Ghost-written article for Geoff Love, Business Development, Storage Area Networks, Cisco Systems EMEA.
Published in Storage magazine, UK, August 2003.
Mention ‘storage’ to a non-IT person and you’ll inadvertently conjure up images of a garage, cobweb-ridden attic, or dusty, crate-filled museum basement. Even in business the image isn’t much better – a storeroom on the top floor, filled with little-used filing cabinets. Sadly the image of storage in IT terms hasn’t been that different until developments over recent years with the realisation that data (voice and video) is one of most valuable commodities within the business. Storage now plays a core role in protecting and managing the digital assets of an enterprise to ensure operational productivity. Storage Area Networks, ‘SANs’, in particular have helped to change the image of storage from that of the redundant cyber-filing cabinet into something more flexible, more dynamic, that can positively impact an organisation’s bottom-line. The much talked about Basel II Accord, which builds on original directives from 1998 and, whilst late in the game, brings a political stamp of approval to what many financial organisations were considering or already in the process of implementing anyway.
However, as Samuel Johnson once said, “Change does not come without inconvenience, even from worse to better”, and financial institutions falling under the scope of the Basel Accord now have a lot to think about. There is work to be done in terms of improving reporting mechanisms and public disclosure. Most of all, the introduction of operational risk as a part of the criteria on which organisations are assessed brings a host of new scenarios that not only need to be planned for, but also budgeted for.
Basel Brushes Up Legislation
The impact of the original Basel Committee on Banking Supervision was significant. In general, financial organisations were advised to put aside capital to counter two issues. Firstly, the adverse effects of changes in financial market prices, which included currencies, interest rates and liquidity amongst others. Secondly, under the umbrella of ‘credit risk’, the scenario where the value of a bank’s position is adversely affected by a change in the credit quality of a counter-party i.e. default, or by the bank being downgraded by a credit agency.
The new accord dwarfs the former one in terms of implications for day-to-day business. Senior IT staff will need to take a strategic view of risk management, aligning the business needs of the enterprise with the technologies required to enable adequate reporting, data collation, exceptions monitoring, and compliance reporting. From an IT perspective, the new regulatory environment will require a common risk methodology across the enterprise which, in turn, is based on common definitions and report formats. It includes ‘operational risk’, where a bank must literally brainstorm, anticipate, and allocate budget to contingencies against anything from a simple missed deadline that impacts revenue, to terrorism or an Act of God. The deadline for senior management to do this isn’t until 2006, but much of the IT-related work will need to be commenced before this year is out.
AXA Technology Services, for example, is already reaping the benefits of IP technology. During the summer of 2003 it began deploying Cisco SAN technology as part of a global consolidation of its ‘IT Competency Centres’. To give some sense of scale AXA has the challenge of storing information pertaining to the many insurance products and financial services it provides to over 50 million individuals and businesses around the world, totalling $65 billion in annual sales. Its business depends on the quality and security of this information, which no doubt it considered when choosing to move towards SAN.
Yet despite such complexities, this shift of information strategy has been relatively straightforward for AXA. It established a storage-over-IP infrastructure without incurring much incremental cost, because it already had an IP network in place. The beauty of IP is that in allowing voice, video and data all to run over a single network, the addition of SAN functionality was relatively uncomplicated.
As well as cost this is an important demonstration of how businesses can, in real terms, address the Basel II stipulations that information must be relayed to storage sites located beyond specified distances from organisations’ main sites. Moreover, it is noteworthy that this can be achieved without additional expense to a company’s existing IP or Fibre Channel networks. In fact, different such networks are no longer separate as Fibre Channel over IP (FCIP) can easily link Fibre Channel storage area networks (SAN).
Dealing With Operational Risk
Here storage, SANs and networking in general comes into its own. Delve into the detail of the Basel II Accord and the factors that financial organisations need to consider include failure of key vendors to fulfil contracts, data entry error, model or system mis-operation, hacking, lack of integration, utility or systems outage and, of course, natural catastrophe, vandalism, or terrorism. In short, those organisations already moving from a traditional ‘points of risk’ approach to one covering extended supply chains, viewing IT security in a non-compartmentalised manner, and planning safeguards will be ahead of the game. Little wonder then that almost 40 per cent of UK banks consider enterprise-wide, data warehouse development a high priority, and 20 per cent consider implementing an integrated collateral management system similarly urgent.
One of the likely impacts of Basel II will be a massive increase in data storage. While Basel is an affirmation of what financial organisations should, and have been doing anyway, it is shifting the focus away from hardware-based resilience and simple backup solutions to end-to-end IT architectures that are resilient to data corruption or loss. The nature of this vertical sector means that SANs are ideally suited to multiple enterprise environments, especially those that have multiple locations globally, need to integrate with other organisations, and have business-critical systems, some of which being customer facing. The security and reliability of the network becomes paramount as more business critical information is held electronically.
These are some of the reasons why Euronext.Liffe, the derivatives business of Euronext, used Cisco to network its London and Paris data centres, backing up information to each other – despite being 650 kilometres apart.
SANity Check for CEOs, CFOs and CIOs Alike
Financial organisations responding to Basel or their own objectives to contingency plan may well look outside their organisation for help.
