Wednesday, March 31, 2010

Once upon a time we called it 'collaboration'

There has been a big rise by the business process management (BPM) software vendors to get in on the 'social' game. As people become more comfortable with using Twitter and Facebook than they do Word and Excel, a new tag has appeared: Social BPM. My argument is that, once upon a time this was called 'collaboration' and the big software vendors (Documentum/EMC, Vignette, etc) did it.

Collaboration software was about helping teams of people, typically on projects or with a need to share information to get a job done, to set up 'collaboration spaces' or 'team rooms'. There was not a lot of process enforcement, because the workflow capabilities of the products were limited and the aim was to focus on ad-hoc collaboration of people, rather than strict process flows.

This lack of process management was probably a shortcoming, since companies grew able to share information online easily, but still struggled to put some structure around the work that was done. And maybe collaboration's demise was due to the name 'collaboration'. A guy I worked with at Vignette, Casey Conner wrote a book with Christine Lambden called the Consulting Stance. It contains many thoughts about how consultants communicate, and if I have remembered well, there is a story about how a consultant failed for a day to communicate with a team in Europe about the value of collaboration - a 'collaborator' still carries negative connotations for many Europeans brought up around the time of the World War II.

Even if collaboration software just died because its marketing showed limiting insight, and its technology missed the mark a little on what businesses really needed to improve the way they work. Social BPM is a land-grab by BPM vendors to help them reclaim some flexibility in their otherwise fixed, rigid product sets. Companies wanting to improve should also search for solutions offering other capabilities such as workflow management, and rapid process improvement when going out to look for solutions on Google. Social BPM has appeared on my website, but its not there to try and charge companies enterprise software prices for common 'social' software capabilities.

A post from the Improving It blog

Let us help you improve your business today. Visit

Tuesday, March 30, 2010

Banks - win a credit card dispute and lose brand integrity

Many of my discussions are about how financial institutions can improve their processes to serve customers better, improve their brand and reduce costs. It seems that during tough times, and when customers are at their lowest, banks are playing tough, and forgetting that all the improvements in processes are worthless if you kick a customer when he is down. Fraud cases, and unexplained transactions on credit or debit cards are one of these areas when a customer feels exposes and the actions of a bank can make a huge difference in whether the customer stays or goes. I talked about how business account holders in the US are suffering this at the moment. It seems that personal account holders in the UK are seeing nasty dispute resolution tactics being employed as well.

The Light Blue Touchpaper blog by Ross Anderson of Security Research, University of Cambridge, describes how his recent experiences show banks are pushing customers to the courts to resolve issues (a summary of the post is on the Finextra blog). In Ross's experience, the process used by banks to try and resolve dispute cases appears to be designed not from the point of view of efficiency or speed of processing, but in fact to put as many hurdles in the way of the customer as possible. The hope appears to be that the customer will eventually just back off, pay the charge, and the bank can save some money. As I've discussed in the past, one in five cases of customers suffering identity theft switches banks. I bet that significantly higher percentages switch banks when they feel their bank is trying to avoid its obligations to handle disputed transactions.

Ross walks us through his experiences with dispute resolution at NatWest bank in the UK, when several months in, the bank shows its true colors - effectively saying, 'we delayed you so long by only responding to one piece of correspondence per month, now you are out of time':

The following month they wrote back saying that “we are governed by MasterCard International, who are the governing body for credit card transactions” and had to abide by their rules, under which our complaint was now out of time. This is nonsense on stilts; my contract is with the bank, who may not debit my account without my mandate, and if the bank enters into a contract with MasterCard that prevents it from discharging its obligations to me then that’s the bank’s problem, not mine. The bank suggested i get legal advice, or go to the Citizens’ Advice Bureau, Local Trading Standards or the Financial Ombudsman Service. Now I documented the failings of the Ombudsman in an earlier post, so I decided to go straight to the heart of the matter and sue the bank in the small claims court.
The bank settled at once.
From the bank's perspective, they probably find that the majority of customers just roll over at this point. The processes, designed to be as efficiently ineffective as possible, just lead people to give in. As Ross goes on to say:
This may be entirely rational behaviour on the bank’s part. If it can fob off most complainants with tiresome call-centre procedures, or tell them they’re out of time, or pass them off on Citizen’s Advice, then it will only have to refund the minority who ignore this flummery and go to court. Even then, the bank only has to pay an extra £25 for the court fee.
I have experience similar delay tactics, admittedly several years ago, from a bank reporting an odd Visa transaction. Their handling of the situation was not much better, although eventually they had no option but to pay the fee since the receipt they produced did not have my signature, or (since this was while I was in a country that insisted you write ID or passport numbers on credit card slips) a passport number that even matched my nationality. It would have taken someone in the back-office less than two minutes to resolve the issue without ever getting me involved for months. They failed, and thoroughly annoyed me.

If you are brought in to look at the metrics for dispute resolution, I wonder if you just count the amount of cash paid out as a key performance indicator, or the number of customers that switch banks and subsequently flame your brand online due to their experience. And which costs more? For the financial institutions I have worked with, they claim the cost of customer acquisition is hundreds of dollars or pounds, so it is hard to see why you would work so hard to avoid paying a small disputed transaction. I would love to see evidence where a very different approach that tried to resolve issues effectively and rapidly could leave a customer that is happy with the professionalism, customer service and integrity of the bank. Anyone wish to share their positive experiences?

A well organized department of a bank will do what is necessary to raise their game to meet whatever targets they are set. If those targets incorrectly (in my opinion) exclusively aim to reduce dispute payments, rather than balancing that with customer service and brand integrity, it is no surprise that we will see more use of legal threats to get issues resolved. I am looking forward to seeing the UK newspapers (please save them for this reason alone) picking the worst corporate offenders to strip down in public, as they tend to do so well. Profits do not come from saved disputes -- they come from happy, profitable customers.

A post from the Improving It blog

Let us help you improve your business today. Visit

Monday, March 29, 2010

Reputation? What reputation?

