here - FStech

Transcription

here - FStech

DIGITAL EDITION
INSTRUCTIONS
FStech (formerly Financial Sector Technology) is one of the leading business titles for IT decision makers in the UK and European
financial services sector. The title has an ABC certified circulation of 11,500 IT decision makers from across the continent, within
banks, building societies, insurers, trading houses, exchanges and other financial institutions.
For best viewing experience open in iBook’s via iPad.
• To turn a page swipe either left or right
• Gently tap and hold down for a second and release to
bring up the menu
Swipe
Click
• At the bottom there’s a menu as well which allows you
to easily navigate through the pages
• Second button from the top will show all the pages via
thumbnail view which you can double tap and open
Double tap
Hold
• Cover and content pages have interactive headers, so that you can jump
straight to the article that you want — just double tap. This is the same with
any web links or emails throughout the digital publication
• All adverts are hyper-linked, just tap and click open
FS tech
FS tech
FS tech
FS tech
May/June 2012
Formerly FST - the leading audited business title for UK financial services technology decision makers
That sinking feeling
Customers frustrated as banks continue
to struggle with multi-channel strategies
Online: www.fstech.co.uk
Twitter: @FStechnology
Blog: www.fstechnology.blogspot.com
Roundtable reviews
IT security supplement
Trading platforms
FStech's recent outsourcing and cloud
Network security, data security and
Social trading platforms: fad or
computing roundtables reviewed
cybercrime under the spotlight
phenomenon?
Join the voice
recording company
that’s going places.
Officially.
Never let it be said that Red Box Recorders is boastful, but we’re really chuffed to be in the Sunday Times
Microsoft Tech Track 100. This elite league table is based on sustained sales growth. But we’ve also
got there by making voice recording easier for everyone, especially mobile phone recording. In fact, our
success is based on the ten guarantees below. These are guarantees that we know customers and
resellers appreciate, and beneﬁt from every day. To join us as a customer or reseller, get in touch at
www.redboxrecorders.com/tt100 or call 0845 262 5005.
10
Ten ways we
make voice
recording easy
S I M P L E R
Simplest licensing
Fastest user readiness, with great training
Lowest parity pricing for mobile recording
Fairest update charges – there aren’t any*
Easiest answer to compliance
Clearest options – on-site or hosted
Smallest physical & environmental footprint
Strongest support and advice
Quickest installation
Friendliest most accessible people
S M A R T E R
*With maintenance contract
V O I C E
Red Box Recorders Limited Tel: 0845 262 5005 [email protected] www.redboxrecorders.com
CONTENTS
CONTACTS
Editor
Scott Thompson
Email: [email protected]
contents
features...
14 That sinking feeling
Contributing Writers
Paul Golden, Amanda Hall-Davis, Graham
Jarvis, Liz Morrell, Hannah Prevett, Andrew
Williams
Amanda Hall-Davis finds that many banks are not keeping up with
their customers’ needs and wishes when it comes to the High
Street branch, mobile, social media and online
Design & Production
Jason Tucker
16 Good thinking
Advertising Manager
Sonia Patel
Graham Jarvis looks at how technology can help financial institutions as they create and implement risk management strategies
Deputy Advertising
Manager
Emma Stokes
18 A social affair
The traditional world of stock markets and trading is colliding with
social networks. Will this be a marriage made in heaven or a quick
fling? Hannah Prevett investigates
Circulation Manager
Joel Whitefoot
Circulation
General enquiries - 0208 950 9117
[email protected]
IT security supplement...
Subscriptions
Paid Subscriptions queries
020 7562 2420
[email protected]
40 Get the message
As the threat of network attacks intensifies and changes, network
managers are attempting to up their games. But, asks Andrew
Williams, is the message hitting home at board level?
£149 p.a. in the UK
£179 p.a. elsewhere
Cheques must be made payable to
Perspective Publishing Limited and
addressed to the Circulation Department
42 Security aware
Reprints
Permission for reprints may be applied for
by contacting the publisher
Paul Golden looks at how the financial services sector is coping in
the face of internal and external data security threats
44 The big fight
Contact Details:
Editorial: 020 7562 2401
Advertising: 020 7562 2400
Advertising Fax: 020 7374 2701
Circulation: 020 8950 9117
Website: www.fstech.co.uk
Managing Director
John Woods
Publishing Director
Mark Evans
11,500 average net circulation for
the period 1 Jan to 31 Dec 2011
All rights reserved. The publishers do not necessarily
agree with the views expressed in this journal.
Printed by Warners (Midlands) plc. All rights reserved.
Liz Morrell casts an eye over an intensifying cat and mouse game
between financial services companies and cyber criminals
regulars...
06
News at a glance
28/48/52 Comment
10
Europe news
30
12
Payments news
50
Letters to the Editor
20/34
Roundtable reviews
51
Profile
26
Appointments
59
Signing off
Talking heads
Whitepapers at www.fstech.co.uk
FStech now has whitepapers available to download on the home page of our website.
Please click on the whitepapers button at www.fstech.co.uk in order to see a full list of whitepapers
Currently available
Dragging Banks into the 21st Century – The
Future of Banking
Are We There Yet? Zero-Wait BI for Everyone
Mobility Is Exploding: Are You Ready?
Single Customer View in Financial Services
TATA Consultancy Services - Cloud Computing
Research Study: The Revolution in Self-Service
Channels in the Financial Services Sector
Genesys. Staffing and Workload Management
Genesys. Sustained Management: Changing
the Game with Genesys iWD
Genesys. Staffing and Workload Management
Genesys. The Importance of Proper Hiring,
Training, Career Path Development, Skilling,
and Routing
Genesys. Rethinking Contact Centre and Back
Office Processes
Whitepaper Downloads
In order to DOWNLOAD WHITEPAPERS for FREE, please visit:
www.fstech.co.uk/whitepapers
EDITOR’S
COMMENT
Ambitious vision
Cash to be a thing of the past by 2020, according to a new study.
Whilst research, undertaken by SCAN COIN among a sample of 200
people in the 16-24, 25-45 and over 45 categories, shows that two
thirds believe notes and coins will never disappear within any reasonable timescale. Who to believe, then?
R
egular readers of this column (there are
some of you out there, I’m sure of it!) will
know that I used to be Editor of FStech’s
sister title, Retail Systems. I recently had lunch
with a contact from my retail days and somewhat
inevitably the conversation turned to retail
technology vs financial sector technology. “I’d
imagine there is a lot less innovation in the financial services sector than there is in retail,” said the
contact, his logic being that, with many of the
big financial institutions, it’s a case of throwing
large amounts of cash at legacy transformation
projects. Retailers, on the other hand, have less
money to play with and so sweat the small stuff,
which is where true innovation lies. Regular readers will also know that the 2012 FStech Awards
took place in March. It was my first awards and it
was interesting to compare the entries to those
received during my time as head of the Retail
Systems Awards judging panel. There were
indeed a number of entries detailing projects
which were immense in scale but not particularly
innovative. But at the same time, there were lots
of examples of how financial institutions are
making groundbreaking use of technology in
such areas as social media, mobile banking,
payments, cloud computing and green IT. RBS,
for instance, won in the Best Use of Technology
in Customer Service category for its m-banking
and payment apps, developed with Monitise.
We are seeing arguably some of the greatest
levels of innovation and technology implementation in mobile payments. After a sluggish start,
financial institutions are really pushing products
in this area. Take, for example, Barclaycard. Free
PayTag stick on credit cards, about a third of the
size of a normal card, are being offered to
selected UK Visa cardholders, with a roll-out to
millions more people set to follow later this year.
Customers stick a PayTag to the back of their
handset. Once attached, their phones can be
used to make payments of £15 and under, rising
to £20 in June, when they tap the handset
against a retailer’s contactless terminal. Another
step, then, towards helping the banks and card
schemes achieve their ambitious vision of a
cashless society. But there is still a lot of work to
be done in terms of winning over the general
public. I was interested to see the mainstream
media’s take on PayTag. On The Guardian’s
website, a news piece attracted a number of
reader comments, the majority of them negative.
These included railing against a Big Brother
society (“soon it will be an RFID chip under your
skin”) and wondering if there was any point until
all the banks backed contactless.
Both valid concerns. And ones that I don’t
think the banks and card schemes have done
enough to address in their rush to stamp out
cash. David Chan, CEO at Barclaycard Consumer
Europe, says: “More than half of us say that the
item we’re most lost without is our mobile
phone, so we’re giving people the option of
using them to make easy, convenient, everyday
payments without the need to upgrade their current handset.” Which sounds great. But as a
friend recently said to me: “So if I lose my
mobile, I lose my phone and my money in one fell
swoop, right? And what if I want to pay for
something just as my battery dies?”
According to a recent study conducted by US
think-tank Pew Internet, cash and credit cards
could be a thing of the past by 2020. The study,
which sought the views of 1,000 plus internet
experts and users, found that m-payments will
gain mainstream acceptance within the next
decade. I personally see this process unfolding at
a slower rate. Cash isn’t going away any time
soon as the research mentioned at the top of this
piece highlights. It found that it accounts for 55.2
per cent of all UK transactions and £32.78 in
every £100 spent at retail outlets. People prefer
to use cash when they are buying low-value
items, with 77 per cent still opting for coins for
purchases of less than £3. They like and trust
cash. And suspect the banks’ motives in wanting
rid of it. We’re seeing a high level of innovation,
but financial institutions need to prove themselves equally as adept in the communication
department to have any chance of winning out.
As a friend recently said
to me: “So if I lose my
mobile, I lose my phone
and my money in one
fell swoop, right? And
what if I want to pay
for something just as
my battery dies?”
Scott Thompson is Editor of FStech.
His blog on all things financial services technology-related can be
found at: www.fstechnology.blogspot.com. He can be contacted at:
[email protected]
M AY /J U N E 2 0 1 2
PAG E 0 5
NEWS
OVERVIEW
news overview
need to know
M AY /J U N E 2 0 1 2
per cent on the latter. Corporate
targeted at twice the national average
Insight has been keeping track of
rate. Whilst the instances of fraud
developments since its research ended
across all financial products remained
and reports that the trend towards
at a constant level between 2010 and
Twitter shows no signs of slowing. In
2011 (six in every 10,000 applications
the period from January to 10 March,
were found to be fraudulent), there
19 new FS social media properties
was a surge in identity theft via cur-
were launched, 17 of which were
rent accounts and mortgages during
Twitter accounts.
this period, with rates doubling (from
six to 14 in every 10,000 applications)
Co-operative Bank emerged as the
and quadrupling (from one to four in
best and Santander by far the worst in
every 10,000) respectively. Identity
terms of the performance of UK
fraud attempts on credit cards fell
banks’ websites, according to research
from 17 to four in every 10,000
from Compuware Corporation. The
applications.
company’s
UK
Banking
Account
Details Business Process report ranks
The banks and credit card providers
how well banks have performed, rela-
might wish it otherwise, but cash is
tive to one another, in a multi-step
still king. According to a report from
APRIL
transaction (login, account summary,
cash management outfit, SCAN COIN,
O2 launched its long-awaited mobile
logout). It uses Gomez benchmarks
it accounts for 55.2 per cent of all UK
wallet, under an interim e-money
across three key metrics: response
transactions and £32.78 in every £100
licence from IDT Financial Services.
time; availability; and consistency.
spent at retail outlets. People prefer to
Long time coming: O2 Wallet.
PAG E 0 6
Rounding up the major FS
tech-related stories from the
last two months
The O2 Wallet includes the following
During the period 1 March to 1
use cash when they are buying low-
functions: transfer money to any UK
April, Co-operative Bank came top for
value items, with 77 per cent of peo-
mobile phone number by sending a
response time and consistency and
ple still opting for coins for purchases
text; shop by mobile and receive daily
second for availability (where Smile
of less than £3. The research, under-
deals and discounts via the My Offers
placed first). Santander lagged far
taken for SCAN COIN by Fieldworks
icon; load money into the wallet
behind as did first direct, Bank of
Marketing among a sample of 200
account via a debit card, by receiving
Scotland and Yorkshire Bank.
people in the 16-24, 25-45 and over
a Money Message or with cash at
45 categories, shows that two-thirds
MAY
believe notes and coins will never dis-
Consumers will also soon be able to
It’s best known as the home of BBC
appear within any reasonable times-
use it to top-up mobile airtime and
sitcom The Office and the place that
cale, despite the growth of cards and
buy train tickets. The product was ini-
inspired some cutting verse by John
mobile phones.
tially due to launch last year, but this
Betjeman. But now Slough has a new
was delayed as O2 partnered with a
claim to fame. It has overtaken
Seventy five per cent of European
number of companies to fine tune it.
London
identity
banks are still using outdated core
fraud capital of the UK. Research
banking systems, affecting their ability
Twitter overtook Facebook to become
released by Experian showed that the
to accelerate growth. A new survey
the top social network for FS firms,
Berkshire town recorded 25 identity
from Ovum, commissioned by Infosys,
according to analysis from Corporate
fraud attempts for every 10,000
covered 65 C-level executives across
Insight. The company covered 90
households, with residents targeted
European financial institutions. Eighty
companies in its Social Media Leaders
at around four times the UK national
per cent of the banks said that
report, 57 per cent of which used
average (seven households in every
outdated core banking systems were
Facebook in 2010 and 51 per cent
10,000).
London,
causing them to struggle to bring new
Twitter. But by the end of 2011, 88
Gravesend,
Luton,
products to market quickly. Three-
per cent were on the former and 92
Manchester and Leicester were also
quarters face difficulties getting access
more than 30,000 locations.
to
become
Residents
the
of
Birmingham,
NEWS
to timely data, and close to two-thirds
top of their agendas, with 51 per cent
Metro Bank’s social media policy was
feel that existing systems do not
and 46 per cent claiming these as top
put severely to the test during May.
support regulatory change. Fifty five
technology concerns respectively. The
Comedian Al Murray took to Twitter
per cent are focusing on increasing
research also indicated that organisa-
to blast the bank over the opening of
wallet share within the existing client
tions are getting better at squeezing
its 12th branch in Chiswick. Murray
base, with only 20 per cent trying to
additional value out of the contact
tweeted: ’I have actually crossed the
achieve growth through new custom-
centre through customer interaction.
road to avoid the toe curling god
er acquisition; 79 per cent said that
Only 17 per cent of contact centres
awful pisspoor balloon waving music
the complexity of IT, combined with
currently use voice analytics, although
blaring launch of my local Metro
insufficient
a further 13 per cent are planning to
bank.’ Posting a pic of the opening
implement it.
celebrations, he added: ’I love it when
expertise
within
the
business, was a major barrier to core
system replacement.
cretins treat the rest of us like morons.’
An IT hardware failure meant some
He then invited his followers to use a
Contact centres operating in the
UK HSBC customers were left unable
rather unflattering hashtag, which we
consumer FS industry are planning to
to make card payments or withdraw
won’t repeat lest any children are
win the customer experience/cost
cash from ATMs on Sunday, 20 May.
reading (unlikely we know but hey
battle
customer
Services were hit during the afternoon
ho). Metro Bank initially stayed out of
engagement and self-service. Aspect
with the glitch fixed by late evening,
the debate, but decided to respond
surveyed 150 senior business and IT
according to the HSBC UK press office
when a few days later, Murray was at
decision makers in financial services.
Twitter account. ’Sorry again for the
it again, tweeting. ’Metro Bank:
Many of the organisations surveyed
problems this evening. An IT hardware
Another ”reason for joining - no stu-
see improving the customer experi-
failure affected some ATM and card
pid bank rules”. Um isn’t that what
ence as a primary business goal (56
transactions. All services available
landed us all in it?’
per cent), while most also want to
now,’ it tweeted.
The bank came back with ’Hi Al. We’d
with
web-based
OVERVIEW
reduce cost by implementing new
love to welcome you into our Chiswick
technology (68 per cent), but are
Random photo opportunity ahoy (see
store and explain what we’re all
blocked by CAPEX investments (60
opposite). Bank Machine launched
about. When are you free?’ ’That’s
per cent cited this as the biggest
the 500th of its fiver-only ATMs in
very kind but very busy at the
barrier to adoption). With tighter
Wolverhampton
moment,’ came the comic’s reply.
budgets, however, has come more
trumpeters played a variety of ’Fiver
intelligent contact centres responding
Fanfares’ in full regalia to announce
to the changing communications
the installation of the new machine.
habits of consumers, with one in five
Whilst an old lady looked on, a tad
organisations surveyed planning to
confused. The launch came just a few
implement instant messaging/web
weeks after the news from the Bank
chat (19 per cent) and/or online
of England that nearly 10 times as
self-service (19 per cent) in 2013.
city
centre.
Two
There’s no pleasing some people...
many £5 notes were being dispensed
With the customer experience in
from cash machines than in the sum-
mind, organisations are also keeping
mer of 2010. Some £200 million of
compliance and data security at the
fivers are now dispensed a month.
Lend us a fiver!
FROM
FROM
9999
£1049
£1049
ex VAT
ex VAT
EXPERIENCE
EXPERIENCE
THE
THEULTIMATE.
ULTIMATE.THE
THE
VAIO
VAIOZ ZSERIES.
SERIES.
Do Do
more,
more,
hold
hold
lessless
Maximise
Maximise
productivity
productivity
Advanced
Advanced
docking
docking
Travel
Travel
lightlight
withwith
the the
slimslim
line line
carbon
carbon
fibrefibre
casing.
casing.
StayStay
in touch
in touch
withwith
up to
up14
tohours
14 hours
of battery
of battery
life*life*
andand
VAIO
VAIO
everywair
everywair
3G. 3G.
Power
Power
through
through
every
every
tasktask
withwith
®
® TM
Core
CoreTM
2nd2nd
generation
generation
IntelIntel
processors
processors
andand
super-fast
super-fast
Connect
Connect
to the
to the
advanced
advanced
docking
docking
station
station
for lightning
for lightning
fast fast
graphics,
graphics,
optical
optical
discdisc
drive
drive
andand
a range
a range
of of
interfaces.
interfaces.
Dock
Dock
included.
included.
SSDSSD
flashflash
drives.
drives.
*with*with
the smart
the smart
sheetsheet
battery
battery
(optional
(optional
extra).
extra).
‘Sony’,
‘Sony’,
‘make.believe’,
‘make.believe’,
‘VAIO’‘VAIO’
and their
and logos
their logos
are registered
are registered
trademarks
trademarks
or trademarks
or trademarks
of Sony
of Sony
Corporation.
Corporation.
All other
All other
logoslogos
are the
areproperty
the property
of their
of respective
their respective
owners.
owners.
uk.insight.com
uk.insight.com
0800
0800
333
333
333
333
NEWS
IN
BRIEF
• SAP is to work with Citi and RBS
on a cloud-based services platform.
A combination of SAP’s experience
in ERP, treasury management
software and new cloud services
technologies is driving the solution
development, which aims to
seamlessly integrate banks with their
corporate customers.
• HSBC has launched its long
awaited personal banking iPhone
app. The Fast Balance iPhone app
enables customers to obtain details
of their current account balance and
last six transactions. An Android
version is in the works. Developed
by Monitise, which has a three year
development deal with HSBC, it also
lets customers top up their pre-paid
mobile phones.
• Halifax has launched an iPhone
app aimed at UK house hunters. The
Home Finder app, which Halifax says
is a first in the UK, makes use of
augmented reality technology to
provide a one stop shop for
customers. They can use it to bring
up information on properties for sale
in their area. In addition, it provides
mortgage affordability calculators,
local area information and property
buyers’ guides.
• Allianz Insurance is implementing
web self-service technology from
Transversal. The company hopes this
new way of helping customers
quickly resolve questions will reduce
calls to its contact centres by up to
20 per cent. Transversal’s solution
was implemented over a 12 week
period and has recently been made
live on the Allianz Your Cover
website. Customers have been able
to reply ‘yes’, ‘no’ or ‘partly’ in
response to how helpful the answer
has been, with the feedback being
used to improve the quality of
answers given.
PAG E 0 8
M AY /J U N E 2 0 1 2
The place to be
Scott Thompson reviews Infosecurity Europe 2012, which
took place in April at Earls Court, London
I
t was April, torrential rain was the order of the
day and the tubes were on the blink, which
could only mean one thing: it was time for
security professionals and hacks to make their
way to Earls Court for Infosecurity Europe;
12,959 of them to be exact, a 24 per cent
increase on 2011.
I have a confession to make. I’m an
Infosecurity Europe virgin. I took over as Editor
of FStech a few weeks after last year’s event and
wasn’t sure what to expect, having been told by
work colleagues that it was “a great show” and
“much of a muchness, too bloody big!” Whilst
it proved to be enjoyable and informative, I
could relate to the latter comment. The huge
number of vendors in attendance and vast array
of seminars and conference sessions made it a
somewhat overwhelming experience. Some of
the stands were among the biggest and most
elaborate you could wish to see at a trade show.
Whilst this made for an impressive spectacle,
the downside is that the bigger companies
threatened to drown out the smaller players,
many of whom had innovative solutions on
display.
The first morning of the show saw Neelie
Kroes, vice president of the European
Commission & European digital agenda
commissioner, European Commission, tackle
internet security. “Given that internet attacks
have such a wide mix of sources and impact, the
solution is not simple. Internet security cannot
be left to the traditional instruments of national
security, as if cyberspace was just another
military theatre. We need a comprehensive
response that covers all. That is why we need a
new vision,” she said.
This new vision looks set to be realised in the
third quarter of this year. “Internet security is
not a problem that is going to go away. But
by building response networks, a decent
governance structure, the right incentives for
the private sector, a vibrant internal market and
an international outlook, we can deliver an
internet that is safe and secure for everyone,”
she added.
Kroes was followed by the official launch of
the 2012 Information Security Breaches Survey.
The results were revealed in full following a
keynote speech by Business, Innovation and
Skills minister, David Willetts, who commented:
“The internet has opened up huge opportunities
for businesses, and the UK is a world leader in
doing business online. This survey showing the
changing nature of the threats in cyberspace is
a timely reminder for UK businesses to make
sure their information systems are protected so
they can take full advantage of the online
world. The survey demonstrates why the
Government is right to be investing £650
million to improve cyber security and make the
UK one of the safest places to do business in
cyberspace. We will use the findings to help
design a new annual survey of cyber security
breaches beginning next year.”
A key finding of the survey, written by PwC in
conjunction with Infosecurity Europe and
supported by the department for Business,
Innovation and Skills, was that organisations
large and small are failing to respond to the
culture of employees using their own mobile
devices for work. As such, they are opening up
their systems to security risks.
Eighty two per cent of large organisations
reported security breaches caused by staff,
including 47 per cent who lost or leaked
confidential information. Fifty four per cent of
small businesses (38 per cent of large
organisations) don’t have a security awareness
programme. Some 75 per cent of large
organisations (and 61 per cent of small
businesses) allow staff to use smartphones and
tablets to connect to their corporate systems
and yet only 39 per cent (24 per cent of small
businesses) apply data encryption on the
devices.
The mobile minefield somewhat unsurprisingly dominated the show. Scores of vendors
were demonstrating solutions that can help
organisations navigate their way through
increasingly challenging territory. Whilst the
Keynote Theatre agenda included discussions
NEWS
IN
on BYO policies and smart devices - are we
providing smart enough security? And Trend
Micro highlighted new research, in conjunction
with Forrester, which revealed a lack of
management
commitment
to
BYOD
programmes. While the majority of companies
surveyed (86 per cent) involve their IT
department in the development of BYOD
programmes, only 46 per cent have the support
of senior management. In addition, the number
of surveyed enterprises seeking input into the
development of a BYOD strategy from non-IT
departments ranges from low (25 per cent
involved the finance department, 21 per cent of
them the legal department) to the practically
non-existent (just two per cent involved their HR
department, for instance).
Say what you see...Roy Walker at
Infosecurity Europe.
On the floor
When hitting the exhibition floor, I had
childhood flashbacks upon discovering that the
man, the legend Roy Walker was on the
SafeNet stand. Roy had dusted off Mr Chips and
was inviting visitors to play classic 80s gameshow
Catchphrase, with two games in the morning,
two in the afternoon and the four winners then
going head to head to play Super Catchphrase.
All together now: “It’s good, but it’s not right.”
SafeNet also used the occasion to showcase its
authentication product portfolio and encryption,
