Digital at scale: how digital can transform business

If you spend time at pretty much any tech company, from startups to big corporates, you’re likely to hear the word ‘digital’ a bit too much.  Some people are doing it, some are making their journey towards being more digital and others are still struggling to define what exactly it is, and in many ways, it’s that final category that have the most honest answer to the question – What is digital?  And this is what experts from the technology and financial services industry discussed during a recent seminar at London Technology Week.

It’s easy to define digital as being about technologies – that digital is at its core the binary ‘0’s and ‘1’s, on and off and all the brilliant devices and interfaces that have spawned out of it.  While that’s not entirely wrong, it paints a picture that everything digital is very clean cut, with a definite right and wrong answer that follows any question – but the truth is very different.  The technologies are far from a constant, and everything from the technology chosen to the implementation will change not only for different demographics but from person to person, and will adapt to their current situation, desires, needs and moods.  Technology then, is transient, and to be truly digital you must be open to constant and relentless change, throwing away technology, processes and ways of working constantly, and ensuring that the new tool adopted is chosen intelligently, to be the best tool for the job, and the most commercially viable solution.

This however all sounds like the territory of startup businesses.  Businesses that are new to the scene, or with very flexible business models are often far more adept to change as they do not have the long-standing commitments to clients, legacy platforms and some of the regulatory requirements of their big corporate counterparts.  Some may suggest that these big corporates should simply throw away the legacy platforms, circumvent the regulation and transform their clients, and noble though that may be, it’s a fool’s errand.  For these businesses, what they really need is to find a way to take advantage of new technology, whatever that may be, and develop systems that allow them to adapt to change which work alongside and complement their legacy ‘technological debt’ and support their regulatory requirements rather than dispose of them. This is digital at scale.

Put simply, digital at scale explores how businesses can leverage digital, be it technology, ways of working or any other idea that comes under the umbrella of digital to transform their business, supporting existing technologies, commitments and regulation where appropriate, and disposing of them where necessary.

Sopra Steria’s MiFID II project with the FCA is an example of where digital at scale has been implemented. For all the businesses that are wary of how technologies like cloud and open source could work in a highly regulated environment, there’s no better example than that of the regulator itself adopting these technologies.  The MiFID II regulatory support service is built for the cloud, ingesting, processing and persisting files on AWS, with innovative open source platforms like Cassandra and Spark ensuring that all submissions are processed quickly and with an extremely high degree of accuracy, with an architecture that supports changes should a specific client or geography require, like private vs public cloud or separate technology components.  What is particularly profound about this solution though is how it backs into and supports the legacy environment, through a simple FTP gateway, ensuring that the wealth of historical data is utilized and, as is so important in an environment like this, remembered with a system that can speak both the languages of the old and the new into the future, maintaining a stream of communication regardless of changes made on either end.

The MiFID II platform is only one example of these principles put to work, and though the distant future might see us living in a fully digital world we must be conscious today that whether we transition fast or slowly, we must do so safely too, and with a strong commercial focus to build not simply small digital players, but truly successful enterprises with digital at scale.

Find out more about our FCA Market Data Processing project and Sopra Steria’s #intelligentdigital campaign.

Challenger banks have challenges of their own

If you think that the UK’s High Street banks have had it tough over the last few years, spare a thought for the new kids on the block…

Sure, the big 4 have had to deal not only with the credit crunch, product mis-selling, systems failures and outages, increased regulation, the CMA, the FCA and new regulations such as MiFid II and soon – very soon – PSD2, where all banks will have to allow access to their customer account information to third parties via open APIs. But they now also have to deal with nimble start-ups with appealing propositions who can cherry pick the most attractive and most profitable customers and offer them a well thought-out product set with excellent – and targeted – customer service. Or even just a single product, one that has been honed and finely tuned to satisfy a specific market demand, be it the highest-paying savings account or a transactional account with all the bells and whistles but without the so last century chequebook. And what’s even worse for the High Street banks is that they have to try and compete with these start-ups – or upstarts – using a creaking legacy infrastructure which isn’t fit for purpose in the digital age.