In an online world, your reputation is based on feedback from many sources. A positive recommendation from a named contact on LinkedIn can be wiped out by a scathing attack by an anonymous commenter on a blog or Yelp, even though there is no way to substantiate the truth behind the words. The question from Michael Arrington on TechCrunch is whether we need to evolve to ignore the bad comments that we can do nothing about, since these anonymous sources of bitterness vented on the Web are only likely to become more common and pervasive.

As the article says, most normal people have skeletons in their closet (whether one person considers something a skeleton when another doesn't is part of the issue here), so if everybody's dirty laundry is aired online our common acceptance of being human and therefore imperfect is lowered to a level of reality and acceptance, rather than a more typical 'nose in the air' hypocrisy

So what will matter? Hard proof of being a bad person. Criminal records. Non-anonymous and clear statements of wrong doing that need to be addressed. Perhaps a picture of you actually committing a violent felony. That kind of thing.

But the nonsense we’re all worried about today? I just don’t think it will carry the same weight in a few years. Because if there are pictures of the person hiring you smoking pot in college online, and there are pictures of every other candidate smoking pot in college online, it just won’t be a big deal any more.

It sounds like its going to be a painful ride for anyone trying to defend a personal or corporate reputation. Your reputation needs to become more weighted towards your current actions and successes, than what you were doing half your life ago in college. We might even see political elections start to focus on candidate's abilities, rather than mudslinging around the realities of life. Although it has to be said that European politics and media has always been more forgiving of the occasional fling by a politician than the US system, especially if the story is more interesting than reality TV for a moment or two.

It seems that with the planned release of a new Yelp for people, that there may be no option but for us to accept that our reputations are going to be trashed and there is no point in fighting it:
And it’s about to get a lot worse. Next week a startup is launching that’s effectively Yelp for people (look for our coverage in a few days). If someone has something good or bad to say about you, they’ll be able to do it anonymously and with very little potential legal or social fallout.

But something tells me this new service, or some other one, might succeed where the others have failed. We’re primed and ready now and have lots of experience publishing all those random opinions about people and things on Twitter, Yelp and Facebook already. It’s time for a centralized, well organized place for anonymous mass defamation on the Internet. Scary? Yes. But it’s coming nonetheless.

The best defense? Offense! People and companies will need to leverage the power of social networks to ensure that they have built up enough good karma online, and keep it fresh and recent, to push the anonymous rants to the bottom of the Google searches. It won't go away, but keeping the bad stuff seemingly irrelevant in a mass of glowing, or even largely dull feedback, will become really important. And the good karma won't continue to come from paying PR agencies to generate more meaningless words about you: people and companies will need to actually do some good stuff for their communities and the world at large.

A post from the Improving It blog

Let us help you improve your business today. Visit

Thursday, March 25, 2010

From one viewpoint, the Cloud is everywhere

I had been drawing distinctions in my mind between the Cloud, SaaS, ASP, and VOIP. I had in some cases easily drawn lines between them, but in the case of Cloud and SaaS the distinction was vague although coalescing into flexible technical components on one side and prebuilt solutions on the other. Yesterday I attended an event called 'Mostly Sunny with Clouds Rolling In" at Caturano and Company, a large regional consulting firm based in Boston. Typical of New Englanders to find some way to talk about the weather, some might joke. Actually, they avoided the weather, but instead linked the Cloud to virtually every technical advance mankind has made since the industrial revolution (I'm not joking, we even considered the analogy of the spread of centralized electricity generation - Edison would probably claim the Cloud as his, if he could).

I don't follow the personalities behind the Cloud closely enough to know if there were any new or original ideas thrown out in the Caturano presentation, but I do know that the event left a few of the audience none the wiser what Cloud Computing really was, or how a consulting firm would capitalize on it. Why? To Caturano, the Cloud is everything: every end-user service that is delivered over the network. To hark back to the days of innovation at Sun Microsystems, long before Oracle even considered hardware might fit in their plans, 'the network is everything'. So, the Caturano presenters reeled off names, from CRM and sales automation with Salesforce, through marketing automation with Marketo and HubSpot, into online financial packages (Caturano has its roots as an accounting firm), onto Gmail, Google Apps and even Skype for voice and video conferencing. To Caturano, if its a service, and you don't have to install it 'on premise', its Cloud. It follows the words of Larry Ellison, from this quote I found on Wikipedia:
Larry Ellison has stated that cloud computing has been defined as "everything that we currently do" and that it will have no effect except to "change the wording on some of our ads"[85][86]
So, what about the Cloud as I thought I knew it? That technical, elastic, set of resources that can make the development and growth of applications and solutions easier and faster? There was a quick mention of the development platform, which was quickly lumped into an infrastructure as a service (IaaS) bucket alongside Rackspace. Basically, anything that wasn't prebuilt solutions ended up there. Although for me, interestingly absent was Amazon. The core capabilities that have made so many recent Web2.0 apps possible (or at least cost effective) wasn't mentioned. There is nothing prebuilt about Amazon EC2 I suppose - and storage is not interesting to a consulting firm. Even one of the presenters when discussing that if he was avoid buying in-house storage, would go and see if EMC had an online offering. I have no idea if they do, but to me Amazon was an obvious omission. Maybe there was a mandate to only talk about east coast firms wherever possible.

So, when targeted at business people who are looking for cost savings and flexibility, it seems that everything that is networked is Cloud. I need to start more broadly scattering the word around my website - its got to draw some more traffic, even if it is from confused developers everywhere looking for the next big thing to complement their new application development project.

In all seriousness, the Caturano event was probably pitched right for the financial guys that potentially attend other Caturano events, but I think that the Cloud title only did what my new website marketing would do: it drew a bunch of people with some interest in learning about the Cloud, and they left wondering what all the fuss was about, although after enjoying a glass of wine or two.

A post from the Improving It blog

Let us help you improve your business today. Visit

Wednesday, March 24, 2010

Need a bank account? Its yours

Yesterday the Times (UK) reported how there are leaked plans by the UK government to force banks to provide basic bank accounts to anybody that wants to open one. The Times article describes a basic bank account in this way:

Basic bank accounts allow individuals to pay in wages, benefits and a pension
and provide a cash card to withdraw money. The accounts are aimed at adults on a
low income or those with poor credit histories who would not otherwise be
approved for a standard bank account with credit facilities.