key management and cloud security solutions,
and performed live hacking demonstrations to
boot.
There were also a large number of technology
launches at the show, including CORE Security
unveiling Insight Enterprise 2.0. The latest
enhancements to the company’s security
intelligence solution means that it now offers a
comprehensive set of vulnerability management
capabilities, including integrated network and
web application vulnerability scanning; attack
planning and simulation; threat replication;
dashboards and reporting; and vulnerability
remediation, on a single platform.
Cryptzone introduced the latest release of its
policy management software, addressing the
problem (oft heard during the course of the
show) that employee awareness is frequently
the weakest link in an organisation’s security
strategy. NETconsent Compliance Suite ensures
that a company’s increasingly mobile workforce
are aware of policies, educated on the reasons
why they are important and tested to see if they
understand their responsibilities. New features
include: documents delivered through
NETconsent can now be accessed and signed up
to from tablets at the point of use; content can
be categorised by any standards relating to it;
Alerter can be used to notify users of policy
updates and other urgent documentation not
just at start up.
G Data launched G Data BankGuard. This
patent pending technology offers protection
against banking trojans, providing a detection
rate of over 99 per cent, according to G Data.
The product is compatible with all antivirus
solutions and is available for £19.95. “Antivirus
solutions usually do not detect new banking
trojans until it is too late, since a corresponding
signature is required for protection. This means
that it is almost impossible to protect computers
fully against current banking trojans using
previous security technologies,” said Eddy
Willems, G Data’s security evangelist. “With G
Data BankGuard we have managed to develop
a product that protects bank customers from
this malware in real-time. Our technology is
completely signature-independent and is fully
integrated into the browser. Hence
manipulations by banking trojans are detected
instantly and stopped automatically.”
Deep Discovery was pitched as the most
comprehensive solution of its kind engineered
specifically to help firms neutralise the growing
menace of APTs. The company behind it, Trend
Micro, said it was different to rival offerings as
it provides the tools to detect zero day malware
and tell-tale malicious human activity across the
entire network and all phases of the attack, but
it has also been designed to offer in-depth
analysis so firms can prevent similar attacks in
the future.
BRIEF
• Savvis, which counts a number of
global investment banks as clients,
has announced the availability of
L03, its new datacentre in London
Docklands. This complements the
cloud and hosted IT solutions and
infrastructure provider’s existing
European locations in the London
area – Slough and Reading – and
Frankfurt, Germany.
• Endsleigh is to utilise IBM’s
Coremetrics Web Analytics offering,
delivered as a cloud service. The
insurance provider is hoping to gain
greater visibility of online customer
behaviour, improve usability of its
website and increase conversion
rates. IBM’s solution tracks how long
people spend on pages, which
pages they prefer and how effective
the application process is.
• Following a trial period, Amscreen
has signed an agreement with
Halifax that will see its screens
installed in over 200 branches. The
bespoke network advertises Halifax
own products and services. Lord
Sugar (owner of Amscreen)
comments: “Customer engagement
is absolutely paramount to a
financial institution like Halifax and
their investment in this technology is
testament to the power of the
screens and their ability to engage
with customers.”
• Aldermore Bank has signed a £1.8
million extension to a data and
analytics deal agreed with Experian
in 2011. This will extend its use of
the TransactSM application
processing system and Hunter fraud
prevention software. It will also start
using Experian’s Delphi for Customer
Management service to monitor
changes in the credit risk profile of
existing customers and to identify
opportunities for up-selling
additional products.
M AY /J U N E 2 0 1 2
PAG E 0 9
EUROPE
IN
NEWS
BRIEF
• Société Générale has gone live on
the ASP version of Misys’s Summit
FT SaaS solution. The solution offers
broad cross-asset coverage including
OTC derivatives, fixed income,
commodities, foreign exchange,
equities and structured products.
• HP has signed a 15 year payroll
operations and HR technology deal
with Italy’s UniCredit. The banking
organisation is to migrate its current
multiple human resources/ERP
platforms to a standard, unified
enterprise model running SAP
solutions. In addition to
transformation and modernisation
services, HP will also host UniCredit’s
new platform from its datacentres.
• Bankhaus Main has implemented
Temenos’ Triple’A Plus portfolio
management system back to frontoffice. The German bank now has
comprehensive portfolio
management functionality, complex
analysis tools and high-quality
reporting, enabling it to perform
more detailed evaluations of cash
flow, revenue and performance, and
consolidate this information in
in-depth client reports.
Leaping up the table
T
h NCC Group has released its Origin of
Hacks report for the first quarter of 2012.
The UK has entered the top 10 for the
first time, while the proportion of worldwide
hacks coming from Russia and the Netherlands
has also increased.
The UK now occupies seventh place, being
responsible for 2.4 per cent of the world’s
hacking attempts over the last quarter. This is
double the proportion of the findings from the
previous report, and sees the country move
eight places up the table. Russia has also shown
a large increase, with over 12 per cent of global
hacks originating there, compared to just 3.5
per cent in the previous findings.
This has cemented
its position in
third, behind the
United States and
China. As for the
Netherlands, it’s up
from 3.1 per cent to
over 11 per cent, moving
it into fourth place in the
hacking chart. Overall, the
top 10 has changed a great
deal over just three months,
with Italy, France and India all
dropping out. Taking their
places are Ukraine in fifth, South
Korea in ninth and the UK.
Rob Cotton, NCC Group’s chief executive,
comments: “Cybercrime is perpetually evolving.
The dramatic increase of hacks from certain
countries over a three month period just goes to
show the fluidity and quick-changing nature of
the issue. Because cybercrime develops and
alters on a daily basis, so too must the countermeasures. We need greater agility and
collaboration on an international scale.”
• Neolane has announced Ikano
Bank as its latest financial services
customer in Europe. It will
Worldwide hacks at a glance.
implement the company’s platform
to help it boost the effectiveness of
its marketing communications
through closer, more personalised
relationships with its customers and
enabling it to manage cross-channel
Most read at fstech.co.uk
marketing campaigns.
• ABN AMRO, Banco Galicia, UBS
Most clicked stories at www.fstech.co.uk
during May...
and the French publisher of
integrated software packages, SAB,
are the latest members to join the
Banking Industry Architecture
Network (BIAN) network,
collaborating on standards for SOA
in the banking industry.
PAG E 10
M AY /J U N E 2 0 1 2
Sluggish FS sector not happy with tech
IPL rolls out Multi-Channel Framework
UK leaps up hacking league table
BIAN swells its ranks
VocaLink to manage Moneycorp ATM estate
BYOD brings benefits plus security concerns
PAYMENTS
IN
NEWS
BRIEF
• Bank of America Merrill Lynch has
selected Sentenial to offer Origix
Corporate to its clients. The solution
enables the migration of legacy
mandates to SEPA Direct Debit,
Payments conference returns
The second FStech/Retail Systems Payments Technology
Conference will take place on Thursday, 1 November
ongoing mandate management,
document handling and the
generation of payment instructions.
BofAML says that its clients will be
able to benefit from the solution
with minimal changes to their
existing processes.
• HSBC is to follow the likes of
NatWest and Barclays and roll-out
contactless cards. With one eye on
the 2012 London Olympics, the plan
is to replace those debit cards which
The conference made a hugely successful debut last year.
are due to expire from May onwards
T
with new cards containing
contactless technology.
• The fourth State of the European
Payments Marketplace survey, with
over 350 participants from 53
countries, shows an increasing
expectation of success for SEPA.
Conducted by the Financial Services
Club and sponsored by European
Banking Authority and Logica, it also
highlights the growth in real-time
payments across the board. Nearly
70 per cent of respondents believed
the Euro would not survive in its
current form, although overall
sentiment with regards to the Euro
and SEPA was more positive.
• Temenos is to develop a new
payments system, built in
conjunction with ABN AMRO Bank
N.V. This will be based upon the
Temenos Enterprise Frameworks
Architecture (TEFA), which provides
the platform for the company’s T24
core banking software. The new
system will be implemented at all of
ABN AMRO’s international locations.
It will also be available as a
standalone solution, operating in
real-time with any core banking or
checking accounts system.
PAG E 12
M AY /J U N E 2 0 1 2
he event, to be held at the IoD Hub,
London, will bring together leading
figures from retail and the financial
services sector to network and discuss cards and
payments services, the present and future. This
year, there will be a particular focus on mobile
banking and payments. Senior figures from
across the retail, financial services, technology
vendor and telco sectors will come together to
debate the key issues, innovations and barriers
to the mass-market deployment of mobile.
Chaired by Vendorcom chairman, Paul
Rodgers, the conference, a mixture of speaker
presentations and discussion panels, will also
showcase the latest developments and services
and products in such areas as: contactless cards;
self-service technologies, SEPA, payment
security, online payments, the future of cash
and cheques and social payments.
Free to retailers and financial institutions, it
made a hugely successful debut in 2011 as
FStech teamed with sister title Retail Systems to
put together what we believe is a unique event.
Looking at the payments sector from the
perspective of both the retail and financial
services sectors, the conference pulled in close
to 200 delegates and attracted speakers and
panellists from such organisations as PayPal,
Lloyds Banking Group, VeriFone, Barclaycard,
Citi, Clinton Cards, HSBC, Bank Machine and
O2 Money.
For further information on the 2012 event,
visit: www.fstech.co.uk/payments
2011 conference highlights...
Payments evolution over the next five years
challenges and opportunities: Tim Decker,
European Head of E-Channels, Payments and
Cash Management, HSBC.
Payments in a multi-channel world: Carl-Olav
Scheible, UK Managing Director, PayPal.
Cash vs contactless, long live the king: Simon
Austin, Commercial Director, Bank Machine.
Panel discussion: Cash vs cards, featuring Ben
Snowman, Director, Simon-Kucher & Partners;
Mark Silverstein, Deputy Head-Legal-Global
Transaction Services, EMEA, Citibank; Dave
Wills, Head of Merchant Services, Cardnet
Merchant Services, Lloyds TSB Cardnet; Rob
Brown, Group EPoS Systems Manager, Clinton
Cards.
Panel discussion: NFC/mobile payments,
featuring Giles Hingston, Global Product
Manager, Global Transactional Services, HSBC;
Alan Moss, Marketing Director, Verifone NW
Europe, Middle East and Africa; Tom Gregory,
Head of Digital Payments, Barclaycard.
The mobile wallet: driving m-commerce and
closing the transactional loop: Phil Edwards,
Head of Business Development, O2 Money.
VIDEO
INTERVIEW
Data challenges
Tony Fisher, CEO and President of DataFlux, discusses master data management as a technology and how it
affects and benefits financial institutions
FStech: What is MDM?
TF: It's not really a technology, it's more of
a methodology, a process to ensure an
organisation has data that's fit for purpose
for their business. There are technology
components to it but equally as important
is the consistency in processes and rules.
Ultimately, the idea is to ensure that the
data reflects the business.
go. The other important thing to keep in
mind about MDM is that it is evolutionary
in its implementation. Organisations that
try to do an entire enterprise MDM
implementation at once tend to fail more
than they succeed as they're biting off
more than they can chew. The most
successful companies start small and grow
out from there.
FStech: What are the benefits?
TF: Primarily the emphasis for MDM is to
get good, consistent data across the
organisation. It's really not fair to define it
as a technology or methodology to get
better data. The idea is to improve your
business and so the ultimate goal is that
you use the data to increase your revenue
and decrease your expenses. You mitigate
risk and you're in compliance with
regulations.
FStech: Social media is having a huge
impact on MDM programmes. How
can DataFlux help organisations
address this?
TF: It would be wrong to talk about social
media data as a master data driver. It is
true that one of the big things organisations
need to do is incorporate their social data
in with their master data. Master data
tends to be more structured in nature.
Social data is much more unstructured. But
the idea is to glean the important points
from the social data and to augment and
embellish your customer data based on
that. And that's the kind of thing DataFlux
is doing. We can help you understand the
major components of your Twitter feed
and map that back into the sentiment of
the customer, so you have a good
understanding of how customers are
interacting with your business.
FStech: Why do organisations usually
find they need a MDM solution? Is it
reactive (e.g. compliance-related) or
are they increasingly implementing
these solutions to drive a single view
of the customer?
TF: The drivers tend to be external
influences, oddly enough. What is going to
motivate a company this year or next is
going to be different. If you look at things
within a temporal context, when the
economy is strong, organisations tend to
focus on that single view of the customer.
When they are experiencing recession, the
drivers are different - you tend to regroup
and make more out of what you have,
operational efficiency - e.g. looking at
product data or financial data.
FStech: Is there a one size fits all
approach?
TF: No, there isn't. Every organisation has
a slightly different reason for doing MDM.
Therefore there is a certain dependency on
what the business drivers are. There are
certainly similarities from implementation
to implementation. And as a vendor we
can provide a jump start that gets an
organisation in the direction they want to
FStech: I'll put the same question to
you in relation to cloud computing.
TF: Cloud has a life outside of MDM and
vice versa. It's important to understand
that cloud computing is going to be an
essential part of infrastructure for IT
organisations moving forward and one of
the things inhibiting larger organisations
from moving more rapidly to the cloud is
the data integration problem. We can get
multiple applications to run in the cloud
but then you get to the point where that
application is running in isolation to
everything else you're doing. And this
becomes a difficult thing for organisations
to tackle. The success of integrating
organisations in to the cloud is ultimately
going to come back to their ability to
Scott Thompson talks to Tony Fisher, CEO and president, DataFlux
integrate the data within cloud
applications, both on and off premise
applications.
FStech: And also Big Data.
TF: Yes, I guess we have to hit all the big
buzzwords, don't we? Big Data has a lot of
the same characteristics as social data. It's
true that across all industries we've been
very good at producing massive amounts
of data, what we haven't been good at is
consuming that data. When you look at
new techologies like Big Data, they allow
organisations to consume much more data
and make more sense of it. So it becomes
an important part of a data management
strategy. You need to understand the
characteristics of the data and cross
germinate
your
structured
data
environment with your unstructured.
Again, it opens up a lot of potential for
understanding your organisation.
FStech: What would be your
recommendations to those thinking
about starting a MDM project?
TF: It's often that first step which is the
most difficult. Start with a manageable
sized project and build out from there. I
can't emphasise enough, it's fine to think
across the enterprise but as you start it
needs to be with something you can
succeed at. Success breeds success. A lot
of organisations need to think differently,
they have been very application focused in
the past, but now more forward thinking
companies are viewing it along the lines
of, data first, applications second.
For the full interview, visit: www.
fstech.co.uk
M U LT I
-CHANNEL
BANKING
That sinking
feeling
Amanda Hall-Davis finds that many banks are not keeping up with their customers’ needs
and wishes when it comes to the High Street branch, mobile, social media and online
A
s a new storm gathers on the banking horizon now that
the UK has hit a double-dip recession, these already
bruised financial institutions remain vulnerable. With the
UK banks still reeling over the shock of the Eurozone crisis,
increased regulation and high inflation, the continuing financial
problems pose a serious threat, the Bank of England has warned.
The silver lining among the dark clouds is the increase in the
uptake of digital banking solutions. Multi-channel banking in
itself presents a completely new set of tough challenges to
financial institutions but how are they progressing in terms of
strategies? What are the future technology solutions with regard
to multi-channel banking?
Consumers want multi-channel interactions with financial
services companies to feel local and personal, according to a
recent study by BT and Avaya. This found that banking customers
are cautious of social media and prefer personalised services to be
at the centre of their relationship when dealing with personal
PAG E 14
M AY /J U N E 2 0 1 2
finance matters. It showed that around 73 per cent of UK
banking customers view their local branch as the ’most vital link
with their bank in the future’. Although it also revealed that
customers are interested in new ways of dealing with their
finances and ’expect web-chat, co-browsing and video-chat with
their financial services provider to grow.’
Banks face the demanding challenges of satisfying customer
needs and those that build in multi-channel capabilities, which
meet these criteria, will enjoy economic growth. David Kohn,
banking consultant at CSC, IT and technology services, believes
strategic teething problems are inevitable: “Banks have been
modernising their electronic channels, with updates to internet
banking services, new apps for smartphones and tablets, and
new payment services,“ he says. “However, integration and
consistency between the channels is still patchy. Telephone
banking is, for many banks, the problem child, with high
customer dissatisfaction with waiting times, clunky security
procedures and insufficiently skilled or knowledgeable staff. The
ATM, still the primary source of bank interaction for many
customers, has received little investment recently and branches
are to be avoided by anyone with a busy life. Banks are aware of
the need to engage with the social media revolution but many of
their efforts to date have been ineffectual.”
Leading banks are continuing to progress in terms of
improving their multi-channel strategies and deliver the
consistent service needed to engage customers. Commenting on
the advancement of multi-channel strategies and the use of
digital technologies, Chris Popple, managing director of digital
channels at NatWest and RBS, says: “It has let us put our
brochures up on the web, and the second big thing is to make
basic banking more accessible. That’s what core online banking is.
We worked very hard on two things: exposing the banking
functionality into a mobile phone, but we need to think about
how easy it is to use. How can the customer transfer money
intuitively and be easy to use. Relative to online banking the
growth of mobile banking is higher than the initial uptake of
online. At the beginning of 2012 we had 1.2 million active
customers using mobile.“
He adds: “We see our customers actively using our digital
channels with over 50 per cent actively using digital channels.
Digital is a powerful way to glue together all the channels. We
have something called Ideas Bank – a forum whereby we monitor
and listen to our customers in a different way to Twitter.”
Whilst adding new facilities to the core of traditional banking,
true multi-channel banking should aim to add an abundant set of
services and products to customers in a seamless and always
available manner across all channels, thus providing a consistent
experience. However, there are flaws in current multi-channel
banking strategies which need to be addressed as Kohn observes:
“Inconsistent branding and user experience across the channels is
a constant feature, although some banks fare better than others
in this respect. Banks are adding new channels without either
identifying a new revenue stream or retiring/reducing the cost of
existing channels. This means that total distribution costs continue
to rise, which is just what banks don’t need with their present
cost/income ratios.”
Digital solutions
It is undoubtedly a tough time for the banks in the current
economic climate and multi-channel presents an opportunity to
strengthen trust and build upon relationships with customers by
delivering a personalised service. Digital innovations are a means
to help the sector achieve this through every channel it has.
Whether it be remote channels such as online or mobile banking,
technologies now exist that can link its customers to the right
people and the right information in a cost-effective manner.
“A true multi-channel solution is a convergence of multiple
technological solutions, which include an integrated back end
systems, an enterprise service bus or middle ware, a multi-
channel framework, which exposes services that can be reused
across channels, integrated sales and marketing, alert services,
business intelligence, data management, security solutions and
compliance solutions. Leading financial services providers are
starting to offer a true multi-channel solution,“ says Haragopal
Mangipudi, global head at Finacle. “Banks are also focussing their
attention on cross channel support, unified login and layered
analytics. Having a 360 degree view of the existing customer
offering gives better insights into existing relationships and helps
in improving cross-sell revenue per customer.“
Innovative products and tools that proactively offer assistance
such as live online chat, money management tools and bill pay
features are all options that can assist in increasing customer
lifetime value, reduce the churn rate plus enhance and meet
customer needs. However, what are the practical digital solutions
that lay the foundations, which banks need in place in order to
achieve their objective of true multi-channel functionality? Kohn
observes: “A proper, integrated multi-channel architecture that
can cope with rapid change and experimentation without
distorting the architecture.”
In order to achieve the much sought after ’single customer
view’, data consolidation and improved management of customer
information are key precursors to achieve a bank’s business
objectives. In essence, information is the practical side of their
’strategy coin’. What are the future challenges to address in order
to move forward with multi-channel strategies in the long-term
and what new digital solutions are on the horizon?
Mangipudi says banks need to undergo a major transformation
to meet the future challenges of offering a true multi-channel
service: “They require a major transformation programme in
terms of upgradation of legacy systems, business process
re-engineering and consolidation of data in order to climb the
multi-channel curve. We also believe technologies such as cloud
computing will act as an important enabler for these strategies.”
But CSC’s Kohn says the sector must address rising costs and
simplify its strategies: “They must address the challenge of everrising distribution costs and complexity. They particularly need to
get their data (information) into structures that enable, rather
than hinder (as now), their business objectives.”
Mangipudi believes digital solutions need to incorporate a
number of key factors in the future: “In addition from general
enterprise and infrastructure perspective cloud-based services,
virtualisation, open banking platforms, Big Data management will
have a big impact on the multi-channel landscape. In addition,
banks would also want to have better risk management, greater
regulatory compliance and unified fraud management.”
The consumerisation revolution and the rapid rate of IT change
have left many financial institutions struggling to keep up. Multichannel strategies are suffering as a result, with the customer
experience across channels often patchy. Some organisations are
rising to the challenge but it appears that the majority remain
hamstrung by legacy thinking.
M AY /J U N E 2 0 1 2
PAG E 15
RISK
MANAGEMENT
SOFTWARE
Good thinking
Graham Jarvis looks at how technology can help financial institutions as they create and
implement risk management strategies
L
ife is full of risks and attempts to balance them with rewards.
Those risks range from just simply crossing the road to
calculating how much return on equity you’ll receive if you
invest your money in a certain commercial project or investment
scheme. Yet the financial crisis that began in 2008 occurred
because well known financial institutions like Fannie Mae and
Lehman Brothers, as well as many others like the Royal Bank of
Scotland (RBS), accepted a lack of equilibrium between these two
factors. This led to the circus tiger of risk eating its master, and
with it fell the belief that taking ever greater risks would naturally
lead to even greater rewards.
PAG E 16
M AY /J U N E 2 0 1 2
So the tiger needed taming with regulation, a new attitude to
risk-taking and its management to reduce the chances of such a
dramatic collapse in the global financial markets and system,
which has led us all to the current recession, happening again. Of
course, it could still befall us, and regulation and regulatory
compliance isn’t enough to prevent such a catastrophe from
happening again. Risk management therefore has to become an
integral part of a financial institution’s culture, people and
processes at all levels of the enterprise. That includes ending such
activities as rewarding individuals for failure whenever a risk too
far has been taken.
“Basically risk and reward aren’t sufficient to deliver a risk
management strategy; we still need to choose your risk appetite
and once you have that you will need to identify, measure and
model to understand what the weak spots are,” explains Michael
