Software as a (dis) Service – Going in with Your Eyes Wide Open

Jane StabileGuest Contributor: Jane Stabile, President, IMP Consulting, Boston, MA

The asset management business has never been more competitive, and CFOs are under tremendous pressure to keep their firms lean. As CFOs seek solutions to keep the headcount down, the argument for Software as a Service (SaaS) has become particularly appealing. SaaS solutions promise to help your firm focus on investment management and “get out of the software business” by having the vendor run and maintain your systems. The argument is compelling; the vendors will assure you that they can support a high-quality, mission critical service as well or better than your in-house technology group can, and at a much lower cost. If you are looking to make the leap, a SaaS system may do exactly that. If you suspect it might not, how do you evaluate the shortcomings and what can you do about them?

In my experience, there are three critical areas to evaluate:

  • Fit and coverage
  • Flexibility
  • Cost Containment

Fit and Coverage: Most SaaS offerings are not extensible, so you will not be able to manipulate tables or run custom applications against their databases.   If there are significant gaps in functionality, you’ll have to live with them, so make sure the solution fits your business processes. Part of the attraction of the SaaS product may be that the data is included, and the TCO (total cost of ownership) analysis may include a big cost savings over sourcing that data separately. However, some vendors require separate subscriptions to underlying data that you may already have, so those costs will remain. Conversely, you may discover that the SaaS product’s data has some gaps in coverage that can impact your firm’s ability to model portfolios or monitor compliance. Before committing to the deal, take a deep dive into the data model to ensure that the quality and coverage of the data matches the needs of your firm.

Flexibility: Vendors have no incentive to make it easy for you to switch to a competitor, and it can be difficult to decouple systems when you don’t keep them in-house. If your portfolio managers add new strategies or expand into asset classes that are not native to the system your firm has chosen, you may find yourself doing extensive work-arounds to accommodate the change, or hitting a brick wall. For example, forcing complex derivatives onto a system that specializes in corporate bonds or vanilla swaps, may be impossible, and you may end up supporting macro-laden spreadsheets or creating additional workloads for your middle or back-office to maintain accurate holdings. Developing a thorough understanding of the level of standardization that your vendor employs is the key to evaluating your true costs.

Cost Containment:   Are there any penalties of not going live by a certain time, or when the vendor’s “production” license kicks in? Carefully scrutinize the vendor contract and ask for it in writing if it isn’t clear—does the license take effect upon “go-live,” or parallel? What if the timeline is delayed; does the vendor take responsibility or does your firm get stuck with the additional cost? On a recent project, I found myself working with my client to QA the vendor’s configuration and document the problems, just to help the firm avoid the late fees the vendor was attempting to charge. In fact, you may want to add some cost assumptions into your implementation and maintenance calculation to accommodate the QA you may need to do when new releases or patches are issued. Some vendors will allow you to opt out, but some will not, or allow so little time between the announcement of the release and its deployment that it may be impractical to do. Others may allow your firm to have more control, but the time it takes to test and implement a vendor upgrade or patch that may not help your firm could be a costly and time consuming endeavor. Finally, vendors will want to keep the number of users included in a contract to a minimum for performance reasons and to keep their costs down on the hosting side. Consider these costs as your firm grows and needs to add additional users.

Bottom Line:   There are now SaaS products available that can serve mission-critical areas of your firm’s infrastructure—from trading and compliances systems to all areas of the front, middle, and back office. If something goes wrong on the vendor side or you can’t get the attention you need when there is an issue, it will be your firm’s reputation on the line. Ultimately, the risks may be manageable and the benefits substantial, but it is important to go in with your eyes wide open.

Posted in Guest Blog | Tagged , , | Leave a comment

Financial Trading Infrastructure: The Era of Cloud 2.0

Jacob Loveless and Howard Lutnick at Cantor Fitzgerald, NYC 12-20-12Guest Contributor: Jacob Loveless, CEO, Lucera Financial Infrastructures

The freedom to try new things
The equity downturn has fueled a trend in multi-asset trading that is prompting firms to test new strategies. They realize they can no longer merely trade or price a single asset class. To compete, they must have asset diversification and multi-asset trading strategies– but many lack the freedom, infrastructure scalability and resources to do so.

Historically, a firm would have to wait weeks or months to arrange the infrastructure components required to procure, deploy and test a trading strategy in a new asset class or location. This lengthy process slows time-to-market and creates a large resource and monetary investment up-front – a barrier to innovation.