As I discussed in Banking the Unbanked, the UK is way ahead of even the most progressive US states when it comes to the availability and use of bank accounts to the poorest or most unfavorable (to the banks) customers. I referred to a figure from the UK Treasury indicating that 0.89 million individuals live in a household without access to a bank account, which equates to about 1.5% of the population. Since the aim of the proposed legislation is to provide access to banking to adults (not toddlers), my percentage calculation is probably significantly skewed. The Times article still states a very different number:

In 2003, the Government and the banking industry established the Financial
Inclusion Task Force
to improve access to banking facilities. Around 8 million
adults have basic bank accounts and between 2003 and 2007, the number of adults
without access to an account fell from 3.57 million to 1.75 million, according
to the British Bankers Association.

Whatever the numbers really are, legislation to include access to all adults with adequate identification, independent of financial background, have not been well accepted by the banking industry. Although many banks offer basic bank accounts, some still have restrictions around who may hold one. And commentators have said:

[...]that the increased costs associated with providing bank
accounts for all could lead to an end of free banking. Michelle Slade, of, the financial website, said: "Banks will inevitably face
higher costs if this legislation is passed, with the cost recovered through
standard banking customers. The change could be another nail in the coffin for
free banking, with banks looking to regain the additional cost potentially
through the introduction of monthly fees."

This is just resistance to change in my opinion, or a growing conservatism in the UK (although this is the Times, so the readership could never be described as left-wing). Quite frankly, the number of restrictions placed on basic bank accounts (you can put money in, only draw it through an ATM card, no check/cheque book, no overdraft, no interest), means that the costs to the banks seems to be outweighed by having a little more free money in the coffers.

If there ever was a low margin, low risk place to focus on improving business processes for maximum efficiency, the processes around these bank accounts have to be a good testing ground. As banking is gradually seen as a human right, along the lines of telephone, television and the Internet, oh and even health care (finally), the US banking system may need to start gearing up its lobbyists to prevent another terrible form of socialism seeping into US society (if you didn't hear the sarcasm in that, sorry - my inner-Brit escaped for a moment).

Or maybe the banks could spend the money they save on lobbyists and do the right thing for all banking customers, and "customers to be" -- fix the processes that cost so much per transaction that even pathetically basic bank accounts have to carry ridiculous charges.

A post from the Improving It blog

Let us help you improve your business today. Visit

Tuesday, March 23, 2010

Do we need Green IT?

'The problem is that too many "green" technology claims are just a bunch of hot CO2', according to Matthew McKenzie on the Enterprise Efficiency blog. "Green" is a source of incredible marketing opportunities, and the chance to sell complex concepts and technology, wrapped up in easily accessible feel-good language. As Matthew goes on to say,

It all looks great on paper, but it leaves CIOs hanging when it comes to one vital question: How will it really affect the bottom line?

That sounds heartless, but it's true. The sooner we face up to it, the sooner we can do the right things for the right reasons.

The article goes on to dig at virtualization, a much touted savior of the world's climate from the evils of too many servers burning too much electricity. The same could be said of almost any business change that switches off a bunch of unused computer equipment. Hey, why not persuade people to turn off their PCs and monitors at night before they go home? Wouldn't an office full of dozens of powered down, rather than swimming fish screensaver PCs have a big impact at very little cost? I can enforce it - just hear the silence and picture the darkness when I throw that big Frankenstein style power breaker off at 6pm on the dot.

The trend to cloud computing, or at least more centralization of applications actually helps outside the server room as well, if there is a focus on the whole IT infrastructure. Why do I need a quad-core C02 producing desktop PC, when a simple, small, Atom-based nettop (low powered mini desktop PC) consumes less than half the power when running, and requires far less raw materials to manufacture. The power of the processor, size of hard-drive and lack of a never-used DVD drive is largely irrelevant, when most of the work in web-based and cloud apps is done centrally.

When you add this to the bottom-line argument that Matthew makes, it seems that IT has been throwing money at wasteful servers and desktops for too long, as Dell, IBM and others continue their speed and features "arms-race". Cloud computing and software as a service (SaaS) solutions offer opportunities to companies to save money and energy not just in the server room, but across the whole IT infrastructure. Green IT does not have to go away quite yet, it just needs to be focused on where it makes the most difference.

A post from the Improving It blog

Let us help you improve your business today. Visit

Monday, March 22, 2010

Has BPM growth stalled with the service sector?

Over the last 20 years, the contribution of the service sector to the developed world's has been constantly growing, until around 2004. As these figures from EarthTrends, based on World Bank data shows, this growth in the contribution of services to the overall economy stopped growing around 2004 in both North America (76% of GDP) and Europe (71% of GDP).

This growth in percentage of GDP from services has demanded that companies in the service sector start to work better. As the available talent pool has become more fully consumed, and therefore more expensive, companies have looked to outsource or offshore their relocatable operations, to try and reduce costs and enable further growth.

The use of automation and more streamlined processes, although used by companies for their critical processes (the ones they would not want to push offshore), has not really seen the increased adoption that would be expected. Office-based workers are still trapped with productivity tools such as Word, Excel and Outlook, which are really anti-productivity tools for many but those really needing to be creative of communicate in an ad-hoc manner. Business process management (BPM) has seen a growth, though I expect nothing like the explosion Forrester forecast in 2008: $1.6B in 2006, growing to $6.3B by 2011 (source: Workflow Blog).

Why is this? Companies have focused their efforts on complex, critical, expensive, and probably poorly performing processes first. Nothing like jumping in with both feet when trying to get some experience in a new world of technology. This has left some companies with expensive investments in software that actually is a poor fit for virtually everything else they do. And BPM vendors have grown the market by constantly adding new components into the definition of the BPM Suite (BPMS), so customers feel they have to buy more stuff to do really the same thing.