Using focus groups to identify ‘hot’ issues which cause the most headaches for IT managers, Cisco found three main areas of concern: the sheer task of managing large, disparate islands of storage from multiple physical and virtual locations; dealing with the complexity of maintaining scheduled backups for multiple systems or preparing for unscheduled system outages; and the inability to share storage resources for utility. In addition, IT managers complained of a shortage of qualified professionals to manage storage, and went on to admit confusion over the choice of storage technology alternatives. Further pressure is being brought to bear as IT budgets are continually restricted, and the IT department is put under more scrutiny than ever before.
One common concern is that as Basel II comes to fruition, the financial services sector will have less time, little money, and in some cases insufficient expertise to cope in-house. Worse still, in some cases different teams manage networks and storage, which is against the flow of networking evolution. At the same time, IT industry opinion is that direct attached storage is on the way out, and that SANs trump them anyway in terms of lowered cost of ownership, increased return on investment, and the ability to provide CRM, ERP, or even the basic e-mail function.
Spice Up Your Organisation with Basel II
Basel will not create panic in the financial services sector. It is not a reason for stomachs to churn, nor a dictatorial directive coming from ‘bureaucrats in Europe’. In most cases it will enforce banks’ existing or intended risk management strategies, but it is also an opportunity. Following a methodology to ensure compliance with Basel will be surprisingly satisfying. Assessing the current capability of an organisation’s network and identifying the weak points is something that is probably already completed. It might also be advisable to plan for significant increases in data storage requirements, and for a redesign of data warehouse and associated security issues. Again, this is part of best practice that IT managers will probably want to do anyway. Compliance with Basel also allows organisations to standardise their networks onto single integrated IP infrastructures, using SANs to enable them to maximise network and information management.
Given these benefits, perhaps it’s no surprise the market for SAN-attached storage in 2005 is expected to exceed US$22 billion – three million terabytes of data. Total cost of ownership of a SAN is typically less than half that of a traditional direct-attached solution, and backup and recovery applications can be much easier managed in a SAN environment. Then consider the perils of downtime that Basel is designed to help financial organisations avoid. In the specialisation of financial brokerage, unplanned downtime can cost an organisation US$6.5 million per hour, not to mention damage to other important areas such as reputation and brand. Basel will offer financial organisations validity for their risk management process, a chance for in-house IT staff to improve their lot, and a reason for the IT industry to get excited about what used to be one of its least glamorous specialisations.
01 August 2003
22 July 2003
Thales e-Security Takes BACS to the Future
Case study written for Thales, UK, July 2003.
The key issue associated with making financial payments electronically is security, whether simple transactions between two parties via debit or credit card, or payment via the internet. ‘Skimming’ of consumers’ credit cards in restaurants and other retail outlets, misdirected payments via the internet, and fraud on a much grander scale are all issues that have hit the headlines this year alone. The responsibility for securing such payments, whatever the size, is a daunting task for any individual or organisation. Imagine then, undertaking to supply the security solution to the Bankers Automated Clearing System (BACS).
BACS is the organisation - owned by all the major UK clearing banks and building societies - that processes the majority of business-related electronic funds transfers in the UK. For example, every month businesses in the UK perform the payroll operations for their personnel, triggering thousands of money transfers as staff salaries are paid directly into their bank accounts. This is just part of what BACS does and by the end of the year, BACS will have processed more than 14,400,000,000 direct debit and direct credit payments on behalf of over 100,000 UK businesses.
With such an important system there is no margin for error, given that any difficulties could potentially affect all UK businesses. It is therefore great testimony to BACS that its payment delivery system, BACSTEL, has been almost 100 per cent reliable since its inception more than two decades ago. However, by early 2002, the BACS board had concluded that the BACSTEL infrastructure should be upgraded as the first stage of a comprehensive technology upgrade plan for all BACS systems. In 2002 BACS migrated BACSTEL’s infrastructure to run on internet protocol (IP), enabling BACS to offer a wider range of services to business users, as well as an improvement in existing services. These services would lead to cost savings for the UK businesses that used BACSTEL-IP, and with the flexibility of IP, would make it much quicker and easier to incorporate new payment services in the future.
However, BACSTEL-IP had to be secure, as the sheer quantity of payments and sums of money on the system made security critical. Further, the security solution had to fulfil a number of criteria in addition to simply authenticating UK businesses as they accessed the system. It had to be able to trace all the transactions made on the system if needed, and secondly for every transaction it needed to produce an audit trail. The size of the project also made it daunting – the solution had to be able to scale to a total of 500,000 users and up to 100 million payment items per day. Perhaps most complex of all, it would have to interoperate with 12 banks, operating seven different public key infrastructure (PKI) systems with five different smart card manufacturers. BACS called on Thales e-Security to help them secure the future of UK business electronic payments.
Thales e-Security’s implementation of the project was a true team effort. The Thales e-Security project team worked closely with the other vendors involved, as well as the BACS technical design and implementation teams, throughout the development cycle. This minimised the project risk, and ensured successful on-time delivery of the complete solution. BACS’ project security team had already recommended using smart cards to enable the solution. Once approved by the member banks and BACS senior management, the project was trialed with Royal Bank of Scotland for four months before being rolled out to all other member banks in the UK. Hardware and Thales software was installed around the UK by BACS approved solution suppliers.