Managed trading services give these firms the ability to quickly deploy secure, high-performance systems, lower total cost of ownership (TCO), predict and scale monthly expenditure and create new possibilities for trade innovation, strategy development and alpha generation. That means financial trading firms can test applications and new ideas in close to real-time, while predicting and controlling costs.

For these reasons, Aite Group projects that global spend on managed services will increase from $500 million in 2012 to $620 million by 2015, and Tabb Group estimates that by 2016 adoption of managed services infrastructure across companies will hit 50%. With efficiency and scalability now under control, organizations are looking to their infrastructure to solve greater problems.

A big red button scenario
High-profile trading freezes and glitches have drawn considerable attention to the industry’s need for a “kill” switch or “big red button.” These could be used in a situation where dangerous order flow needs to be halted to minimize market impact. Regulators agree this could minimize risk but hotly debate who should be able to push that “big red button” and how much of the infrastructure it should shut down when pushed.

The difficulty with the proposed “kill switch” is that it would shut the firm off from the entire market by preventing the flow of information in and out of the company. While in the short-term it would prevent that company from sending potentially compromised orders out into the market, it also handicaps the firm from receiving information from the market that could help identify and reconcile the issue.

Take the centralized limit order book where all participants push data as an example. If something goes wrong and the order book is affected, the firm has to bring the whole system down. But what about a scenario when only one server is impacted? What effect would it have if only the compromised portion of the infrastructure was taken offline? Or better yet, what if an exchange could turn off one market participant from sending orders but still allow them to receive data in order to quickly reconcile its issue without impacting the rest of the market?

These scenarios demonstrate the importance of being able to segment infrastructure into zones – a technique that is becoming critical to deliver operational advantage. The ideal big red button scenario would allow the system to react quickly to protect the business and the market and only turn off the piece of the infrastructure experiencing failure. In the event of a problem in a software-defined network, a company can self-select to shut down a compromised zone, remaining fully operational while the issue is addressed internally. This zoning technique guards both the participant, and the market.

A better cloud model: Cloud 2.0
The traditional multi-tenant cloud model has not been able to meet the latency demands of trading applications, marking a considerable barrier for cloud-based infrastructure. It also does not allow for data collocation. Companies now have to ship data to different data centers and pull it back up over a virtual private network, which increases costs because of the shared storage and bandwidth. Using a single tenant system allows for better performance and is more cost effective.

The move to Cloud 2.0 will not only speed time-to-market, promote innovation and remove cost pressures associated with traditional infrastructure, it can give companies the operational advantage they need to compete in today’s complex financial markets. Firms that embrace Cloud 2.0 will be empowered to utilize new trading strategies and enter new markets with greater control, predictability and scalability around their costs. Disaster scenarios can be more easily contained by understanding how to use a software defined network and zoning to more intelligently respond to infrastructure challenges that might traditionally cripple a company or impact the market. With latency no longer the most important differentiator for firms, the era of Cloud 2.0 will allow firms to meet complex infrastructure requirements in a high-performance, secure environment that can continuously evolve to solve the next big challenges in the market.

Posted in Cloud, Guest Blog, Uncategorized | Tagged , , | Leave a comment

Why Financial Services Brands Aren’t Equipped for Social Media Risk & Compliance

Devin_HeadshotGuest Contributor: Devin Redmond, Nexgate CEO and Co-founder

No longer are financial brands and organizations able to focus solely on storefronts, email aliases and toll free numbers for customer engagement and support. Nowadays, a brand must engage customers 24/7 in social media. However, as we have seen with the rise in social media spam, the increase in social fraud, the continuing social account hacks and the ever increasing regulatory focus on social media, financial services’ social media programs bear the broadest set of risks and compliance challenges.

In fact, each of the specific financial services sub-verticals including retail banking, insurance, wealth management, credit cards, etc., all tend to have two to three major categories of social media programs including centralized brand programs, advisor / agent programs and social customer care programs. Unfortunately, they may only be partially equipped to handle risk and compliance for just one of their social programs.

Brand programs face regulations but also tend to be exposed around fraudulent accounts, account hacks and social media spam. Social care programs have to worry about those same issues as well as regulated and sensitive data handling like PII and PCI on top of violations of FFIEC Regulation Z and DD or FINRA Customer Complaint Risks regulations.  Advisor and agent programs have to tackle industry regulations like FINRA, FFIEC, FTC and SEC, along with corporate standards such as using approved employee bio data, approved publishing tool workflow and keeping the agent or advisor account protected.