I still firmly believe that it is time for an easier way to implement business processes, critical or not. Every new process should only take days, not months, to implement and should not require 10's or 100's thousands of dollars of software to do it. Once companies have experienced the 'fast and easy' approach, outsourcing and offshoring will not seem so appealing, and neither will complex software development style BPM projects.

A post from the Improving It blog

Let us help you improve your business today. Visit

Friday, March 19, 2010

My process is not Mickey Mouse, but it doesn't need IT

Code makes BPM solutions brittle. This is the phrase that seems to have got me the most feedback from my ebizQ article Process Improvement Doesn't Care What Language You Speak. That, and the description of the business analyst team as 'Las Chicas', by which I was relating the truth of how we referred to the team, rather than trying to indicate that the team was 'a bunch of girls'.

Dave French, on his blog Dave Thinking Aloud, added to these comments with a nice post Keep the coding out of BPM. The point he makes here is essential:
It would be nice to see BPM solutions architected with clear separation between presentation, data-handling, business decisions, rules and process flow logic. Coding is required somewhere along the way but we should all understand where and who is responsible for it.
In a phase 2 solution, code may become unavoidable, as a solution tries to blend in better with the environment and infrastructure of the organization. The approach of 'separation' that Dave mentions finally helps me get over the argument of the role of business and IT in BPM solutions.

One argument says, 'BPM should avoid burdening IT with business solutions'. The other side says, 'business people don't want the hassle of producing solutions, and it is careless to exclude IT'. Dave's comment, could be a great way to clear that up.

If a process improvement solution can be created, deployed, run and improved by a willing and able business team, IT should not have to get involved, and that benefits everyone. As soon as any type of coding becomes necessary, the 'systems' nature of a BPM solution reveals itself, and IT needs to be involved to think through and deal with the ramifications.

I'm sure many BPM practitioners would argue that a process improvement solution without code is probably Mickey Mouse. I'd suggest that almost any phase 1 process should be at that level, until the business understands better whether there is value in going beyond the mouse, or whether they risk getting a duck.

Too many process solutions bet big up front, with complex integration, coded rules, and fancy UIs - when the original problem remains that the process just needed a bit of rationalization and a way of delivering work faster. If the business team can't do that without ITs involvement, they picked the wrong tool to use.

A post from the Improving It blog

Let us help you improve your business today. Visit

Thursday, March 18, 2010

Process Improvement Doesn't Care What Language You Speak

I put pen to paper for an article published on ebizQ: Process Improvement Doesn't Care What Language You Speak: Lessons learned by a Boston-based Brit, implementing BPM in Mexico City.

Take a read and feel free to let me know your comments!

Wednesday, March 17, 2010

Anti-Money Laundering is not rocket science

As Wells Fargo's Wachovia Bank continues its negotiations with the Justice Department over allegations of money laundering three years ago, it makes me wonder why the bank's anti-money laundering (AML) controls were so weak. In general, there is no rocket science in the AML rules, so poor operation of the controls would appear to me to show a lack of interest in supporting the rules. In fact, many corporate compliance rules are not technically difficult to handle, once you get your head around them, so failures of AML or many control related regulations are a bad sign. The complexity in AML generally comes from the mass of requirements, rather than the complex nature of any one requirement:

According to a Bobsguide article, highlighting how Wells Fargo acquired responsibility through buying Wachovia in 2008 :

This predates the acquisition of the business by Wells Fargo at the end of 2008.

One of the bank’s units is believed to have processed money transfers from exchange houses in Mexico, thought to be from drug traffickers in the country
In a statement the bank said: “We look forward to resolving this issue, and are committed to maintaining compliant and effective anti-money-laundering policies and practices, and a strong compliance and risk management culture across the integrated organization.”

The failures suggest that Wachovia possibly suffered poor executive governance and lack of internal audit of its compliance program. Otherwise it seems unlikely that a high profile requirement would have just been allowed to fail so miserably. The rules, as I said previously, are not that difficult. Like all compliance programs, they require a recognition from the highest levels in the organization that they must be attended to, since the complexity with many of the rules is the drain on resources. Everything takes time:
  • Understanding the impact of new rules
  • Keeping up to date on changes to the rules
  • Implementing the controls and compliance program in general
  • Training & certifying employees on manual controls and some common-sense requirements
  • Testing and auditing controls and programs
  • Reporting performance
  • Remediation of issues
Yes, there is a lot to do, and this is not a different list from the requirements on any public company, exposed to Sarbanes Oxley regulation, or the raft of other locally governing financial authority's regulations. For this reason, Wachovia had no excuse not to comply, and it seems to be a sign that they were a failing organization that they chose not to.

A post from the Improving It blog

Let us help you improve your business today. Visit

Tuesday, March 16, 2010

My views on BPM in the wild: ebizQ podcast

I just recently recorded a podcast with Peter Schooff of ebizQ. We discussed my experiences of BPM in real projects, and where I see the BPM market heading in the future.

Download the MP3 directly from:

Thanks to Peter for taking the time to do this.

A post from the Improving It blog

Let us help you improve your business today. Visit

Discipline or Dogma?

In his new Forrester blog, Derek Miers talks about his entrance into Forrester and some of his focus for upcoming research. His interesting observation upfront is how companies need to build a 'Discipline' around BPM, especially once they transition from the first project and attempt to use BPM more broadly across the organization. Summarizing Derek's points (see his post for more detail):

And there are a great many challenges and domains to overcome as we build “The Discipline of BPM”:

  • Building organizational BPM Capabilities
  • Exploration of Methods & Tools
  • From Project To Program
  • Focusing On Customers

What we are seeing here, is that technology is not key to everything. Forrester may be moving away from the "functionality check the boxes" model to assessing BPM products, to more of a capability model. Will this mean that companies that can not only deliver a single project, but assist customers build a BPM practice, will be the next vendors at the top right hand corner of their analysis?

The problem I always see with BPM is that it becomes a universal tool, a Swiss Army Knife of business software. People using it often get caught in the trap of believing it is the only tool for the job, attempting to cut down trees with the fold-away saw, or insisting that the knife is the best thing for doing everything, from slicing bread to performing open-heart surgery.