Mathias, director of capital markets at Tata Consulting Services
(TCS). Banks therefore need to understand how they can create a
margin of safety, which includes the provision of cash flow and
capital cushions. This, however, is problematic because the bigger
these cushions become, the smaller the return on equity.
Once a risk management strategy has been created, the next
step is to successfully implement it. Before that can begin there is
a need to consider whether the bank has some standardised
processes across its branches. Fragmentation will occur if there
aren’t any. For example, Mathias illustrates this by providing an
example of two trading desks: one residing in New York and the
other being situated in Tokyo, but the two offices are revaluing
their trades differently.
“The data may be granular, but when it puts processes through
the system, the data becomes aggregated and so you need to
look at how the nuts and bolts work,” explains Mathias.
Fragmented processes are key here, but the problem is also
worsened when the two offices within the organisation are
running disparate IT systems and duplicate organisations are
running the same processes. All of the risk factors therefore need
to be thought through clearly before the goals and objectives of
any risk management strategy can be achieved. To rush in would
be like running into the hungry tiger’s cage, and the outcome
could be failure rather than success. So the two different parties
of the organisation need to have a common risk culture and
understanding of the risk factors involved to ensure that the desk
in New York and Tokyo use the same risk vocabulary.
“Risk management is not just about ensuring that you comply
with regulations, it is primarily about managing achievement and
organisational objectives, and this could be the risk of not making
the desired profits or the risk of failing to meet compliance
requirements,” adds Mike McDonagh, an enterprise risk
management content strategist at Wolters Kluwers Financial
Services. He believes that it’s important for enterprise-level
business objectives to be localised and interpreted at all echelons
of the business. This approach enables each part of the
organisation to have their own objectives and linked to these are
risks that may prevent them from achieving them. Staff also play
a role in mitigating both the identified and unidentified risks. He
says this can be as simple as whether they have read a policy or
run a control, and they can also help to identify and assess risks
– particularly if they are the ones on the trading desk taking
chances with the investments made by the bank overall each and
every day for the benefit of its investment banking clients.
Much depends on the creation of the right risk culture, and
how the bank or another financial services organisation goes
about establishing risk management best practices to embed it
within its very being. “The process of embedding a risk should
therefore emphasise the benefits not just to the organisation as a
whole but also to the individual employee,” says Andrew Mosely,
chief operating officer at Metapraxis.
Benefits of technology
“For example risk management technology can introduce timesavings, enabling front-line staff to improve their performance
and generate additional revenues; and it can make cost-savings,”
he says. So by tackling the uncertainty that is created by the very
nature of risk, it is possible for an organisation to use risk
management as a way of reducing ambiguity to enable managers
to have a system and structure that offers them the ability to
make faster and more effective decisions. They should also be
open to learning from the pharmaceutical, mining, oil and gas,
defence, construction and other industries where risk
management is often a matter of life or death. That’s because
they are known to have some very focused risk practices to
reduce death or serious injury.
Software like that offered by SunGuard and SAS, can therefore
be used to establish common best practices and processes to
increase the certainty that a certain strategy will lead to some
element of achievement or reward as opposed to failure. “The
real benefit is that you don’t spend time producing numbers, and
instead you can spend it on analysing the data and on decisionmaking,” says Markus Gujer, SunGuard Ambit Risk and
Performance’s head of product management. The software could
be used, for example, to understand certain risk scenarios and to
create a systemic and structured approach to managing known or
anticipated risks.
His colleague David Renz, SunGuard’s risk advisory director for
banking, adds that it’s not the software itself that helps, but “it
forces them to re-think their risk infrastructure to upgrade what
they do in risk management.” The software enables the banking
or financial services organisation to think about what it is going
to do as time progresses, and it permits them to go beyond
compliance and best practice. But to a degree best practice is
defined by the regulator.
Yet effective risk management is not just about software. There
are many factors to consider, including how risk is measured. The
most common metric is value-added risk (VAR), but Renz claims
that it has in the past exacerbated the turmoil in the market, and
he says it contributed to the financial crisis. It affected everyone
in the market because they were all following the same trading
rules and this in itself made the market very volatile. It’s therefore
crucial to tailor an organisation’s risk model to its own business
model. “Think of the banks being asked to lend more and have
more liquidity; they have to re-think their business models, and
they have to find out at what level of capital they can operate
with going forward to move towards other risk analysis
methodologies,” he explains.
“For instance, what happened in the wake of the crisis was
that the banks moved from 99.9 per cent VAR to a 95 per cent
VAR, which is very unreliable as a gauge of risk because if you
move to a lower percentile the bank gains confidence and it can
do more analysis to consider the outcomes in the tail – such as
using deterministic analysis,” he adds. But risk management
software can also be both the hero and the villain in the same
way that certain metrics can provide a clearer picture of the reality
landscapes than others can. That’s because there may be a huge
amount of money being spent by the bank on software that just
ends up lying dormant, and which then becomes outdated.
“The fact is that the software in use must be integrated into
the systems used by the organisation’s employees in their day-today activities,” says Andrew Bale, CEO at Resilient Networks.
With this in mind Mosely is right in concluding that the road to
successfully implementing risk management strategies and
software is never straightforward as there are a number of
factors, variables and scenarios to consider. Firms also face a
number of challenges, ranging from their ability to get support
form their boards to a lack of resources and risk managers can
suffer from overly ambitious implementation timescales that they
have been given to analyse and assess emerging risks.
They will also have to adapt their risk management technology
to keep up with an ever changing regulatory environment, and
this is not something that risk management software can enable
them to overcome. As shown by the financial crisis, the human
aspect of risk management and the risk and reward culture it
instils can be either a catalyst for success or failure. Poorly trained
staff, for example, might end up implementing a process in a
detrimental way and so prevention is likely to be better than a
cure. That requires the appointment of a chief risk officer (CRO)
to take responsibility for embedding, developing and
implementing an effective risk management framework. This will
also tame the tiger to the point that he becomes more of a valued
asset than a dangerous risk.
M AY /J U N E 2 0 1 2
P A G E 17
TRADING
PLATFORMS
The traditional world of stock markets and
trading is colliding with social networks.
Will this be a marriage made in heaven or
a quick fling? Hannah Prevett investigates
T
rading floors are frenetic, fast-paced environments where
the onus is on technology to provide top quality, real-time
information to inform decision-making. Meanwhile, the
biggest phenomenon to hit the technology world in the past
decade has been social, from early contenders like Bebo and
MySpace to current must-haves Facebook, Twitter and LinkedIn.
The two are now mid-collision, but can the traditional world of
trading embrace the social revolution?
PAG E 18
M AY /J U N E 2 0 1 2
A social
affair
Social trading is a somewhat murky term, and there seem to
be two definitions in our midst: the first is sentiment analysis of
tweets and data on social networks to predict the stock market.
Vagelis Hristidis, an academic at UC Riverside in California,
recently conducted research into the relationship between tweets
and the financial markets to see what sort of influence one might
have on the other. And sure enough, he found a correlation
between Twitter activity about a company one day and the
volume of trading of that company’s stock the next day.
Furthermore, he also found that the relationship extended to
stock price, meaning Twitter traffic
one day tended to mean higher stock
prices the next. It is no coincidence of
course that companies such as Dell
have begun posting their earnings to
StockTwits before releasing them to
mainstream news sources.
And secondly, and of most
relevance to this feature, is social
trading as a ‘follow the crowd’
mentality, where traders are using a
social experience, or network, by
which to observe and emulate other
people’s trading patterns.
Making headlines
One of the most high-profile
companies to enter the fray is eToro.
The Cyprus-based company has made
the news (sometimes for the wrong
reasons) in the last two years thanks
to its OpenBook solution. It has a
flashy, sexy interface, where it runs a
live stream showing which traders are
winning and which are losing in
real-time, as well as trade-specific
information such as how often, and
how much they’ve put up. Users can
follow top traders or ‘gurus’ and the
system will allow them to copy trades
automatically, as they sit back and
wait for the cash to roll in.
Sound too good to be true? IDC’s
Alex Kwiatkowski believes so.
“Because it’s got the word ‘social’ in
it, people jump on the bandwagon.
They think it must be a gold mine. But
just because it’s got social in its
description, it doesn’t mean it’s
automatically going to be a success.”
Kwiatkowski is also sceptical about
the concept of following the site’s
‘gurus’. “It feels like you’re risking your capital to follow someone
and you don’t really know who they are.”
He may have a point there. The gurus are selected by other
users of the site, so the more followers they have, the higher up
the guru rankings they climb. They will be monitored for
consistency of behaviour, but eToro doesn’t conduct any in-depth
background checks, for example. The gurus will post information
about themselves on their page, but it’s a question of trust at this
point, as it’s impossible to know if the person pertaining to be
behind the computer screen tallies with the reality.
But social trading isn’t all about copy trading; there’s the social
network part of the equation too. “There is definitely an appetite
for this,” says Dr John Bates, SVP and CTO at Progress Software.
“Ask yourself why Bloomberg is so successful. It’s because it was
one of the original social networks. It was ahead of its time.”
One company that has really focused on the social
network component is Tradeo. Unlike eToro, which hopes to
attract professionals and non-professionals alike, Tradeo
admits it is focused on the retail customer, not those in the
trading room. “We started by building a full social network
where users and traders could meet and chat to one another,”
says Jonathan Adest, founder and CEO at Tradeo. “Then we
added financial information such as charts and quotes,
news aggregation, a calendar, and social trading, which
means we read in real-time and historically all of our users’
trading activities.”
Social trading is a difficult concept for stalwarts of the trading
world to get their heads around. Until the concept surfaced about
four years ago, much of the investment process ostensibly went
on behind closed doors, conducted in smoke-filled rooms by men
in suits, with clients paying many thousands to have their
portfolios managed by teams of financial advisors, hedge funds,
guru traders and so on. Questioned about the notoriously
secretive nature of the City, Adest says that it is only a matter of
time before the banking community acknowledges the social
revolution: “Social is taking over the world. Who knew we’d be
sharing every picture on Instagram or every location on foursquare
10 years ago?”
Unsurprisingly, Yoni Assia, founder and CEO at eToro agrees.
“A decade ago nobody would share photos of their family online.
Now the standard is to have a Facebook account and share every
photo online,” he argues. “The world is changing and we’re
embracing it. I think our users are probably the smartest traders
there are because they’re embracing something new that’s
harnessing the wisdom of the crowds. The older ‘professional’
traders might be so late to the game they lose all of the profits in
copy trading.”
Assia’s certainly presents a strong case for copy trading, and,
indeed, eToro. Despite some negative press, (Assia says he loves
it when detractors say eToro is “too good to be true”) the
company has more than two million users signed up. But for the
most part, these are retail customers. Whether or not this is
likely to be adopted by the banks and professional traders
remains to be seen.
A few commentators have likened the effect of social trading
on the banking and investment worlds to the impact of the birth
of online brokerages in the 1990s. But others are a little more
cautious. “I don’t see any evidence of that yet,” says Dr Bates.
“These social networks are going to continue to grow and
there’s going to be lots of innovation. But can people be
comfortable with the combination of transparency and money?
The jury’s still out.”
M AY /J U N E 2 0 1 2
PAG E 19
ROUNDTABLE
Driving opportunities
FStech brings you highlights from its outsourcing roundtable, held in London during May, in
association with niu
that. First thing’s first, let’s try and come up with a definition of
outsourcing in the 21st century. Any thoughts bearing in mind the
vast array of cloud computing providers?
Rob Handicott: I would say it’s a service or a process that’s
happening somewhere remotely to your office and you can simply
buy in that service from a distance and forget about doing the
management of IT in-house. Customers are being sold on having
their personal data stored in a cloud environment so it’s coming
down to everyday users as well as big companies.
“Cloud to me is simply another delivery model.”
Andy Rogers: Phil, as the sponsor perhaps you could kick things
off by telling us what niu are looking to take from this roundtable?
niu: We’re hoping to get an external view on the market in which
we operate. We have a few on outsourcing, managed services,
the cloud, or whatever you want to call it. We’re looking to get
the views of you guys around the table on the lengths to which
you want to go down that path and the best way to go about it.
AR: Thanks. We always think about outsourcing and the cloud as
infrastructure but really it’s the applications that drive the
business. What are the critical applications for your organisation?
It will be interesting if Glenn from London & Capital can pinpoint
Attendees:
Andy Rogers, Board Member, National Outsourcing Association
Phil Clark, Marketing and Channel Development Director, niu
Simon Mitchinson, Business Development Director, niu
US bank representative
niu: A question I would raise is, often with the cloud, the person
providing it is doing multi-tenancy - e.g, Microsoft Access in the
cloud. But if you said I want my banking application over there, I
don’t want anything to do with it, is that cloud or is it a managed
service?
Paul O’Hare: It depends on how it’s badged by the supplier.
Cloud to me is simply another delivery model. It’s marketed as
having a number of benefits over and above those offered by
more traditional delivery models, particularly when you go to the
public cloud. You can also have a private cloud environment,
although this will normally have fewer of the benefits associated
with a public cloud offering, and will generally be more expensive.
AR: Isn’t that a virtual private network? Isn’t that what it used to
be called? And is it truly dedicated to you or is it shared with other
customers?
Mark Evans: Cloud is just a badge. It’s like R&B, it’s a nice term
but actually it has been applied to several different types of music
down the years. The real definition is around control. The moment
you give over your data or applications or processes to someone
else, it doesn’t matter how you describe it, fundamentally you can
no longer pull the plug.
Rob Handicott, Chair, British Computing Society Financial Services
Group
Glenn Murphy, Head of IT, London and Capital
Paul O’Hare, Partner, Head of Outsourcing, Kemp Little
Jamie Watters, Programme Manager, HSBC Global Banking and
Markets
Mark Evans, Publishing Director, FStech
PAG E 20
M AY /J U N E 2 0 1 2
Jamie Watters: For me there’s an element of commodisation of
IT. This whole space is driving opportunities for small businesses
that won’t be afforded to larger businesses. I think it’s largely
irrelevant to organisations in investment banking because of the
barriers to entry. We won’t have startup competitors due to the
regulatory landscape. But in other areas where you have new start
ups who can exploit low cost, commotised IT solutions, there are
real opportunities and you will see real innovation coming from
FTSE 250, AIM type companies.
niu: From our perspective it’s interesting as a lot of people
are coming to us saying, I want to buy a cloud solution and
from our point of view it’s a nightmare as it’s such a broad
term. Where we’re trying to get to is how we position
ourselves. We aren’t a public cloud provider, we work with
another provider to do that. Where we see ourselves as
supporting the clients is around the private cloud environment. It’s
not really about the cloud, it’s about designing a bespoke solution
that meets the client’s requirements. Because of the hype around
cloud, are you guys thinking differently about how you should
deploy IT?
Glenn Murphy: Cloud implementations are continuing to grow,
and offer a great deal of value add. Customisation continues to
be a key limitation of cloud when interacting with other systems,
and that’s also the difficulty that cloud solutions present for
shared services.
AR: We talk about the SMEs being agile, but if they were about
to erode the enterprise organisation’s market I could see the
enterprise organisation companies taking measures to address
that.
JW: There are a lot of misunderstandings and myths in this area.
If you’re out of control in one place you don’t move it to another
and get control. You have to move something into that space in
a controlled fashion. When you move into this you have to do so
in a controlled way, ownership, understand the value, your
data etc.
niu: Are we saying most people think cloud is multi-tenanted, it’s
just out there?
GM: One of the difficulties for those in the financial services
industry is that they have to mitigate the risk. Mitigation of risk is
quite easily achieved if a third party resources the audit
requirements fully, for example, if they’re a hosted provider then
that ticks the compliance boxes with effective controls
demonstrated, but if you go out to these cloud service providers
and ask them the important questions on how they are
compliant, they will fall short on that. For example, I probably only
know of three service providers who are fully compliant in
offering the full range of hosted, cloud based services. This raises
lots of questions marks, however third parties find it very difficult
to fulfil the cost and resource requirements of audit, compliance
and controls.
RH: The ultimate responsibility still lies with the source. Even if
you do outsource it you don’t outsource the risk.
PO: One of the other barriers to financial service organisations
adopting the cloud is the system and control requirements imposed
by the FSA and other regulators. Some of those requirements are
difficult to satisfy, certainly in a public cloud environment.
AR: How much do satisfaction surveys drive the IT decision
making process within these banks?
GM: It’s a case of the tail wagging the dog if we progress down
that route. If IT is very well synched with the business through
strategy alignment the two should work hand in hand.
niu: As an outsourced or hosting provider if you can enter a
market and say, we’ve been through FSA compliance a number of
times, we’ve got several clients who have done this, I think it
depends how you define the service boundaries.
JW: The fact is no one trusts standards. They can be meaningless.
And that’s where there should be a focus right now. We’ve got a
world that has gone crazy with controls and we’re putting a huge
tax on the supply chain. There’s a whole department, a cottage
industry asking these questions. And at the other end we’re being
a bit disingenuous. There needs to be a trusted, middle
organisation you can rely upon. It would take a lot of cost out of
the supply chain and ultimately a lot of cost out of the customer
end of things.
US bank representative: Is it not that same aversion to risk that
prevents anyone stepping into that space?
JW: Yes, I think it’s time for us to be more thoughtful. And that’s
by working together and agreeing something meaningful. The
economies we could make are absolutely huge.
AR: So it would be a case of the banks working together for a
common goal in sourcing and quality standards?
JW: We actually do work together on a lot of these areas. But it’s
more that independent view of suppliers we’re looking for.
AR: Can the suppliers do some of that standardisation and
consolidation in the market?
M AY /J U N E 2 0 1 2
PAG E 21
ROUNDTABLE
AR: From a cloud service management perspective, I know for a
fact that the media and news industry are actually doing that.
They use Remedy in the cloud. The news organisations are very
keen on that. I know some of the big players like HP are looking
to get in on that space. In that multi-sourced environment, who
is pulling together the innovation and strategy?
“Is there such a thing as a bad service provider?”
niu: It would have to be a high tier of supplier to start doing that.
We could give it a go. But I would say it needs to be done from
industry down rather than supplier up.
GM: In terms of the standards and the expectations around the
integration between different service providers, questions arise in
how that integration is occurring, where it’s being managed,
where the data is being held. That affects how your service
providers are being seen. The market naturally takes control at
that point, the bad service providers fail, clearing the way for a
super service provider.
AR: Is there such a thing as a bad service provider and has the
single sourced model gone? Personally, I think it has. Are you
seeing that in any of the deals you’re doing, Paul?
PO: At a basic level, the service integrator model is very
common in that in a prime/subcontractor model, the prime
contractor is acting as the service integrator. But the key
difference between the traditional prime/subcontractor model
and a genuine service integrator model in a multi-sourcing
environment is that the customer is actually saying, we’ll
pick the supply chain and you, as service integrator, have
to step in, manage, and be accountable for, the other service
providers in the multi-source environment. That’s where you start
to run into difficulties. Often, customers will be told they’re
buying a genuine service integrator model but when you get
down to the detail in the contract, you realise that’s often not the
case, certainly from a contractual standpoint.
niu: That’s an interesting point. As a client you pick a provider
and expect someone else to take responsibility for that, but it can
be conflicting. Realistically you need to find a service integration
supplier who has relationships with providers already in place,
who can meet all of your requirements functionally, that’s the
right answer. Where there are legacy applications in an
organisation, it’s very difficult for a provider such as us to take
responsibility for the situation.
Regulatory landscape
AR: Let’s look a bit more at the regulatory process and how that
impacts upon what we’re discussing this evening.
PO: The vast majority of deals we’re seeing are multi-sourced.
niu: Is there a market for a services integrator? You buy your bits
from different vendors as they all have their own specialist
functions but have an entity that sits above that?
JW: I’d say, yes, but it’s something you have to do slowly. It will
definitely be something there’s a market for a few years down the
road when things have calmed down a bit. The risk has to be
measured in-house.
RH: I would imagine there would be quite a lot of demand for
such a one stop shop for clients. To roll-out this kind of approach
just needs an agreement on how the different standards are
going to be managed together.
PAG E 22
M AY /J U N E 2 0 1 2
GM: One of the difficult challenges from an IT perspective is that
the front office doesn’t see it as an investment, it’s seen as a
cost, potentially it can also limit innovation. Naturally that also
leads to outsourcing. If you’re good at what you do, you want to
look at the internal costs. Especially around change initiatives,
these bring in a lot of cost and you might want to bring in
external forces to help make that change happen. That’s
quite natural.
RH: In terms of the compliance part of it, where data is, there is
a bit of uncertainty about where responsibility lies. From the
customer side of things, when you’re taking a hosted service, if
the compliance can be with the hosted service that can be
easier to identify. The worry is if the customer is trying to be
compliant about where the data is and yet they don’t actually
hold it themselves.
think it’s a great idea, you have to test it first for five years. You
can’t be as flexible as some other industries.
ME: It might not be in existing banks’ interests to do this or
encourage it, as compliance is a barrier to new entrants.
JW: What we’re seeing is more and more investment in
governance and control. It’s beyond platinum. We just do it, not
with an understanding of the bigger picture, we just do it. But
another problem we have is that the regulators all operate to
different agendas.
JW: In practical terms the only way that would happen if the
outsourcer was a bank. Essentially you’re talking about white
labelling financial services.
niu: The Catch 22 situation is that they want a platinum
contracted service but they want to pay plasterboard prices.
Good management understands the dynamic that there has to be
value in it for them and you.
AR: A question for Phil and Simon, are financial services
organisations being unreasonable in wanting their cake and
eating it?
niu: It’s not just financial services. It’s often the buyer. If you said