Here are several best practices to help financial services organizations address the broad set of risk and compliance challenges they face in social media:

  1. Define Organization Responsibilities & Policies: Establish a cross-departmental working group defining and executing on who is responsible for creating policies, enforcing them and responding to incidents across social programs.
  2. Learn Compliance Context: Social marketers, brokers or agents and IT teams are not inherently compliance experts. Therefore, they must be trained by internal and external compliance experts, so they are informed as to the context of the regulations.
  3. Protect Social Accounts: Maintain access control on social pages, profiles, and accounts by protecting passwords, restricting what tools can publish on the account and monitoring the account to detect and stop account hacks.
  4. Enforce approved tool use: Active monitoring, enforcement and reporting, which identify the right tool that was used to publish, should be in place as a key to establishing workflow, passing audits and demonstrating policy enforcement.
  5. Don’t rely on keyword detection: Less accurate keyword dictionaries and manual workflows don’t scale. Technology that understands the content and context should be used to automate detection, handling and improving retention and eDiscovery search for many compliance, legal and related content violations.

With financial services brands committing more and more resources to social media, the urgency to protect that investment grows with it each day. Without a serious plan and investment in this broader set of social risk and compliance areas, financial services organizations will struggle to efficiently, effectively and safely scale their social programs.

 

Hear more on this topic and more on social media and compliance in financial services at SMAC New York on September 18th.  Check out the speaker line-up and all event details online here.

Posted in Compliance, Guest Blog, Social Media | Tagged , | Leave a comment

The Power of Feedback Loops: Fostering an Environment that Supports a Healthy ERM Program

Steve_TaylorGuest Contributor: Stephen Taylor, Senior Market Manager, U.S. Enterprise Risk & Compliance, Wolters Kluwer Financial Services

In the wake of the financial crisis, strategies for managing enterprise risk have taken center stage of organizational decision making and many institutions have revamped their entire approach to understanding the nature of the risks they face and how to mitigate against them. A sophisticated approach to managing risk is a continual process of systematically assessing, measuring, monitoring and managing risks in an organization. Moreover, it ensures that the “big picture” is not lost to the daily demands of running a business.

One of the best ways for an organization to accomplish this is through establishing a risk management “feedback loop” to continually assess whether the assumed risk is reasonable and appropriate, or whether the situation should be reassessed. Feedback loops are effective tools for positively impacting and changing risk behavior, since they allow the institutions to address minor issues at the lowest level and empower business lines to self-correct—while keeping the focus of the executive team on more high-level business concerns.

Increasingly, boards and senior executives are looking to develop effective key risk indicators (KRIs) to drive success in their ERM process and improve the execution of the organization’s strategy while pushing responsibility and accountability into the front-line business units. These KRIs serve as a type of feedback loop, providing organizations with an early warning sign of increasing risk exposure in various areas of the enterprise.

Getting visibility into specific regulatory rule changes alone isn’t enough, for example. Firms have to be able to pull this information through the business and clearly demonstrate to shareholders, investors and regulators that relevant action has been taken. The ultimate verification is that controls have been put in place to mitigate any potential risk and that these controls have been positively tested.

This is what we think of as a “virtuous circle” of effective risk management and it is critical to success. In order for it to work, however, there has to be the right “tone at the top.”

For a true risk management culture to take hold within a financial services organization, there must be a pervasive philosophy communicated from top management down through the organization and embraced by staff. Every employee must understand the organization’s risk appetite and where the “edges of the envelope” are for each business line, product and geographic unit. Front-line managers must buy into the risk appetite, and operate under it, for the risk culture to be effectively implemented.

As a rule, KRIs should be monitored closer to the “front” than in the higher reaches of management. It is important to establish a good working relationship between the risk management function and the business units, so that employees view risk managers as making a positive contribution—rather than just someone who enforces the rules. Instead of relying on the risk function to manage risk, financial institutions need to hold accountable and empower the front-line managers to make decisions in a more risk-aware way.

The best ERM practice has business managers, profit centers, business units and functional heads assume full responsibility and accountability for the risks they take.

Senior management and boards of directors do not need to know, nor are they necessarily in a position to fully appreciate, all KRIs employed within the organization, but they should be expected to understand and be kept updated on KRIs related to the organization’s top risk exposures.

Having the right culture for compliance is crucial and this can be improved if it’s demonstrated that effective compliance is not to be seen as an ineffective cost center, but as a way of running an ethical business which not only can improve the strategic direction of the organization but can improve the firm’s reputation within the market.