Discipline involves pushing the technology to do what it does best, within the definition of what we know it does best. Not being dogmatic about its application to every little problem. Sometimes a checklist, a spreadsheet or an email are just better, leaving time for BPM to be applied where it really makes a difference.

A post from the Improving It blog

Let us help you improve your business today. Visit

Monday, March 15, 2010

Banking the unbanked

Image Source: Accredited Online
The banking system is not particularly popular with the common man or woman at the moment. Banking is seen as self-serving through the apparent desire to soak up rescue and recovery dollars by the billion, without doing what a majority of the population would like to see: drip feed some of that cash back to the people and small businesses that need it to survive. So when I read the WBJournal's story by Livia Gershon, about efforts to open the banking system to more low income people, I had to try hard to keep an open mind.

The western world is absolutely dependent on a healthy banking and financial services industry. The governments of the world outsourced (or maybe never really took control of) the infrastructure for handling money at the level of individuals, so the bail-outs that the banks benefited from are not surprising - without banks, we all suffer. The way that the bail-outs was sold to the taxpayers though does not fit what many are seeing in practice, with lending a flow of money as bad as ever. At the level of the unbanked (those who can not get a bank account or where it is financially impractical to do so), the problem is likely to seem irrelevant. If the banks don't appear to be handing out money, you probably don't care if you couldn't even get a bank account to put your money into.

According to the WBJournal story:

“We see people that are just still not using mainstream financial services, and they’re being taken advantage of in many ways,” he said.
In Massachusetts, 4.1 percent of households are unbanked and 11.4 percent are underbanked. Among households with incomes under $15,000, 24.8 percent are unbanked, and another 18.1 percent are underbanked. Nationally, 7.7 percent of all households are unbanked, and 17.9 percent are underbanked. The national numbers for households under $15,000 are 27.1 percent and 22.3 percent.

So, Massachusetts does better than the national average on persuading people that use of the mainstream system is better for them, but there are still huge numbers of people without access to those services. As a comparison, the United Kingdom, with a population of 61 million people shows 0.89 million individuals live in a household without access to a bank account. This equates to approximately 1.5%. This isn't about national competitiveness, just a number to help show that there is still room for improvement.

For banks to ever meet an acceptable level of social and local community responsibility in their provision of banking services to all there are several things that have to happen:
  1. Banks need flexible account opening procedures, to handle the less common cases, especially where an individual does not have a history of bank usage, or has unusual identity documentation
  2. In order to keep the costs to customers at close to zero, the efficiency of back office processes needs to be kept high, to keep transaction costs low
  3. A change in attitude may be required, to help banks see the new potential customers as a long term investment, rather than a burden they feel resentful of welcoming to their customer ranks
Quite frankly, #1 and #2 are easy to handle - with streamlined and well managed business processes that cut much of the waste and time-lags from a process, while ensuring the flexibility to handle complex cases. If a bank or credit union needs help understanding the opportunities here to help all customers, not just the unbanked, there are many resources on this blog that refer to business process management for account opening and financial transactions. Or feel free to contact me. Keeping costs down is not about cutting jobs; its about opening your available market to a broader set of people.

#3 is harder though. Attitudes can be changed in any business when appropriate information is made available. If it can be seen that in the long term, previously unbanked customers are responsible account users, and eventually become profitable borrowers through mortgages and loans, perhaps banks will be more likely to extend a welcoming hand. This is more likely to happen if banks have a full customer profile available, and can see that on average customers falling into this segment make decent business sense. Without information on the whole profile of a client, any business is likely to make rash decisions at an individual and group level.

I hope to see these numbers again in another twelve months and see the number of unbanked much lower.

A post from the Improving It blog
Let us help you improve your business today. Visit

Friday, March 12, 2010

33,823% of Goldman Sachs assets - legally hidden

Goldman Sachs held derivatives that totaled 25,284 percent of assets in 2008 and 33,823 percent as of June 2009 (source: FDIC SDI database). Why do these big numbers matter? They represent a form of dept that is invisible to the public, being held off balance sheet. Colin Henderson on the Bankwatch Blog seems has a real knack for turning information like this, which many of us would avoid, into something digestible, even if it leaves a sour taste on the way. This time around he has taken the FDIC SDI database and a Levy Economoics paper titled The Global Financial Crisis and the Shift to Shadow Banking and made it into a scary appetizer blog post.

What does this mean to those of us interested in technology and process? It suggests that for all the efforts by the regulators to enforce accurate accounting practices and liquidity of banks, the rules and regs from Sarbanes-Oxley, Gramm Leach Bliley, the SEC, FDIC etc, are virtually meaningless. As banks continue to show that they are following the letter of the law, with best practices processes and controls, preventing fraud and avoiding dubious money-laundering transactions, it seems that they are carefully hiding from their own systems a huge potential for financial ruin. According to Colin:
Incidentally when trying to understand derivatives, simply assume off balance sheet debt. There is all kind of rationale as to why that off balance sheet debt is not dollar for dollar, but the important point is that no-one argues that derivatives are worth zero. There is an intrinsic liability that frankly few bankers can explain to you, so you must begin with the face value of the liability, and banks are guilty until proven innocent on that one.
As an accountant, the notion of off balance sheet debt is a contradiction in terms. Is it a liability? If yes, it should be on the balance sheet.
So it would appear that the 33,823% was not actually actually worth that percentage in dollars of the assets of Golman Sachs. But unless each derivative is worth a penny on every face value of a dollar, its still one enormous amount of risk that is not open to investor scrutiny.

As an overhaul of bank regulation is considered more closely, and the experts wonder at whether Basel-II rules, ensuring banks hold enough liquid capital to cover their exposure, actually should, could or may help in the future, it seems that there is one big accounting lie going on. While the banks are allowed to hide liabilities, what hope is there that the processes and technology we put in place to ensure all the other fairly inconsequential transactions (I'm being facetious, yes I have heard of Barings and BCCI) don't lead to financial ruin. This is not something that is going away, as Bank of America and Citi now own more derivative exposure than in 2007, according to the FDIC numbers.