to a buyer, go and buy me a car and I want it to be a nice one.
His interpretation of that would be different to your’s. That car
delivered to you has got four wheels, four doors, it’s blue but
then you differ.
JW: What’s happened is they’ve taken understanding, reason and
sense out of the equation and replaced it with a bunch of KPIs so
they’re measuring on performance with a bunch of metrics. What
you get is performance that meets a metric but what you don’t
get is long-term service and value and also the intangibles like
really good relationships. Is there a bad supplier? I would say
there are bad account managers.
AR: For global organisations you need global suppliers. How do
you feel on the nearshore, offshore role with regard to what’s
going on in the world today, for example, cybercrime?
US bank representative: I’m not sure it’s just to do with the
location of the supplier, it’s much more to do with a maturing
perception of risk. Recent years have seen incredible upheavals
and, as lessons have been drawn from those upheavals, everyone
has become much more risk-averse. Hence the perceived shift to
platinum standards that has been mentioned already.
AR: What about the personnel of suppliers? How strictly do you
manage and control those?
US bank representative: Where we do use third parties we’re
taking significant steps to ensure they are adhering to the same
standards and controls we would have internally. We are very
careful about which function we allow to be done in which
jurisdiction. For example, there are many client-facing aspects we
won’t offshore where this could put relationships at risk. And, to
touch on the cloud issue again, there may be parts of a company’s
activities that can be put in the public domain, but you need to
understand how it’s set up before you do that.
AR: Jamie, because of the financial crisis pushing out major
savings, how has that impacted some of the decisions within the
bank?
JW: What we have is a clear understanding of what’s soft
and hard. What’s hard is the regulatory space, there is
absolutely no appetite for risk in that space. You don’t want to
incur the wrath of the regulator, not because you have something
to hide. If you want to engage them it’s such a huge cost.
We’re a global business so we’re not regulated by the FSA,
we’re regulated by a global network of regulators. We have a
minimum standard which is the highest watermark and we
adhere to that globally.
niu: And you can’t take a punt on something, can you? If you
“Are FS organisations being unreasonable in wanting
their cake and eating it?”
M AY /J U N E 2 0 1 2
PAG E 23
ROUNDTABLE
obligations down to its subcontractors and supply chain. Zurich
also had the right to go in and check that those security
requirements were being followed, but they didn’t do that. The
requirements weren’t being followed, one of the service provider’s
subcontractors lost an unencrypted data tape, and the regulator
hit the customer, not the supplier.
RH: To a certain extent, when the contract is very closed it doesn’t
give any room for innovation on the supplier’s side or give them
room for movement. You don’t want to suck suppliers into
something too rigid.
AR: How many of the consumer side here actually outsource their
critical infrastructure?
“There are a lot of concerns but also there is a lot of
enablement in having a mobile workforce.”
Business continuity
AR: I’m going to ask the lawyer about business continuity. Can it
be insured and managed under a contract?
PO: I don’t think business continuity can be guaranteed under a
contract. No matter how robust your business continuity
procedures are, its extremely difficult, if not impossible, to
eliminate completely the risk of business disruption. You can
certainly capture the business continuity obligations in the
contract and hold the suppliers’ feet to the fire if those obligations
aren’t adhered to. You can take huge steps to mitigate the
risks but there’s likely to remain a possibility, however remote,
that your prime and back up site suffer an outage at the
same time.
GM: It’s less of a legal issue and more of a practical one. It’s basic
stuff, how do you get an assurance that it works and will
continue to work? The contract can be key to that but you need
the correct approach to resilience and risk management.
PO: By and large, well-drafted contracts will contain all the
requirements and obligations needed to ensure robust security
and business continuity processes. The problem is that, quite
often, the contract terms are not followed by the parties. One of
the biggest fines the FSA has handed out in the context of an
outsourcing arrangement was to Zurich Financial Services in
2010. The contract with their service provider contained all the
necessary obligations in relation to data security and encryption,
including an obligation on the service provider to flow these
PAG E 24
M AY /J U N E 2 0 1 2
GM: That’s a challenging one to realise. It goes back a lot to the
contract management for core critical services, both for
infrastructure and application availability. Many companies I’ve
worked for haven’t taken that leap fully. Partly also because it
goes back to the data, and all importantly, where is that data
located.
AR: Moving onto trends that we’re seeing, such as Bring Your
Own Device (BYOD).
GM: When it comes to BYOD, there are two perspectives, the end
user and the client and then there’s the internal perspective, the
staff who bring in their iPhones etc. You almost can’t permit it,
the number of controls in place necessitate a barrier that prevents
people to take the data offsite in any way shape or form. But if
you look at it from a customer facing perspective, for sales staff
having an iPad it becomes more acceptable. Naturally, home
workers become slightly limited as the remote access function
needs to prevent data loss too.
RH: There are a lot of concerns but also there is a lot of
enablement in having a mobile workforce. You just need the right
controls in place.
niu: The financial services sector knows it has an issue. So many
other industries, particularly the unregulated ones, don’t even
know they have a problem. You say, that guy’s got an iPad, is he
connected to your WiFi? They have no idea.
GM: There will come a point where technology catches up with
the devices allowing the controls to be mitigated. Ultimately,
protection of reputation and data security is a big issue in the
financial services sector so BYOD is still some time away.
Efficiency
has a new name.
So many services, one new name –
SIX Multipay, SIX Pay, SIX Card Solutions,
SIX Paynet, and SIX Interbank Clearing
become SIX Payment Services.
We provide nancial institutions and retail customers with
secure and innovative solutions for cashless payments, setting industry standards in terms of exibility and customer
focus. With over 1000 employees and 13 ofce locations,
SIX Payment Services partners with customers in 33 countries, which makes us one of the largest subsidiaries of SIX.
In the elds of securities trading and settlement as well as
nancial information and payment transactions SIX offers
rst-rate services worldwide. www.six-payment-services.com
APPOINTMENTS
People on the move
David Polen
Fidessa, a provider of trading, investment management and
information solutions, has announced the appointment of
David Polen as head of business development. A Fidessa
veteran, having spent 13 years at the company in various roles,
Polen will be responsible for its strategic development efforts in
the US.
Andy Morgan
Grant Thornton has appointed Andy Morgan as a partner in its
London corporate finance team to help accelerate the growth
of the business and strengthen the firm’s technology expertise.
Morgan has over 17 years’ experience in mid-market M&A and
joins from PwC where he led its UK TMT sector team.
Massimo Sirolla
Auriga, an Italian provider of software/solutions for the banking
industry, has entered the UK market. It has opened a London
office and appointed Massimo Sirolla, head of international
sales, to front it. Auriga manages over 60 per cent of the Italian
ATM network (25,000-plus machines) and provides internet
banking services to around 600,000 customers in the country.
John Jessop
Speakerbus, which specialises in trader voice management
solutions, has appointed John Jessop as strategic advisor to the
Board of Directors. Jessop has over 40 years of financial markets
experience, including positions at Telerate Systems and Bridge
Information Systems. He is currently a business consultant,
based in London, specialising in corporate restructuring.
PAG E 26
M AY /J U N E 2 0 1 2
Emma Smeaton
Emma Smeaton has joined financial outsourcer HML to head up
the development of its forecasting models and meet client and
industry demand for increased certainty over the risks and
liabilities within their existing lending portfolios. She joins from
Santander, where she developed expertise in several areas
within credit risk.
Simon Barrows
Simon Barrows has been appointed head of financial services at
Glue Reply, the technology consultancy specialising in enterprise
architecture, integration and data. He joins from Lloyds
Banking Group, where he was chief architect/CTO for the UK
Consumer Banking business for the last five years. Prior to that
he was at PA Consulting Group and Detica.
Gottfried Leibbrandt
SWIFT CEO Lázaro Campos has quit the company. He will be
succeeded by Gottfried Leibbrandt, currently head of marketing.
Prior to joining SWIFT, Leibbrandt was a partner at McKinsey &
Company. “The company has never been in better shape and I
feel very privileged to be able to lead it forward at a time of
great opportunity,” he comments.
K Duker
Michael Stumm, co-founder of retail forex trading outfit
OANDA, is to be succeeded as CEO by K Duker. Duker’s CV
includes heading up Deutsche Bank’s eFX business in Asia
Pacific and for the past four years he has served as managing
director for OANDA’s Asia Pacific division. Stumm will remain a
member of the OANDA Board.
18th-21st June
Edinburgh
Leeds
Birmingham London
People and Information
Working Together
AIIM ROADSHOW 2012
The UK’s FREE Independent Forum for Information Management
The race is on!
In today’s fiercely competitive environment, the race will always be
won by the team with the most efficient processes.
To avoid losing ground to your competitors, you need to connect
colleagues, suppliers, partners and customers with the information
they need, when they need it and where they need it – using strong
document and records management coupled with enterprisestrength search, web-friendly collaboration and agile business
process tools.
At the AIIM Roadshow 2012 you can learn how the latest
innovations and best practice in Enterprise Content Management
(ECM) can help your organisation to save money, improve services,
optimise business processes, get to grips with compliance, ease
restructuring and keep up with the leaders in your market.
Choose from one of four
convenient locations:
• 18th June 2012 - Edinburgh
• 19th June 2012 - Leeds
• 20th June 2012 - Birmingham
• 21st June 2012 - London
Register now for your FREE place at www.aiimroadshow.org.uk
COMMENT
Shaken to the core
Sandeep Bagaria, head of core banking and card management, banking, SunGard,
looks at core banking strategies in these post-crisis times
T
he global financial crisis redefined many parts of the
banking landscape as the waves of economic
uncertainty shook banks to their core. The plethora of
challenges that the crisis brought with it crushed Return on
Equity from above 25 per cent to four to six per cent, forcing
banks to reevaluate and in some cases rebuild their
operational models in pursuit of renewed profitability.
This reevaluation is running right through the heart of the
bank which in the case of small-mid tier institutions is the
core banking system. In Europe and beyond the core system
is viewed by many as the operational lifeblood of the bank, a
critical element to supporting customer management,
transaction processing, product management and reporting.
But do today’s core banking systems provide the required
information and transparency to successfully manage the
bank post-crisis? For many banks, the core system is the
main, sometimes only, transactional and account processing
engine and therefore the primary provider of data into the
risk management systems. But the integration between the
core banking and risk management systems does not always
enable complete transparency of the bank’s true risk profile.
Integration architectures with multiple layers of extraction,
transformation and aggregation remove data integrity, leading to inaccurate and often incomplete information. This lack
of visibility is significantly impacting bank management’s ability to steer the organisation through new, post-crisis market
dynamics. The core banking system is also the primary system
used by staff across the enterprise to conduct front-middle
and back-office servicing of customer financial transactions
and accounts, and is therefore home to many of the daily
processes which need to adapt to provide a new level of
responsiveness and agility.
As executive management and risk practitioners develop
response strategies during times of crisis or indeed in times of
ongoing market volatility, the ability to operationalise these
strategies throughout the organisation and its processing
systems has become a pre-requisite in order to ensure the
ongoing stability and safety of the bank.
Today, many banks are finding that their core systems are
not up to the challenge of supporting these response
strategies because the visibility, accuracy and availability of
information is simply not where it should be. This is placing
the core system increasingly under the spotlight. In March
2012, Michael Versace, research director at IDC Financial
Insights, said: “The disciplines of risk and the role of analytics
are quickly becoming the new core in banking, redefining in
some sense what is “core” in banking.”
PAG E 28
M AY /J U N E 2 0 1 2
In response to more rigourous risk management practices,
increased regulation and a renewed emphasis on the health
and stability of the bank’s single most important asset, its
balance sheet, core banking systems must now evolve to
support greater assimilation with balance sheet management
tools and risk systems in a two-way flow of data and
integration of processes. In doing this, the core banking system begins to provide greater levels of efficiency to support
strategic cost and customer management, risk adjusted pricing and enterprise risk management. All this helps the bank
optimise its balance sheet profile, develop a strategic balance
sheet management framework and operationalise learning.
So while the requirements of today’s core banking system
are clear, this exposes the flaws in legacy architectures, which
will hinder a bank’s ability to integrate risk management at
the core of the business. This will lead banks to evolve their
core renewal strategies, with an increased focus on
progressive upgrades. Historically, one of the benefits of the
core banking platform was the single, fully integrated
platform approach. This model has obvious efficiency gains
but banks with large legacy architectures cannot undertake
the risk and cost of a systems overhaul or core replacement.
A movement towards componentised core banking solutions
responds to banks’ desire for modern, advanced functionality
in a way that can be implemented piece by piece and run
comfortably alongside the bank’s existing architecture.
So while the banking world faces continual change
post-crisis, the fundamental factor to the future health and
success of each and every financial institution is its balance
sheet. Banks that re-engineer their operational strategies
with risk management at the core will emerge as the winners
in the pursuit for future success and profitability. Those that
continue to look at core banking strategies through a rear
view mirror will pose a serious risk to the future health of the
balance sheet.
The banking world faces continual change post-crisis.
ADVERTORIAL
Headsets provide flexible working solution
ecoms headsets and detects unsafe audio levels and compresses
the signal within milliseconds. ActiveGard doesn’t just reduce,
but rather removes dangerous energy from an acoustic
burst, eliminating the distortion from an excessive incoming
signal and keeping the volume of a sound peak at a safe and
comfortable level to protect the user’s hearing.
Wearing comfort is another critical consideration, particularly in financial sector environments where workers may be
wearing the headset for eight hours a day or more. Sennheiser
has undertaken extensive ergonomic research to ensure that
the design of its professional headsets are optimised to provide
R
ecent years have seen a huge growth in flexible working
patterns with more and more staff working remotely from
the office for all or part of the week. New technology has
meant that so called ‘Martini working’ (any place, anytime,
anywhere) is now a practical alternative to office based working
with substantial productivity benefits for both the enterprise
and the employee.
As most people find that they get more work done at home,
away from the distractions of a busy office, employers benefit
from an uplift in productivity. With less workers going to a
conventional office building, businesses can also reduce the
size of their premises, with substantial cost savings. Unified
Communications (UC) technology which brings together all
forms of electronic communications in one solution is the
facilitator of these changes in working patterns.
Increasingly users are connecting to the UC system using
softphone client apps via their PCs, notebooks, tablets and
other preferred terminal devices. When staff ‘hot desk’ in
the office this has the additional benefit of ridding the desk
space of phone handset, an increasingly unnecessary device.
In industries such as financial services, where desk space in the
City of London can be at a premium, this is a real benefit. As a
consequence headset attach rates have increased as users need
privacy to chat via their smart phone, notebook, tablet or other
device. For business use a headset is also the preferred option
because it allows the user to write, or type while talking.
Sennheiser has a legacy of 65 years as experts in acoustics
and audio technology. The German company has a global
reputation for high quality headsets and microphones used in
professional broadcasting, music industry and aviation all of
which demand high quality speech and audio. Using Sennheiser
professional grade headsets avoids compatibility issues with
existing equipment, reduces operator fatigue and diminishes
the potential for confusion between the caller and operator.
Sennheiser professional headsets have some unique design
features that provide significant advantages for staff.
ActiveGard technology is embedded in all Sennheiser tel-
all day wearing comfort. Sennheiser recently introduced the
CIRCLE Line series of wired headsets for professional workplace
use which incorporate important design and safety features.
To withstand the stresses and strains of a busy workplace
environment CIRCLE line headsets are fitted with a reinforced
metal headband designed to last for years. Productivity features
include a noise cancelling microphone to filter out ambient
noise for optimum speech clarity, and Sennheiser HD Voice
Clarity wideband sound to ensure a more natural sounding
experience.
Office Equipment News magazine has already been
awarded the CIRCLE Line series an ‘Office Oscar’ and reported
that “Sennheiser headsets excel in sound quality, durability and
comfort which are essential in any environment where the user
will have medium to heavy call usage.” The CIRCLE Line series
has also won the coveted ‘Editor’s Choice’ Award from Business
Info magazine. Business Info is a widely respected independent
magazine reporting on the business technology market and
the magazine’s ‘Editor’s Choice’ Award recognises outstanding
achievement.
Many workers will benefit from mobility solutions which allow them to answer and participate in calls on their desk phone
when away from their desk. Sennheiser’s DW Series of wireless
headsets are the perfect solution, offering 180 metre range
(line of sight), twelve hours of talk time and fast charging,
with four hours talk time in just ten minutes and full charge in
one hour. The DW family also supports both desk phone and
softphone connection, with simple switching between both at
the press of a button. The DW wireless headphone series, offer
integration with UC telephony solutions such as Microsoft Lync
2010, IBM Sametime and Cisco Communicator.
Sennheiser headsets are available in a choice of monaural
(single sided), binaural (double sided) headband and single
sided ear-loop wearing styles to suit the needs of all users. Sennheiser has also invested heavily in research and development
to ensure that headsets are optimised for simple installation
and are simple and intuitive to use.
Free trials of Sennheiser headsets can be arranged for financial sector organisations. To know more call 0800 1303955, or
[email protected] or visit www.sennheiser.co.uk
Q
&A
Talking
heads
Stephen Dunnigan, UK country
manager, MicroStrategy
FStech: How did you get into the sector?
Stephen Dunnigan: I got in at the ground floor. I had a love of
computers as child – the difference between the computers then
and now is mind-boggling – and then went on to study computer
science at University. Back in the 80s computing was in its infancy
and it looked like an exciting sector to work in and so it has
proved. I’ve been in business intelligence and data for a number
of years now, first at IBM and now in my current role at
MicroStrategy. Data and its use in helping to make informed
business decisions has never been more topical and I’m loving
every minute.
FStech: Who has been the biggest influence on your
career?
SD: There have been many but one that particularly stands out is
a sales person that I worked with back in my time working in
sales support. He taught me about the importance of relationships
with customers and prospects and also about the confidence
customers have in you and how difficult that is to get back once
it is lost. Those are ideas that have stayed with me and even now
I would say that ensuring our customers are happy is an
important part of my role.
FStech: Who in the sector inspires you and why?
SD: Within IT and business intelligence I would say hand-onheart, that it is Michael Saylor – he is a visionary and an
innovator, exactly the type of person that appeals to me.
Within financial services it is the people that really make a
difference to the customer experience. I find that customer
service in financial services can be pretty varied and the people
that go the extra mile to resolve your issue or add value really
make my day.
FStech: Which IT professional do you most admire?
SD: A popular choice for many in the industry I know, but
without a doubt it would be Steve Jobs. What he did with
Apple is astonishing, to re-invent the company was an
achievement in itself but the iPad is one of the greatest
PAG E 3 0
M AY /J U N E 2 0 1 2
innovations we have ever seen. It is an amazing consumer
device but is changing the business world too and it is one of
the areas of technology that has changed what we do in
business intelligence.
FStech: Is there anything that you dislike or that frustrates
you about the sector?
SD: There is an inherent conservatism with financial services
when it comes to mobile and there is no real reason that mobile
couldn’t be as well-deployed within financial services as it is in
other industries. People are aware of the possibility of mobile but
financial constraints and being overly-cautious are holding
innovation back.
FStech: What technology can’t you live without?
SD: As you may have guessed, I am a bit of an Apple-head! So I
really couldn’t live without my iPhone. I use it for everything from
personal stuff like Facebook and communicating with the kids, to
admin such as banking and trading stocks, as well as being an
essential work tool, for email, web and more.
FStech: How do you relax?
SD: ‘Relax’ might not be the best term to describe spending
time with my three young boys, but I do love it. As you’d
expect they are a bundle of non-stop energy and much of
my relaxing time is spent taking them to various sporting
assignments or playing sport with them myself. I do, however,
get the occasional meal out and moment of peace with
my wife.
FStech: What was your last banking experience both online
and on the High Street and were they positive experiences?
SD: Additional services that now come as part of accounts are
great, so using my bank for insurance was something I did for the
first time recently. It was quick, efficient and competitive and an
entirely positive experience.
Call for entries – deadline: 8 June 2012
TO
E
E
R
F
R
ENTE
The 3rd annual Risk Management Awards are designed to emphasise the
importance of risk management as a key driver in business and to
acknowledge and reward the specialists working within the sector,
from small companies to large multinational organisations. There are 18
categories which you can view at the dedicated Awards website.
The winners will be announced at the Awards Gala Dinner and Ceremony
at the Lancaster London Hotel on Wednesday 14 November 2012.
Queries relating to categories and
Queries relating to awards Gala Dinner
judging should be directed to:
logistics should be directed to:
Mark Evans
Hayley Kempen
[email protected]
Hayley.Kempen @cirmagazine.com
+44 (0)20 7562 2418
+44 (0)20 7562 2414
Queries relating to sponsorship
Queries relating to media partners or
should be directed to:
marketing should be directed to:
Graeme McQueen
Sarah Whittington
[email protected]
[email protected]
+44 (0)20 7562 2434
+44 (0)20 7562 2426
Enter online now at: www.cirmagazine.com/riskmanagementawards
In association with:
Awards Gala Dinner and Ceremony
Lancaster London Hotel
Wednesday 14 November 2012
Innovation: a way of looking at the world and seeing it
differently than anyone else
At BT we’ve been looking at financial services
for 30+ years and seeing what others haven’t
AWARDS 2012
We looked at electronic trading. Where others saw circuits, we designed a
global, low-latency fabric that interconnects a financial services community
of more than 15,000 locations around the world.
WINNER
Cloud Computing
Innovation of the Year
BT Unified Trading
over BT Radianz Cloud
We looked at voice trading. Where others saw multi-line phones, we created
a collaboration environment for the trading floor that integrates e-mail,
instant messaging, social media, video, and client management.
We looked at post-trade messaging. Where others saw a replacement for
faxes, we developed a secure, reliable, non-repudiable connectivity and
messaging service that improves the efficiency and reduces the costs of
electronic trading.
We looked at cloud technology. Where others saw networks and servers, BT provides access to cloud-based products
and services for every function and every step in the trading environment.
We spend a lot of time getting to know our customers and industry in order to create innovative products and services
that improve communications for the financial community, and we’re proud when BT is recognized for this innovation.
Today, we’re especially proud to accept the FStech 2012 Cloud Computing Innovation of the Year Award for BT Unified