So it’s really an unfair fight, isn’t it? It’s as if the High Street banks are playing with a marked deck, or with one arm tied behind their back, while the Challengers hold all the high cards and can pick off the incumbents at will, much like Monty Python’s King Arthur fighting the Black Knight. Or is it….?

While the incumbents have had to contend with IT systems which were developed in the 1970s, around the time of the widespread deployment of ATMs and when internet banking wasn’t even a twinkle in the eye of Tim Berners-Lee, the Challengers DREAM of having an IT infrastructure to fall back on, or a data centre, or even a Call Centre. Mostly, they have an idea and a target market to go after but they lack the systems and services wherewithal to realise their ambitions. They often have to rely on a systems provider who gets them part of the way to their goal, but who lacks the Business Intelligence and Analytics component or the Business Processes support capability needed to create a comprehensive systems solution.

This means that Challengers have to partner with a number of other providers to realise their goal of an integrated, seamless IT and services offering to support their customer and product ambitions, mostly with a set of components which are not quite as integrated as they would like and where information exchange and a single customer view is far from seamless. In short, they tend to end up with a “legacy infrastructure of the future”, instead of a flexible, upgradeable solution that moves with the times and has built-in future-proofing – which is really how all such systems should be designed and implemented today.

So, the Challenger Banks might be nimble in terms of product development and responsive in terms of customer service but, in reality, their supporting IT solutions can sometimes be as much of a patchwork as an incumbent’s legacy infrastructure, although carefully concealed behind the veneer of a digital front end and a slick mobile app. Not so much a state-of-the-art solution, more of a dead parrot. That’s quite a challenge…

What are your views? Do you think the Challengers have it easy? Are they about to eat the incumbents’ lunch? Or are they faced with exactly the same infrastructure problems and integration issues as their bigger and older competitors? Please leave your comments below or contact me by email.

My blog was originally posted in Finextra on Wednesday 29 June to coincide with the press announcement of Sopra Steria as digital partner of choice for the new UK challenger bank “The Services Family”.

There’s no time like the present: how the FS industry can prepare for MiFID II

I faced a difficult decision last Bank Holiday Monday: file away a pile of personal documents I had been ignoring for many months, or spend the day out with friends. The filing looked like it would take a long time, and be complicated to untangle – but it would benefit me in the long-run. On the other hand, the opportunity to wind down and see old friends is precious. I’m sure many people faced similar decisions that weekend – the choice between doing the things they wanted to do, and the things they had to do.

MiFID II delay

How is this relevant to the Markets in Financial Instruments Directive, known as MiFID II? Many financial firms will be breathing a sigh of relief. On 28 April, European Union countries collectively supported a proposal for a one-year delay to the legislation. Whilst a delay has been on the cards for a while now, this is one step closer to formally delaying the legislation to 3 January 2018, rather than 2017, giving firms another year to postpone – or start making arrangements.

Under MiFID II, trading venues and investment firms operating in the EU will be required to submit a wide range of reference and transactional data on an even greater range of financial instruments to their regulatory bodies. All current and some new regulated firms and venues will need to forward information on trading that takes place within their company – equities, bonds and derivatives – and send transaction reports, commodity position reports, transparency reports, double volume cap reports and reference data, to their country’s regulator.

The full conditions that firms will have to comply with are yet to be finalised by ESMA. Many organisations may be tempted to wait until they have 100 per cent clarity on the requirements given the complexity of the Directive – and to leave that pile of filing to another day. The issue, however, is that there is still significant risk. If you are not compliant by the due date, you run the risk of fines, the inability to trade, and severe reputational damage. Given the delay to the implementation date, the Regulator is likely to be less tolerant of any non-compliance. There is a natural business tension between what you want to do, and what you have to do due to regulation.

Fail to plan, plan to fail

The answer is simple: fail to plan, plan to fail. My company, Sopra Steria, has provided solutions for financial services regulation for over 10 years – we’ve been involved with solutions for a wide range of regulatory compliance programmes (including IFRS9, BCBS239, Basel II and AIFMD), for both the UK regulator, the Financial Conduct Authority (FCA), and for regulated firms.