Technology, monitoring and process controls are only as good as the rules we put into them, and if those rules are explicitly told to ignore certain things, that seems to leave a very unappetizing can of worms.

A post from the Improving It blog

Let us help you improve your business today. Visit

Thursday, March 11, 2010

Do Your Employees Hate the IT Department?

We all know the joking, and sometimes snide comments about the IT department that come out around the water-cooler. Fredric Paul on the Enterprise Efficiency blog relates an interesting story that highlights how easily the CIO and the IT team can make themselves not only the butt of jokes, but truly disliked. Fredric's example is a light-hearted, but imagine the result if IT reacted the same way to a new process improvement solution proposed by a senior manager.

While around a collection of after conference IT bods, Fredric's relates his story:
What bugged me, though, was that no one -- not one person -- bothered to ask what the business benefit might be of using iPhones in the enterprise. It didn't even occur to them to think about the possible benefits of the device to the users or to the company, just about the hassles it might cause them!
But then came the kicker. Someone asked what they would do if the CEO of the company asked for one. There was a moment of silent consideration until one guy said caustically: "Tell him, 'Don't be a child.' "

It is true, unfortunately, that IT gets a tough job. There are not only the day to day hassles of nursing aging systems through another crisis, but the constant whining from stupid users that their laptop is not booting, or the VPN is slow. So add to that the need to add another device or worse still, enterprise application such as BPM to their support burden, and its no wonder that people in IT look and act sour.

Early in my consulting career, I was responsible for a large document management / workflow design and deployment. The CIO, stakeholders and the vendor's team were sitting around a conference table discussing why IT felt it was unable to stick to the project plan for deployment of the system, despite the fact that the plan had been out there for months and my team was doing the installations. A red mist came down, and I let-rip at the CIO and stakeholders. Something along the lines of me assigning responsibility for the project failing to "IT's constant stalling for time", or something equally ridiculous came out of my mouth. Fortunately for me, I did not burn through all the goodwill that had been built to that point, though it was a learning experience for me.

The fact is that IT has a tough job, juggling many things. As much as I was unprofessional for letting rip in a boardroom, I see that often the lack of communication from IT teams is equally 'difficult' for the business. We know your IT job is tough (but so is mine, so is the senior underwriter's, so is the job of the 150 people out there in the office), so give me some reasons why we can't support this system you are so vehemently opposing and maybe we can work out a solution. Let's put it in the cloud or use a SaaS vendor. The fact is that you are not making friends by rejecting every request for a new solution that will positively benefit the business. Help them understand what it will take for you to say 'yes', and not only will the business have something that makes their working lives better, they may even thank you for it!

A post from the Improving It blog

Let us help you improve your business today. Visit

Wednesday, March 10, 2010

BWBX readers - welcome!

Welcome to BWBX readers! Please take a moment to read my blog, and if you are interested in how process improvement could help your organization, jump over to the Consected website for more information. Oh, and one more thing - follow me on Twitter (@consected) too. I'm looking to build some better conversations into my use of Twitter.

Via Twitter: Consected LLC’s founder Phil Ayres (@consected) is today’s @BWBX featured user. View his Business Week Business Exchange profile at

Tuesday, March 09, 2010

Lean + BPM = no big surprise

As I have been working more with process improvement professionals that practice lean methodologies, I thought I would put down my thoughts on what 'lean' means to the office / services companies that are typically customers of business process management (BPM) tools. I'm sure for anyone involved in 'lean' already this will sound like a very rudimentary definition; for that I apologize. This is really an attempt to try and communicate the value of applying lean manufacturing techniques to BPM projects, for customers that have not yet delved into one or the other. To me it seems that the combination of lean and BPM is really nothing new.

Lean Production / Lean Manufacturing has been refined by manufacturing companies, building on decades of experience running ever more efficient production-lines. Without the constraints of a physical production-line, office and services businesses often struggle with improving their business processes, typically falling into the trap of deploying ever more complex enterprise software. The benefits of lean methodologies can be experienced by businesses without a huge software investment and lengthy implementation projects; of course, a solution is required to help guide work as it flows between the activities performed by different people in an end-to-end business process.

As some vendors start marketing the benefits of Lean Business Process Management (Lean-BPM), it is important to remember that the design of new and improved processes with BPM and workflow tools has always incorporated aspects of lean methodologies:

Remove waste from the process

  • convert manual delivery of paper documents to automated delivery of electronic work cases
  • prevent repetitive email of requests lacking appropriate information to template work requests guiding the entry of all information
  • handle manual allocation of work by supervisors to team members automatically, allowing supervisors to focus on delivering value as experts rather than task-masters
  • reduce the time-lag between activities especially for priority work, by instantaneous delivery of work to the next available person in the process, allowing a critical series of activities to be completed faster
  • remove the need for rework by implementing solutions that guide people to completing their tasks correctly first time, also improving quality of the work product and customer perception

Continuous improvement

  • provide the capability to measure the performance of processes with real business metrics
  • identify issues and areas of waste in a business process with easily reviewed information
  • allow business users and analysts to make changes to a process without burdening IT or requiring software development skills

Lean-BPM is a marketing term, not a standalone methodology. A company almost certainly needs software to help improve an office- or services-based business process. If you follow the advice of experienced lean practitioners you will avoid committing to over-complex BPM and enterprise software tools and their extensive software projects at the outset, until you have a better idea of whether they will offer real business value to your to-be processes.

A post from the Improving It blog

Let us help you improve your business today. Visit

Olympics, sport, human behavior and risk

It is hard to believe that the insurance industry could learn lessons from watching Winter Olympics sport, but I suppose that if you are tuned into evaluating risk, high speed sporting events in unpredictable conditions is better than many TV watching experiences.

The Risk Management Monitor blog posted Risk Management Lessons from the Olympics, the point of view of an actuary on how competition, peer pressure and human behavior drive risk taking or mitigation.

