with suppliers.

Th e management features of a good T&E program – automated expense management and reconciliation, local cardholder service, globally consolidated data and cen-tralized supplier negotiations – can save fi rms signifi cant amounts of money. Th e technology now available makes these capabilities more accessible to more companies than ever before.

Expanding beyond bordersMost fi rms defi ne their card program’s objectives and

quantify the benefi ts of consolidation at the onset, thereby ensuring they have clear benchmarks to measure success.

When seeking to expand a card program globally, fi rms should develop a well-articulated business case for senior management that details the following: direct cost savings to the company associated with the implementa-tion of a regional or global T&E card program; process effi ciencies of the program for company travelers, treasury, fi nance and procurement; and potential for realizing fi nan-cial rebates.

To support this case, a simple questionnaire can be developed to gather information on the company’s local payment practices and enable data comparisons across countries and regions.

Companies embarking on a card program should take a number of steps to ensure their program is a success. First, identify any existing card programs and statistics, then establish potential metrics for the new program and identify strategic suppliers. Next, determine whether there are any existing program barriers. Finally, profi le fi nancial systems, including enterprise resource planning (ERP), general ledger systems and expense management systems; document current payment procedures; and identify and publicize a company-wide T&E policy that properly ac-counts for regional and cultural diff erences around the world. Th is policy should ensure that all legitimate T&E is mandated on the card, maximizing volume and conse-quently maximizing rebates.

A global challenge: card acceptanceCard acceptance across borders presents a high hurdle.

For companies still without a global T&E card program, the ability to use a broader acceptance platform may be a powerful incentive. But these fi rms must look carefully at whether the card they are considering is accepted in the places their employees are likely to do business. Th e level of card acceptance will impact cash usage and reporting for the company. If their card is not accepted, employees must use their personal card or cash to pay for T&E expenses.

Non-acceptance creates more diffi culty for companies than employee inconvenience. Th e transaction becomes paper-based, generating no management information reports. If salient details such as merchant category in-formation are not captured, everything about the paper transaction is lost to automated reporting.

In addition to missing any rebate opportunity on this transaction, the company also opens the door to employee misuse through handling a paper invoice. Visa and Mas-terCard have impressive technology in place for merchant acceptance, particularly in ‘emerging’ regions like Eastern Europe. As these regions join the global business economy, they become increasingly important in terms of managing T&E spend.

Global companies are therefore looking for card solu-tions that will operate in less-developed economies. US companies once preferred to locate in Western Europe, but this has changed in recent years, with many fi rms now situating shared service centers in Eastern Europe, where the costs for well-educated labor are lower.

As less-developed economies increasingly come online, your fi rm should consider the possibility of con-ducting business in these countries over the next few years, and look at what kind of platform will be necessary to sup-port T&E there.

Pre-RFP review of key program issuesWhether they opt for a regional or a global approach,

expanding fi rms must plan and execute a country-by-coun-try rollout. Major concerns in selecting a provider include card acceptance, cost management, secure reporting and integration, consistency of service and fraud protection.

While considering all this, companies must also bear in mind that the fi rm’s CEO and indeed all its employees will be carrying the card that is selected. Any issues that employees, at whatever level, may encounter in using their card – such as non-acceptance – will reduce adherence to the fi rm’s travel policy. It’s critically important, therefore, to ensure that any potential snags in the program are iden-tifi ed and addressed in advance.

It is important to conduct a thorough review in ad-vance of the company’s RFP process. Th is review should include a wide array of factors and should carefully detail

Why implement a global corporate card program?

• Improved control of spend• Better employee compliance • Enhanced employee satisfaction• Increased purchasing power from leveraging spend • Reduced administration costs • Reduced funding costs • Better reporting and data delivery to identify misuse as well as to negotiate better rates with vendors

“Most fi rms defi ne their card program’s objectives and quantify the benefi ts of consolidation at the onset, thereby ensuring they have clear benchmarks to measure success”

JP Morgan.indd 75 25/02/2011 13:41

PAYMENT CARDS76

Implementation is an extremely detailed process. For example, when a fi rm is contemplating implementation of a card program in 20-30 countries, their project manage-ment concerns must necessarily drill down to a signifi cant level of detail. One example of such detail is how each employee will receive their card, as well as how they will access the necessary training to use the new system.

A global implementation approach streamlines and simplifi es this process. Experienced providers ensure suc-cessful cross-border implementations by making one global relationship manager responsible for the project. Imple-mentation personnel should have a direct line of reporting to this individual. It is essential to build clear accountabil-ity, personal responsibility and pre-determined escalation routes into the implementation plan in order to ensure that the rollout is completed to the fi rm’s satisfaction.

A detailed, phased implementation project plan – both at the local level and by region or country – should be uti-lized in order to guide and track the entire project. Th is plan should include project milestones and dependent steps.

the scope of the new program before the fi rm reaches out to potential providers.

Firms should fi rst look carefully at the following key factors in this review: the countries the fi rm is expanding into; the currencies they wish to deal in; the volume of transactions they expect; and the particular level of card program expectations within the company.

Some additional organizational questions to consider include: How much additional eff ort will be required of the company to set up card programs in diff erent countries? What is the projected cash fl ow impact of setting resources against this project? Is the company accustomed to making centralized buying decisions? Can the fi rm’s corporate offi ce mandate travel policy to all of its regions/employees?

Th e fi rm will need to ensure that adequate credit lines are in place in each country. Th is frequently requires man-aging many contracts, very oft en an expensive and time-consuming process. Your fi rm should be sure to select a provider that can manage and provide oversight of existing contracts. Having the right people with the right responsi-bilities in place is particularly key to success in this regard.

Firms should consider the level of protection they will require from unauthorized charges, including protection from employee misuse. For example, will they need a re-porting package that can identify out-of-pattern spending? Other security and protection concerns include pre-set spending restrictions as well as regulatory compliance, disaster recovery, data protection and privacy issues.

Global implementation concernsImplementation challenges in diff erent countries in-

clude obtaining buy-in, securing lending, coping with regu-lations and managing contracts. Accordingly, the speed and ease of implementation are major concerns for most fi rms, especially for large companies with complex structures.

What to look for in a global card provider:• Up-to-date products leveraging the newest technology• A pipeline of newer products already proven • Experience in both prepaid and corporate card issuance• Ability to consolidate management information and deliver across the

globe • Features and functionality such as online statements, 24/7 cardholder

support and superior web-based management tools • A dedicated global relationship manager• Coverage in all key economies globally

FX fees can stamp out additional

profi ts

JP Morgan.indd 76 25/02/2011 13:41

PAYMENT CARDS 77

Cate Luzio is responsible for JP Morgan’s International Commercial Card business. JP Morgan’s provides commercial card solutions in more than 95 countries and 28 currencies and continues to expand.

“A key dynamic in selecting

any T&E card provider is the

company’s desire to leverage

rebates”

Overseas overviewComplex laws and regulations govern cards

GERMANY• Complex data protection laws• All air travel generally booked to central

travel accounts• Strict labor laws require any new program

to be reviewed by a fi rm’s Workers Council• Checks rarely used• B2B electronic payments more prevalent

than card use

FRANCE• Very stringent data protection and privacy

laws• P-card enhanced data only available from

domestic French issuers• Level 2 and 3 data looks different in France

than in other countries• Direct debit is most common payment

method

EASTERN EUROPE• Relative to the US, UK and Western Europe,

the commercial card market is immature and principally consists of just the small and medium-sized business segment

• Business card usage is on the increase but accounts for a very low percentage of market share

• P-Card is known only on a conceptual basis in this region and there is no true P-Card functionality or enhanced data available

Once the rollout is completed, the provider’s consul-tative implementation support should be ongoing. Firms should periodically evaluate the program aft er the imple-mentation is completed. Initially, this should occur on a bimonthly or monthly basis, eventually shift ing to quar-terly or semiannually as the program matures. Monitoring of this kind can facilitate adding capabilities, modifying liability arrangements or adding more advanced controls if necessary.

Pay attention to data management, reporting and integration

From the ability to integrate data into their fi nancial systems to the ease of use of their web-based reporting interface, there are multiple reporting-related issues that any company must consider in selecting a T&E card pro-vider/program.