Trading over the BT Radianz Cloud.
2010
From the trading floor to the back office. From market data and pre-trade messaging to clearing and settlement.
BT delivers a complete, cloud-based communications and connectivity solution for financial services.
Bringing it all together
bt.com / GBFM
AWARDS 2011
WINNER
awards
Tenth Anniversary
Innovation of the Year
CLOUD COMPUTING
WINNER
Nationwide:
Cabling & Networking Service
Innovation in the Cloud:
a broader perspective
Howard Boville, Managing Director Unified
Trading & V.P. Financial Markets, speaks about
the BT Radianz Cloud and capturing FSTech’s
Cloud Computing Innovation of the Year Award
Congratulations on winning FSTech’s Cloud Computing
Innovation of the Year Award for BT Unified Trading over the
BT Radianz Cloud. We see and hear about cloud all the time,
but is the walk matching the talk? It absolutely is. Of course,
the internet is a very general example that everyone can relate
to since it seems to play into every aspect of our lives today.
However, in the world of financial services, cloud technologies
are actually very specialised tools for enabling the trade process.
A cloud platform can provide a trading firm with every aspect of
market connectivity needed to facilitate the trade process from
low-latency connectivity to markets supporting high-frequency
trading, to digital voice facilitating trading and relationships, to
batch processing of end-of-day net asset valuations.
You rarely find discussion of such diverse aspects of trading as
low-latency, voice, and batch processing in one conversation.
What’s different about the way BT views the cloud compared
to the way others see it? Our view is from a larger perspective.
We’re not trying to solve a single problem with a single product.
We look at financial firms and the financial services industry
holistically. We envisage not a specific network technology,
but a closely interwoven fabric in which the global financial
markets operate. This “market fabric” creates a unified financial
community consisting of buy-side and sell-side firms, banks,
exchanges, market data providers, and clearing and settlement,
and payments facilities.
Market fabric is an unfamiliar term. Can you elaborate on that?
Market fabric is to cloud what information is to data. The
concept of market fabric recognises the value BT brings to our
implementation of a financial services cloud. BT’s market fabric
gives access to a range of services that enable trading, most
obviously, network connectivity to pre-trade, trade execution,
and post-trade financial services providers. The market fabric
allows trading firms to access these services quickly and simply.
However, it goes beyond connectivity to include other inthe-cloud services such as voice, data communications and
collaboration. Users have access to market centres at points
within the fabric, to enable hosting of collocated or proximity
services for low-latency access to electronic markets. As such, it
provides the foundation firms require to go to market in the most
flexible and efficient way, at any point in the business process.
FSTech 2012 Cloud Computing Innovation of the Year Award:
BT Unified Trading over the BT Radianz Cloud
We look at financial firms and the financial
services industry holistically. We envisage
not a specific network technology, but
a closely interwoven fabric in which the
global financial markets operate.
- Howard Boville,
BT for Financial Services
This view of the world seems very complex. The issues facing
the industry can, in fact, be very complex; however the model is
actually quite elegant in its simplicity. The cloud links a firm with its
clients, counterparties and service providers in a flexible, unified,
multi-media environment. This creates a unified approach to
trading infrastructure that promotes internal efficiency, improves
client relations, and facilitates regulatory compliance.
Can you give an example of how this works in a trading firm?
While the majority of trades today are automated, not every trade
is executed through an algorithmic engine. More importantly,
there aren’t algorithms for building and maintaining client
relationships. Because of this, firms recognize the need to integrate
their voice-based trading and relationship management with their
automated trading, order management and post-trade systems.
Added to this is the burden of managing ever increasing volumes
of internal and external data as well as the expanding regulatory
compliance requirements. Being able to access the community of
customers, counterparties and service providers, in an easy and
cost-effective way, is vital to the firm’s success. The cloud brings
simplicity, flexibility, enabling firms to work smarter.
Let’s talk about the award. What
were the reasons for BT’s winning
this award? The BT Radianz Cloud
has been a pioneering platform that
provides low-latency connectivity,
hosting services, and secure
messaging technologies creating
the world’s largest secure, networked financial community. The
breadth of this community spans trading operations from market
data services, to trade execution facilities, to governance, risk
and compliance applications. Now we’ve integrated BT Unified
Trading to incorporate voice, video, and other multimedia as an
application that can be integrated into a firm’s business processes
as readily and naturally as any other data applications. This allows
traders to monitor their algorithms while remaining in constant
communication with customer through voice, video, e-mail, IM,
etc. At the same time, the cloud can link remote trading floors via
high-definition video to give traders a qualitative assessment of
the global trading environment.
bt.com/radianz
bt.com / unifiedtrading
ROUNDTABLE
Risks and rewards
On Thursday, 15 May, FStech (in association with sponsor Adapt) gathered together leading
players in the FS sector to discuss the pros and cons of cloud services. Scott Thompson
rounds up the highlights
Simon Barrows: In terms of where to start, a recurring issue, one
of the big challenges from an industry point of view, from a
supplier perspective and a challenge from a risk point of view for
end users, is cloud security. It’s a case of, convince me that the
whole cloud computing paradigm is secure and I can trust it. And
in the FS sector you have the added consideration of regulation
over and above good business practice.
industry but in other ones, whereby a company will use three or
four cloud services which they integrate into their own
infrastructure. You effectively get the best-of-breed of each
service, you cherry pick your best cloud. That’s one of the
problems with the cloud, there are lots of woolly definitions.
Public, private and hybrid are fine but there are too many people
jumping on the hype. That’s one of the negative sides.
Philippe Chaput: First thing’s first, there are two types of cloud,
the public cloud and the private. So I guess before we go into that
discussion we need to define which one we’re talking about.
Steven Murgatroyd: And you have the distinction between
what is now called cloud but 10 years ago was called outsourcing.
SB: Yes, maybe we should spend a few minutes on the various
definitions of the cloud - public, private, hybrid etc?
James Carnie: Public cloud generally means a multi-tenanted
environment or “shared”, private cloud is a dedicated platform
and a hybrid model is a mixture of the two. Within the definitions
of cloud there are then the commonly known categories of IaaS,
Paas, SaaS and BPaaS, which often form the service providers
portfolio offerings. For example, Adapt play in the IaaS and PaaS
space with a range of platforms across private, public and hybrid
clouds utilising a mix of shared and dedicated environments.
Keith Bucknall: One thing we’ve seen is hyper hybrid, not in this
Attendees:
Simon Barrows, Head of Financial Services, Glue Reply (chairman)
SB: It’s a spectrum of things, from the traditional IT outsourcing
definition at one end through to the public cloud at the other end.
Henry McKeon: To give MoneyCorp’s take on it, we’re a
600-plus people organisation built up over 30 or so years.
Infrastructure wise, we suffered from a major outage after a
flood. We did everything we could to resolve the situation but
that accelerated the move to proper hosting. We took a big
decision to make a large investment, looked at several
companies to partner with and over time we decided Adapt
were the right partner. We’ve been doing a lot of testing and, in
terms of the design of the solution, storage was very important
for us so we looked at several different designs, speed, resiliency
and now we’re making moves to that environment. For me,
Adapt are a good partner. In terms of the cloud, a lot of
people are hesitant but for me it’s about having that availability
out there.
Keith Bucknall, IT Technical Architect, Equity Insurance Group
Philippe Chaput, IT security professional
Mark Child, Partner - Technology Risk Management, Kingston Smith
SB: From an internal stakeholder point of view, if there was initial
resistance how did you overcome that?
Consulting
IT security expert
Anjdeep Gumani, IT security professional
Robert Marshall, Director of Finance and Accounts, Trident Insurance
Henry McKeon, Head of IT, Moneycorp
Steven Murgatroyd, British Computing Society Financial Services
Group
HM: One of the biggest hurdles was the size of the investment. It
was a large sum. It was a case of looking at the growth plans and
strategising. It really was necessary to go to the cloud and buy
solutions to help us accelerate growth, working with Adapt to
make sure we made the right choices. It’s not fully in use yet but
we’re starting to move our core systems over.
Richard Norris, IT Director, Cullum Capital Ventures
Tim Holman, President, ISSA-UK
Stewart Smythe, CEO, Adapt
James Carnie, Head of Solution Architecture, Adapt
PAG E 34
M AY /J U N E 2 0 1 2
SB: You mentioned the process you went through in terms of
choosing a partner. What were the key things that swung it in
favour of Adapt?
HM: Price was important obviously but also the enthusiasm, the
flexibility and the willingness to go places others might not.
Stewart Smythe: Where would you place security?
HM: Security played an important role. We deal with cards so we
have to comply with PCI standards. When we were building this
we wanted a hardened environment. In terms of data security, we
run lots of different end points protection and again we talked
these things through with the architects at Adapt.
Mark Child: Can I throw in the first curveball? It brings a smile to
my face when I hear the term “zero risk strategies.” There is no
such thing as a zero risk strategy in the cloud and I’d go as far to
say there is no such thing as a secure cloud. We have reviewed
numerous organisations and very rarely do you find a cloud
computing contract that is legally permissible. Certainly within
the PCI space we spend a great deal of time considering
mitigating controls because the Data Security Standard (in my
opinion) doesn’t give enough consideration to all aspects of
virtualisation. When we’ve performed audits of virtual estates,
we have yet to come across a cloud provider, whereby we
haven’t identified significant security and/or regulatory failings.
We spend a great deal of time trying to educate clients as
to the associated risks with virtualisation and cloud computing
in general.
SS: By that you mean a shared environment?
MC: No, even in a private environment. Typically we find ourselves
“punching holes” through the logical security arrangements.
Organisations struggle to understand their data and its respective
components; invariably we find that they are unable to advise us
as to where all instances are.
SS: In your experience, do you see a different level of understanding
and appreciation of security risk from an in-house environment
relative to a service provider? Is there more maturity in-house on
these security issues?
SM: It’s interesting you say that. Of the cloud presentations I’ve
been to over the last 12 months, the majority of them have been
presented by lawyers on the basis that most of the technical
stuff can be taken care of but that’s not the case with the legal/
contractual aspects.
MC: Can I just come back to Adapt? How much in terms of due
diligence would you typically expect an organisation to perform
when seeking to enter into an arrangement with you?
JC: It depends on the sort of organisation you’re dealing with. A
FS organisation will typically have a very mature approach to
audit. Even for a public domain platform, a large banking team’s
audit function will crawl all over you. Audits typically comprise of
a series of conference calls, sharing design schematics of the
platform, followed by a long security questionnaire usually based
on ISO 27001. A site visit to datacentres usually follows which
includes inspections of physical security controls.
SS: I’d say we get a pretty rigourous technical audit and a pretty
weak cultural audit.
PC: How many of your customers have said they wanted to use
your services for non-critical data? I believe you have a market for
that out there.
SM: One of the traditional outsourcing tasks that the banking
industry has been doing for years is statements printed by an
outside supplier. How does the information get to the supplier?
Do they put it in the mail or on a disc? It’s still customer data and
it can get lost.
PC: Once you understand the data, then you have the processes
and following on from that you know how you want to
manage and distribute that data in one system or another.
Because not everything is about technology, know what you have
and manage it according to what you need.
MC: It varies, in that in-house staff tend to have a better
understanding of their environment; that said, their appreciation
of the emerging risks/technologies in the logical security space is
often somewhat lacking, it’s not uncommon to find a CISO in
denial. It’s essential that the vendors need to better understand
the regulatory environment and how it affects their clients.
MC: This is the issue we invariably encounter and end
up spending a disproportionate amount of time trying to unravel.
We are engaged by organisations who have entered into what on
the face of it is a pretty reasonable agreement, then we look at
the data and say, you do realise your cloud provider is managing
data that transfers or resides in multiple jurisdictions and
therefore you’re probably in breach with one or more data
protection directives.
SS: OK, so you are breaking security down to a technical aspect,
a regulatory aspect and a cultural business aspect
KB: We have offshore manual processing on certain claims
processes and it’s a case of, what due diligence have you done
M AY /J U N E 2 0 1 2
PAG E 3 5
ROUNDTABLE
there? As a technology department you need to go to the
business and walk them through the data process because they
think data is a technology issue when it’s not.
PC: Exactly. It’s not against the business. It’s a culture change. I see
myself as a security ambassador as I try and explain this to the
business. And in fact they know more than they think they do.
Technology is only there as a support medium, to send the data,
it’s still the business’s data.
SB: If we go back to the definitions (traditional outsourcing
through to private, public and hybrid cloud), I’d be interested to
hear about the limit to which people have gone. Who has gone
the furthest in terms of leveraging the various opportunities of
the cloud as well as managing the associated risks?
KB: SaaS for us, that’s as far as we’ve gone. We’ve just finished a
three year technology strategy where we brainstormed various
ideas, but we stayed away from the cloud even though you could
say the size of the organisation is well suited to it. SaaS for various
types of services, one in particular being email archiving. Another
one would be some sort of internet security.
SB: Is that a true public or private cloud offering?
KB: Email archiving is more of a public cloud service.
Anjdeep Gumani: We are increasing the number of SaaS that we
have. We have various projects where everything is provided as a
SaaS by private companies. It becomes quite difficult because
sometimes the business doesn’t understand the data. Technical
controls are not enough, it needs a change in mindset.
IT security expert: It used to be that, to get into a complex
outsourcing arrangement, our lawyers would sit down with their
lawyers and spend a small fortune producing a 30 page document
neither side was particularly happy with. Now some guy in
marketing with a company card and a few clicks on the internet
can place you in a complex outsourcing arrangement. There was
some interesting research recently which highlighted that 80 per
cent of organisations who thought they weren’t in the cloud were
in fact in the cloud, thanks to some guy buying in a service or
hosting something out there because it was cheaper and faster to
do that and bypass the IT department.
MC: I like to ask, how many of you are on Facebook or LinkedIn?
Do you ever share any work based discussions via
these forums? Yes, we do! So there is a risk that you are
discussing and therefore providing access to proprietary
information in a cloud-based environment. It comes back to
my earlier point, of organisations and individuals not
understanding their data estates and not having appropriate
cloud strategies.
SS: It sounds like, at a board level, the security issue is not a
dominating factor, even in financial institutions?
MC: I’ve worked in information security for a large part of my
career and only come across one organisation (GE) where
information security is flagged as the number one risk to the
whole corporation.
KB: What are the execs doing though, with their iPads and
mobility?
IT security expert: But that’s not proper. Take non executive
directors, people who are entitled to your most confidential
data but are not employees or bound by any of the rules
you can attach to employees. The strategy in most of the
firms I’ve worked in is, let’s print out our most confidential
data and post it to them. As opposed to building some kind
of platform where you can host it with a certain level of security.
That’s considered risky compared to the traditional way of
doing it.
Tim Holman: Post is insured, isn’t it? In the cloud you lose
something you don’t get anything back.
IT security expert: With post you’ve transferred all
the risk.
Richard Norris: Are the cloud service providers’ security any
better or worse than what most people have in their local
environments or is it just comparable?
MC: I think that in many cases it’s probably comparable; that said
I go back to my earlier point that you can “punch a hole” in
anything if you really want to.
RN: So therefore is it even worth debating it, to a certain degree?
KB: Dare I say Dropbox.
IT security expert: When people say, I have nothing in the
private cloud, I think, how did you work that one out?
PAG E 3 6
M AY /J U N E 2 0 1 2
MC: To an extent, other than you have numerous regulators and
the subsequent fines and/or reputational risk you have to
provision for. The challenge as I see it is that it’s becoming
impossible to keep pace with the hackers. Technology is advancing
at such a pace that many organisations simply can’t keep up, but
are under immense pressure to provide their staff and clients with
the latest technology.
RN: Knowledge is their USP, isn’t it?
MC: I’ve just been at the US Embassy and they said they are
seeing on average 450 new malware variations a day, all of which
either have been, or have the potential to be, exploited. On that
basis, how do you advise a client on what’s good and bad in
terms of information security?
KB: On the other side, I was at a presentation at the Cloud
Computing Forum and the point being made by one particular
company was, you can rely upon a cloud provider that probably
has 10/15 security experts, some of whom are ex-hackers.
MC: The reality is that if you have the correct policies
and procedures and have effectively defined your respective
data classifications, there is not a lot of data within an
organisation you really need to protect. As such, assuming
there is an underlying strategy I am actually fairly supportive of
the cloud. I often find myself asking organisations as to why
they are concerned about putting non-critical applications into
the cloud.
SB: Does anyone have a business critical application in the cloud?
Robert Marshall: People are certainly heading that way. But it
begs the question, who is regulating the regulators? Who is
managing what they do? We’re all going down this road and no
one is saying, stop and think, is it to the benefit of anyone?
SM: Basel II operational risk requirements are that you have a
99.5 per cent confidence. Well, even UK power stations don’t
have that. They shouldn’t say, we want you to be as competent
as x because they don’t know who x is. It’s totally unrealistic but,
as far as I can see, no one is pushing back on this stuff.
PC: It’s about showing a maturity in your approach to managing
information. They can’t tell you you are wrong if you do that.
MC: In relation to the EU Data Protection Directive proposals,
whilst the sentiment is applauded, some of the proposals are
simply unworkable and we have already seen a number of
objections raised. Implying that organisations will be fined two
per cent of their annual global revenues for a breach, will have
every major corporation considering the possibility of a dedicated
information security department. Introducing a “right to be
forgotten” requirement is admirable but largely unenforceable
given how data proliferates across the internet. Having to
immediately advise of breaches, when invariably these take time
to come to light and/or in many cases you would want to
investigate and mitigate/remediate prior to notification is likely to
present many organisations with some challenging questions. It’s
about demonstrating appropriate controls.
KB: In a scenario, say you’re in the cloud, IaaS, PaaS, do you guys
have exit strategies? You’ve given all your data over to a provider,
how do you actually get that back? That’s perhaps one thing a lot
of people don’t think about.
JC: Yes, it’s data lifecycle management from start to finish. To
come back to an earlier point, it was said, did anyone put
business critical systems out in the cloud? Pretty much every
customer we’ve got would say the platform we look after
has business critical aspects. We have customers processing
millions of pounds of transactions through platforms that we
host and manage. Not every FS company is that brave, but there
are organisations who will outsource significant critical part of
their estate.
SB: That’s the key. I’ve not heard anything so far this evening
from a security or regulatory point of view saying you cannot or
should not do this. Much of it is about perception and
interpretation. There doesn’t seem to be any inherent reason
once you strip away all the myth and the nay saying, so what’s
stopping people from taking that leap and when will we reach
that tipping point?
JC: When we look at our FS customers pretty much every one of
them bar a few internal IT delivers back end processing, typically
my customer is not IT but the marketing department; typically the
security guys don’t get involved until someone says, “Should we
involve them?” as they haven’t been involved in vendor selection.
Security may not be the marketing department primary focus.
HM: We went live in January with a customer facing payments
and FX platform, which isn’t hosted with Adapt at present but
we will be moving to them. It basically allows customers to
access all their history, make card payments, to deal online
and receive premium rates, the architecture behind what we built
over the last three years was the intelligence system, we then
exposed those services to a web facing application. So the data’s
not actually hosted where the customer facing part is, we
specifically built it that way. But there are risks, nothing’s ever
totally secure.
M AY /J U N E 2 0 1 2
PAG E 37
ROUNDTABLE
IT security expert: If you put locks and bars on your doors and
windows at home, you’re not going to keep out that hypothetical
super cat burglar, but the message you are sending is, my
neighbour is a softer target. That’s the nature of what we do.
SB: What are the key points you will take away from this evening
and how far do you think the cloud paradigm will go?
RM: Mark made some interesting points about regulation. You
need some kind of regulation that keeps pace with technology,
which is changing by the week, and until you have that people
will err on the side of caution.
JC: We are going to get a point where not only people are
looking to outsource, but will also look at the world differently. I
predict that we won’t even consider purchasing physical hardware
from the likes of Dell or HP but you will rent resource on a purely
utility basis. The challenge for us as service providers is to move
with that model, provide a secure service wrap around those
utility services that is customised to our customer’s needs.
TH: If business is moving to the cloud it saves them a hell of a lot
of money and data protection can be an afterthought. Also,
mobile technology is moving forward so quickly any business who
wants to have a mobile optimised website, for instance, will have
to turn to a cloud provider to help them out. Watch the space
from a mobile front. Finally, also watch Microsoft’s vision of cloud
computing. With Office 365 they are making clear moves to put
everything in the cloud.
MC: I love the concept of one big infrastructure centre; hackers
will have a field day! Perhaps we are unduly concerned about
security; let’s face it the younger generation could even be
considered blasé, seeming to be willing to share their most
intimate details in very public forums. You can basically get into
any system if you are desperate enough and have the required
resources. Technology will continue to evolve and who’s to say
that in five year’s time cloud computing may be old hat. I expect
we will continue to see technology consolidated and the younger
generation having been exposed to whatever “pain” may ensue
after a generation of sharing everything, are likely to want
security back at the top of the agenda.
AG: For me the key point would be when my users are going for
the cloud they need to understand what information they are
going to put out there. I would want to see more awareness of
the impact of that and also some sort of standard of the cloud,
clear measures and controls in place, to certify the cloud to,
something like regular independent reviews.
PAG E 3 8
M AY /J U N E 2 0 1 2
IT security expert: The technology’s not new, what is new is
process, the idea that my marketing guy can get himself into a
complex outsourcing arrangement, that’s the bit that is tricky and
fast moving. The big problems are not technology problems,
they’re process, human resources, control problems.
PC: As I said earlier, know what you have. There’s a very strong
marketing push behind cloud but, as you noted, it’s not new.
Know what you need and address it in the way you need it, don’t
be worried about following the flow of everyone else. If the cloud
can provide a level of security, guaranteeing that my data will not
go anywhere, that will give me a level of assurance to deliver
more of my critical data. At the moment, once it’s out there