Our experience shows that preparation and partnering with the experts are essential. Both options are available right now, which is why the FCA has chosen us to deliver a new solution that will support them with MiFID II, and therefore ensure investment firms’ trading reporting activity remains compliant. The FCA will be receiving millions of transaction reports a day from January 2018. Our solution, the Regulatory Support Service (RSS), is capable of receiving and storing billions of transaction reports.  Its reporting warehouse facility will interrogate large amounts of data with the purpose of giving the FCA greater transparency, and therefore a larger breadth and scope of information on reported transactions, helping to ensure markets operate smoothly and reduce the risk of abuse.

Technology has come a long way over the past decade. The RSS platform has scalability and the ability to operate completely independently from existing architectures, hosted on Amazon Web Services Cloud.  From the outset we designed a shared platform model that will enable other organisations to be part of a system that sits right at the heart of MiFID II developments, as we continue to work closely with the FCA. The opportunities for reducing the cost of regulation are substantial: the high-speed data ingestion and processing capability can be adapted and scaled for other European regulators, and for regulated firms.

We see MiFID II as an opportunity for the FS industry – it is a catalyst for modernisation, rather than simply creating the next generation of legacy technology.

Time to take action

January 2018 may seem a while away, but in reality firms need to be compliant and ready by this date, leaving little time to prepare – and there is no time like the present when it comes to planning. It doesn’t need to be difficult, or put in the corner and ignored for months to come. The technology and services to help you prepare are available now, so it’s time to make a start to becoming compliant.

What are your views on this? Leave a reply below, or contact me by email.

How to avert a storm in your cloud

The closer IT expenditure is to the front line of genuine business need, the better the return on investment should be.  So the positives arising from the growth in shadow IT – spend on digital applications and services by business teams rather than the IT function – are huge.   Estimates suggest that shadow IT expenditure now accounts for over 30% of total spend and 55% of digital spend.  And a key driver of this growth is the increasing prevalence of cloud solutions which can be deployed by a business team with minimal support from IT.

But the full scale of benefits will only be realised if risks created by business owners’ unfamiliarity with technology solution governance and inefficiencies generated by distributed decision-making are identified and managed.  The traditional IT-led approach to solution governance, based on large ERP or CRM implementations, will not work for Shadow IT solutions – it is over-engineered for the rapid evolution demanded by business teams.  A new model is required – one that is business-led and balances the need of business functions for speed and flexibility with the assurance that IT teams can provide.

So what risks does business ownership of IT solutions create?  Operational risk increases in direct proportion to any gap between the knowledge managers need for effective supervision and the knowledge they actually have.  The increasing digital divide between senior managers and their younger, junior tech-savvy colleagues is one such example.  And as cloud offerings enable solutions to be deployed by functional teams without IT oversight, the need for digital understanding among senior managers is increasing.  Research by the Harvard Business Review Analytics Services concluded “Digital acumen is essential for business leaders in today’s hyper-competitive, technology enabled world. But most companies lack the knowledge and skills needed to succeed in the digital aspects of their business.”

With high risk activities – such as proprietary trading in investment banks – these knowledge gaps can be catastrophic.  But most cloud solution deployments will not come into this category.  A more relevant analogy can be found in the recent history of data and reporting solutions.  These are often owned and deployed by business functions – marketing, finance, risk, compliance, operations and HR – in which case multiple reporting solutions are typically being licensed when one would do, generating inefficiency and excess maintenance costs.

Alternatively the deployment may be centrally owned (by IT) with space in the enterprise data warehouse made available to different functions to do with as they would wish.  This typically results in multiple ungoverned cottage industries with no documentation of which marts are being used for what purpose and what would happen if they were removed (and probably multiple versions of the truth as well).