A major concern is the sophistication of reporting functionality. For example, will reporting be conducted locally, regionally or centrally? How will the card program support any unique tax-reporting requirements? Does the company require the charges to be billed in local curren-cies? Will each operating unit pay the bills for its card-holders, or will bills be paid centrally? Are reporting and settlement integrated?

Data mining capabilities are increasingly important, particularly as they help companies drive down the cost of airlines and hotels. In some cases, providers can deliver hotel and airline spend reports down to a very detailed level. When planning to use reporting capabilities, fi rms should consider their objectives. How useful are these capabilities in helping the fi rm consolidate their spend, obtain a snapshot of their current spend or aggregate data across business lines?

Financial offerA key dynamic in selecting any T&E card provider is

the company’s desire to leverage rebates. When assessing any fi nancial off er of this kind, factors for careful consid-eration include the rebate size (including reductions based on spending factors), any fees (e.g. annual fees, cash access fees, late fees, etc.) and fl exibility on payment options. Th e diff erences of a few basis points in foreign exchange fees can turn out to be quite signifi cant over a large volume of spend. For instance, if a client’s card program is $100 mil-lion annual spend and 20 percent is overseas spend, then a 0.10 percent FX fee diff erential between issuers would cost the client an additional $20,000 per year in fees. A 0.30 percent diff erential in FX fees would cost the client an ad-ditional $60,000 per annum in fees.

Finally, it’s important to note that liabilities and pay-ment terms diff er as do local laws and practices in various countries. To avoid potential diffi culties, be sure your pro-vider has experienced people on the ground in the region your fi rm is considering.

JP Morgan.indd 77 25/02/2011 13:41

PAYMENTS78

The importance of getting it rightPayPal Inc.’s Scott Thompson discusses the challenge of moving money electronically around the world – and why it’s important to stay humble.

What keeps us awake at night? For most of us, it’s the usual money worries: how to pay the mortgage and put food on the table. When Scott Th ompson, President

of global online payments giant PayPal Inc., tosses and turns at night, it’s a sure bet he’s worrying about the technology that allows millions of us to pay for goods and services electronically.

“When you’re running a technology-based organiza-tion like PayPal, you constantly worry that the system is working as it’s supposed to. Are we, for example, deliver-ing the experiences that the product should deliver?”

Because while the business of moving money around electronically may look easy, it’s actually a complex techno-logical beast. “Payments are a very complicated business. As a consumer you probably look at this and say, ‘Wow, this is easy, it works all the time, it works as I expect it to work’. But when you’re down inside the belly of the beast and trying to understand how you build products, how you move transactions around, how you clear and settle things around the world, it’s very, very complicated.”

Insomnia aside, Th ompson has ample reason to be happy. He helms a company with 81 million active accounts that straddle 190 markets and 24 currencies globally. And uses leading-edge technology to do so. Yet

while he’ll admit to being PayPal’s biggest cheerleader, humility is still his default setting.

“We have terrifi c momentum in the business of PayPal and we have it all over the world. Don’t get me wrong, I’m very proud of the success we’ve had up to this point in time, but it’s still very, very early in the alternative payments and online payments space. People look at us and say, ‘Wow, they are a big company’ but we’re actually a very small company in comparison to the people we compete against and certainly in comparison to the opportunity. But it’s very important to be humble because we service customers all day long and the minute we lose that humility and we don’t treat customers the way they’re expecting, then we lose the franchise that we have and we’ve lost the opportunity.”

Th ompson, who oversees all aspects of global payment systems, including the product roadmap, architecture, information management and operations, says because his business deals with people’s money, they have to get it right every time.

“It’s a very intimate relationship we have with people and their money, and customers have a zero defect expecta-tion. It’s got to work every time just as you expect it to. So anybody who has that relationship and breaks that trust, well you don’t have a relationship with those people over the long term.”

Paypal Inc has 81 million accounts that straddle 190 markets and 24

currencies

Paypal.indd 78 25/02/2011 13:37

PAYMENTS 79

Th e key, he says, is to have a sense of perspective. Per-spective of where you are, the game that you’re playing, what the opportunity is. “Th e idea is then that every day we wake up, we come into the offi ce to service customers with that critical mindset – here’s what we’re doing, here’s what our priorities are and, most importantly, here’s how we service customers and we do it with humility in all cases.”

It’s a philosophy that has helped PayPal weather the fi nancial crisis when, despite the economic skies falling in, it facilitated US$60 billion in total payment volume. “I guess it just goes to show that when things are turned upside down, people still have buying occasions – you still have to buy gift s for your parents, your nephews, your nieces, your friends. Sure people were taking more time to do research, taking more time to fi nd the best price for the thing that they wanted and then usually fi nding the best price online. So while things were actually disjointed and there were some discontinuous events during that period, the fact was that people were still buying, particularly over the internet, and we got the opportunity to service those customers in a very meaningful way in a growing section of the market.”

So another global company that’s managed to survive and thrive in the past few years. So far, so ordinary. What elevates PayPal into a category of its own is the fact that it caters to 190 diff erent markets, 190 diff erent customer ex-pectations and 190 diff erent payment systems. “Each coun-try has its own set of expectations and its unique systems, so that’s a level of complexity most businesses don’t have to deal with. You have to get it right in all those languages, all those contexts and all those currencies. It’s built into the DNA of PayPal that we’re going to do it right, even though it’s complicated, every single time. But that’s the fun part of this company and that’s the real challenge of what we do globally.”

Challenge is a concept Th ompson knows a lot about. Since graduating from Boston’s Stonehill College with a degree in Accounting and Computer Science, he has worked

for organizations such as Visa USA, where he was the Chief Technology Offi cer and Executive Vice President of Tech-nology; as Chief Information Offi cer of Barclays Global Investors, where he implemented a new strategic technology platform and global infrastructure; and for Inovant LLC where he was responsible for the development, support and maintenance of Visa’s Global Payment system, which pro-cessed tens of billions of transactions.

He joined PayPal Inc. in 2005 as its Senior Vice Presi-dent of Product Development, Technology and Operations, before moving into the President’s chair in January 2008. Still, it hasn’t escaped his attention that the road to the top job isn’t usually paved with an IT background.

“It is unusual for a CIO or CTO to become the president of an organization but people who grow up in technology are possibly the best problem solvers on the planet because that’s what they’re trained to do – to take something very big and complex, break it down into its smallest pieces, fi gure out how to reassemble it in a better way and build whatever it is that you’re embarking on. As the CEO of a company, problem solving is a skill you need to have because in most cases you’re inventing new things, determining new ways to service the customer or to build new products to attract new customers. Th at’s all about understanding the dynamics of the business that you’re in, then breaking it down to its ele-ments and building it back up into a great product. Th at’s problem solving.”

So what’s next for PayPal? Th ompson says he’s currently putting his energies into fully localizing the product into more markets around the world so that both consumers and merchants in their 190 markets can fully utilize the prod-uct. “It’s an interesting time to be in this business, because people are increasingly doing transactions online, so in a way payments are coming to us and that’s what we do, we move money around online. So of course we’re working to grow the addressable opportunity that we have.”

Beyond that, Th ompson says PayPal is entering an exciting phase of exploiting innovation in its operational platforms: “So if you’re a developer who doesn’t work for PayPal and you want to build a business that involves money of some sort, then build it on top of PayPal”.

Next generation technology – for instance using PayPal via your mobile – is the new frontier and Th ompson is right-ly “psyched” by the innovation that is being applied to these applications. “You could say we’re inventing the future.”

So what would this father of three be doing if he weren’t tasked with establishing PayPal as the leading global online payment service? “Well I’m assuming that I’m actually too old to pitch for the Boston Red Sox, but if I could turn back the hands of time and I was a little better, I would love to have done that. But, to be honest, I don’t spend any time thinking about what I would do if I weren’t here. I’m really enjoying myself because I have this great opportunity to work with a team of people who really want to do something very special.

“So I get up every morning and I just can’t wait to get to work. I guess at some point when that feeling rubs off , that’s when I’ll decide what comes next or what diff erent path I’ll take but for right now, this is it.”