you’ve lost it and right now I don’t feel there are enough
assurances around that.
HM: It’s inevitable that stuff will start to move out to the
cloud. Data is key and protecting your data as well as process
and control. I expect Adapt to be better than the other guys
and I expect us to be better than the other guys and in that
way you deter people from coming in and attacking you.
Having solutions and a provider who can help protect you from
that and bring some expertise, that’s what we need from
a partner.
SS: As a service provider, I am looking at servicing two
requirements.
Moneycorp’s problem statement as Henry
articulated is my core market – expensive, poor, legacy
infrastructure driving too much business risk. I have to prove that
I have better infrastructure than you guys, strategically invest in it
through time and have a technical and operational capability that
is better suited to managing it. A leading security focus
throughout Adapt’s offering will continue to build confidence in
this market. In terms of additional security requirements specific
to the financial sector, I have learnt that it is for a subset (ten per
cent) of your data. In order to meet these requirements we need
to demonstrate our appreciation of the regulation you face and
open our business up to allow you to see how deeply embedded
security themes are in Adapt’s culture. We also have to work
together on building processes that allow us to adhere to your
specific security standards.
SB: Generally, do you see people with a clear strategy of what
they want to do?
SS: Definitely. No question about that. Most of our customers are
today only offering up a subset of their requirements to service
providers as they build confidence in this way of working and
increasing their business with us as this trust grows.
FS tech
IT
Constant
target
SECURITY
SUPPLEMENT
Features
40 Get the message
As the threat of network attacks intensifies and changes, network
managers are attempting to up their games. But, asks Andrew Williams, is
the message hitting home at board level?
42 Security aware
Paul Golden looks at how the financial services sector is coping in the face
of internal and external data security threats
44 The big fight
Liz Morrell casts an eye over an intensifying cat and mouse game between
financial services companies and cyber criminals
NETWORK
SECURITY
Get the message
As the threat of network attacks intensifies and changes, network managers are attempting
to up their games. But, asks Andrew Williams, is the message hitting home at board level?
T
he financial sector has long been at the forefront of best
practice in combating network security. But the fact
remains that if hackers want to get into an organisation
and are determined enough, they will find a way. So, how is the
threat of network attacks changing? What are the latest solutions
designed to stop them? And are the important messages about
network security getting through to senior managers within the
financial sector?
Network attacks have increased both in numbers and in
sophistication in recent years, representing a growing threat to
financial institutions. However, in spite of the existence of
increasingly sophisticated techniques, Vaughan Jones, regional
director financial services and insurance at McAfee, explains that
many recent attacks on banks have also been ‘rather low-brow,’
public distributed denial of service (DDoS) attacks. Although
these aren’t very technical, they are still effective, and have
resulted in a push to build ‘real solutions’ for how companies deal
with DDoS.
“It’s also forced the security industry to up their game. Most
basic DDoS attacks should not be a huge problem these days
given the solutions that have come out of these attacks,” says
PAG E 4 0
M AY /J U N E 2 0 1 2
Jones. “As long as banks have money, people will continue to
target them. It’s just that now, they have a million ways to do it
with little physical risk to themselves. There’s no need for guns
and masks when the infrastructure is connected to the internet.
The threats themselves haven’t changed, just their prevalence and
complexity,” he adds.
Ron Gula, CEO at Tenable Network Security, agrees, pointing
out that the threat of attack has increased because there are
more people who want to steal information, steal money and
‘make political statements. In his view, although there are always
vulnerabilities and risks with any technology, what has changed
in the past 10 years is a dramatic growth in the number of
different types of ‘bad guys’ that want to perform ‘insidious and
harmful actions.
Meanwhile, Mark Child, partner at Kingston Smith Consulting,
highlights the fact that the threat is continually increasing and
evolving. As technology develops, so ‘new holes in the armour’
are produced. “Not that long ago, mobile phones were simply
used for making calls. Now they hold lots of corporate information,
which is always valuable to someone – and that someone will find
a way to abstract it. The key threats today are memory scraping
the increase, however, is the use of social networking tools (like)
Facebook and Twitter to trick users. It has been noted that
scammers are sending out bogus invitations and message
notifications to LinkedIn users that contain links to compromised
websites,” he adds.
malware, weaknesses in cloud security and mobile devices being
used to access financial accounts,” he says.
Hacktivism
The rise in so-called hacktivism has attracted a great deal of
attention in the last couple of years and is a driving force behind
a number of attacks. Large financial institutions, in particular, are
often the target of attacks because they support some law, policy
or activity that offends the hacktivists. According to Jones, while
many people will argue that hacktivism is nothing new, it has
never been witnessed at such scales and with such a ‘flagrant
disregard’ for legal action.
“Despite plenty of warning in some cases, many targets fell
prey. I think we have learned that when someone says they are
going to attack you, don’t ignore it. This is also changing how
companies think about their image. Some of our clients have
expressed concern that they have recently tried to elevate their
public image, but realise they may have made themselves a
target,” he says.
In contrast, although Child agrees that hacktivist attacks
have been increasing, his view is that they are ‘not generally
targeted’ towards the financial sector. He also points out that
they often tend to be more intent on publicising political
messages rather than penetrating networks for gain. “What is on
The weakest link
In facing up to the threat of network attacks, Jones’s view is that
managers need to start looking at their environment ‘from the
ground up.’ For him, a full assessment of networks, applications,
malware and incident management capability is crucial. “Many
companies often execute security policies without strategy, and
forget the basics with a barrage of ‘new’ solutions appearing on
the horizon. Even if you have a world-class, highly intelligent
team in place, it’s good to validate that the security solutions you
are deploying work like you expect,” he says.
Child believes that ‘by far the most important action’ is to
dramatically increase staff security awareness training. “You can
have all the hi-tech security solutions in place you like, but the
weakest link is always human and that is most frequently the
initial route used to gain the knowledge to facilitate an attack,”
he argues.
He also stresses that Chief Information Security Officers (CISO)
must be far more proactive, highlighting the fact that all too
often they are ‘in denial’ or not willing to relay concerns to the
executive. “I have recently come across some really good tools,
such as FireEye, demonstrating that security vendors are rapidly
catching up with the criminals in terms of effective counter
measures. Unfortunately, more often than not there appears to
be a reluctance on the part of the CISO to go ‘cap in hand’ to the
executive requesting yet more funds to combat what is an
extremely difficult moving target,” he says.
So, broadly speaking, is the message getting across to senior
management? According to Jones, awareness has been elevated
recently because so many household names have been ‘publicly
embarrassed.’ “We can all go back to what we were doing before
and hope it won’t happen to us, but that’s a poor risk mitigation
strategy. The time to do something is when you aren’t under
duress, but proactive security is less popular because it requires an
increased amount of investment,” he says.
Child agrees, rueing the fact that it generally takes a serious
incident to bring home the vulnerabilities that most organisations
face on a daily basis. Until then, he says, there always seem to be
‘more pressing concerns.’
Meanwhile, although Gula believes that network managers are
well aware of the risk, he is far less confident that the message is
getting through to end users and corporate executives. He
highlights the fact that network security managers often need to
spend a lot of time justifying security initiatives and asking for
more monitoring. “A more general understanding of how
attackers target organisations and users without causing a panic
would be good,” he says.
M AY /J U N E 2 0 1 2
PAG E 41
DATA
SECURITY
Security aware
Paul Golden looks at how the financial services sector is coping in the face of internal and
external data security threats
T
here have been some high profile lapses, but it is clear that
financial institutions are going to ever-greater lengths to
prevent loss of sensitive data. Deloitte’s most recent global
financial services security survey (published in 2010) referred to a
‘turning point’ in attitudes to security as the majority of
respondents moved from reacting to threats to embracing new
systems and processes. The consulting firm also found that lack
of resources was the least important barrier to ensuring
information security and that security spend was protected at a
time when many other areas of expenditure were being cut.
The financial services sector has been particularly active in
collaborating internally and with external parties to ensure they
cut through the large amount of data that exists and have the
right information in place, according to Greg Day, security CTO at
Symantec. Andrew Yeomans, board member of information
security group The Jericho Forum and head of security engineering
for a major international bank says larger financial services
companies can draw on considerable in-house security knowledge
PAG E 42
M AY /J U N E 2 0 1 2
and expertise and that there are many firms providing support
and information services to the sector. “The threat from both
internal and external security breaches is carefully considered.
There have been increasing occurrences of malware (software
designed to gain unauthorised access to computer systems)
targeted at retail bank customers, which can also target internal
users and could be used for accessing data remotely.”
The most severe - if not always the most frequent – breaches
are conducted by cyber criminals who can execute targeted
attacks against financial institutions, usually beginning with a
‘spear phishing’ message to trick an employee into downloading
malware and hence gaining a foothold in the financial institution’s
network, explains Andre Stewart, international president at
Corero Network Security.
Staff are often described as the weakest link in security
processes. However, Yeomans says that in his experience,
employees of financial services companies are encouraged to flag
up concerns and generally have a good understanding of
potential threats. “More training would always be welcome, but
information is made available,” he adds.
The power of ‘security aware’ users should not be
underestimated, reckons Dani Briscoe, research services manager
at the Corporate IT Forum.“Companies now acknowledge that
people are the backbone of the organisation and they are no
different when guarding and protecting the data. Visual branding
continues to sell the message to users and provides a daily
reminder of what they are dealing with. Complacency can lead to
accidental leaks and apathy toward the value of the data that is
worked on.” She refers to “effective lines of communication up,
down and across the business” as being important to promoting
the message at all levels as well as keeping the IT security
department approachable.
According to Michael Paisley, head of operational risk at
Santander, maintaining high levels of technical expertise in-house
and continually monitoring external developments in the threat
environment is equally important. “Collaboration between
vendors/system integrators and clients varies by vendor and
product type. There is greater collaboration with the more
specialist products.” All financial institutions are subject to risk
exposures originating externally or from within the organisation,
he continues.“However, the frequency and severity of these risks
are dependent on the context within which the financial
institution is operating. It is therefore critical that appropriate risk
assessments are conducted.”
Paisley explains that the FSA has carried out a thematic
review on data security, which makes clear the expectations
that it has of larger financial institutions - for example,
implementing technical controls that ensure data is only written
to authorised portable storage devices and is encrypted. Yeomans
describes the penalties for failing to protect sensitive data as a
sufficient deterrent to institutions who might be tempted to cut
corners. “Fines generate negative headlines. Even at the sevenfigure level they are not unaffordable, but reputational damage is
a major consideration.”
There are several reasons why financial institutions are
unable to take shortcuts when it comes to data security says
Paisley, a point taken up by Corero Network Security’s Stewart.
“Penalties are not the prime motivation, though they are a factor.
The actual losses associated with a data breach are far more
significant. These direct and indirect costs can include investigative
and remediation costs; downtime; customer notification and
follow-up services; brand damage caused by breaches; and loss
of customers.”
For penalties to be taken seriously they must be enforced,
adds Symantec’s Day. “Forthcoming EU disclosure legislation will
help increase the visibility of incidents where data has been
exposed through malpractice, which will be a positive step
towards discouraging organisations from making similar mistakes.
We must then start to clearly validate and enforce penalties
where controls were significantly below the standard that should
be expected. However, it is also important to differentiate
between breaches that have occurred due to poor security
controls and those that happened even when the right controls
were in place.”
BYOD: security threat
One of the challenges for those charged with securing data in the
financial services sector is that they are effectively trying to
secure a moving target. No sooner do they address one potential
threat than another emerges, one of the more recent being the
use of personal devices at work. In a whitepaper on
communications security within financial services organisations
published in April, Avaya highlighted the trend toward BYOD or
‘bring your own device’, which has forced IT managers in
financial institutions to adapt to the growing requirements of
mobile and remote workers.
A survey conducted by the Corporate IT Forum in July 2011
found financial sector respondents felt that the impacts from
allowing personal devices on to the network were potential data
loss and data theft versus increased employee satisfaction.
Authentication methods are predominantly hardware-based and
often take the form of a small device or token that provides a
one-time password the employee uses to access secure
applications and services. Thomas Bostrøm Jørgenson, CEO at
authentication software developer Encap, claims hardware tokens
are expensive for financial institutions and cumbersome for
employees and that software-based authentication using smart
device technology is a cost-effective alternative.
Stewart recommends that personally owned devices should be
treated as external to the institution and access to financial
information and other sensitive data restricted accordingly.
“Mobile device management, network access control and mobile
security tools should be used to exercise control over the use of
these devices based on policy.”
Financial institutions have discussed the potential security
threat from personal devices, says The Jericho Forum’s
Yeomans. “One solution is to ensure sensitive data cannot
be stored on these devices and therefore cannot be lost if the
device is misplaced. Where data has to be processed there are
products that allow information to be sandboxed, although
there is some trade-off between usability and data security.
However, these products will improve and I expect more
security features to be built into personal devices over the next
few years.”
Simon Rice, principal policy adviser for technology at the
Information Commissioner’s Office (ICO), describes training and
raising awareness as two key components of a data protection
strategy the ICO would expect to see in place at any financial
services organisation. “We would expect any responsible
organisation handling personal data in a heavily regulated
industry to be able to address the risks to personal data posed by
mobile devices,” he concludes.
M AY /J U N E 2 0 1 2
PAG E 43
COMBATING
CYBERCRIME
The big fight
Liz Morrell casts an eye over an intensifying
cat and mouse game between financial
services companies and cyber criminals
C
ybercrime is an increasing risk to any business but throw
in the potential immediate wins from attacking financial
services companies and it’s little surprise that the sector is
one of the most vulnerable. Indeed according to PWC’s Global
Economic Crime Survey, published last November, cybercrime
ranks as one of the top four economic crimes, coming only
behind asset misappropriation, accounting fraud and bribery and
corruption with risks that include damage to both reputation and
company wallet.
And it’s a similar concern for the World Economic Forum which
identified cybercrime as a major risk to the financial services
industry in its annual Global Risks report for 2012. No-one argues
cybercrime is big business but, with attacks largely undisclosed,
judging the scale of the problem is tough. “In financial services
we see very few security breaches reported but we know that are
under constant attack and that some of those attacks are getting
through,” says David Spinks, CSIRS chairman.
In the PWC survey half of respondents in the financial services
industry felt that the risk of cybercrime had increased in the past
12 months compared with 36 per cent for other industries
surveyed. John Yeo, director at Trustwave SpiderLabs EMEA, says
this has prompted a change in thinking. “There has been a
philosophical mindshift in that it’s no longer ‘I’m confident we’re
secured against attack’. The smart ones are saying what do we do
when we are attacked and so are geared up to respond.”
Motivations have changed as criminals have realised the wins.
“We have recently witnessed a clear shift from a for-fun
environment, where hacking and attacks were primarily carried
out to show the hacker outside-the-box thinking aptitude, to a
context driven by profit,” says Dr Lorenzo Cavallaro, professor of
systems security at Royal Holloway Information Security Group.
Nick Staib, security specialist at HSBC and First Direct, also
notes that cyber criminals mean business. “What has changed in
the last five years is we have seen online fraudsters are not just
very organised but are also increasingly clever. Our job is to stay
one step ahead. We don’t see cybercrime as a problem but a
challenge to be met head on.”
Expanding landscape
Companies are increasingly exposed to the threat of cybercrime
because their public arena is now so much wider than ever
before. “In part, the risk of cybercrime is growing due to the
expanding landscape of how organisations conduct business and
PAG E 44
M AY /J U N E 2 0 1 2
engage with customers online, e.g. the rush to mobile applications
to increase online commerce, and in part because of easier access
to tools and techniques used by cyber criminals. This combination
results in low risk, high reward opportunities for fraudsters, who
can be located anywhere in the world with internet access,” says
Kris McConkey, PwC’s forensic technology lead on cyber security.
The increasing adoption of multiple channels of access is also
widening risk. Mobile and social media are two of the most
recent to increase risk with social media particularly allowing
criminals to change tactics. “The sophistication of attacks is
increasing. Where previously you would have someone getting
through via the firewall now the trend is on collection of data and
identity theft,” says Spinks.
This means social media is particularly a problem because of
the rich personal data it can contain. The extent of the risk to
mobile is debatable. Some say it’s a channel that is not yet being
targeted. “Mobile hasn’t been attacked yet and at the moment
apps are limited to people you have paid before so for the
fraudster it is of little interest,” Staib notes. Indeed, he argues
that checking balances and other services via mobile rather than
the internet is actually safer because the individual is not in the
online environment where attacks normally happen.
Cavallaro observes that mobile malware is on the increase and
the channel seems vulnerable as it opens up because the same
protection that PCs share is not available on mobile devices. “The
threat is there. If you look at one of the challenges it is that the
operating system vendors don’t have the understanding of
financial services so the systems aren’t there for protecting
them,” says Thomas Bostrom Jorgensen, CEO at Encap who
argues that multi-factor authentication is a must.
McConkey says financial services companies must get to grips
with the risks. “The pace of mobile adoption has been very
attractive to businesses, but the understanding of risks associated
with the mobile platforms has struggled to keep pace.” Mobile
devices are also opening financial services companies up to the
risk of security breaches amongst employees. “Mobile devices
may generally store a mix of user and company data, exposing
the latter to potential leaks that are not under the company
control anymore,” says Cavallaro.
Yeo agrees: “There is a lot more to be done from a due
diligence point of view looking at how you are storing data, how
it is moving around the environment and whether people have
had unauthorised access”. He highlights his research which
suggests it takes an average of six months for data breaches to
be discovered.
Financial services companies are working hard to combat
cybercrime and to some extent it is working but many describe it
as a cat and mouse game. Typical defence tactics include a shift
towards 24x7 transaction monitoring, browser protection
services, security certificates, malware detecting software and
anti-phishing solutions as well as authentication measures such as
3D Secure for online shopping and dynamic passwords, SMS
passwords, tokens, DAP/CAP technology and transaction signing
for accessing online/mobile banking.
Increasingly customer behaviour is being analysed to discover
anomalies in account use. “We have a fraud engine that is
checking transactions and detects anomalies in behaviour – that
then goes into a fraud queue to be checked,” says Staib.
Response is then key and calls for a managed security provider or
departments that are 24/7.
However, according to McConkey a frightening number don’t
have such access. “More than a third of UK respondents to our
survey said that they have no access, internally or externally, to
forensic technology investigators to provide the rapid response
required when dealing with a cybercrime incident. Having this
‘hotline’ and being able to respond quickly is critical to successfully
mitigating and remediating incidents.”
As well as technology solutions financial services companies
must consider their own business processes too - from training (of
both staff and customers), access controls to monitoring and
reporting – all of which often see a varying level of focus,
according to McConkey. An important key to beating cybercrime
lies in collaboration – sharing risks, threats and knowledge
between banks and financial services companies. Staib says most
banks do work together well on this. Yet McConkey argues such
collaborative approaches must be evident within the business
too. “Big leaps forward can be made if organisational silos can be
broken down. For example, marketing teams often have
sophisticated tools to monitor social media trends and customer
engagement. Security teams would benefit from being able to
apply the same technology in their role.”
Financial services companies must also be very aware of the
risk of insiders within their businesses. “Nearly all successfully
executed cybercrime involves an insider threat. That is most
worrying because I can put all the barbed wire I want around my
building and spend billions of pounds on security but if one of my
employees has the keys to the IT system and gives them to
someone else then all my defences have been breached,”
comments Cavallaro.
Of course, the harder the challenge the more likely cyber
criminals will divert their attentions elsewhere and this means
that financial services companies should pay particular attention
to weaker links in their supply chain and running due diligence on
third party suppliers. “The PwC survey shows that cybercrime and
fraud more generally is on the rise at small and mid size
companies,” says McConkey.
Yeo adds: “Across our caseloads we looked at who was
responsible for systems administration of those breached and in
the majority of cases (76 per cent) it was a third party that was
compromised,” he says, suggesting that the trend to cloud
computing may further the risk.
Cybercrime is big business and its perpetrators operate in a
parallel industry of their own. “There is no question that
cybercrime activity has become increasingly organised, innovative
and focused,” says McConkey. “Advanced cyber threat groups
are patient, they invest heavily in the research and development
of custom malicious code and clever means to exfiltrate data.
They have internal hierarchies, technical training and target lists
in much the same way that large enterprises do, and they are
methodical and persistent.”
Cavallaro backs this up: “It’s like managing a real-world
legitimate business. You have exploit kits to make up for the
technical skills you may miss out and, if someone doesn’t have
the in-house knowledge to develop a service (e.g., infecting
hosts, writing sophisticated malware), than, this can be purchased
on the internet by other cyber crooks.”
Cybercrime is constantly evolving. In the same way that
technology advances are reshaping how the financial services
industry operates and the services it offers to customers, so
increasing computer power is also opening up the ability for
attack. It seems the cat and mouse game between the two
parallel worlds will continue for some time yet.
M AY /J U N E 2 0 1 2
PAG E 4 5
DIARY
Coming up
04-05 July: TradeTech DACH
23-25 April 2013: Infosecurity Europe 2013
Location: Germany