This is the type of trap that business-owned, cloud based applications will fall into if there is a lack of management understanding of how such solutions should be governed.  Governance has always created tension between business functions and IT teams, with the former seeing the controls IT teams introduce as being over-engineered and a brake on rapid progression.  In the absence of IT involvement, the risk – as we have seen with reporting and analytics solutions – is that such disciplines are ignored.

Obviously a balance is required.  With digital implementations, there need to be good enough levels of governance.  Our experience with delivering data management and reporting solutions over the past fifteen years has given us relevant insights into what this looks like.  As one client put it, ‘you provide enough governance to keep IT happy and not so much as to delay delivery’.

So with that in mind, herewith our primer for business leaders on good enough governance.

  1. Ownership

Every cloud solution should have an owner who maintains a business case for the solution’s continued use as part of their accountability to whoever the budget holder is.  Unlike traditional implementations where most of the investment is sunk up front, the rental model for cloud solutions requires a living business case with quantifiable improvements in KPIs the solution is delivering tracked against ongoing and forecast costs (including potential spikes).  Such an approach facilitates the solution being swapped out should a new one that will generate greater value become available.

  1. Monitoring

The business case requires the determination or inference of linkages between the operational metrics that the solution can impact and the strategic goals and financial objectives of the organisation.  These metrics and the hypothesised linkages need to be tracked so both the operational efficacy of the solution and its strategic relevance can be tracked.  Hence the second component is the creation of a dashboard to support the living business case.  The dashboard also needs to track compliance related metrics and cover change request progress.

  1. Responsibilities

Effective governance requires a sequence in solution deployment of requirement documentation, solution design, delivery, test, release and support, with the same process applying for subsequent changes requests.  In the traditional model, these activities are performed by different teams.  Cloud solutions typically follow a DevOps model whereby these activities are carried out in rapid sequence by a single business team.  Either way, all stages need to be completed so both processes for how changes will be managed and who will be responsible need to be defined.

  1. Oversight

The governance committee needs to have both business and IT representation – IT teams’ experience of solution design and demand management being particularly important to success.  The governance committee needs to meet on a regularly scheduled basis – monthly or quarterly – and focus on organisational (e.g. responsibilities), security and the commercial model (to avoid the risk of unbudgeted spikes in costs).

  1. Documentation

There are two facets to the knowledge that needs to be captured in documentation – explicit and tacit.  The former includes the business requirements the solution is meeting, process maps for the processes that the solution enables, and the underlying policies and procedures.  It should provide all the information required for someone new to operate the solution from scratch under normal conditions.  Tacit knowledge covers what to do in abnormal conditions, when problems arise and the process isn’t running smoothly – e.g. who to contact if an important feed is not available, fixes for when the solution doesn’t run as it should, answers to common questions about the outputs generated.  Tacit knowledge is typically captured as FAQs and answers.  The basic principle should be that a solution SME can’t progress to a new role unless all the necessary knowledge that their replacement will need has been codified and documented.

  1. Integration

Cloud solutions don’t stand in isolation.  Typically they require data inputs of some form and generate data outputs.  Where does this data come from, how is static data in the solution maintained, what happens with the outputs?   All integration points need to be included in the documentation.

  1. Compliance

Cloud solutions need to comply with the organisation’s security policies for access control and data protection.  Equally the organisation’s security policies need to evolve to reflect the new cloud-based world – relying on firewalls to lock data in a chamber with one door in and one door out is no longer feasible.  Cloud enables and encourages collaborative working practices and the inter-connectivity of system to system processes – data is moving all over the place  – and security policies need to evolve to reflect this new reality while still effectively mitigating risk.  And the more integrated a cloud solution is, the greater the risk that it opens a gate to other parts of the IT estate, hence controlling access or levels of access is critical.  Any data that resides in the solution also needs to be secured (e.g. via encryption or tokenisation) and where that data is hosted needs to comply with data protection legislation and organisational policy.

The rise of cloud requires IT teams to operate differently to how they have historically.  Control is no longer an option, collaboration will become the norm.  In turn, business owners of cloud solutions need to make the IT function their friend.  That will require compromises on both sides – less governance than IT are used to applying, more than business solution owners would like.  We believe that addressing the seven factors above will provide the ‘good-enough’ governance required to mitigate operational risk without inhibiting agility and slowing progress to a halt.