“You could say we’re inventing the future”

Scott Thompson

Paypal.indd 79 25/02/2011 13:37

EXECUTIVE INTERVIEW80

Deliver an exceptional customer experience across all your channelsBob Tramontano talks about growth in technology enabling enhanced customer service in a multi-channel marketplace.

How has the growth in consumer orientated technol-ogy increased a bank’s opportunity to better service their customers?Bob Tramontano. Internet-enabled devices have created increased customer service expectations in two key areas and banks that recognize these trends can signifi cantly increase their level of service and improve loyalty.

Th e fi rst area is convenience. Internet-enabled de-vices are portable and they are always turned on – which means that a customer can shop, schedule appointments and transact with their bank from just about anywhere. Th ese devices enable consumers to re-defi ne convenient service as instantaneous, in real-time, at any time, and from anywhere.

Th e second expectation is around personalization. Internet-enabled devices are personal communication portals that create a huge opportunity for banks to in-teract with their customers on a more customized and individual basis.

Mobile banking applications, text messaging, alerts, and email are now enabled in a single consumer device, so it becomes critical for banks to understand how to ef-fectively use these diff erent mediums for interacting with their customers according to their presence (where they are) and preference (what they want).

What is NCR doing to help banks differentiate them-selves in this new multi-channel environment? BT. NCR serves consumers when they shop, travel, visit the doctor, entertain themselves and bank. We help these industries deliver multi-channel solutions that reinvent the consumer experience. Th is multi-industry perspec-tive helps us break down the delivery channel silos to provide consumers with a more seamless multi-channel experience.

Let me give you a few examples. Th e hottest thing in deposits is remote deposit capture, which lets a customer make a deposit using their home scanner or mobile phone. Nearly all the products on the market are stand-alone services – they don’t work in conjunction with the other channels or services that the customer is using. For the customer, this means they have to have to use a separate application or go to a diff erent web page, have a separate logon ID, and keep track of a diff erent password. NCR is integrating our mobile deposit capture capability, called APTRATM Passport, into our online and mobile banking applications. So the customer can access the service using whichever channel they prefer.

Another way NCR can help banks is with customer communications. It’s increasingly harder for a bank to reach today’s time starved mobile consumer with ser-vice and marketing messages. NCR has a solution called APTRA eMarketing that helps banks develop targeted personalized one to one marketing campaigns, and de-liver messages wherever the customer might be, either at the ATM, via a text message, or by email. But again, the key diff erence is that it’s all integrated together to give the customer the confi dence that their bank knows who they are, and how they want to be communicated to.

What are the key drivers to long term success for banks in the multi-channel marketplace? BT. Th ere are many keys to success, but I’ll focus on two. First, I believe that success will be defi ned by a bank’s ability to truly understand and deliver the expected con-sumer experience. We know the consumer wants a seam-less experience across all channels with control over their channels and preferences. Th ey expect messaging that provides evidence that the banks is listening, regardless of channel and responding in ways that are relevant to them personally. Th is creates an opportunity for banks that deliver a seamless experience across all its channels.

And second, banks need to give real consideration to the track record, stability, and long term vision of their technology providers. Th ere’s a lot of buzz in some areas, but it’s mostly coming from start-up companies that can only deliver one piece of the multi-channel puzzle. But multi-channel is much more than throwing a mobile banking app on to iTunes or spamming customers with email marketing. Multi-channel is about creating a ho-listic experience that will build loyalty in your customer base. Success for banks will ultimately come down to choosing a partner that can help them deliver the experi-ence that consumers expect.

“I believe that success will be defi ned by a bank’s ability to truly understand and deliver the expected consumer experience. We know the consumer wants a seamless experience across all channels with control over their channels and preferences”

Bob Tramontano is vice president of fi nancial industry marketing at NCR, a leading global provider of payments, assisted and self-service solutions, with over 125 years of experience and knowledge.

NCR.indd 80 25/02/2011 13:42

NCR PASSPORT AD.indd 1 15/02/2011 15:09

platform that leverages technology to enable integrated claims processing, enhance process effi ciency and cost eff ectiveness, reduce cycle times, and allow performance measurement. By closing process gaps, insurers should be able to reduce existing loss-adjustment expenses and drive continued improvements.

Managing indemnity expenses will also be key. While much attention is paid to the cost of paying and administering claims, there is also a signifi cant need for insurers to tackle contingent liabilities (for example, overpayments in vendor transactions or suboptimal recovery practices). Insurers should optimize fraud management to reduce costs (and ultimately improve combined ratios) by making sure fraud is detected quickly and eff ectively, without undermining customer satisfaction or unduly raising litigation costs or creating net new costs.

Finally, fi rms should leverage claims data for enterprise-level decision-making. For an insurer, the ideal business information system makes effi cient use of enterprise-wide data to support business decisions. Insurers need to leverage the full value of claims data by making sure the right data is captured and used to sup-port business decisions – delivering benefi ts in terms of profi tability, effi ciency, strategic plan-ning and regulatory compliance.

Ultimately, in an intensely competitive insurance market, differentiation through innovative claims management practices is going to be the most important and effective way to maintain market share and profitabil-ity. Claims transformation not only improves everyday efficiency and effectiveness, it also enables insurers to deliver on their brand promise and enhance brand value for the long-term. It can help drive top-line and bot-tom-line growth by improving client acquisi-tion, client retention, procedural efficiency and effectiveness, as well as risk management. Without it, insurers will be challenged to dif-ferentiate themselves and maintain and evolve their market position.

INSURANCE FOCUS82

Having lost investment income during the fi nancial crisis and faced with changing customer preferences and regulatory environments, insurance

companies around the world are refocusing on operational effi ciencies and business agility, according to the 2011 World Insurance Report, produced by Capgemini and the European Fi-nancial Marketing Association.

Th e study explores ways insurers can dissect their business to identify opportunities that will make fundamental and lasting improvements to their core operations, with a focus on enhance-ments to claims transformation. Th e report draws on research insights from 14 countries – including Belgium, Canada, Denmark, France, Germany, India, Italy, the Netherlands, Norway, Sweden, Spain, Switzerland, the UK and the US – and covers both non-life (including health) and life insurance segments. Based on a compre-hensive body of research, it includes in-depth focus interviews and extensive surveys with 58 insurance executives.

“By the second half of 2009, the economy had started to improve but many insurers were still faced with the challenge of meeting their fi nancial obligations despite losses in investment income, increases in premiums and other less than ideal operating conditions,” explains Jean Lassignardie, Vice President of Sales and Market-ing for Capgemini’s Financial Services Global Business Unit. “Th e fi nancial crisis is a stark reminder for insurers that they cannot rely on in-vestment income alone to deliver results. Instead,

to achieve sustained growth, they must also re-focus on core drivers of operational excellence.”

Th e research makes clear fi ve key con-clusions regarding the need for insurers to transform claims to meet customer needs while driving results; stabilize reliable claims processing platforms; manage indemnity ex-penses more eff ectively; leverage claims data for enterprise-level decision-making; and ensure critical business agility, especially if seeking to thrive over the long-term.

Meet ‘brand promise’ while driving results

With a less-than-satisfactory claims experi-ence prompting one-in-fi ve customers to switch insurance providers, claims transformation is where many insurers, especially non-life insur-ers, are fi nding both opportunities for opera-tional effi ciency improvements and the tangible substantiation of their brand platform necessary to deliver on customer commitments.

According to the 2011 World Insurance Report, opportunities exist for non-life insurers to capture operational effi ciencies in claims, where costs are rising fast. In fact, from 2006-2009, the claims ratio rose in nearly every country (except the Netherlands) and outpaced the expense ratio at a greater rate of 4.6 percent to 0.3 percent (ac-quisition plus operational).

Ineffi ciencies – stemming from environmental, technical and organi-

zational factors – are all driving the imperative to transform claims processing. While the potential for driving effi ciency varies by fi rm, strategy, coun-try and service segment, within claims, three areas can have immediate impact on achieving effi -ciency. Th ey include creating a reliable, predictable claims processing platform, managing indemnity expenses to the right levels and leveraging claims data for enterprise decision-making.

First of all, suggests the report, insurers should implement and stabilize a reliable claims

Agility: the insurers’ insurance policy

According to the fi ndings of a new report, reducing operational expenses while enhancing business agility will be key to driving growth for insurers in 2011.