Website: www.wbresearch.com/tradetechdach/
Location: London
W: www.infosec.co.uk
24-26 September: Business Analysis Conference
Europe 2012
FStech roundtables
Location: London
Website: www.irmuk.co.uk/ba2012
26 September: FStech Social Media Roundtable
Location: London
17 October: FStech Retail Banking Roundtable
Location: London
24 October: 2012 Retail Systems Awards
FStech hosts a number of exclusive roundtables throughout the
year, attended by leading industry figures. Past topics have included
payments, IT security, mobile, fraud and datacentres. The roundtable
discussions last for 90 minutes and are followed by a three
course meal and networking opportunities. They also receive
editorial coverage in FStech, both in the magazine and online.
For enquiries about attending our roundtables, please contact
Hayley Kempen at: [email protected]. Or on: 020 7562
2414.
For sponsorship enquiries, contact Sonia Patel at: sonia.patel@
fstech.co.uk. Or on: 020 7562 2430.
Location: London
Website: www.retail-systems.com/awards
29 October - 01 November: Sibos 2012
Location: London
Website: www.sibos.com/osaka.page
01 November 2012: FStech/RS Payments Conference
Location: London
W: www.fstech.co.uk/payments
28 March 2013: 2013 FStech Awards
Location: London
W: www.fstech.co.uk/awards
16-18 April 2013: TradeTech
FS tech
FS tech
Location: London
Website: www.wbresearch.com/tradetecheurope/Home.aspx
Got an event to publicise? Send the details to Scott
Thompson, Editor, FStech at: [email protected]
Further information on industry events at www.fstech.co.uk/events
Now available:
Free FStech iPhone app
Featuring
The latest financial technology news; FStech
features looking in depth at key issues; Whitepapers
on new and emerging technologies
Just search for ‘FStech’ in the app store
awards 2011
Keep up to date with the latest issues affecting the
financial services technology sector with FStech magazine.
Every edition of FStech looks at the issues that you should
be considering, with unrivalled news and comment on the
regulations, trends and technologies affecting your business.
So don't miss out – subscribe today to ensure you receive
every issue!
Simply complete the form below or call 020 7562 2424.
DONT
MISS AN
ISSUE!
Invoice Details:
I would like an annual subscription to FStech
Name .......................................................................................................
rPlease invoice me
Job title ...................................................................................................
rPlease find enclosed a cheque for
Company Name ....................................................................................
Address.....................................................................................................
£149 (UK)/£179 (Rest of world)
rPlease debit my Visa/Mastercard/Switch (Amex not accepted)
....................................................................................................................
....................................................................................................................
r£149 (UK)
r£179 (Rest of world)
Postcode .................................................................................................
Tel .......................................Fax................................................................
Card no..................................................
....................................................................................................................
Expiry..................................................
Email ........................................................................................................
Valid from...................Issue no (Switch only) ..........................................
Delivery Details:
Signed ...................................................Date..................................................
Name ........................................................................................................
Job title ...................................................................................................
Please return your completed form to:
Company Name .....................................................................................
Address.....................................................................................................
FStech Subscriptions
....................................................................................................................
Perspective Publishing
....................................................................................................................
Sixth Floor
Postcode .................................................................................................
3 London Wall Buildings
Tel .......................................Fax................................................................
London, EC2M 5PD
Email ........................................................................................................
or call 020 7562 2424
COMMENT
Spotlight on SEPA
Majid Moujane, payments specialist, Callataÿ & Wouters, discusses the latest SEPA
developments
T
o avoid regulation in payments, the European banks
represented by the European Payments Council (EPC)
developed the Single Euro Payments Area schemes
(SEPA), starting the SEPA Credit Transfers services (SCT) in
2008 and SEPA Direct Debits services (SDD) in 2009. The
European legislator supported the initiative by creating the
harmonised legal environment through the Payment Services
Directive 2007/64 (PSD) and regulation 924/2009 on
cross-border payments. Facing the slow adoption of the
EPC schemes and standards, the payment stakeholders asked
legislators to give clarity to the project by setting an end date
to the usage of existing national schemes for credit transfers
and direct debits in Euro in the SEPA area. This resulted in the
introduction of the regulation 260/2012 in the European
Union official journal. The regulation sets an end date but also
establishes technical and business requirements for unionwide credit transfers and direct debits in Europe.
Many European countries have now migrated a critical
mass of their credit transfers to SEPA, however the changes
required for direct debits are larger and more complicated. I
fear that corporates could delay as they may feel that the SDD
products are not mature enough and will still evolve in the
coming years. So where do the key differences in SCT and
SDD lie? With credit transfers the EPC scheme is compatible
with the new regulation except for the (BIC) Bank Identifier
Codes. EPC SCT rulebook requires that Payment Service Users
(PSU) must give IBAN and BIC, whereas in the new regulation
only the IBAN would be required from the PSUs. Early movers
having already collected IBANs and BICs for the accounts they
pay to, or the accounts they collect money from, can
continue using them until the EPC takes a decision
and makes eventual changes to the rulebooks and
implementation guidelines.
For direct debits, the requirements from the European
legislator as expressed in the PSD and the new 260/2012
regulation do not exactly match with the EPC SEPA direct
debit schemes. The PSD stipulates that the debtor has the
right to refund if the authorisation didn’t specify the exact
amount of the payment transaction and the amount collected
exceeds the amount the payer could reasonably have
expected, taking into account his previous spending pattern.
The SDD Core scheme foresees a no-questions-asked refund
procedure available within eight weeks of the debit date.
Regulation 260/2012 gives the debtor the rights to
unconditional refunds and adds some supplementary rights to
protect the debtor. With the new regulation the payer
received the following additional rights: Right to instruct its
PAG E 4 8
M AY /J U N E 2 0 1 2
Payment Service Provider (PSP) to limit a direct debit
collection to a certain amount or periodicity or both; Right to
block any direct debits to the payer’s account; Right to block
any direct debits initiated by one or more specified payees;
Right to authorise direct debits only initiated by one or more
specified payees.
In the current official versions of the EPC SEPA rulebooks it
is not possible to specify the amount and or the periodicity
and only the first right of the list mentioned above is foreseen:
the SDD scheme stipulates that a debtor has the right to
instruct the debtor bank to prohibit any direct debits from his
account. In the near future (no later than 1 November) a
proposal for revision of the PSD will be announced by the
legislator and we can expect it will take into account the
rights and obligations set in the new 260/2012 regulation and
the prevailing market situation. We can also expect changes
to the EPC SDD core scheme or the release of an additional
SDD scheme to cater for the non-covered requirements of the
new regulation 260/2012. Two years before the end date of
legacy credit transfers and direct debits in Europe and four
years after the go live of SEPA we are still facing changes both
from the legal point of view and from the banking payments
schemes’ definitions. The new regulation clarified the
necessity to move to union-wide European payments but at
the same time introduced additional business requirements
that will bring changes to the SEPA schemes. The expected
changes may have an impact on corporates, banks and payment clearing and settlement infrastructures. The challenge
for the payment industry is to adapt the rules and the systems
and accelerate the transition to SEPA payments by designing
attractive, secure and cost-effective payment products for
payees and payers. Success relies on the capability of banks to
offer services that take the legal requirements as a minimal set
of rules to comply with and not as the final aim of their
payment services and products. Above the core activities of
credit transfers and direct debits processing, banks need to
offer additional optional services that improve the consumer
and the enterprise experience. Adequate payment products
meeting customers’ needs and standardised at the level of the
European single market are the two conditions that will allow
the SEPA countries to reap the expected benefits and give
Europe the lead it aims to have in the payments field. Some
countries are already proposing additional improvements to
payment instruments and payments solutions which suggests
this will be the next focus amongst banks and legislators, as
they begin to assess whether regulation is required to ensure
more creativity and consumer protection.
FS tech
FS tech
Don’t miss out
To be kept up-to-date with the latest news, views and issues
affecting financial services technology, sign up for our FREE weekly
email news alert straight to your desktop.
Sign up at:
www.fstech.co.uk
letters to the editor
LETTERS
PAG E 5 0
M AY /J U N E 2 0 1 2
PAPERLESS THE WAY TO GO
suffering cash flow issues, this near real-time payment
As the cost of postage soars, businesses need to be
model is compelling. There is no need to worry that
thinking carefully about how much post the finance
the cash will not be available to fulfil the payment in
department is mailing out. Too many organisations are
three days; or to hope that customers’ payments will
still reliant on print, photocopy, post and manual filing
have arrived in time. The payment can be authorised
of paper documents. Yet with Britain now officially in
based on current funds. It also provides an excellent
a double-dip recession, businesses need to realise that
disaster recovery solution. If an organisation’s Bacs
a paperless strategy in the finance department can
payment fails for any reason, having the Faster
deliver significant savings. Electronic creation, delivery,
Payments option ensures payments will still be made
authorisation, storage, management and processing of
on time, avoiding the dangers of negative publicity,
financial documents will not only significantly reduce
disgruntled employees and disenfranchised suppliers.
business postage costs, but it will also eliminate
Of course, Faster Payments is more expensive per
manually-intensive admin tasks whilst freeing-up filing
transaction than Bacs. Organisations will continue to
cabinet space and supporting environmental policies.
use Bacs for predictable payments such as accounts
The reduction in manual intervention and streamlined
payable and permanent payroll. The key is to ensure
authorisation will enable businesses to focus attention
the business can alternate between payment
just on exceptions, minimising time spent answering
mechanisms as appropriate to support business needs
queries, searching for invoices and tracking
from a single platform. The ability to move between
authorisation across the organisation. By tightly
Bacs, Faster Payments, international payments and
integrating document management technologies with
even cheques from a single platform using the same
financial systems, organisations have the ability to
security, workflow and validation controls delivers a
reduce their postage costs, transform business
new level of payment flexibility to UK businesses that
effectiveness, impose far greater control and, typically,
could prove critical.
achieve ROI within six months.
Richard Ransom, Bottomline Technologies
Gary Waylett, Eclipse Group
SECURING MOBILE BANKING
THE FASTER PAYMENTS OPTION
Many banks have responded to the threat of fraud by
As organisations, especially SMEs, struggle with
introducing technological security measures while
escalating payment delays and poor access to capital,
protecting customer accounts. The past decade has
payment flexibility is becoming critical. The ability to
seen a massive rise in internet banking and mobile
exploit multiple payment options, including Faster
banking is now hot on its heels. While mobile is not
Payments, is becoming a key tool in improving cash
without its own set of security challenges, it is also
flow and minimising business risk. Faster Payments has
providing new opportunities when it comes to
seen significant growth amongst consumers since it
securing internet banking – used correctly, these
was launched in 2008. In 2010, 426 million payments
measures can maintain or enhance the customer
were processed with a total value of £164.2 billion.
experience and are readily accepted by the consumer.
However, with no bulk facility, the Faster Payments
Two factor authentification is increasingly common,
service has had limited corporate appeal, being used
however many customers are finding the need to use
as an occasional one off payment mechanism to
a separate standalone device, which can be a
address a specific issue. Now, with one bank in the UK
significant inconvenience. In order to combat this,
offering the service specifically designed for corporate
surely the obvious approach is to provide an app for a
customers there is a chance for businesses to leverage
mobile device which can act as a ’secure key’? This
this payment method to improve control and maximise
would be significantly more convenient as most
cash flow. The key difference with this corporate
people are more likely to carry their mobile with them.
service is the ability to make bulk payments in the
An alternative approach is to utilise mobile banking to
same way organisations use the Bacs payment service.
authorise the internet banking transaction. As well as
However, in contrast to Bacs, which has a three day
being convenient, this provides additional security
lag between sending a payment request and the
benefits. The use of a mobile app could help maintain
payment being made, Faster Payments occur within
security, while improving customer acceptance of
two hours. And, unlike Bacs, the service provides
security measures by providing an alternative to the
organisations with a complete reconciliation of the
established two factor authentification methods.
payment file within 30 minutes. For any business
Jason Woodfield, IPL
Letters to the Editor should be emailed to: [email protected]
PROFILE
Keeping control
Scott Thompson meets ExactTrak’s Norman Shaw and discusses his company’s
“unique” USB memory key, Security Guardian
A
ccording to the latest Internet Security Threat Report
released by Symantec, lost or stolen devices (USB
sticks, laptops, smartphones and tablets) accounted
for 34.3 per cent of global data breaches, making it the
largest category. Theft or loss of these devices accounted for
18.5 million exposed identities.
For financial institutions, the implications are far reaching,
including the threat of hefty fines and reputational damage.
Step forward ExactTrak, which has developed Security
Guardian, pitched as the only USB stick that provides the
ability to control the use of data and securely delete it
remotely. After four years of research, development and
piloting schemes, the product, available with either 16 or
32GB storage, became commercially available earlier this year
and managing director, Norman Shaw, believes it is perfect
for the heavily regulated financial services sector. ExactTrak,
of course, is not the only outfit operating in this area. Let us
not forget the heavyweight partnership of Imation and
IronKey, announced last year. But Shaw argues that his
company has found a niche. ”IronKey have a good product,
so why produce a rival one when you can take it to the next
level? This is completely unique,” he says.
The press release for Security Guardian sells it as the ‘Fort
Knox of USB memory sticks’ although there is more to it than
that. The tracking element is also hugely important. No
access to the internet is required for this. Security Guardian
has integrated GPS and GSM, allowing for accurate position
information in the case of loss. Supporting the remote units
is a cloud-based management console, hosted on Fujitsu’s
Global Cloud Platform, that provides a verifiable audit trail of
how, when and where the data is accessed as well as all
necessary information to satisfy the most stringent data
security legislation. And for those users who become uneasy
at the thought of a Big Brother society, ”you can turn it off if
you don’t want people to know where you’re going.” Shaw
adds: ”It’s not a glorified tracking device, however. It’s
designed around the data, not tracking. It also enables
organisations to set location-specific policies governing their
operation.”
And that’s why he feels the product could make waves in
the financial services sector, with Shaw claiming interest from
several companies who have to stay compliant with data
handling regulations and need to prove they remain fully in
control of their data, even when it is not in their immediate
proximity. Up until this point, many of the high profile data
breaches have come courtesy of the public sector, but, as
Shaw points out, ”they have to report it, the private sector
doesn’t.” That’s all about to change, though, as mandatory
disclosure for the financial services sector is set to start at the
end of the year. With EU Data Protection Directive proposals
looking to drive a more data-centric approach to information
security, the time could be right for a product such as Security
Guardian.
It’s sold as a service, however, not a product, the
aforementioned partnership with Fujitsu meaning its Global
Cloud Platform hosts the back-end infrastructure. It weighs in
at £300 a year per device for the first year, with the price
dropping in the second year. Add ons, such as location-based
services, cost extra. As his company doesn’t sell directly, Shaw
is on the lookout for resellers. ”Companies like Fujitsu who
provide that managed service. It probably wouldn’t be
attractive to the smaller reseller.”
BYOD challenges
So, where to next? The product is moving beyond proof of
concept trials, which have involved a leading global bank, an
oil company, two Formula 1 teams, a system integrator for
the defence sector as well as central and local government
services. Although he is currently unable to reveal names,
Shaw talks of ”extremely positive” feedback and interest
from financial services companies.
ExactTrak has also developed a BYOD version of the stick
which ensures that corporate data and private data are held
separately. This only allows the user to access the corporate
network via a secure portal. Although implementing a clear
policy around workers using personal devices for work-related
purposes, including compulsory password protection, is a
good idea, it still has weaknesses as it does not account for
workers losing their device, and many companies simply do
not know how many devices are being used to access
corporate data, as the enterprises are so large.
Security Guardian uses GPS so that if a loss occurs, location
is possible. It is implemented as a service whereby no device
will be able to access corporate data unless the Security
Guardian key is being used. This ensures that IT managers are
aware of exactly how many are accessing the corporate
network and no one will be able to access the network
without their knowledge. By issuing all staff with a key, IT
managers can see where all devices are at all times. You can
turn off the data so that if a device and key are lost, the data
cannot be accessed.
Shaw concludes: ”Essentially Security Guardian removes
the biggest threat to data caused by BYOD and that’s
human error.”
M AY /J U N E 2 0 1 2
PAG E 51
COMMENT
Constantly changing
The banks’ battle to adopt digital channels is proving to be a double-edged sword.
Ken Cregan, financial services principal at Capgemini Consulting UK, looks at the
changing relationship between banks and their customers in the UK
I
n these uncertain times, digital solutions present both an
opportunity and a threat for banks. While there is the
potential for the sector to develop stronger relationships
with its customers through digital channels, it also faces
major challenges from the new, more nimble entrants such as
Google and PayPal, who are seen to be delivering customer
centric mobile solutions at a much faster pace.
For customers, banking through digital channels presents
the opportunity to manage their money at their convenience,
increasingly through mobile devices. This year’s World Retail
Banking Report from Capgemini and Efma predicted that
mobile would overtake desktop as the primary window
through which to view our finances by 2015. The report also
identifies services, fees and ease of use as the key drivers
for loyalty.
Mobile is a key focus area, for all the right reasons.
Research has shown that 70 per cent of respondents in a
banking survey believe it will increase or significantly increase
customer satisfaction. This is in conjunction with the view
that it will potentially reduce overall costs by five per cent
while increasing revenue by seven per cent. Align this with
the predication that mobile will soon overtake desktop as the
leading web access point and you see why there is so much
effort attention being paid to this space.
The move towards digital entails big changes for both
banks and customers. Digital will become the primary
channel for transactions, and the key window into enabling
customers to manage their money, taking away a significant
current role for branches. For customers, this gives us the
ability to manage our money at our ease, anywhere, anytime.
Customers’ expectations of what banking should be like in
the digital space are being shaped by their positive experiences with Apple, Amazon and others but frequently not met
by the actual experience they are having with their bank.
Banks have a number of structural challenges to overcome
in order to meet these expectations. Internal systems and
operating models restrict their ability to deliver new digital
offerings at speed, with timescales of 18-36 months from
idea to delivery being normal. In fact, these timescales are
being regarded as outstanding in some cases.
Almost without exception innovative digital proposition
development is a weak area. Innovation and delivery engines
need to be created, enabling banks to define new services
rapidly in partnership with technology providers and with
customers. Sadly their traditional governance and business
PAG E 52
M AY /J U N E 2 0 1 2
processes make this very difficult for them to actually achieve.
The digital space is constantly changing, with new offerings
and technologies emerging daily. Banks are currently playing
a dangerous game whereby, because of their inability to
innovate at speed they are evoking a ‘fast follower’ strategy
and trying to play catch up by creating and launching their
own branded version of the innovation. This, of course,
assumes that they are geared up and capable of delivering on
a fast follower strategy – generally they struggle to do this
too. If they are going to be ‘fast followers’ it’s important for
banks not to underestimate the capabilities required. To
satisfy growing customer expectations they will need to be
able to respond rapidly, in digital time, to changing
technological advances.
There is also the external threat being posed by the entry
of non-banking entities. These are seeking to take advantage
of mobile’s ubiquity and convenience to offer banking
services, and take ownership of the window into the digital
banking space, and on services such as payments. The
importance of this can’t be underestimated. This is the fight
for the customer relationship, and the data associated with
their transactions.
However, it is not all doom and gloom as changes are
underway. New deliver capabilities are being developed
(albeit slowly), both internally and through partnerships with
niche technology providers and telcos. Banks are launching
new solutions. Lloyds Banking Group in the UK, for example,
is using near field communication (NFC) to support
contactless payments at the 2012 Olympics through
special-edition phones commemorating the games. ING
Direct, meanwhile, offers mobile payments that occur when
individuals tap their phones together via “bump” technology,
and Barclay’s offering Pingit allows users to send and receive
money using their mobile number. Commonwealth Bank in
Australia, meanwhile, is using crowdsourcing to integrate
customers into the innovation process.
It’s also being acknowledged that the manner in which
banks and customers interact is changing with some banks
taking the first steps towards repurposing the branch
networks to support a more advisory than transactional role.
The day when branches support the digital channel may not
be that far off.
Whether the banks or consumers like it or not, digital
banking will drive significant change in how we manage
our money.
awards
Celebrating Innovation
Wednesday 24 October 2012
Lancaster London Hotel
Now open for entries!
Deadline for entries: 27 July 2012
E
E
R
F
TO R
TE
N
E
The Retail Systems Awards, now in their seventh year look to recognise excellence and innovation
in the field of information technology within the UK retail sector. They present an opportunity for
organisations to gain the prestige of public acknowledgement as being the leader in their field.
The awards are FREE to enter and there are 20 categories to choose from. An extensive panel of independent judges will meet to decide the winners, which will be announced at a black tie awards gala
dinner and ceremony on the 24 October 2012 at the prestigious Lancaster London Hotel, a night
of networking and celebration. Book your table early to ensure a prime position in the room at the
networking event of the year.
ENTER ONLINE NOW:
www.retail-systems.com/awards