 

With thanks to my colleagues Manoj Bhatt, Mark Howard, Andrea Pesoli and Venkatesh Ramawamy for their contributions to this piece.

New kids on the blockchain

At Sopra Steria we often talk about a world ‘beyond digital’. This is so that we can help our clients to prepare themselves and their organisations for the challenges they are likely to face looking out three to five years into the future.

I shared some of the topics we have identified for a world beyond digital with an audience of digital and eCommerce professionals at a Thought Leaders of the North West event a couple of weeks ago. Our themes seemed to resonate with those in the room prompting plenty of discussion and debate.

One theme attracting a lot of interest was the ongoing challenge we face in the world of Information Security, where we see protection from attack being built into new products and services from the ground up rather than as an afterthought.

We also see an emerging era of unprecedented corporate responsiveness and agility as industry giants look to iterate their business models ‘on-the-fly’ in response to unforeseen threats and attacks in the way Sony Pictures did recently in immediately releasing ‘The Interview’ to digital channels and abandoning its plans for a full theatrical release.

Disintermediation is another concept having an immediate impact on the way we live, work and do business. Services such as Uber and AirB’n’B are already beginning to transform different aspects of the travel industry through their creative use of the crowd, the cloud and the semantic web.

In financial services we see the ‘blockchain’ threatening to disintermediate the traditional banking industry as Bitcoin continues to gain profile and transacting in such crypto-currencies nudges its way ever closer to the mainstream.

“whilst barriers to entry are very low, barriers to mass acceptance remain incredibly high”

It was in this field, at a second technology event I attended recently that I witnessed a tense debate between an established retail bank and an up-and-coming Bitcoin podcaster.

The bank, when talking about FinTech start-ups looking to establish themselves in the emerging global Bitcoin economy, outside of a traditionally regulated banking industry, suggested that “whilst barriers to entry are very low, barriers to mass acceptance remain incredibly high”, which is the kind of thing they used to say in the music industry in the 1990s.

Nevertheless, the power of the ‘blockchain’, the virtual ledger where the crowd validates transactions without the assistance of traditional banking infrastructure and regulation, may actually be found beyond Bitcoin trading, as new and emerging use cases emerge for this technology bring it further into many people’s lives.

One such service which could be leveraged by the blockchain may be that of personal data broking, where citizens take control of the value of their own personal data and begin to firmly negotiate with local and global organisations alike based on the value of their own data as derived from their own connections, online activity and their extended social graph.

Sopra Steria is working with some of the world’s most exciting start-ups in exploring these concepts, as these ‘new kids on the blockchain’ begin to collaborate with us and our clients as, together, we continue to play a vital role in the transformation of business for a world ‘beyond digital’.

We’d love to hear how you think ‘blockchain’ technology will transform our lives. Leave a reply below, contact me by email, tim.difford@soprasteria.com or on Twitter, @timdifford

Photo: used and modified under Creative Commons license thanks to BTCKeychain

Virtual robot workers and the impact on my pension plan

Sadly, I’ve reached the age where I am beginning to count how many years it is until I can start to draw my pension. Most days it’s a number far too close as I generally still love my job, although occasionally other days do have me dreaming that it was tomorrow.

My years of experience (!) in designing and running large back offices in the banking sector have seen me live through the centralisation of these back office functions, their subsequent outsourcing, followed by panicked in-sourcing when the wind or accountable exec changed, the drive towards off-shoring and, most recently, the delight of handling an 800-seat partial on-shoring project for a client.

For each one of those, the primary business case rationale was a step change reduction in the cost of the operating model, with CX being a nice to have secondary benefit when the business case needed a more politically acceptable feel to it!

What I couldn’t see was “what next” in the step change evolution of the back office.

That was held to be true until I reluctantly deputised for my boss at a meeting last year and was formally introduced to the world of virtual workforce robots, and an epiphany happened!