 

Learn more from Wolters Kluwer on October 16th, when they sponsor FTF’s CAPCon New York conference. Stevie D. Conlon, Senior Director and Tax Counsel for Wolters Kluwer will lead a discussion on new corporate action burdens under FATCA.  View the full events agenda online here.

 

Posted in Guest Blog | Tagged , , | Leave a comment

Insurance and Innovation: Are you In or Out?

Sheryl Brown headshot resized

Guest Contributor: Sheryl Brown, Social Media Coordinator, Ash Brokerage

So when you say “financial services” or “insurance” do you immediately think of the word “innovation”? Um … likely not. (Hint: We are not the cool kids on the bus. I hate to break it to you this way.) Why is that? Why, as a group of professionals, are we so far behind in being radically different? What are we scared will happen?

I recently polled all of my friends on Facebook (Hey, I have 500 friends on Facebook, so the poll has a little depth to it … #TongueInCheek). I simply asked them what came to mind when they heard “financial services” and “insurance.” Some of the responses were:

- Medical needs
– Death
– Pushy sales people

Oh my. That’s not very innovative stuff, is it? But wait … there’s more.

How do we describe what we do? What kinds of words SHOULD we be using with our family, friends, clients and businesses so we can change these thoughts? Who should we be talking to about these things?

I believe we need to create a fundamental shift by using the term “community” instead of “industry.” Industries produce widgets. What exactly are we producing? Yeah, yeah … you could say the policy is the widget, but it’s not the same.

Jean Vanier is quoted as saying, “Every human activity can be put at the service of the divine and of love. We should all exercise our gift to build community.” Think about that for a moment. We are a relationship-based business. That’s what communities are built on … relationships. As a community of financial professionals, we provide peace of mind to our family, friends, clients and businesses. I don’t think I remember anyone saying this about coffee, tennis rackets or pallets, do you? Those are widgets from industries … we are a community.

When you sit down with someone, are you still using outdated words like protection (blech), policy (you mean there are rules?) and premium (I get the best!)? Well stop that now! If you think our family, friends, clients and businesses are hearing these words in the way we THINK we are describing them, you’re dead wrong. I challenge you to read Maria Ferrante-Schepis’ book, “Flirting with the Uninterested” from Maddock Douglas and see what you think. WARNING: After reading this book you, might start thinking about your business very differently. I cannot be held responsible for the increase in business you may start to experience.

Who you are talking to is a big deal too … a really big deal! Are you talking to everyone about what you do? Specific people? How do they hear what you are saying? Start considering this today because it matters. If you’re talking about IRR, COI and WOP, they may be thinking OMG!

Encourage your clients to stop you when you go into jargon mode. We are all guilty of this in the financial services community. I’ve done it and you are doing it today. Instead, challenge yourself to talk to everyone differently. Lose all the lingo and listen from your clients’ perspective. Better yet, find someone who knows NOTHING about what you do and start describing things to them. You’ll be amazed at how many times they raise their hand and say, “I dunno what you’re talking about right now.”

Sure, I can give you all the social media advice to help you ramp up and start exploring a new world and way of doing business, but none of this will work unless you’re innovating and doing business differently. Can you commit to getting comfortable with being uncomfortable?

Are you innovative or out?

Hear more from Sheryl and other social media directors at FTF’s annual SMAC Conference in New York on September 18th, 2014! Check out the agenda and speaker line-up at FTF News.

Posted in Compliance, Social Media | Tagged , , | Leave a comment

Utilizing Big Data in the Financial Markets

Larissa J Miller HeadshotGuest Contributor: Larissa J. Miller, Founder and Board Member of Stuart Investments

The financial markets have always been blessed with big data. While other industries are catching up to the markets in terms of size, the financial markets have moved on to the incorporation of the data to existing models, learning models and strategic decision making at both the corporate level and the trading level. Since stepping into the modeling world in 2004, I have seen the markets evolve in terms of both technology and sophistication. Model development has been streamlined by the advancement in programming languages such as R through industry developed packages allowing for programmers to quickly develop prototypes. The level of sophistication of the models has increased by our gained knowledge through the various financial crises in the last decade as well as our deeper incorporation of probability and statistical modeling techniques.

The credit crisis of 2008 changed the viewpoint of the entire industry how to properly model fixed income products. During this time existing modeling standards and assumptions were challenged as past behavior did not indicate future behavior in terms of pre-payments as well as default rates. Prior to the crash many credit analysts were able to use a standard hazard rate which was applied to every customer in a given pool or asset class. This rate described the industry standard on what percentage of the population of the pool would either pre-pay their loan or default on their loan.