In order to support the simultaneous connection to 12 banks required by BACSTEL-IP, Thales e-Security worked closely with BACS to develop the fourth generation of its digital signature messaging system, AssureTransaction. UK businesses wishing to organise payments via BACSTEL-IP from their office are issued the cryptographic smart card by their bank. That smart card is then used to digitally authenticate all payment instructions, tying them to the signer and ensuring that they cannot be accidentally or deliberately altered. Each bank was given the flexibility to select its own public key infrastructure (PKI) for the issuing of the digital certificates used on this card.
AssureTransaction ensures compatibility with all relevant PKI standards by verifying each transaction against the set of rules defined by the bank that issued the smart card being used to sign the transaction. It authenticates the smart card holder by generating a random number. The cardholder responds by signing the logon challenge using the smart card together with his or her secret PIN, a so-called two-factor authentication. AssureTransaction then cryptographically confirms the identity against the cardholder’s public key certificate, and validates this in real time with the issuing bank. Similarly, all payment requests and other transactions submitted to BACS are digitally signed by the user with his smart card and PIN, and verified in real time. AssureTransaction also digitally signs the reports sent by BACS to users, so that the user knows he or she can rely on the contents of the report.
Since all digital certificates used are verified in real time against the issuing bank, lost or stolen cards cannot be used to sign transactions, and changes in employee status are reflected in the system as soon as the bank is made aware of them. This substantially reduces the risk of fraud compared to the old system. Varying levels of security access are supported for different personnel working in the banks or businesses using the system.
After the system had been rolled out, BACS surveyed its member banks for their opinion on the new technology and its impact on their business. The results were very promising. Over 75 per cent of users expressed the intention to migrate to the new solution as soon as it was available to them. In the same survey, users rated the enhanced security of the new system the number one benefit to their business. Users particularly valued the ability to tightly define payment permissions for individuals in the business, allowing delegation of signing responsibility to specific cardholders within subsidiaries or departments whilst retaining full control at a corporate level. All in all, the feedback was so positive that BACS now intends to work again with Thales e-Security to develop and implement further service enhancements in the future.
The key issue associated with making financial payments electronically is security, whether simple transactions between two parties via debit or credit card, or payment via the internet. ‘Skimming’ of consumers’ credit cards in restaurants and other retail outlets, misdirected payments via the internet, and fraud on a much grander scale are all issues that have hit the headlines this year alone. The responsibility for securing such payments, whatever the size, is a daunting task for any individual or organisation. Imagine then, undertaking to supply the security solution to the Bankers Automated Clearing System (BACS).
BACS is the organisation - owned by all the major UK clearing banks and building societies - that processes the majority of business-related electronic funds transfers in the UK. For example, every month businesses in the UK perform the payroll operations for their personnel, triggering thousands of money transfers as staff salaries are paid directly into their bank accounts. This is just part of what BACS does and by the end of the year, BACS will have processed more than 14,400,000,000 direct debit and direct credit payments on behalf of over 100,000 UK businesses.
With such an important system there is no margin for error, given that any difficulties could potentially affect all UK businesses. It is therefore great testimony to BACS that its payment delivery system, BACSTEL, has been almost 100 per cent reliable since its inception more than two decades ago. However, by early 2002, the BACS board had concluded that the BACSTEL infrastructure should be upgraded as the first stage of a comprehensive technology upgrade plan for all BACS systems. In 2002 BACS migrated BACSTEL’s infrastructure to run on internet protocol (IP), enabling BACS to offer a wider range of services to business users, as well as an improvement in existing services. These services would lead to cost savings for the UK businesses that used BACSTEL-IP, and with the flexibility of IP, would make it much quicker and easier to incorporate new payment services in the future.
However, BACSTEL-IP had to be secure, as the sheer quantity of payments and sums of money on the system made security critical. Further, the security solution had to fulfil a number of criteria in addition to simply authenticating UK businesses as they accessed the system. It had to be able to trace all the transactions made on the system if needed, and secondly for every transaction it needed to produce an audit trail. The size of the project also made it daunting – the solution had to be able to scale to a total of 500,000 users and up to 100 million payment items per day. Perhaps most complex of all, it would have to interoperate with 12 banks, operating seven different public key infrastructure (PKI) systems with five different smart card manufacturers. BACS called on Thales e-Security to help them secure the future of UK business electronic payments.
Thales e-Security’s implementation of the project was a true team effort. The Thales e-Security project team worked closely with the other vendors involved, as well as the BACS technical design and implementation teams, throughout the development cycle. This minimised the project risk, and ensured successful on-time delivery of the complete solution. BACS’ project security team had already recommended using smart cards to enable the solution. Once approved by the member banks and BACS senior management, the project was trialed with Royal Bank of Scotland for four months before being rolled out to all other member banks in the UK. Hardware and Thales software was installed around the UK by BACS approved solution suppliers.