At its most simple level this is a piece of software that emulates the actions of a human in an operational process – once configured/trained, each virtual instance of an FTE is fully scalable, 100% trained, 100% accurate, and is available up to 100% of each 24 hour day.

Depending on your cost base and its location, these virtual wonders can also do the same volume of processing for as little as 1/9th of the cost of a human.

With our partners at Blue Prism, Sopra Steria has developed a Lean Robotic Automation (LPA) proposition, coalescing our deep capability in Lean process management and Blue Prism’s software wizardry.

We are still at a relatively early stage in deployment both internally and externally but watch this space – every commentator and analyst in the marketplace recognises virtual robots as playing a significant part in all our clients thinking within 12 months.

As for my pension plans, they’re on hold for a while – I’ve a target audience in the UK alone of around 8,000,000 jobs to try and automate!

What do you think about the role virtual robots will play in operational processes? Leave a reply below or contact me by email.

Mobile payments?

Oh no!” (I can hear you say) “Not another blog about mobile payments…” Well, yes… and no.

I’m probably as fed up as you are with a lot of the stuff that gets written about “mobile payments” – almost as fed up as I am with the nonsense that people write about “mobile wallets”, but that’s a whole different discussion.

Why am I fed up? Well, basically because many of the blog posts and articles and much of the commentary around mobile payments cast too wide a net and addresses products, solutions or developments that are way wide of the mark when compared against a proper expression of a mobile payment implementation. All of this noise helps to perpetuate the idea that anything which involves:

  1. a mobile phone, and
  2. a payment of some sort

automatically qualifies as a “mobile payment”.

So, if I take out my Samsung Galaxy S4 and use the Chrome browser to call up the Tesco Dotcom site, place an order for groceries to be delivered over the weekend and then pay for the goods by entering my credit card details, then that’s a mobile payment, right? Or if my friendly neighbourhood plumber fixes that annoying leak under the sink and he accepts my credit card payment (well, it was an emergency!) by using his iPhone connected to an iZettle card reader, I’ve just made a mobile payment, haven’t I?

Compare that to walking into your nearest Starbucks with your Starbucks Rewards app open on your iPhone and presenting the “Pay” barcode to the scanner at the till to buy a caramel macchiato and a chocolate muffin – see the difference? It’s not the best example of a mobile payment by a long way, but at least it’s heading in the right direction insofar as you haven’t had to supply any payment credentials at the point of interaction to effect the payment (as in the Tesco example above) and you haven’t had to provide your plastic card to complete the transaction (as in the payment to the emergency plumber). Instead, information related to a payment card – in this case, the Starbucks Rewards card linked to a pre-paid account has been transferred from your mobile phone to the point of sale terminal, and all you had to do was wave your iPhone screen in front of the scanner.

If you want to get technical about it, you had to open your iPhone, which requires a screen swipe and (hopefully) a passcode; then you had to look for and open the Starbucks app; then you had to click on the “Pay” button and then orient the iPhone screen in such a way that the barcode could be read by the awkwardly positioned laser scanner… But it was easy, wasn’t it? And you got a star for making the purchase with your Starbucks Rewards card (in your iPhone app). So maybe it wasn’t that easy and it could have been better designed to ensure a smoother, more convenient customer experience, but it’s still more like a “real” mobile payment than the other examples above, despite its sub-optimal implementation.

So, in my view, there are true mobile payment solutions and there are other implementations which are “mobile payments” in name only. But what makes a good mobile payment product, as far as I’m concerned? Well, there are a number of factors at play in building a fit for purpose solution in the mobile payments space, including security, functionality and ubiquity of acceptance, but most of them revolve around the customer and the customer’s experience of using the mobile payment solution. I talk about this aspect of mobile payments and what customers are looking for in a mobile payment product in my recent white paper on mobile payments as well as discussing what makes a mobile payment a mobile payment. Take a look at it: it might help you appreciate why I get fed up with some of the stuff that I read about “mobile payments”.

What do you think? Post a reply below, contact me by email at liam.lannon@soprasteria.com.