The three main points look at the scoring of events, the competitors and complex decisions made by judges, to highlight these lessons for the insurance industry:
  • the scoring system drives behavior
  • peer behavior can lead to excessive risk taking
  • we CAN develop a scientific system for making decisions using expert judgment
According to the contributor of the piece, Guy Mango:
Sports provide us with benchmarks, analogues and evidence to illuminate the way the human mind deals with risk and reward. Applying this understanding to the rationale for companies’ risk decisions demonstrates that some actions may not be in the companies’ best interests. They may be driven by pressures to “perform” and to “follow the pack.”
Guy's background is in insurance, though I'm sure the risk decisions he discusses could be applied to any risk management process in the corporate world. From a scoring side, business processes should guide user activites, though they should also incorporate the concept that individual incentives are major drivers for many people. Getting the recognition of 'gold' can really help some people work more productively or accurately, depending on what the scoring system of the process is. If a 'time per transaction' is the only scoring metric in a process, your 'quality of execution' is likely to drop significantly. A scoring system does not need highly complex optimization to generate the type of outcomes required, just visibility and reward.

A post from the Improving It blog

Let us help you improve your business today. Visit

Monday, March 08, 2010

Protecting online banking accounts - is there an app for that?

Losses from falsified online banking transactions tripled in the third quarter, and it seems that the banks have no way to stop them, reports Joseph Menn for the FT. At $120m, this is only about 17% of the total cost of identity fraud and bad checks / cheques, amounting to a total of $700m, although significant enough that you would believe banks would be working hard to stop the problem. The issue for businesses it seems is that many banks are not feeling much of the $120m cost, ensuring that the losses remain with the business account holders. Compensation is something the banks are avoiding, unlike the losses from fraudulent use of a credit card. While they continue to do so, the direct financial cost to banks may mean that they push off the problem for later.

It seems that a "trojan" named Zeus is being sold by hackers to criminal organizations who are wanting to use it to empty business bank accounts. Zeus makes it easy for online banking passwords to be recorded by the criminals, then used to transfer funds from the account through the standard, legitimate online banking system. The FT story claims that new versions of the trojan also allow criminals to bypass some of the additional physical security that banks are employing, such as tokens with rotating passkeys and SMS confirmation messages. If this really is the case, it is a worrying development, although I can't technically understand how the hack could do that unless these security systems are incredibly poorly implemented.

If the additional security measures that banks employ are being bypassed by hackers, it seems that banks may eventually have to act. If the losses start to approach those of other fraudulent transactions, and banks continue to push responsibility to the customers, the large base of small and mid-sized businesses may just mutiny finding a way to protect their money without feeding the coffers of the worst offending banks. How long will it be before we see a league table of banks and percentage of losses due to fraudulent transactions - at least with this type of information companies could pick the most reliable bank, reducing their risk.

When banks finally decide to act, and they find that they are unable to secure online accounts and transactions through a web-browser, some may just decide that it is time to develop full, installable, self-validating applications as the only access mechanism to online banking facilities. If "there is an app for that", the flexibility for accessing accounts from anywhere is lost, but it may be the only way security can be maintained.

A post from the Improving It blog

Let us help you improve your business today. Visit

Thursday, March 04, 2010

Business Exchange Featured User

Business Exchange Featured User

March 10th, 2010

Phil Ayres, owner of Consected will be the Business Week Business Exchange Featured User on March 10th, 2010. Check out my posts on BX by following me on Twitter @consected and @BWBX.

(Thanks for allowing me a little shameless self-promotion!)

A post from the Improving It blog

Let us help you improve your business today. Visit

Your digital wallet and the Open Identity Exchange (OIX)

The US government has put its weight behind a new framework for certifying online identity management providers, so that they can be trusted to assign individuals digital identities that can be used to access a range of websites and transfer personal information. According to Finextra:
Google, PayPal, Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton have announced the formation of the Open Identity Exchange (OIX), a non-profit organisation dedicated to building trust in the exchange of online identity credentials across public and private sectors.
Google, Paypal, and Equifax are the first three identity providers certified by OIX to issue digital identity credentials that will be accepted for privacy-protected registration and login at US government websites. Verizon is currently in the certification process and is expected to be completed shortly.
This sounds like a great step forward, when you could use a single login like your Gmail username and password to login to government websites that previously required separate registration, and then share with the website chosen information from your digital identity, for example your address, social security number, passport number, etc, with a single simple click. If you trust the company that holds your information to keep it secure and not misuse it, then this approach leads to far greater security than you as an individual going to a website and typing the data yet another time into a form, since the transfer of information is completely encrypted and transferred directly from the trusted organization holding it.

Unfortunately, the first use by the National Institutes of Health seems a little lightweight, compared to the eventual goal. The Finextra article goes on to say:
The National Institutes of Health (NIH) is the first government Website accepting these credentials, including OpenID and Information Card logins. Citizens can use open identity technologies to support a number of online services across Websites, including customised library searches, access to training resources, conference registration, and medical research wikis.
Really, they are just using one of the authentication providers to allow you to login, without the usual registration process: fill in your details, wait for the email, click the link to confirm it is you, login to the website. Many people will have seen a similar approach with Facebook Connect, which allows you to log in to a lot of sites you may never have used before. Admittedly, I probably wouldn't eventually trust Facebook with my social security number and credit card details, but that is where things are heading if you look at the amount of other information they have about people.

The power starts to show itself when we may eventually get access to more security concious government systems such as IRS tax payment, without having to register, wait for the letter to arrive in snail-mail, follow the instructions for completing registration. A pre-confirmed digital identity means that the IRS could already trust that I live where I say I live, and would not need to deliver me validation details by the US Postal Service to confirm it. I could use the system pretty much immediately after logging in.

What is worth extra investigation is how much thought from current financial services regulation, such as the supervisory controls from the SEC and NASD around validating a change of address, have been incorporated into the OIX framework. It is the controls such as these that will limit the ability for someone inside a trusted identity provider from changing your details temporarily without your knowledge, performing some dubious action elsewhere, then changing your details back to their original values, so you never know the difference. If that type of control is built into the framework, and the certification of vendors is transparent, why should I not trust these companies. Google knows more about me than I know about me anyway!