In order to support the simultaneous connection to 12 banks required by BACSTEL-IP, Thales e-Security worked closely with BACS to develop the fourth generation of its digital signature messaging system, AssureTransaction. UK businesses wishing to organise payments via BACSTEL-IP from their office are issued the cryptographic smart card by their bank. That smart card is then used to digitally authenticate all payment instructions, tying them to the signer and ensuring that they cannot be accidentally or deliberately altered. Each bank was given the flexibility to select its own public key infrastructure (PKI) for the issuing of the digital certificates used on this card.
AssureTransaction ensures compatibility with all relevant PKI standards by verifying each transaction against the set of rules defined by the bank that issued the smart card being used to sign the transaction. It authenticates the smart card holder by generating a random number. The cardholder responds by signing the logon challenge using the smart card together with his or her secret PIN, a so-called two-factor authentication. AssureTransaction then cryptographically confirms the identity against the cardholder’s public key certificate, and validates this in real time with the issuing bank. Similarly, all payment requests and other transactions submitted to BACS are digitally signed by the user with his smart card and PIN, and verified in real time. AssureTransaction also digitally signs the reports sent by BACS to users, so that the user knows he or she can rely on the contents of the report.
Since all digital certificates used are verified in real time against the issuing bank, lost or stolen cards cannot be used to sign transactions, and changes in employee status are reflected in the system as soon as the bank is made aware of them. This substantially reduces the risk of fraud compared to the old system. Varying levels of security access are supported for different personnel working in the banks or businesses using the system.
After the system had been rolled out, BACS surveyed its member banks for their opinion on the new technology and its impact on their business. The results were very promising. Over 75 per cent of users expressed the intention to migrate to the new solution as soon as it was available to them. In the same survey, users rated the enhanced security of the new system the number one benefit to their business. Users particularly valued the ability to tightly define payment permissions for individuals in the business, allowing delegation of signing responsibility to specific cardholders within subsidiaries or departments whilst retaining full control at a corporate level. All in all, the feedback was so positive that BACS now intends to work again with Thales e-Security to develop and implement further service enhancements in the future.
Salmon Helps PRI Swim Upstream
PR case study written for Salmon, July 2003.
The founders of PRI, one of the latest start-up companies to enter the UK and European insurance market, needed to achieve the impossible. Not only did they need to secure £130 million in funding from investors before a tangible company even existed, they also planned to use a new insurance underwriting application that was more advanced than any other available in the market, and would shake up the way that underwriting business was conducted.
This underwriting application would allow PRI to gain a significant competitive advantage, and also underpin the business model PRI wrote to engender a favourable impression from two key audiences. The first audience would be the potential investors in the company, and the second the Financial Services Authority (FSA), who had the power to offer or decline PRI’s accreditation and thus would decide whether or not PRI could legally trade once it was up-and-running. Within one year of trading PRI was so successful that it was snapped up by Brit, one of the UK’s largest insurance organisations, giving all PRI shareholders a healthy profit and demonstrating that such a complex application could be written from scratch, installed, and used to deliver return on investment within eight months.
In Spring 2002, founders Andreas Loucaides (now CEO) and Peter Matson (now Chief Underwriting Director) developed a radical new business case for a new insurance company. They intended to outsource absolutely everything possible, leaving only the specialised skill sets of professional underwriters untouched. While on paper this was recognised as being the ideal model, it relied upon back office operation, which was an integral part of the infrastructure that contributed to the stability and credibility of the company. This would be critical when Loucaides et al presented to the various financial institutions to secure investment, and later had to apply to the FSA for accreditation. It also had an impact on which organisation PRI would choose to outsource to, because its reputation and brand values would be considered crucial factors in determining PRI’s likelihood of success.
The outsourcing brief was won by the Ins-sure Services operating company, part of Xchanging, a business process outsourcing (BPO) organisation. Ins-sure accepted that everything including PRI’s office premises, furniture, fittings, and IT infrastructure would be outsourced to them. In turn, Xchanging put out to competitive tender the building of the underwriting application that was to be a crucial element in the overall integrated insurance system that Xchanging was offering to PRI. With its proven track record of delivering complex projects on time and to budget, Xchanging chose Salmon, a systems integration organisation, to build the underwriting application. Louciades explains, “By this time the investors also had a say in which organisation was chosen. They agreed that Salmon would be the right company to go with in addition to being more cost-effective than a previous company we had approached, but which was unable to deliver the required guarantees for service. The pressure was on, because PRI still had to be operational and trading no later than 1st September 2002, so we chose to use a temporary solution until January 2003 to allow Salmon enough time to deliver exactly what we needed. From the outset Salmon was very honest and transparent about delivering on time and to budget, which was important for us.”
Salmon’s work was to be the cornerstone to Xchanging’s outsourcing deal with PRI. Every insurance company has to have an insurance underwriting operational system that is relevant to all markets the company operates in, and compatible with the other applications. “It was critical that the application Salmon designed would enable us to deliver services to the standard we intended, given our revenue projections in the business case,” explains Louciades. “For example, without Salmon, debit notes and broker notes would have to be produced in another way, which adds time and administration into the underwriters’ day-to-day processes. The underwriting application would have an impact on every part of our business. This is why our investors had also expressed concerns that in the past, other insurance companies had underestimated the importance of this part of the business to the extent that it developed into a serious weakness over time.”