“Insurers need to leverage the full value of claims data by making sure the right data is captured and used to support business decisions”

CRM.indd 82 25/02/2011 13:44

STISYSTEM AD.indd 1 15/02/2011 15:10

ASK THE EXPERT84

Signifi cant changes in the fi nancial services indus-try over the past few years are bringing increased regulatory scrutiny, new compliance policies, and heightened public skepticism. For fi nancial services

fi rms, accelerated recovery and success depend upon cus-tomer acquisition, satisfaction and loyalty. Consequently, every consumer contact presents an opportunity to regain customer trust, reach new markets and diff erentiate the fi rm from its competition.

Th e ability to successfully implement a comprehensive communication strategy will most likely be the single big-gest challenge — and opportunity — for every fi nancial institution over the next few years. Positioning for success in this new market environment is dependent upon having access to the information clients want — and being able to deliver via the channel they prefer — morning, noon, or night via print, electronic, the web, and mobile devices.

Leveraging the power of multichannel campaigns re-quires having the ability to determine the communication preferences of each client and the solutions in place to deliver compelling content through that channel. However, just as important as communicating through multiple channels is ensuring the delivery of easy-to-understand statements and other communications when doing so. For example, if an in-dividual has a profi le that suggests they may be interested in converting to a new retirement plan, the communication so-lution should have the ability to personalize their next state-ment with information highlighting the retirement options available and of interest to them. Having the technology in place to access the data an organization already has on its

members can ensure the ability to put their needs front and center with every communication sent to them.

Th ere are several common hurdles that all fi rms face when integrating multichannel communication options with current architecture. Th e fi rst involves the ability to obtain quality data. Data is oft en stored in disjointed silos across the enterprise and it can be a challenge to obtain and consolidate useful data about each client. Be sure the com-munication solution you choose can tap into the broad range of data sources that drive your business, and that the solu-tion makes it easy to merge and consolidate this data.

Th e next is being able to coordinate and integrate com-munications across all channels. For instance, the ability for the next statement run to take advantage of feedback ob-tained through an e-channel (like email) is a critical aspect of a successful multichannel framework.

Th e content delivered to a client on their printed state-ment may be in a completely diff erent format and layout than the content delivered to that same member via a diff er-ent channel. Because of this, another critical success factor for a multichannel communication solution is creating fl ex-ible content that automatically changes to match the delivery channel. Without this kind of fl exibility, designing for mul-tiple channels can become a painful and complex process.

Managing content, logic, users and roles, interfaces, and change control practices for a multichannel solution can seem like a daunting task. It involves providing an integrated framework that can leverage critical data across the entire solution. For instance, user roles and permissions should be honored anywhere in the framework. Addition-ally, the ability to manage content — independent of the documents and channels that receive them — is crucial. Be sure the solution used has these management capabilities, or your organization may be overwhelmed with process and content complexities.

Organizational commitment, accountability and having the right technology in place for managing the client base across all media channels are the key ingredients to overcoming the challenges and ultimately succeeding when it comes to customer communication management. Multi-channel communications are not the wave of the future for fi nancial fi rms. Your clients are already in control today and their expectations as to how you communicate with them are on the rise. Implementing a well-thought-out customer communication strategy can help ensure retention by get-ting important information to clients more quickly — and with a personal touch via the channel they prefer.

Meaningful communications are the lifeline between fi nancial fi rms and their clients. How do you make this a core capability of your business? Doug Cox, Director of North America Enterprise Business, GMC Software Technology, explains.

Core communications

Doug Cox is the Director of North America Enterprise Business for GMC Software Technology, a provider of document output for customer communication management. GMC Software Technology offers a seamless, easy-to-use, and powerful solution that enables business users to reduce the complexity and costs of customer communication management across business silos. The company’s secure, scalable, and reliable solution produces personalized and regulatory compliant communications that can be delivered to members via the channel or choice. He can be reached at [email protected].

GMC.indd 84 25/02/2011 13:40

GMC SOFT AD.indd 1 25/02/2011 08:48

PERFORMANCE MANAGEMENT86

As the Vice President of Technology Services at in-surance giant MetLife, Vinod Kachroo is happiest when everything is business as usual. Responsible for multiple technology service and engineering

teams across many diff erent areas of the company, Kachroo’s main priority is to support MetLife’s business strategies and goals through the integration and implementation of future and current technologies. As performance management activities go, Kachroo’s role is all encompassing, and a con-stant opportunity for development and advancement.

“My responsibility is to run all of the technologies re-lated to the mainframe, such as server technologies, storage technologies, and any kind of application infrastructure-type technologies,” says Kachroo. “So whether it’s .NET, web sphere, portal, document management, image and work-fl ow, content management or any kind of package applica-tion support – you name it, my team is responsible for it.”

In ensuring that MetLife’s technology services are best supporting the business, Kachroo’s ‘business as usual’ ap-proach requires constant attention. Th e company’s technolo-gy infrastructure has a pretty mature shelf life, having evolved through a lengthy and intense period of optimization to reach a stage where Kachroo is now able to highlight a few key tenets where he and his team are looking to invest. Such investment and attention in certain areas is designed to enable MetLife’s technology services to continue to provide ‘business as usual’ capability for the immediate and foreseeable future.

BUSINESS AS USUAL

Managing the performance of a fi nancial IT department can be a thankless task, especially in the current climate of rules and regulation. However, as Vinod Kachroo of MetLife tells FST, ‘business as usual’ can be achieved by leveraging some of the newer technologies to assist your organization’s needs.

VinodKachroo.indd 86 25/02/2011 13:45

PERFORMANCE MANAGEMENT 87

“We have been on this journey where we have been optimizing our infrastructure over a long period, for the last three to four years,” explains Kachroo. “We have gotten a lot out of programs like virtualization, and are now completely virtualized when it comes to the mainframe. We are also completely virtualized when it comes to our UNIX AIX environment, and we are currently on a journey to consolidate our Wintel environment on a blade server technology with virtualization. Our storage is completely external and consolidated. All of the storage is NAS, and all storage is consolidated into SAN.”

Producing performanceDuring the past six years, Kachroo has focused on the

application development side of the MetLife business, sup-porting its retail arm in providing new business systems for underwriting, image and workfl ow. He has also been in-volved in the infrastructure of the business and so has seen, from all angles, how to better assist and support the company to reach its corporate objectives. As a result, Kachroo is able to identify where MetLife can improve, do better, become more effi cient and generally mature, highlighting issues such as capacity on demand, cloud computing and the adoption of mobile devices as potential areas for greater leverage.

“We are already very mature in terms of capacity man-agement and capacity planning processes,” says Kachroo. “Th ese strategies lead into our project portfolio manage-ment and portfolio governance processes, where we are also pretty mature. Our planned capacity on demand is also on track. We have reduced some cycle times on acquiring and deploying computer capacity and storage capacity to our customers. So we are well positioned to leverage some of the new advancements in this space, such as cloud technology.”

Although cloud computing’s status as an industry hot topic remains unchallenged, the actual technology – and the concerns surrounding it – are still cause for careful consideration for many companies; MetLife included. “I have some questions around the viability of cloud technol-ogy and the mapping of that technology to corporations like ours,” admits Kachroo. “Security is a big concern too, but I think a lot of people are working on it and it should be something that is solved pretty soon.”

Despite the industry-wide buzz, Kachroo believes enterprises that yearn for a cloud-computing model to enable them to deliver better performance need to position themselves in a way that will best leverage this technology for their business needs. “Cloud computing itself is not a new paradigm, but it does create a new paradigm; these are opportune times if we can reach a realization of how to truly benefi t from the cloud. And I think the true realiza-tion of the cloud comes from soft ware as a service, where you get the standards on how you interface, standards on how services are constructed and how they are deployed.”

Th e potential of cloud computing lags some way behind the hype. If security concerns can be solved, and every company can truly leverage the technology in a way that best suits their business, then the cloud landscape will continue to mature. Another technology that is still

striving for maturation is mobile technology. Th is space is equally volatile, subjected to hyperbole and scrutiny in equal measure, and an immensely interesting topic of dis-cussion for technology executives throughout the fi nance industry. Kachroo identifi es with the potential of mobile technology, and has earmarked a number of challenges and opportunities to leverage the technology to assist with his performance management duties for MetLife.