A post from the Improving It blog

Let us help you improve your business today. Visit

Wednesday, March 03, 2010

Massachusetts security and privacy law has teeth?

Following hot on the heals of the new HIPAA HITECH Act, the new Massachusetts regulation for data security and information privacy came into effect at the start of this month. It has seen lots of activity from the software security vendors, as it gives them another opportunity to scare the dollars out of corporate wallets. The full regulation is 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH

The document doesn't make a particularly exciting read, although it is not that hard to get through the barely 4 pages of content. The striking thing when reading the document is how familiar all this stuff sounds. Most likely drawing from several sources, such as California Senate Bill No. 1386 ("SB 1386") for protection of personal information and privacy, and PCI Data Security Standard (PCI DSS) produced by the credit card companies, Massachusetts has pulled together a regulation into one place that at least starts to give companies no excuse not to protect the personal information of customers, partners and employees.

In my non-professional opinion, this is likely to become another checklist that sits in the binder of compliance self-certifications that companies annually review and update. I don't see much that the CIO of a company that already prides itself on protecting customer information would worry about. A the same time, if you were already losing sleep over the fact that your infrastructure is shaky and insecure, that your employees are not trained in their compliance obligations, that you don't have all your security policy documents up to date, maybe it is time to beat the insomnia and do something about it.

A post from the Improving It blog

Let us help you improve your business today. Visit

Tuesday, March 02, 2010

AIG selling $50B units - integration struggles ahead?

As AIG plans to sell off two large units from its core, it makes me believe that there are interesting people-, process- and technology-times ahead for the companies acquiring them. As I talked about yesterday, insurance companies are used to the fact that they have different lines of business running different systems. According to Matt Buttell at Financial Services Technology, AIG's Asian life business goes to Prudential PLC, and hopefully next week American Life Insurance Co (ALICO) goes to MetLife. The interesting thing about these transactions is that both Prudential and MetLife have their own units running similar lines of business. Both Asia and ALICO are probably preparing themselves to struggle to become a core line of business inside the new mother-nest, rather than a book of customers used purely for revenue purposes.

The size of the sales ($35.5B for the Asian business and close to $15B) suggests that there is value in maintaining some semblance of individuality in the companies for now at least. But how long will it take before the new owner starts looking for efficiency gains from integrating the business units? At that point, having effective internal proceses and shared services already in place will achieve two things for the acquired company: the potential that its process and technology best-practices will appear better than the existing infrastructure; simpler integration with the parent could make it less painful for everybody.

The aim for the AIG outcasts (only outcast because they were more appealing than other parts of the business) may be to look good and play well with others. I know from having worked with businesses from both Asia and ALICO (especially ALICO Mexico and Chile), that Asia and ALICO both employ BPM process improvement technology to streamline underwriting and potentially other parts of the business. So does MetLife in some parts of its business that I'm aware of, so the approach for all involved will be to survey: what do we have, how good is it, and how easy will it be to integrate it into the whole?

Good luck to everybody involved in the upcoming rebirth of their organizations. The best-practices and efficiencies you can show now could determine your success in the long-term.

A post from the Improving It blog

Let us help you improve your business today. Visit

Monday, March 01, 2010

Don't force cultural check-out when building shared services

Shared services is a delivery model for business processes and information systems that has proven itself to be a great fit for insurance companies and many other organizations that have multiple lines of business and distributed offices. A shared services model can allow a company to better reuse information systems and expertise than when every group tries to fend for itself. And it provides a better feeling of control than completely outsourcing the operations to a third-party (I talked about outsourcing of claims operations in a Claims Magazine article in 2008, when gainfully employed elsewhere, but the arguments still stand independent of any company bias I might have accidentally shown).

If shared services has been employed by some of the most competitive insurers out there, what is stopping everyone else from following the model? There are a few reasons:
  1. Inconsistency of systems, such as policy management systems, accounting systems, etc
  2. Inconsistency of business processes across lines of business
  3. Perceived complexity due to cultural or licensing issues across national or state borders

First, let's understand why it is that some companies seem to have such a big problem around inconsistency of systems and processes, before we try to fix the problem. Many insurance companies and commercial organizations have grown their lines of business independently over the years, believing that the requirements of auto insurance (for example) are very different from those of professional liability. For others, lines of business have been incorporated into the company through acquisition, bringing the technology and processes from another organization. In both cases, there is no way around the integration of lines of business into a shared services model than accepting that a lot of things are going to have to change.

By identifying similarities, differences and best practices across the individual organizations, a company can at least start to get a feel for the level of effort involved. The migration of systems is always going to be painful, and must be managed closely. The change of business processes may not be easier, but in reality it can lead to a significant improvement in the way an organization runs, providing tangible benefits over and above the benefits of cost reductions from reuse. Process improvement alone may show huge benefits from an efficiency and productivity standpoint.

So, what about the issue of handling cultural and licensing issues - the differences in the way people expect to work, and the way that local regulators force them to work? In my experience, an analysis of the local requirements of the regulators leads to a fairly consistent set of requirements. Licensing of agents can be tracked to ensure they can work in different jurisdictions pretty easily. And the passing and storage of data across national boundaries can typically be handled if you aim for the highest level of security and privacy requirements of any one state.

In many cases, the biggest issue is probably cultural. The way people expect to work, and they that they believe they work most effectively is the hardest thing to change. Centralizing your systems and business processes will require sensitive, individual change management and buy-in from local executives. Changes to perceived cultural work practices can't be bought, integrated or analyzed, unlike the process and systems changes a company can enforce elsewhere. And a regional focus can truly provide some interesting insight into what could make a shared service work better, that you may not get from a parochial view of how to do things.

The lesson? Listen, communicate and respect everyone involved in the creation of a shared service capability. Otherwise you may see cost reductions in running systems and processes, and equal reductions in the income from some regions due to lack of engagement. Do it right, and the benefits could be better than you could have planned.

A post from the Improving It blog

Let us help you improve your business today. Visit