Within just nine months, Salmon delivered the underwriting application on time and to budget. Among the most significant hurdles that Salmon had to overcome was defining the application brief. Simon Ball, Salmon’s commercial director, explains: “Louciades is a visionary who intended PRI’s way of working to have beneficial long-term impact on underwriting in the UK. However, because the underwriting status quo hadn’t been challenged in years, PRI was more able to describe the shortcomings of the current system than the ideal new system. As a result, the application brief was defined over a longer period and almost by a process of elimination, during which we realised the work we were doing was going to be perceived as controversial by the insurance industry. Underwriters would be held more accountable for the work they did, and our application would record all the complex detail of every underwriting contract, to prevent issues caused by claims made by PRI’s clients in the future.”
This was also to be part of the challenge for Louciades. “The brief we gave Salmon meant they would come up with an application unlike any other,” he says. “Furthermore, it required slightly more of the individual underwriter’s time to use it, because it encouraged the recording of as much data as possible. We wanted to be able to maintain business continuity over decades regardless of which underwriters dealt with a particular contract in the future. Additionally we could see that the FSA and issues such as corporate social responsibility were going to play a role in shaping the insurance industry sooner rather than later. That said, user buy-in of the application was essential because the data inputted would later be cross-referenced alone and with other business applications. This would end up as part of the overall information management that would help deliver PRI’s competitive advantage. The fact that all information was stored in soft copy was also going to save PRI thousands of pounds in physical storage space. The application just had to work, or the business case put to both the investors and the FSA would unravel.”
Salmon had to bear all this in mind while writing the application that broke the mould for underwriting systems. However, Salmon’s multi-sector experience gave it an objective stance that perfectly complemented PRI’s visionary aims. A prime example of this was Salmon’s ability to deliver a web-based architecture as opposed to the standard client server based applications that are prevalent throughout the insurance sector. While some insurance firms might have a GUI front end, Salmon was able to deliver an advanced Java based architecture which few SIs in the insurance sector have experience of implementing.
It was paramount that Salmon delivered on all its promises at the soonest opportunity. This included breaking insurance sector history by devising a way to link the application directly to PRI’s document repository i.e. document management system, delivered by Xchanging. This was part of the automation Salmon built into the business processes required by the application, to compensate for the fact that underwriters charged by time and could afford to spend fewer hours with smaller underwriting projects. At the same time it would make PRI as a business more accurate, more accountable and more dynamic by enabling appropriate levels of information recording and sharing.
Weekly liaison between Salmon, Xchanging and PRI enabled a better understanding of the needs of the business, and the delivery of a complex yet user-friendly application. Underwriters populated the system the first time they logged on with a unique user ID and password, ensuring that initial access of the system was staggered, thereby avoiding any potential bottlenecks in data retrieval. They have freedom to customise the style and format of their individual GUI, but are governed by rules set in the system that dictate which information each individual has access to. Each underwriter is allocated an ‘identifier’ that associates them with a particular client company or companies, enabling free navigation of all necessary information for that company but simultaneously prohibiting access into other client company information. The system also automatically enforces varying levels of security access, so that authority for particular actions or documents is escalated to the appropriate level of management hierarchy. Similarly, each underwriter can customise document production and automated quotations, but only within parameters set at company level to ensure all necessary rules and regulations are adhered to. The system either displays an appropriate error message, or automatically logs out any user attempting to exceed their authority.
Individual underwriting documents are developed from a PDF or Microsoft Word template that automatically specifies field content and business actions the underwriter needs to complete. Paragraphs of copy are saved in a central repository that can be accessed by underwriters from different parts of the business, preventing unnecessary duplication of information that, if left unchecked, would use a disproportionately large quantity of storage space. The copy is stored in rich-text format to make it as flexible as possible and, because it is held centrally, can be updated in line with changes in legislation that affect the UK insurance market.
Perhaps the part of the application delivered by Salmon that had the most impact is the quotation rules engine. This helps underwriters develop project quotations almost automatically, by inviting as many details as possible to be inputted by the underwriter, before applying XML-based rules to any given situation to form the quotation.
The application’s computer architecture is based on J2EE standards for web applications written in Java, and both the data and application run on Sun Solaris central application servers using Oracle web server software. The modular application framework means that PRI can have system components added or removed without the need for reworking, and new software can be deployed easily. Again, this ensures rapid reaction to new legislation. In all, Salmon delivered a revolutionary application within nine months from a standing start.
The founders of PRI, one of the latest start-up companies to enter the UK and European insurance market, needed to achieve the impossible. Not only did they need to secure £130 million in funding from investors before a tangible company even existed, they also planned to use a new insurance underwriting application that was more advanced than any other available in the market, and would shake up the way that underwriting business was conducted.