“We have some push around the mobile technologies and have been leveraging them for our auto and home business,” he says. “We have agents out there with corpo-

rate-provided mobile devices that have their applications enabled and capable. So we do see this becoming a more open space and are devising a strategy for ourselves on overall end-user computing and unifi ed communication and collaboration, with the device being just one aspect of it.” Kachroo argues that the mobile device is only a single part of how to deliver a solution, with his team working to-wards the capability of the mobile space as a wider method of delivering business as usual outcomes for MetLife.

Th e fi nancial industry has stumbled through some tu-multuous times in the past couple of years, creating a land-scape that has made it increasingly diffi cult for Kachroo and his team to provide business as usual solutions to the company. Trust between client and organization has been eroded and exacerbated by the current economic gloom. Frayed customer interaction is an issue that requires urgent attention. Cost-cutting practices have become com-monplace throughout the industry and the challenge to do more with less is increasingly being pressed into the palms of CIOs and technology executives throughout the land. So how, in this current climate, can business ever be ‘usual’?

“In our industry there is a lot of pressure coming from a regulation perspective and a risk management perspective,” says Kachroo. “We have a lot of catch-up to do; our industry is lagging in issues such as risk management, a proper un-derstanding of the new regulations that are coming and how to adhere to these regulations. For a company like MetLife, which is becoming more global in nature, these regulations are complex year round, and that complexity is only going to get higher and higher. Diff erent regulations and data pri-vacy needs diff er from region to region, so as we grow these regulations add an extra layer of complexity for us, and this is going to be an extremely diffi cult challenge if we wish to continue to maintain business as usual moving forward.”

“Our planned capacity on demand is also on track. We have reduced some cycle times on acquiring and deploying computer capacity and storage capacity to our customers. So we are well positioned to leverage some of the new advancements in this space, such as cloud technology”

VinodKachroo.indd 87 25/02/2011 13:45

CISCO AD.indd 2 12/3/10 14:29:55

CISCO AD.indd 3 12/3/10 14:29:57

INDUSTRY INSIGHT90

General Motors, known for its trucks and cars, also operates one of the largest commercial fi nance businesses in the industry. Th e com-pany’s fi nancial group, GMAC Commercial

Mortgage Corp., is one of the leading global providers of fi nancing programs for commercial property real estate. Th e Horsham, Pennsylvania-based company provides loans ranging from property acquisition and construction to refi nancing and renovation for properties such as gen-eral offi ce, industrial, retail, apartments and healthcare. Th e worldwide operation processes hundreds of thou-sands of documents at its 60 regional locations through-out the U.S. and at offi ce sites in Europe.

To streamline the processing of loan documents and to provide access to these documents to employees in an anytime/anywhere operating scenario, the commercial mortgage group instituted a distributed document capture system with the goal of shift ing to an elec-tronic document processing operation. Kofax Capture is a key component of the company’s paperless objective, performing critical document and data capture tasks and, as a result, signifi cantly enhancing the company’s commercial loan process.

The challengeEach day GMAC Commercial Mortgage processes more than 100,000

loan documents related to a wide assortment of income-producing prop-erties. As the largest commercial mortgage underwriter in the U.S., the company elected to improve overall operating effi ciency by consolidating its documentation processing at a single location. Th e company handles a variety of document types, including Excel spreadsheets, email text, Acro-bat PDFs and AS/400-generated reports.

“We have 60 origination offi ces servicing 47,000 loans and are the larg-est providers of Fanny Mae, Freddy Mac and FHA loans,” said Larry Hoff -man, GMAC Commercial Mortgage director of imaging and workfl ow. “We also provide escrow administration, client relations, asset administra-tion and service monitoring, payment processing, risk management and investor and IRS reporting.”

Prior to implementing a document capture solution with Kofax Cap-ture, the company stored information in both electronic and paper formats which exacerbated the diffi culties with document search and retrieval.

“GMAC Commercial Mortgage processes 3,591 document types and 30 diff erent index fi elds, making it a very complicated document manage-ment environment,” Hoff man said. “Today, 90 percent of all documents received are scanned the same day with less than 24-hour turnaround.”

The solutionGMAC Commercial Mortgage deployed Kofax Capture, a fl exible

scanning and automated indexing solution for documents, at locations

worldwide. Kofax Capture is the foundation for Kofax’s strategy to help organizations streamline business pro-cesses. Th e solution included: Kofax Capture, the world’s leading automated information capture platform and Kofax Transformation Modules (KTM), which streamline the transformation of business documents into structured electronic information by automating the processes of document classifi cation and data extraction.

Th e Kofax solution automatically identifi es forms and performs highly accurate recognition of handwriting (ICR), machine print (OCR), check marks (OMR) and barcodes to extract even the toughest data from scanned images. Kofax Capture manages the process, indexes and validates the captured content, and then releases it seam-

lessly through a library of custom integration modules developed for all major document and content management systems.

Kofax Capture enables GMAC Commercial Mortgage to move paper documents from its remote offi ces directly to the company’s central work-fl ow system without incurring the time and cost of shipping hard-copy documents. Th e company centrally administers remote scan locations and schedules data transfer in off -peak hours to better leverage available net-work bandwidth. With the Kofax solution, GMAC Commercial Mortgage can capture and index content from the company’s imaging centers in Hor-sham; San Francisco; Pasadena, California; Chicago; New York; Vienna, Virginia; Richmond, Virginia; Birmingham, Alabama; Mullingar, Ireland and Paris, France.

GMAC Commercial Mortgage paired Kofax Capture with Hyland Soft ware’s OnBase, which serves as the enterprise soft ware framework that combines document imaging, COLD/ERM, document management, and workfl ow into a single Web-enabled application.

GMAC Commercial Mortgage also found Kofax Capture’s easy-to-use customization features highly benefi cial in creating an integrated docu-ment and data management solution to meet their enterprise requirements. Th e customization features make it easy for GMAC Commercial Mortgage to react to changes in the document management environment.

The resultsWith the implementation of Kofax Capture, GMAC Commercial

Mortgage is now processing more than 16 million pages electronically per year. Document imaging technology enables the company to process loan documents more quickly, usually within 24 hours. Th anks to docu-ment imaging technology, GMAC Commercial Mortgage has achieved tremendous payoff s in loan processing speed and operational effi ciency, Hoff man said.

GMAC leverages Kofax capture to automate processing of commercial loan documentsAnthony Macciola explains how General Motors has utilized Kofax’s capture solution to aid diffi culties in document search and retrieval

Anthony Macciola is Chief Technology Offi cer. He originally worked for Kofax from 1990 to May 2000, when he left to become the Vice President of Worldwide Marketing for Lantronix, Inc. In 2002, Anthony returned to Kofax.

KOFAX.indd 90 25/02/2011 13:36

KOFAX AD.indd 1 22/02/2011 09:13

iStrategy AD_B2B.indd 1 22/02/2011 11:02

Travel36 hours in Salvadorp96

LeadershipSkills to leadp94

BooksTop new readsp99

GadgetsNew coveted technologyp100

AgendaBig events coming upp102

102

96

100

Details.

Back Section_COVER.indd 93 25/02/2011 13:43

DETAILS. LEADERSHIP TIPS94

for today’s leader

Career consultants have had to reassess advice they’re giving and take a more tailored approach when reaching out to business

leaders. Leading UK management consultants, Berkshire Consultancy Ltd (BCL), have recognized changes in the way management works from their research white paper, The Agile Leader. The paper explores the confl icting challenge of the stop-start economy for today’s business leaders, conducting research with over 200 of the most senior executives from the Top 500 UK companies.

Sarah Hunter, Account Director for BCL, worked on the paper, and understands the need to inspire clients to rise to challenges faced in this climate and says its all about a ‘right here right now’ approach. “We work with what’s actually happening at the moment. So although we do some theoretical input and utilize some tried and tested leadership and management models, we work with what’s happening in that organization, in the workplace itself. We observe how teams and leaders are working together,” Hunter says. “So our consultants need to be very fl eet of foot and very experienced and used to working in lots of different organizations, but primarily with working with people.” This individual approach enables a more tailored model for each business, encouraging team discussion and heightened communication.