Sponsored by
CTORY OF
chDK EI RYEFS
FS tech
tech
P L AY
ERS
ch
FS tech FS tech
ch
CALL
0 2 0 7 5 6 2 2 4 3 0 S O N I A . PAT E L @ F S T E C H . C O . U K FA X 0 2 0 7 3 7 4 2 7 0 1
OR 020 7562 2429 [email protected]
To make the directory section as easy as possible to use, we have added an index of headings below. These are listed alphabetically in order for you to find
the products and services you are looking to source.
•
•
•
•
•
•
•
•
call centre technology and applications
core banking and payment solutions
data warehousing and data analytics
erp / business solutions
international address management
it infrastructure solutions
it security solutions
management solutions
•
•
•
•
•
•
•
mobile voice recording
payment efficiency and risk solutions
payment efficiency
payment solutions
retail banking and consumer finance
telecoms provider
voice over ip
CALL CENTRE TECHNOLOGY AND APPLICATIONS
Business Systems (UK) Ltd
5th Floor
No 3 London Wall Buildings
London Wall
London
EC2M 5PP
T: 0800 458 2988
W: www.businesssystemsuk.co.uk
E: [email protected]
Business Systems provides voice, mobile, screen and VoIP recording and analytics
Red Box Recorders Ltd
The Coach House
Tollerton Hall, Tollerton
Nottingham NG12 4GQ
Red Box brings simplicity to digital recording, with flexible solutions that are easy
to specify, install and manage.
We focus on voice and data capture: Red Box software solutions cover
everything from storage and event logging, to retrieval, playback and analysis.
Our latest products incorporate web-based interfaces for worldwide access to
replay, configuration and maintenance.
We have over 20 years' experience and a strong reputation for innovation.
Little wonder, then, that Red Box solutions are used in over 120 countries.
Tel: +44 (0)115 937 7100
Fax: +44 (0)115 937 7494
email: [email protected]
www.redboxrecorders.com
solutions to financial institutes. These solutions enable regulatory compliance,
transaction verification, dispute resolution, fraud and market abuse detection, liability
prevention and order confirmation. Founded in 1988 the company has built an impressive
'one-stop-shop' reputation for implementing complex projects on time, offering
independent advice and 'best fit' solutions supported by a strong maintenance and
service offering. Over 40% of City institutions rely on Business Systems for their voice
recording requirements.
CORE BANKING AND PAYMENT SOLUTIONS
FIS
FIS delivers banking and payments technologies to over 14,000 financial institutions
in more than 100 countries worldwide. We are proud to provide core banking, card
T: +44.1923.710.123
W: www.fisglobal.com
management and transaction processing services to forty of the top fifty global
banks, including nine of the top ten. FIS is a member of Standard and Poor's (S&P)
500® Index and is ranked the world’s number one overall financial technology
provider in the FinTech 100 rankings. Headquartered in Jacksonville, Florida, FIS
employs approximately 30,000 people on a global basis. For more information about FIS,
our products and services contact us on +44.1923.710.123, email [email protected] or visit fisglobal.com
DATA WAREHOUSING AND DATA ANALYTICS
Kognitio Ltd.
3A Waterside Park
Cookham Road
Bracknell
Berkshire
RG12 1RB
Tel: 01344 300 770
Website:
Kognitio is at the forefront of Business Intelligence, Data Analytics and Data
Warehousing. By coupling high-speed, analytical database technology with
industry-leading skills and services Kognitio empowers financial companies
to undertake activities such as; customer loyalty, credit and risk management,
compliance reporting, competitive edge retention, product pricing and profitability
analysis. With their award-winning relational database (WX2) and bespoke
technical solutions Kognitio WX2 gives financial organisations the ability to turn
their raw data into valuable business insight - fast.
D I R ECTO RY O F K EY PLAYE R S
CALL
ERP
/
BUSINESS SOLUTIONS
DataFlux enables organisations to analyse, improve and control their data through
DataFlux
Enterprise House
1-2 Hatfields
London
SE1 9PG
an integrated technology platform. With DataFlux enterprise data quality and data
integration products, organisations can more effectively and efficiently build a solid
information foundation that delivers a unified view of customers, products, suppliers
or any other corporate data assets. A wholly owned subsidiary of SAS (www.sas.com),
DataFlux helps customers rapidly assess and improve problematic data, building the
foundation for enterprise data governance, compliance and MDM initiatives. To learn
more about DataFlux, visit www.dataflux.com.
INTERNATIONAL ADDRESS MANAGEMENT
Grand Union House
20 Kentish Town Road
London
NW1 9BB
T:
F:
E:
W:
+44 (0) 20 7428 1255
+ 44 (0) 20 7267 2745
[email protected]
www.capscan.com
Capscan is a leading supplier of UK and international addressing
software. Our addressing solutions enable you to capture, verify and
enhance name and address data, and are compatible with solutions from
Microsoft, Siebel, Oracle, SAP and Unisys. Capscan's flagship product,
Matchcode, is available as a stand-alone programme for data capture, a
web-based tool for online data capture and as a tool for batch cleansing
of commercial databases. Matchcode can be integrated with Ordnance
Survey data sets to allow mapping and logistics rationalisation. Capscan
also supply rapid addressing and mailsorting solutions, as well as a
competitive bureau service.
IT INFRASTRUCTURE SOLUTIONS
telephone: (0)1895 202 781
website: www.axway.com
Axway provides industry leading solutions to banks, corporates, ACH's, regulators and
service bureaus that enables the exchange of financial data and transaction
processing. Axway's Financial Exchange (FEX) solution offers a broad range of
functionality, including community management, multi-enterprise collaboration and
process management.
More than 350 financial institutions now have better visibility, security and control over
their financial data exchanges helping improve customer service and operational
efficiency and in turn gain competitive edge.
Axway has deep expertise in the financial services infrastructure and security arena,
having authored or co-authored such protocols as PeSIT, AS2, and Secure Sockets
Layer (SSL). Axway's solutions are SWIFT-certified, and are compliant with IS0 20022,
SEPA, NACHA IAT, FIX and BAI.
IPL
Eveleigh House
Grove Street
Bath
BA1 5LR
T: +44 (0)1225 475 000
W: finance.ipl.com
IPL – Big Enough to Trust, Small Enough to Care
IPL creates competitive advantage for Financial Institutions from Central Banks and
National Regulators to the world’s largest Building Society. Put simply, we have an
unparalleled pedigree of delivering high quality IT Software and Business Consultancy
solutions within the most complex, highly secure and regulated environments. We
facilitate advances in organisation’s data lifecycle management strategies by improving
data quality, data integration and data governance practices.
We have recently delivered Nationwide’s new online banking platform and its
underpinning multi-channel framework.
IPL – welcome to our world of intelligent business.
ORACLE
Oracle Corporation UK Ltd.,
Oracle Parkway,
Thames Valley Park (TVP),
Reading,
Berkshire.
RG6 1RA.
Tel: 08708 768711 or 01189 240000
Wesbite: http://
aHARDWARE AND SOFTWARE
ENGINEERED TO WORK TOGETHER
Increased regulatory pressures. Complex global operations. Rising demand for
innovative customer service. To meet all your business challenges, Oracle for
Financial Services delivers a powerful combination of technology and
comprehensive, preintegrated business applications, including key functionality
built specifically for banking and capital markets organizations.
• Oracle is #1 in Financial Services customer relationship management
• Oracle is #1 in Financial Services human capital management
• 20 of the 20 top banks run Oracle
CALL
IT SECURITY SOLUTIONS
Assuria Ltd
Reading Enterprise Centre
The University of Reading
Earley Gate, Whiteknights Road
Reading
Berkshire
RG6 6BU
Tel: 0118 935 7395
Web: www.assuria.com
Tel: +44 (0)118 953 3000
Website: www.entrust.com
Assuria provides Cyber Security software solutions which deliver security intelligence
and information security control to hundreds of government and commercial
organisations in more than 40 countries worldwide.
Assuria protective monitoring solutions provide complete visibility of all IT system
activity across the enterprise, by controlling and analysing security and audit logs from
almost every system, application and device in the entire IT network, as well
as providing configuration assurance; in-depth assessment of system configurations,
patch states, components, users, privileges, file permissions, standards compliance,
status of security controls and potential vulnerabilities. In other words, assurance
that systems are in a 'known and trusted state'.
With systems correctly configured and security intelligence being gathered, Assuria
change monitoring allows automated monitoring for any changes which could
introduce new risks.
Entrust (NASDAQ: ENTU) secures digital identities and information for consumers,
enterprises and governments in more than 1,700 organizations spanning 60 countries.
Leveraging a layered security approach to address growing risks, Entrust solutions help
secure the most common digital identity and information protection pain points in an
organization. These include fraud detection, authentication, SSL, shared data protection
and e-mail security.
Entrust provides the widest range of cross-channel, multifactor authentication methods
available in the market today. In addition, its zero-touch transaction monitoring solution
identifies fraudulent behavior and patterns before damage occurs.
For more information, please visit http://www.entrust.com/.
Pirean
Faretec
Carnac Court
Cams Hall
Fareham
Web: www.pirean.com
Telephone: 0845 226 0542
Greg White
Head of UK Finance Sector
Enterprise Security &
Availability Solutions
Symantec Corporation
www.symantec.com
Office: +44 (0) 7795 114333
ValidSoft (UK) Ltd
9 Devonshire Square
London
EC2M 4YF
United Kingdom
T: +44 (0)20 3170 8125
www.validsoft.com
Pirean Access: One - E-Commerce Security
Access: One is a comprehensive authentication and fraud detection platform
that monitors and authorizes customer activity based on risk levels, policies
and customer segmentation.
With Access: One you can easily secure customer activity from login to logout.
Access: One supports a variety of authentication and authorization technologies
to provide:
• Transaction authentication and authorization
• Challenge questions and Knowledge-based authentication (KBA)
• Multi-factor authentication (hardware, software and Out-of-band tokens)
• Transaction signing
Visit http://www.pirean.com/technology/access-one/.
Symantec is a global leader in infrastructure software, enabling Banks and Insurance
to protect their information and interactions in a connected world.
Symantec provides proactive Security Solutions to help Financial Institutions protect
information at all layers of their IT infrastructure from removing the threat of virus
attacks up to detecting internal fraud, Symantec covers all IT security aspects like:
• Securing end user systems and interactions
• Managing Threats and vulnerabilities
• Managing Security Incidents
• Increasing Internet banking security
• Detecting fraud
• Managing IT Security Compliance
ValidSoft Limited provides the world's leading telecommunications-based authentication
solutions. Our cutting-edge technology presents the only integrated product set that
provides both card-based and electronic fraud prevention solutions. Validsoft's
solutions include real-time proximity-based card fraud detection (VALid-POS®), as
well as Internet Out-of-Band Man-in-the-Browser protection, Mobile based transactions
and Voice Verification for Telephone Banking through its VALid® solution. It is also the
first commercially available four-factor authentication solution through the combination
of its own proprietary voice biometric technology coupled with Proximity Correlation
Analysis. The solutions are designed for mass markets, in a highly cost effective
and secure manner, yet are easy to use, intuitive and leverage the most ubiquitous
devices available. ValidSoft is the only security software company in the world to be
awarded the European Privacy Seal for their product, VALid-POS®, which certifies its
compliance with European Data Protection law.
CALL
MANAGEMENT SOLUTIONS
Pirean
Faretec
Carnac Court
Cams Hall
Fareham
Web: www.pirean.com
Telephone: 0845 226 0542
Pirean SMBus - Service Desk Integration
SMBus is the industry leading solution for sharing, synchornizing and prioritising
workload between Service Desks.
For organizations looking to adopt ITIL aligned best practice or outsource core
services, SMBUs provides the capability to:
• Orchestrate activity across multiple Service Desks.
• Implement a Single Point of Visibility and Reporting for all Service Desk activity
(internal and outsourced).
• Improve and Measure Service Level Agreements.
• Reduce ticket volumes.
• Provide centralised, enriched KPI Dashboards.
• Centralise Service Reporting.
Visit http://www.pirean.com/technology/smbus/.
MOBILE VOICE RECORDING
5th Floor
London Wall
London
EC2M 5PP
T: 0800 458 2988
Compliant mobile phone recording is now available from Business Systems the
leading voice recording and analytics technology experts. Designed to meet
the new FSA mobile recording requirements, Vocal Mobile can be delivered as
either a hosted solution or utilising an organisation's existing in-house recording
system. Both compliance-grade solutions are simple to use, requiring little user
intervention or training and calls are available for immediate replay via secure
access. The technology is already undergoing deployment in two leading
Norwegian banks with UK implementations to follow.
Red Box Recorders Ltd
The Coach House
Tollerton Hall, Tollerton
Nottingham NG12 4GQ
Red Box brings simplicity to digital recording, with flexible solutions that are
easy to specify, install and manage.
We focus on voice and data capture: Red Box software solutions cover
everything from storage and event logging, to retrieval, playback and analysis.
Our latest products incorporate web-based interfaces for worldwide access to
replay, configuration and maintenance.
We have over 20 years' experience and a strong reputation for innovation.
Little wonder, then, that Red Box solutions are used in over 120 countries.
Tel: +44 (0)115 937 7100
Fax: +44 (0)115 937 7494
www.redboxrecorders.com
PAYMENT EFFICIENCY AND RISK SOLUTIONS
Accuity
1 Quality Court
Chancery Lane
London WC2A 1HR
United Kingdom
T: +44 20 7014 3480
F: +44 20 7061 6478
W: www.AccuitySolutions.com
Payments: Improve rates of payment STP, with the Golden Copy of payments data.
5th Floor
London Wall
London
EC2M 5PP
T: 0800 458 2988
Brought to you by recording specialists Business Systems, Market Detect is a cost
Compliance: Comply with global AML regulations, including UK Bribery Act, and
safeguard your business.
Professional Services: Engage with our Payments and Compliance subject matter
experts, for any implementation, training, review or project management needs.
To learn how our solutions can help your business, and to access a FREE trial or demo,
visit: www.AccuitySolutions.com
effective, customisable, real time data analytics tool incorporating Complex Event
Processing (CEP) technology. Designed to detect market abuse and minimise trading
risk whilst ensuring compliance, it intelligently collects and analyses news feeds and
organisational data to uncover and present hidden patterns. It's one of the first
surveillance systems available on a hosted pay-as-you-go basis or as an on-premise
solution implemented onsite.
Contact us now for our latest white paper.
PAYMENT EFFICIENCY
Optitrade
85 London Wall, Ground Floor,
London,
EC2M 7AD
Optitrade was recently formed as an operating division of Singularity Limited. Our
focus is to enable financial institutions to operate highly optimised post-trade
management solutions – our vision being friction-free Financial Markets.
Tel: +44 (0) 20 7496 1760
Fax: +44 (0) 20 7256 8151
W:
• Financial Messaging Applications
• Connectivity to Omgeo CTM, Oasys Global, SWIFT, TRAX, CREST and Euroclear CCI
• Data Matching Applications
• Data Transformation
Our current offerings include:
CALL
PAYMENT EFFICIENCY
S1
Culverdon House
Abbots Way
Chertsey, Surrey
KT16 9LE
United Kingdom
T: +44 (0) 1932 574 700
W: www.s1.com
Leading banks, retailers, and processors need technology that adapts to the
complex and challenging needs of their businesses. These organizations want
solutions that can respond quickly to changes in the marketplace and help grow
their businesses.
For more than 20 years, S1 has been a leader in developing software products that
offer flexibility and reliability. Over 3,000 organizations worldwide depend on S1 for
payments, online banking, mobile banking and branch banking solutions that
deliver a competitive advantage.
PAYMENT SOLUTIONS
Vocalink
Drake House
Three Rivers Court
Homestead Road
Rickmansworth
Hertfordshire WD3 1FX
T: +44(0)870 1650019
W: www.vocalink.com
VocaLink is the transaction specialist. We pioneered electronic payments four decades
ago and many of the world’s top banks have been relying on our services ever since. Our
automated payment system processes over 80 million transactions per day and has the
capacity to handle all of Europe's automated payments. Our switching platform powers
the world’s busiest ATM network.
The VocaLink €CSM delivers reach for our clients throughout the SEPA and beyond with
a range of value-added services that leverage our know-how and technical capabilities.
VocaLink is the partner of choice in the transactions business.
Find out why at www.vocalink.com
RETAIL BANKING AND CONSUMER FINANCE
Provenir
4 Park Place
London
SW1A 1LP
United Kingdom
Tel +44 (0) 20 7898 9347
Fax +44 (0) 20 7898 9101
Website: www.provenir.com
Provenir is the leading provider of enterprise software, which enables
financial institutions to implement innovative solutions for application
processing, customer account management, collections and recovery, compliance
and prospecting. Provenir provides an integrated solution for all products, all
channels and all phases of the customer lifecycle. Users can visually configure
rules, strategies and scorecards that can be utilised by multiple workflows and
channels to create composite applications and services that are easily deployed
in an SOA.
Thinksoft
6th Floor, Fleet House
8-12 New Bridge Street
London EC4V 6AL
Thinksoft, a specialist in financial software testing, helps global financial and
insurance organizations to significantly improve the quality of their applications,
software and systems.
T:
F:
E:
W:
With clients in 23 countries and offices in major financial capitals of the world,
Thinksoft helps clients realize ‘business ready software’, compress timelines
and reduce software product life cycle costs through domain focused test
methodologies, offshore delivery centers and test automation expertise.
+44(0)207 822 8620
+44(0)207 822 8626
[email protected]
www.thinksoftglobal.com
TELECOMS PROVIDER
IP Solutions
Centurion House
24 Monument Street
London
EC3R 8AJ
IP Solutions are London’s leading Independent Telecoms provider.
Based in the heart of the City of London we work with many of the UK’s
leading Finance Companies to Provide a wide range of Communication
Solutions including:
• Unified Communications
• FSA Compliant Call Recording
Tel: 08000 928 128
W: www.ipsolutions.uk.com
• Hosted Telephony
• SiP trunking
• Mobile Analysis & Review
• Data Networks
VOICE OVER IP
COLT Telecommunications
Beaufort House
15 St Botolph Street
London
EC3A 7QN
T: 0800 358 4631
W: www.colt.net/uk/ipvoice
COLT is the leading provider of data, voice and managed services to business customers
in Europe. Founded in 1992 to serve London's financial institutions, today its customers
include the world's top 25 financial institutions and seven out of Europe's top 10 stock
exchanges. COLT is also the strongest SWIFT-approved player in the European market.
COLT services are designed to meet key business requirements around areas such as
regulatory compliance, network simplification and operational efficiency. They are
based around its secure, reliable network providing unrivalled reach across 13
European countries, with direct connections to over 10,000 buildings.
For more information: www.colt.net
SIGNING
ALSO ON OUR RADAR
Book review
Title: The Apple Experience. Author:
Carmine Gallo. Publisher: McGraw-Hill. RRP:
£17.99
There has been
much talk in recent
months
about
technology giants
like Facebook and
Apple becoming
active in financial
services. The former
has already moved
into the virtual
currency arena and
the latter has filed a
patent for a new iWallet service. It has millions
of credit card numbers on file, a hugely loyal
customer base and speculation is rife that it may
introduce the iWallet along with the next
iPhone. A timely release then for Carmine
Gallo’s The Apple Experience, which aims to
reveal the methods behind Apple’s retail success
and show business leaders how to use them to
drive growth and profits.
It’s an interesting read and provides plenty of
insight into the minds of Steve Jobs and his
colleagues. ”I’m constantly asking myself, Why
Triple Quest
does Apple do what it does, what other brands
do something similar, and how can I teach these
principles to others?” writes Gallo. He adds: ”I
don’t bill myself as a ’customer service expert’.
I’m a communications coach, speaker and
journalist.” Therein lies my one gripe with the
book. Gallo has a weakness for communications/
motivational coach speech - e.g. ”Apple touches
the lives of its customers only after touching its
employees” and ”When a company starts with
a vision such as ’enriching lives’, magical things
begin to happen.” Ugh.
At the same time, however, this has much to
recommend it, particularly the opportunity it
offers to learn about Apple’s ’Five Steps of
Services’ that all customer-facing employees
follow to engage customers. It’s certainly
exhaustive stuff. The author has conducted
extensive interviews, spent hundreds of hours
observing the Apple selling floor and researching
into the company’s training programmes. The
banking sector should take note. Its customer
service is often awful and it would do well to
learn from the principles which Disney is now
employing to reinvent its stores and which
former Apple retail chief, Ron Johnson, is using
as he undertakes the challenge of revitalising
J.C Penney.
And another thing...
Has Facebook had its day? That was the question
I put to my many (ahem) Twitter followers
recently. ”Timeline looks clunky and there are
only so many pics you wanna see of friends
pulling amusing faces in the pub,” I tweeted.
It certainly seems to be on the slide in the
financial services sector. According to analysis
from Corporate Insight, Twitter has overtaken
Facebook to be become the top social network
for FS firms. It covered 90 companies in its
report, 57 per cent of which used Facebook in
2010 and 51 per cent Twitter. But by the end of
2011, 88 per cent were on the former and 92
per cent on the latter.
At one point, Facebook could do no wrong,
but it’s no longer a media darling. Take, for
example, the bemused response to the $1 billion
purchase of Instagram, perhaps best summed
up by a spoof news piece in the latest Private
Eye. Sample quotes: ”Instascam’s business
OFF
model was founded on the belief that if we had
a trendy name and could show that we had no
way of generating profit, Facebook would
eventually buy us for some ridiculous price.”
And: ”Mark Zuckerberg denied he’d overpaid
for Instascam saying he’d been impressed by the
way the company had generated huge amounts
of hype in the past two years.”
So, are we witnessing a mere blip or is
Zuckerberg’s baby about to go the same way as
MySpace and Friends Reunited? Probably not
the latter as Facebook has a more compelling
business model than those two ventures. But I
do think the Corporate Insight analysis points to
a definite trend in the FS sector. As always, I’d be
interested to hear your thoughts. Drop me a line
at the email address below.
Kudos to Colin Blears,
product development
manager, Quest, who is
embarking on three personal
challenges for charity this year. He’ll
start with a skydive on 30 May; a
trek up Ben Nevis on 4 June to light
a beacon as part of the Queen’s
Diamond Jubilee; plus a bungee
jump on 13 October. Phew, FStech
feels exhausted just thinking about
it. To support Colin, visit: www.
bmycharity.com/colinblears
Knock knock
Unified business
communications provider
Daisy Group has opened
the 12 tonne bomb proof
door to its Manchester
datacentre, part of a £1 million
investment programme in the facility,
situated within a former Bank of
England bullion vault. Interesting
tidbit for you. A small gap between
the inner and outer walls is
rumoured to have been patrolled by
guard dogs back in the day. And
every Tuesday the surrounding roads
were closed off to allow the delivery
of gold bullion to the bank.
The two Scotts
Just months after leaving PayPal for
Yahoo, Scott Thompson has stepped
down amid accusations he faked a
computer science degree on his CV.
Readers of FStech will
know that our Editor is
also called Scott
Thompson. News of the
Yahoo debacle sent him scurrying to
Twitter to make his own CV-related
confession. ‘Much like my namesake
at Yahoo I also have a fake resume.
My CV lists basket weaving, tap
dancing and playing the bongos as
interests. They’re not,’ he wrote.
And on that bombshell, dear
Scott Thompson, Editor, FStech.
[email protected]
readers, we bid you adieu.
M AY /J U N E 2 0 1 2
PAG E 5 9
www.fstech.co.uk/payments
The 2012 FStech/Retail Systems Payments Technology Conference will be held at the IoD Hub, London and
will bring together leading figures from retail and the financial services sector to network and discuss cards
and payments services, the present and future.
This year there will be a particular focus on mobile banking and payments. Senior figures from across the
retail, financial services, technology vendor and telco sectors will come together to debate the key issues,
innovations and barriers to the mass-market deployment of mobile. Chaired by Vendorcom chairman, Paul
Rodgers, the event, a mixture of speakers and discussion panels, will also showcase the latest developments
and services and products in such areas as: contactless cards; self-service technologies, SEPA, payment
security, online payments, the future of cash and cheques and social payments.
Speakers/panellists confirmed so far include: Roy Ford, IT Controller, SPAR UK; Alex Kwiatkowski, Research
Manager EMEA, IDC Financial Insights; Rafael Eile, Counsel, Citi; Simon Barrows, Director of Financial
Services, Glue Reply; Simon Burrows, Director – FinTech, PwC.
TO ND
E
A
E
FR ERS L
A
AIL NCI NS
T
RE INA UTIO
F IT
T
S
N
I
Sponsor
Association Partners
Thursday
01 November 2012
Research Partner
The IoD Hub, London
09:00 – 16:30

here - FStech

Transcription

Similar documents

Time to go banking? The electric is off. The phones are dead. The

carta de cliente en ingles

Company Fact Sheet

- Aftab Communication Group

iPPlus Sales Sheet - IP Plus Consulting, Inc.

the new website is coming online oct 5, 2015

Public and Private Cloud Interoperability

Company Fact Sheet 2016

Changes That Heal_indd

for Kamstrup Omnipower - smart-me