This underwriting application would allow PRI to gain a significant competitive advantage, and also underpin the business model PRI wrote to engender a favourable impression from two key audiences. The first audience would be the potential investors in the company, and the second the Financial Services Authority (FSA), who had the power to offer or decline PRI’s accreditation and thus would decide whether or not PRI could legally trade once it was up-and-running. Within one year of trading PRI was so successful that it was snapped up by Brit, one of the UK’s largest insurance organisations, giving all PRI shareholders a healthy profit and demonstrating that such a complex application could be written from scratch, installed, and used to deliver return on investment within eight months.
In Spring 2002, founders Andreas Loucaides (now CEO) and Peter Matson (now Chief Underwriting Director) developed a radical new business case for a new insurance company. They intended to outsource absolutely everything possible, leaving only the specialised skill sets of professional underwriters untouched. While on paper this was recognised as being the ideal model, it relied upon back office operation, which was an integral part of the infrastructure that contributed to the stability and credibility of the company. This would be critical when Loucaides et al presented to the various financial institutions to secure investment, and later had to apply to the FSA for accreditation. It also had an impact on which organisation PRI would choose to outsource to, because its reputation and brand values would be considered crucial factors in determining PRI’s likelihood of success.
The outsourcing brief was won by the Ins-sure Services operating company, part of Xchanging, a business process outsourcing (BPO) organisation. Ins-sure accepted that everything including PRI’s office premises, furniture, fittings, and IT infrastructure would be outsourced to them. In turn, Xchanging put out to competitive tender the building of the underwriting application that was to be a crucial element in the overall integrated insurance system that Xchanging was offering to PRI. With its proven track record of delivering complex projects on time and to budget, Xchanging chose Salmon, a systems integration organisation, to build the underwriting application. Louciades explains, “By this time the investors also had a say in which organisation was chosen. They agreed that Salmon would be the right company to go with in addition to being more cost-effective than a previous company we had approached, but which was unable to deliver the required guarantees for service. The pressure was on, because PRI still had to be operational and trading no later than 1st September 2002, so we chose to use a temporary solution until January 2003 to allow Salmon enough time to deliver exactly what we needed. From the outset Salmon was very honest and transparent about delivering on time and to budget, which was important for us.”
Salmon’s work was to be the cornerstone to Xchanging’s outsourcing deal with PRI. Every insurance company has to have an insurance underwriting operational system that is relevant to all markets the company operates in, and compatible with the other applications. “It was critical that the application Salmon designed would enable us to deliver services to the standard we intended, given our revenue projections in the business case,” explains Louciades. “For example, without Salmon, debit notes and broker notes would have to be produced in another way, which adds time and administration into the underwriters’ day-to-day processes. The underwriting application would have an impact on every part of our business. This is why our investors had also expressed concerns that in the past, other insurance companies had underestimated the importance of this part of the business to the extent that it developed into a serious weakness over time.”
Within just nine months, Salmon delivered the underwriting application on time and to budget. Among the most significant hurdles that Salmon had to overcome was defining the application brief. Simon Ball, Salmon’s commercial director, explains: “Louciades is a visionary who intended PRI’s way of working to have beneficial long-term impact on underwriting in the UK. However, because the underwriting status quo hadn’t been challenged in years, PRI was more able to describe the shortcomings of the current system than the ideal new system. As a result, the application brief was defined over a longer period and almost by a process of elimination, during which we realised the work we were doing was going to be perceived as controversial by the insurance industry. Underwriters would be held more accountable for the work they did, and our application would record all the complex detail of every underwriting contract, to prevent issues caused by claims made by PRI’s clients in the future.”
This was also to be part of the challenge for Louciades. “The brief we gave Salmon meant they would come up with an application unlike any other,” he says. “Furthermore, it required slightly more of the individual underwriter’s time to use it, because it encouraged the recording of as much data as possible. We wanted to be able to maintain business continuity over decades regardless of which underwriters dealt with a particular contract in the future. Additionally we could see that the FSA and issues such as corporate social responsibility were going to play a role in shaping the insurance industry sooner rather than later. That said, user buy-in of the application was essential because the data inputted would later be cross-referenced alone and with other business applications. This would end up as part of the overall information management that would help deliver PRI’s competitive advantage. The fact that all information was stored in soft copy was also going to save PRI thousands of pounds in physical storage space. The application just had to work, or the business case put to both the investors and the FSA would unravel.”
Salmon had to bear all this in mind while writing the application that broke the mould for underwriting systems. However, Salmon’s multi-sector experience gave it an objective stance that perfectly complemented PRI’s visionary aims. A prime example of this was Salmon’s ability to deliver a web-based architecture as opposed to the standard client server based applications that are prevalent throughout the insurance sector. While some insurance firms might have a GUI front end, Salmon was able to deliver an advanced Java based architecture which few SIs in the insurance sector have experience of implementing.
It was paramount that Salmon delivered on all its promises at the soonest opportunity. This included breaking insurance sector history by devising a way to link the application directly to PRI’s document repository i.e. document management system, delivered by Xchanging. This was part of the automation Salmon built into the business processes required by the application, to compensate for the fact that underwriters charged by time and could afford to spend fewer hours with smaller underwriting projects. At the same time it would make PRI as a business more accurate, more accountable and more dynamic by enabling appropriate levels of information recording and sharing.