The prevailing theme produced from the Agile Leadership paper was one of uncertainty in business forecasting. Business leaders are usually natural organizers and long-term planning is often a safe bet in successful business management. This, however, has changed in recent years. “People are fi nding it really hard to implement year-long forecasting and prediction that perhaps would have been the planning profi le before. I think now people are having to stop and re-adjust as different things happen, make some changes, go back and communicate that to their staff. If that’s not done well, you [could] have staff thinking, do these people really know what they’re doing? Why is everything changing?” Hunter says.

With a barrage of job cuts and redundancies becoming commonplace, it is understandable if the announcement of a streamlined approach is met with terrifi ed stares. “People are worried for their jobs. They’ve heard about or have probably been in an organization that has cut staff. So when they hear about wanting to make a leaner and more effi cient organization they’re going to be scared,” Hunter says, “the report showed people want stability as much as anything in their job. At the moment that is a really important motivator but it’s something leaders can’t necessarily give people. They can give them honesty, but they can’t necessarily give them stability. So it’s a real balance for managers, a real juggling act.”

This change of behavior for fi nancial services top executives refl ects the need for a more ‘hands on’ approach to business. On the other hand, leaders must remain at the helm and take a more directive initiative when needed. It is this balance, Hunter explains, that managers must get right: “It’s having the ability to balance when you need to be directive and when you actually need to say, ‘I’m not sure of the answer here, let’s get some other people in.’” The report also found that a lot of senior decision-makers believe today’s climate is tougher than the recession. Leaders are being pulled in clashing directions: a demand to cut costs and the demand to increase growth of businesses and market share. “Typically you tend to be better at one than the other,” explains Hunter, “whereas at the moment, managers are under the pressure to do both at the same time and keep jumping from one to the other. We’ve got to get the businesses really working effi ciently, but at the same time it’s important that we increase our market share and our position in the market and that’s just really a tough call.”

Financial services heads have had to become resilient leaders in stormy fi nancial times. So what happens now? Lorna Davies spoke to Berkshire Consultants Ltd about their recent research that highlights important factors to enable successful business survival and growth.

STORMY FORECAST

REASSURING STAFF

TOP 1p paper waser was ders are usuallye usuallye bet in successfuln successcent years.ears.

g forecasting and asting anprofi le before.before.

fferent things t things e that to theirto their king, do theseo these ng changing?” hanging?”

4This change of behavior for fi nancbehavior foneed for a more ‘hands on’ approaore ‘hands onleaders must remain at the helm ast remain at thewhen needed. It is this balance, Heded. It is this balright: “It’s having the ability to ba“It’s having the abilitand when you actually need to sawhen you actually neeget some other people in.’” The reet some other people in.’”decision-makers believe today’s cdecision-makers believe toLeaders are being pulled in clashinLeaders are being pulled inthe demand to increase growth ofthe demand to increase growth ofyou tend to be better at one than you tend to be better at one than at the moment, managers are undmanagers same time and keep jumping fromkeep jumpibusinesses really working effi cienally working effithat we increase our market sharencrease our market shar

5p ,p ,ed approach is approach is

obs. They’ve heard. They’ve heardcut staff. So whenut s

cient organization ent organizationwed people want wed people want t that is a really ally cessarily givessarily give them ssarily give them ng act.”ng act.”

TIPSCHANGES

LeadershipTips.indd 94 25/02/2011 13:44

From working daily with industry leaders, BCL has previously experienced these pressures. What was surprising from the results of the whitepaper was just how widespread the concerns were. 78percent agreed that it’s important to achieve set targets whereas less than half expect that it’s going to be achievable, resulting in managers being set challenges that they don’t believe are attainable. Some of the work BCL do is to support senior managers in their decision-making in a clear, structured manner and also encouraging managers to “get out of the offi ce and on to the shop fl oor” as Hunter puts it. “Just have conversations with people to fi nd out what’s going on. It’s a lot less scary than people think.”

The BCL way of working is to ‘observe, debrief, coach and develop’ individuals in the workspace. One company in which this process was very successful was the Royal & Sun Alliance (RSA). BCL won the 2010 CIPD Award for ‘Organizational Learning’ for their work at the RSA. The judges were looking for highly innovative solutions, robust metrics to demonstrate positive impact to the business and a strong link between a learning and development initiative and business growth. RSA selected BCL in 2007 to design and deliver in partnership with Regional HRDs a leadership program that would promote a pipeline of high potential leaders that could grow the expanding business. The nine-month program covers soft skills (infl uencing, engagement, authentic leadership), hard skills (fi nance, strategy, process improvement), a business project, plus 360-degree feedback and coaching.

Hunter emphasizes the need to work with people, often an approach looked down upon by industry leaders. “People stuff is always called soft skills but I have always been a person that believes working with people is one of the most diffi cult things because you have to adapt all the time and everybody takes things in and receives information differently.” This importance is again emphasized in retaining good staff. Organizations need to work hard in the current climate to engage with employees. “One of the dangers as things get better is that you might lose the good people if you haven’t kept the conversation lines going. [It is important to] fi nd meaningful and effective ways to reward and motivate them over this time. The top people may jump and fi nd somewhere that’s more attractive and actually in these uncertain times people need talented individuals,” This may result in companies fi ghting for talent, heightening the importance of employee retention more then ever.

The report found that 86 percent of business leaders surveyed felt they lacked the skills needed to steer their business through the economy. The types of skills needed have changed to fi t to the new environment, and managers now need to have the courage to involve their team in discussions that before may have stayed in the upper echelons of their organization. “You have to let go of some of that control and get a group of creative and interested people together and just see what comes out of that. “Why not bring the clients in and fi nd out what they actually want and get your team together and do a bit of thinking?” Hunter suggests. “You know you’re all in it together. That actually is a very good way of developing your talented people when you haven’t got the money to invest in a big talent management program. Get them to really know and understand your business and then they’ll be in a much better position to grow in the business when times pick up.” This will, in turn, allow employees and clients to feel more valued and appreciated within their organization.

DETAILS. LEADERSHIP TIPS 95

This lack of ability to successfully forecast business environments and initiatives enhances the need for clarity between leaders and their staff. Whereas before targets were set and progress made through those targets, now staff need to know why changes are being implemented. “So people are having to be really honest and open about what they’re doing and why they’re making changes,” Hunter says. “[Instead of] setting a year plan and then working through, people are having to put different plans into play and make different decisions much more regularly.” The changes in business have been somewhat out of the blue, and the average CEO has had to think on their feet to survive. But the questions asked now are about coming out of recession, and whether we have. “People need to be very fl eet of foot,” Hunter says “but I think without being honest you’re not going to take the people along with you.” Traditionally, managers and leaders have always been the people with all the answers, but increasingly this is not the case. Heightened communication between management, staff and clients is the best way to ensure challenges are tackled.

SKILLS FOR THE JOB

WIDESPREAD WORRIES

AWARD WINNERS

SOFT TOUCH

2ays. [Instead of]nstead ofple are having to e are having to

ecisions much morecisions much more ewhat out of the blue,ewhat out of the bluto survive. But the ut the ssion, and whether whethernter says “but I think “but I tpeople along with along

ways been the people been the people e case. Heightened case. Heightened clients is the best wayclients is the best way 3ests. “You know “You know

That actually is a hat actually is a oping your talentedping your talented ’t got the money tooney tonagement program.ent program

w and understand understand they’ll be in a much much in the business

his will, in turn, allows will, in turn, allow o feel more valued o feel more valued their organization.heir organizat6From working dm working

these pressureshese prwas just how wwas just howimportant to acimportant to agoing to be achgoing to be achthey don’t beliethey don’t beliesenior managersenior manageand also enco rd also e

7ople stuff is always called ple stuff is always called hat believes working withat believes working with cause you have to adaptcause you have to adapt nd receives information nd receives information asized in retaining good goode current climate to engage e to e

ngs get better is that youis thaept the conversation linesersatioand effective ways tove wayhe top people may jumpeople mand actually in thesetually iniduals,” This may result in s,” This the importance of employeeimporta

8p individuals inividuals inpany in which this ny in which this ful was the Royal ul was the Royal won the 2010 won the 2010 tional Learning’nal Learning’ The judges werehe judges were

tive solutions, tive solutions, strate positive strate positive d a strong link d a strong link

l tt

HONEST POLICY

LeadershipTips.indd 95 25/02/2011 13:44

DETAILS. CITY GUIDE96

36 Hours in…Salvador

AboutAlthough Salvador lacks the

immediate cachet like it’s cultural counterpart Rio de Janeiro with its looming Cristo Rendentor (Christ the Redeemer), the city has some delights of its own to offer. Often simply called Bahia by the locals, Salvador de Bahia is the beating Afro-Brazilian drum of the East coast. The cultural, colonial town was actually the fi rst capital of Brazil, from 1549 to 1763, and witnessed the blending of European, African and Amerindian cultures. It was also, from 1558, the fi rst slave market in the New World, with slaves arriving to work on sugar plantations. The city has managed to preserve this African heritage and blend it with other European infl uences, such as the many outstanding Renaissance buildings and colourful fronted houses, often decorated with fi ne stucco-work.