The industry has moved away from applying a single rate to the entire group. Rather models are now developed to predict exactly which loan will be either pre-paid or defaulted. Firms within the financial markets benefit from understanding which of the pooled loans to either enhance profits as well as to mitigate risks. The firms enhance profits by building better relationships with their customers. The firm is given an opportunity to proactively keep their customers by working with them to prevent loan pre-payment. This is particularly helpful when the customer has a loan of several millions of dollars. On the other hand, the firm also has the opportunity to work with a customer before a default on the loan occurs. This helps prevent further write-off’s from the balance sheet. Modelers are incorporating more sophisticated modeling techniques into these models by using existing collected loan data from past loans and then generating logistic function factor models. The logistic function allows for the classification of the intensity or sensitivity to the factor in question.

Traders also have the opportunity to enhance their trading profit and loss through the incorporation of more sophisticated statistical modeling techniques. Research has been developed incorporating Markov regime switching algorithms into the trading model. Incorporating the Markov technique allows for the trader to generate a probability matrix of the state of the economy. Traders have ability to determine the number of states in the economy, typically two (a bull state or a bear state). The probability matrix then tells the trader what the probability of the economy being in either state. The information can then be fed into a trading model with different weights based on the probabilities generated by the matrix.

The advancement in both technology and sophistication has lead to better model building causing a better understanding of the risk of the trading world.

 

Larissa Miller was a featured panelist speaker at FTF’s DerivOps Chicago conference this past April 2014.   FTF is currently planning for DerivOps New York on November 6, 2015.  This event will bring updates on OTC regulatory reforms and manual processes, SEF platforms, global perspective on reporting requirements, trade clearing rules, EMIR and global collateral management.  Learn more about this event online here.

Posted in Uncategorized | Leave a comment

Information Technology Responsibility for Social Media

Blair_headshotGuest Contributor: Blair Rugh, Chief Compliance Officer, Temenos

Social media and other forms of electronic communication are becoming the principal advertising and marketing tools of many financial institutions. First, they are inexpensive. Second, they can be targeted as narrowly or broadly as the bank wishes. Finally, the readership percentage is pretty high compared to print advertising. Almost every bank has a website. Because bankers like to be liked, many banks have a Facebook page. Some also use Twitter to get their marketing messages out. While advertising and marketing are generally the responsibility of the institution’s advertising department, the information technology department has responsibilities as well.

First, who has the authority to make changes to the bankʼs website or to post information on the bankʼs Facebook page or send a tweet? We strongly recommend that each bank should have a procedure, whereby regardless of who initiates the communication, it should be approved first by the bankʼs advertising department, then by the bankʼs compliance officer and then it should be executed by the information technology department. We recommend that there be signed check-offs at each stage of the process.

Second, because whatever the bank publishes is advertising, there are record retention requirements. It should be the responsibility of the IT department to make and retain screen shots of each page of a bankʼs website and whenever a change is made to it, a screenshot of the change noted with the date the change was made. Likewise, there should be a screenshot of anything posted on the bankʼs website along with the date it was posted and the same for any tweet. Most bankʼs do not use mass emails for marketing, but if your bank does, a copy of each email together with the date and list of recipients must be retained. The retention period for all advertising is two years.

By allowing only the IT department to post or change information, it has a record of everything that was done and everything that must be retained.

The final problem is the bankʼs employees, particularly those pesky loan officers. If any employee of the bank is using social media to advertise, his or her services or bank products, that is likewise advertising for the bank. It falls under all of the advertising rules as well as the record retention requirements. If bank employees are using social media, again there should be a procedure for the approval of what they are posting.
Also, someone needs to check periodically to make sure that they are following the rules. The IT department should have a list of all employees that have a Facebook page, and they should periodically check to see that nothing is being posted that is inappropriate and that records are being maintained of anything that applies to the bank. Likewise, if employees are sending tweets those need to be reviewed and retained. The best way to accomplish all of this is to make the IT department the pointy end of the funnel through which everything must pass.

 

Learn more from Temenos at SMAC New York, FTF’s annual social media and compliance conference on September 18th. Temenos will be joining a panel on the social media platforms and related technologies that are on the horizon, new regulations that may be on the way, and the major trends for the next year.

Posted in Compliance, Guest Blog, Social Media | Tagged , | Leave a comment