Weekly liaison between Salmon, Xchanging and PRI enabled a better understanding of the needs of the business, and the delivery of a complex yet user-friendly application. Underwriters populated the system the first time they logged on with a unique user ID and password, ensuring that initial access of the system was staggered, thereby avoiding any potential bottlenecks in data retrieval. They have freedom to customise the style and format of their individual GUI, but are governed by rules set in the system that dictate which information each individual has access to. Each underwriter is allocated an ‘identifier’ that associates them with a particular client company or companies, enabling free navigation of all necessary information for that company but simultaneously prohibiting access into other client company information. The system also automatically enforces varying levels of security access, so that authority for particular actions or documents is escalated to the appropriate level of management hierarchy. Similarly, each underwriter can customise document production and automated quotations, but only within parameters set at company level to ensure all necessary rules and regulations are adhered to. The system either displays an appropriate error message, or automatically logs out any user attempting to exceed their authority.
Individual underwriting documents are developed from a PDF or Microsoft Word template that automatically specifies field content and business actions the underwriter needs to complete. Paragraphs of copy are saved in a central repository that can be accessed by underwriters from different parts of the business, preventing unnecessary duplication of information that, if left unchecked, would use a disproportionately large quantity of storage space. The copy is stored in rich-text format to make it as flexible as possible and, because it is held centrally, can be updated in line with changes in legislation that affect the UK insurance market.
Perhaps the part of the application delivered by Salmon that had the most impact is the quotation rules engine. This helps underwriters develop project quotations almost automatically, by inviting as many details as possible to be inputted by the underwriter, before applying XML-based rules to any given situation to form the quotation.
The application’s computer architecture is based on J2EE standards for web applications written in Java, and both the data and application run on Sun Solaris central application servers using Oracle web server software. The modular application framework means that PRI can have system components added or removed without the need for reworking, and new software can be deployed easily. Again, this ensures rapid reaction to new legislation. In all, Salmon delivered a revolutionary application within nine months from a standing start.
04 July 2003
This was a fantastic piece of coverage for R.I.M. in the International Herald-Tribune, courtesy of their travel columnist, Roger Collis.However, it could have been very different.
R.I.M. was determined to expand its media coverage for its first colour BlackBerry device in Europe from its home sectors and into more mainstream publications. I suggested travel writers as their work schedule made having a BlackBerry a genuine boon, but travel journalists in the UK are not the most tech-savvy of people and the client insisted on doing the deskside briefing themself.
The client at the time upset the journalist, and the device was not formatted correctly so the journalist's e-mail reception failed to work. The result was a clutch of spam in the journalist's inbox, an angry journalist who threatened to pan R.I.M. in his article, name the client personally, and state that R.I.M. caused spam.
It took a week of damage limitation and troubleshooting to get the device swapped and couriered to the journalist, but the eventual story received made the effort well worthwhile.
20 May 2003
Kieran Daly, editor, Air Transport Intelligence magazine and editor-in-chief, Reed Business Aerospace
Glyn,
Sorry not to have replied to your C&W farewell message. We're all sorry to see you go, it was actually quite enjoyable being on this end of some intelligent PR for a change - not exactly a routine experience to be frank.
I think you did a great job for SITA certainly. Quite a tricky account I would think, and certainly not an easy entity to cover from our point of view. You were really invaluable to us and Karl I'm sure in drawing the picture together.
Anyway, best of luck in the new place. It's a rare creature who leaves aviation for good, so I wouldn't be surprised to find our paths crossing one day.
Rgds.
Kieran
Sorry not to have replied to your C&W farewell message. We're all sorry to see you go, it was actually quite enjoyable being on this end of some intelligent PR for a change - not exactly a routine experience to be frank.
I think you did a great job for SITA certainly. Quite a tricky account I would think, and certainly not an easy entity to cover from our point of view. You were really invaluable to us and Karl I'm sure in drawing the picture together.
Anyway, best of luck in the new place. It's a rare creature who leaves aviation for good, so I wouldn't be surprised to find our paths crossing one day.
Rgds.
Kieran
10 November 2002
The Anatomy of the Switcher
Ghost-written article for Gunda Lapski, director of Utilities and Telecoms, J.D. Power and Associates Europe.
Published in Utility Week magazine, UK, November 2002.
Fortunately for UK utility suppliers, a public autopsy with a high media profile is not necessary to analyse who amongst the UK populous switches utility suppliers and why. J.D. Power and Associates is one of the leading companies specialising in the evaluation of customer satisfaction and has been in existence since 1968. Best known for its surveys in the automotive industry, for the last three years it has been analysing the utility industries in the UK.
And people do switch suppliers - in the latest survey of the UK domestic electricity industry covering interviews with over 4,500 customers, six per cent said they were “extremely” or “very likely” to switch from their current electricity supplier in the next 12 months. This figure varies considerably across the different supplier groups with some having a figure of potential switchers as high as 11 per cent, and some as low as three per cent. However, even the figure of three per cent is substantial when related to the customer base of the leading suppliers. When looking at the UK as a whole the same three per cent relates to a potential £24 million in revenue, with an average monthly bill of £29.58 and around 27 million households in the UK.