SeeCaporeira is the famous dance of the district – a

kind of half dance, half fi ght – and the locals can be seen forming circles with various performers in the center in the city’s cobble stone squares. Beware, however; often when tourists sneek a peek at the colorful display the dancers charge a fee. For an unforgettable spectacle of the art form, head to the Miguel Santana theater for a full on folkloric performance of the Afrobrazilian tradition.

Droves of trinket and souvenir shops line the stony streets of Pelourinho. The UNESCO World Heritage Sight is a great shopping destination, but if you’re out for a bargain the lively enclosed tourist market, Mercado Modelo, at the bottom of the Elevador Lacerda is a great place for souvenirs. While wandering around and checking out the enormous number churches and museums on the Pelo, open your eyes to schools, galleries and cultural houses that pack the historical centre. A good place to start is the Museu Afro-Brasileiro (Terreiro de Jesus), which holds a room of wooden carvings of the orixas (Afro-Brazilian gods).

Time: -3hrs GMT | Currency: Real | Language: Portuguese | Population: 2.2 million

Getting aroundMuch like the

attitude of the party loving natives, transport in Salvador has a somewhat relaxed feel. If you prefer more certainty in your whereabouts, most of the sights of the city can be reached on foot, or via the famous Elevador Lacerda (R$0.05; 24 hr) which links Cidade Alta and Cidade Baixa. The funicular railway, Piano Inclinado Goncalves (R$0.05; 7am-7pm Mon-Fri, 7am-1pm Sat) takes you to nearby beaches and business districts. Salvador’s airport has daily fl ights to any Brazilian destination and there are buses to the nearby Aracaji frequently. A great way to take in the main sights of Salvador is the Salvador Bus, a double-decker red tour bus that can be seen in various parts of the city.

Brazil has recently come to the economic forefront of South America - enabling its tourism industry to soar to new heights. But rather than heading for the more obvious choice of Rio de Janeiro, Lorna Davies discovered its Bahian neighbour, Salvador, has a wealth of culture and history to explore.

travel.indd 96 25/02/2011 13:45

RelaxSalvador is literally

surrounded by beaches. Porto de Barra will probably be the first one you encounter and, although picturesque, it can get very busy, especially at weekends. For a more serene experience try the Farol da Barra with its monochrome lighthouse at one end and the surfers hangout at the other. There is an abundance of choice out from Farol as the beaches run more in a more-or-less solid line to the top of the country.

EatSample a piping hot Moqueca– a seafood stew

like dish native to the Northeast region – in one of the many restaurants that line the coastal path in Salvador, there is often live music to accompany your meal as well. Pelourinho plays host to many authentic Brazilian restaurants as well as those with a more international infl uence. Falling into the former category, Panela de Bahia serves fl avorful, fresh Bahian food in an inviting relaxed atmosphere. The moqueca de camerao com banana is highly recommended. If your meal puts you in the party mood, pop next door to the Sankofa African bar to sample live reggae, salsa and zouk. Also worth a try is the Pelo Bistro, a well-hidden culinary gem located inside the Casa do Amerelindo hotel. The patio seating area overlooks a small, lush garden enabling guests to enjoy the a la carte menu in style.

With temperatures reaching 37 degrees Celsius in summer months and never below 20 degrees throughout the year, you may want to cool off by sampling one of the many ice cream parlours located around the city offering a vast array of exotic fruit ice creams and sorbets.

CarnivalSalvador’s Carnival, held annually in March,

is the second largest in Brazil and is a serious contender to topple Rio off the top spot. It is characterized by slow-moving parades of bands playing axe and pagode atop long trucks loaded with huge trious-electricos (speakers).

There are three main carnival areas: the beachside Barra to Rio Vermelho circuit (where most tourists hang out), the narrow Campo Grande to Praca Castro Alves circuit, and the Pelourinho.

The best way to navigate your way through the crowds of the carnival is to join a Bloco; this consists of two trucks – one with a band, the other a bar – and people following along. This is probably one of the safest ways to enjoy the festivities. If you prefer a quieter scene however, the Camarotes offer (for a small fee) parties overlooking the street festivities.

SleepMost visitors prefer staying in the Pelourinho area in

order to be close to the action, but make sure the party isn’t next door. Reservations are absolutely necessary during Carnival. The Pousada de Boquerao is one of the more elegant and, surprisingly, reasonably priced of a collection of several colonial homes that have been renovated into classy pousadas. Boquerao has a spacious common room with high ceilings backed onto a porch with a fantastic view over the bay, and the breakfast buffet is superb.

Hotel Casa do Amerelindo is great for a business trip stay. Located in the Pelohurino neighbourhood, 30 to 45 minutes from the airport, the Amerelindo is a comforting retreat with walk in showers and fl uffy bathrobes. Try to get a room on the right side of the hotel as this is where spectacular views of the bay can be seen.

DETAIL. CITY GUIDE 97

travel.indd 97 25/02/2011 13:45

Nuance AD.indd 1 24/02/2011 10:00

DETAILS. BOOK REVIEW 99

Hot off the press

Two of America’s most acclaimed busi-ness journalists, Bethany McLean and Joe Nocera, delve into the motives of rating agencies and the shady dealings of mortgage lenders to provide a stark insight into the rea-soning behind the fi nancial crisis. The book goes back several decades, weaving into the hidden history of the fi nancial crisis in a way no previous book has, exploring the motives of everyone from famous CEOs to cabinet secretaries, analysts, politicians, anonymous lenders and Wall Street traders.

Lisa Ganksy argues that the future of the economy will be defi ned by shared services and products like Netfl ix, Zopa, Zipcar, Lend-ing Club, Kickstarter, ThredUp, SmartyPig, Etsy and Smava. Her latest venture, The Mesh: Why the Future of Banking is Sharing, argues that the quintupling of traffi c on the internet between 2009 and 2013 is creating what Gansky calls a “mesh” economy of shared services. She argues that the trillion internet connected devices expected to exist by 2013 will enable us to return to a “simple life” in which we will be emancipated from many of the supposed material “necessities of the 20th century industrial era.

FST says: McLean’s The Smartest Guys in the Room managed to carve a name for itself amongst a plethora of Enron books and The Devils are Here will do the same in making sense of the fi nan-cial crisis and its consequences. This is the fi rst book to carefully construct a chronicle of the reasons that brought the US fi nancial system to its knees.

FST says: The Mesh is ideal for entrepreneurs seeking an alterna-tive business plan to the traditional make and sell system.

All the Devils Are Here: The Hidden History of the Financial Crisis By Bethany McLean and Joe Nocera

The Mesh: Why the Future of Business is SharingBy Lisa Gansky

FST says: Although Merrill’s downfall is seen as a dramatic footnote to the demise of the Lehman Brothers, this fi nancial thriller shows it was far more than that. Farrell’s offering is en-grossing and interesting, although some chapters feel bogged down in minutiae and corporate history.

Crash of the Titans: Greed, Hubris, the fall of Merrill Lynch, and the near collapse of Bank of America is a detailed reconstruction of how Merrill Lynch sealed its own fate by becoming more bullish on bonuses than on America. Some Merrill Lynch traders had a dark secret called the “Voldemort Book” according to Farrell, a Financial Times re-porter. This fl y-on-the-wall narrative is col-lated from at least 250 hours of interviews, emails, confi dential papers and transcripts from internal presentations at Merrill and Bank of America.

Crash of the Titans: Greed, Hubris, the fall of Merrill Lynch, and the near collapse of Bank of AmericaBy Greg Farrell

FST says: Rather than promoting a short-lived fad, in Staying Power, Cusumano concentrates on lasting success, analyzing the fundamental elements common to the leading competitors in the world today.

Michael Cusmano, in Staying Power, at-tempts to provide answers to how companies stick it out in the technology fi eld. A best selling business author and leading scholar, Cusumano has studied the world’s most successful com-panies for a quarter of a century, including Google, Intel, Apple, JVC, Toyota and Microsoft. He argues that organizations today must de-velop distinctive organizational capabilities not just business strategies. By drawing on real life experiences, Staying Power demonstrates how the best companies put these principles into practice, identifying precisely how these tactics have led to concrete success time after time.

Staying Power: Six Enduring Principles for Managing Strategy and Innovation in an Uncertain WorldBy Michael Cusumano

BookReview.indd 99 25/02/2011 13:57

With full manual controls, excellent picture and build quality that all fi ts easily into your jacket pocket – FST gives this new Nikon Coolpix P700 the thumbs up. The great design and optical viewfi nder sets it apart from the point-and-shoot pack, plus it works with SD, as well as the SD-HC and even the new SD-XC cards. The menu is intuitive and easy to use – especially if you’re familiar with Nikon DSLR menus. A few standout features include a

smile timer (automatically releases the shutter when your subject smiles); in-camera red-eye fi x; face-priority AF; skin softening and blink warning. An ideal travelling companion for advanced amateur and pro-shooters alike.

Technology for today’s executive

It might not be the prettiest of all the smartphone offerings on the market right now, but the new HTC Inspire makes up for it in usability. The latest top-tier Android phone offered by AT&T is much like its HTC siblings – EVO 4G and HD2 – in that it is a little hefty and has an unusually placed headphone jack. However, it has a huge 4.3-inch 480 x 800 WVGA touchscreen and is responsive, easy to use and comfortable in the hand. As with most modern Android devices, Inspire has a 1-GHz Snapdragon processor, 4 GB of onboard memory (with an 8-GB card included), a sharp 8-megapixel camera and Dolby sound. The main differentiating factor is the software. HTC has overhauled its Sense UI for the device. The response when switching between tasks is noticeably faster, and even boot times are speedier.

Don’t let the 1960s inspired styling of the new Moshi Moshi 04 create any doubts of its impressive modern functionality. The cool-looking brushed aluminium eye candy is a handset you can use to make phone calls, a speaker phone for conference calls and a set of portable stereo speakers. The design – dreamed up by British designer Michael Young – comes in gold or silver and takes its name from the idiomatic greeting the Japanese say when answering their phones. The handset talks to your gadgets using Bluetooth 2.1, so it can be connected to two separate devices at once. Pair it with your cellphone to answer regular calls, and it will also work with Skype calls from an iPad or as a set of auxiliary speakers for any Bluetooth-enabled PC.

Sony Ericsson unveiled its new Xperia play AT mobile world congress. Ideal for gaming addicts on the go - the device is a combination of an Android smartphone and a portable Sony PlayStation. The 4-inch touch screen Android 2.3 Gingerbread face slides to reveal PlayStation controls. Despite this complex combination – Ericsson haven’t forgotten the camera. The sleek monochrome Xperia has a 5.1-megapixel shooter with autofocus, a fl ash, image stablization, video capture, and geotagging.

HTC Inspire

Moshi Moshi 04

Sony Ericsson Xperia Play

Nikon Coolpix P7000

DETAILS. OBJECTS OF DESIRE100

Desirability rating:




Gadget.indd 100 25/02/2011 13:44

Find out more at www.MeetTheBoss.tv

MeetTheBoss TV is incredible access to the world’s business leaders – so

you can learn their winning strategies and attitudes first hand

Where future leaders learn

JOIN NOW

MTB AD_B2B_2010_14june 28/09/2010 14:15 Page 1

DETAILS. AGENDA

Coming up…

Mar. 14Calle Ocho FestivalThis ethnic street fair held on Eighth Street is at the heart of ‘Little Havana’ in Miami, Florida. It features an assortment of festivities including Latin entertainment and an array of food and open-air street markets. Now the largest Hispanic heritage festival in the USA, Calle Ocho usually ends with the largest open-air dance party in the USA.

Mar. 20Los Angeles MarathonThe 26th running of the Honda LA Marathon presented by K-Swiss will take place along the nation’s most dramatic marathon course – from Dodger Stadium to the Pacifi c Ocean. The spectacular 26.2-mile ‘Stadium to the Sea’ race sold out early for 2010 and has been enhanced for 2011 to add new landmarks in the Chinatown and Little Tokyo district in downtown Los Angeles to better handle runner fl ow.

102

May. 7Kentucky Derby Horse RaceThe 137th annual meeting of the Kentucky Derby Horse race will be held at Churchill Downs racetrack in Louisville, Kentucky. Culminating a week of festivities, this horse race – established in 1875 – attracts a huge crowd for a grand weekend of partying. One of the classic American horse races, this event, along with the Preakness Stakes (run in mid-May) and the Belmont Stakes (early in June), makes up American horse racing’s coveted Triple Crown. The Derby is often called ‘the most exciting two minutes in sports’.

Agenda.indd 102 25/02/2011 13:43

. DETAILS. AGENDA 103

May 20Pirates of the Caribbean: On Stranger TidesThe latest instalment from the popular Pirates of the Caribbean franchise has lost Keira Knightley and Orlando Bloom but gained Penelope Cruz. The actress plays the daughter of Blackbeard alongside Johnny Depp in the fourth fi lm of the sequel from Walt Disney Pictures. The fi rst fi lm pulled in $164 million worldwide; with the sequel doing even better – its $1.06 billion worldwide made it the highest grossing fi lm of 2006. A third fi lm brought in $961 million.

Aug. 28MTV Video Music AwardsThe 28th annual MTV Video Music Awards will air live from Los Angeles on Sunday, August 28 at 9pm (ET/PT). The 2009 awards caused a stir when rapper Kanye West burst on stage during Taylor Swift’s acceptance speech; the pair later settled their differences through the medium of song in 2010, when Lady Gaga dominated the night with a rather interesting outfi t choice of a meat-themed outfi t while scooping eight awards.

Aug. 30- Sep. 6Burning Man FestivalThe isolated, barren Black Rock Desert of northern Nevada will once again host its perennial fantasy metropolis of Black Rock City. This huge counter-culture event usually features a full-blown city of improbable structures, fascinating art installations and strange events that attract thousands of participants and spectators to what is easily one of the wildest and most imaginative happenings in the USA.

Jul. 23-25Quick Chek New Jersey Festival of BallooningThis annual ballooning affair in association with PNC is the largest summertime hot air balloon and music festival in North America. The event lasts for three days at Solberg Airport in Readington, New Jersey, and is the premier family event in the Northeast. The colorful event offers visitors the chance to enjoy a hot air balloon ride while taking in some of the entertainment and music on show.

Agenda.indd 103 25/02/2011 13:43

DETAILS PHOTOFINISH104

A severly damaged building crumbles to the ground in the aftermath of February’s powerful earthquake in Christchurch, New Zealand. At least 98 people are known to have died – with the death toll expected to rise signifi cantly, offi cials say. Hundreds of foreign rescue workers are arriving to join the search effort, amid warnings that time is running out for survivors. The New Zealand dollar has fallen to its lowest since December against the US dollar after the magnitude 6.3 earthquake in the nation’s second largest city.

PHOTOFINISH.indd 104 25/02/2011 13:44

KOFAX AD.indd 1 22/02/2011 09:13

fstus14

Documents

threats nancial institutions

insider security breaches

damaging security breaches

online threats

ingredients of risk

cyber security watch

quest ad

host of new hacktivist