So, what is the profile of the switcher?
He or she spends slightly less per month than average, probably because price is one of the major reasons for moving suppliers. The switcher tends to have a slightly higher income than average and more pay their utility bills by direct debit than other methods (48 per cent vs. 40 per cent). There is a much higher penetration of owner-occupiers (75 per cent vs. 68 per cent) amongst the switchers and they are slightly younger than average.
A common feature across most of the different industries surveyed by J.D. Power and Associates is the fact that switchers are also more likely to be ‘techies’ in that they have higher computer ownership and are likely to be greater users of the internet. This is also reflected in the electricity survey: over half of switchers had a computer with 43 per cent having internet access at home, compared to 38 per cent for non-switchers. More switchers had visited the website of their electricity supplier (nine per cent) than those customers who had never switched had. This spells it out for the suppliers – use the internet or e-mail to communicate with these customers – it’s how they like to work.
Switchers are also more demanding and inquisitive – more have called customer service. Are they more likely to recommend their current supplier than those who have never switched – no, with less than half saying they would recommend their supplier compared to 61 per cent of the non-switchers.
Finally, are switchers more likely to switch again over the next 12 months than non-switchers? The answer is yes. Amongst customers who have never switched, five per cent said they were extremely or very likely to switch compared to eight per cent of switchers.
Moreover, as those switchers continue to move their satisfaction levels drop off as highlighted in the accompanying chart. So the message is to try and keep those new customers – they are in communication more than your existing customers so the opportunity is there to make them aware of the benefits of your services. This also may explode a few myths about poaching customers from other suppliers – the work is not finished when your newest customer joins. In fact, the honeymoon period of a new customer is likely to be their most critical time.
However more importantly make sure that your loyal customers are not ignored. A subsequent article by the writer will deal with the important facets of keeping your customers. Until then, the biggest clue would be that those suppliers who were ranked top in our survey were much better at communicating with their customers than those suppliers ranked at the bottom, especially if something goes wrong with supply.
Published in Utility Week magazine, UK, November 2002.
Fortunately for UK utility suppliers, a public autopsy with a high media profile is not necessary to analyse who amongst the UK populous switches utility suppliers and why. J.D. Power and Associates is one of the leading companies specialising in the evaluation of customer satisfaction and has been in existence since 1968. Best known for its surveys in the automotive industry, for the last three years it has been analysing the utility industries in the UK.
And people do switch suppliers - in the latest survey of the UK domestic electricity industry covering interviews with over 4,500 customers, six per cent said they were “extremely” or “very likely” to switch from their current electricity supplier in the next 12 months. This figure varies considerably across the different supplier groups with some having a figure of potential switchers as high as 11 per cent, and some as low as three per cent. However, even the figure of three per cent is substantial when related to the customer base of the leading suppliers. When looking at the UK as a whole the same three per cent relates to a potential £24 million in revenue, with an average monthly bill of £29.58 and around 27 million households in the UK.
So, what is the profile of the switcher?
He or she spends slightly less per month than average, probably because price is one of the major reasons for moving suppliers. The switcher tends to have a slightly higher income than average and more pay their utility bills by direct debit than other methods (48 per cent vs. 40 per cent). There is a much higher penetration of owner-occupiers (75 per cent vs. 68 per cent) amongst the switchers and they are slightly younger than average.
A common feature across most of the different industries surveyed by J.D. Power and Associates is the fact that switchers are also more likely to be ‘techies’ in that they have higher computer ownership and are likely to be greater users of the internet. This is also reflected in the electricity survey: over half of switchers had a computer with 43 per cent having internet access at home, compared to 38 per cent for non-switchers. More switchers had visited the website of their electricity supplier (nine per cent) than those customers who had never switched had. This spells it out for the suppliers – use the internet or e-mail to communicate with these customers – it’s how they like to work.
Switchers are also more demanding and inquisitive – more have called customer service. Are they more likely to recommend their current supplier than those who have never switched – no, with less than half saying they would recommend their supplier compared to 61 per cent of the non-switchers.
Finally, are switchers more likely to switch again over the next 12 months than non-switchers? The answer is yes. Amongst customers who have never switched, five per cent said they were extremely or very likely to switch compared to eight per cent of switchers.
Moreover, as those switchers continue to move their satisfaction levels drop off as highlighted in the accompanying chart. So the message is to try and keep those new customers – they are in communication more than your existing customers so the opportunity is there to make them aware of the benefits of your services. This also may explode a few myths about poaching customers from other suppliers – the work is not finished when your newest customer joins. In fact, the honeymoon period of a new customer is likely to be their most critical time.
However more importantly make sure that your loyal customers are not ignored. A subsequent article by the writer will deal with the important facets of keeping your customers. Until then, the biggest clue would be that those suppliers who were ranked top in our survey were much better at communicating with their customers than those suppliers ranked at the bottom, especially if something goes wrong with supply.
Subscribe to:
Posts (Atom)
About Me
- Glyn
- Toronto, Ontario, Canada
- PR, internal communications and branding pro currently freelancing as a consultant, writer, DJ, and whatever else comes my way.
Posts
