Posted
By

The rise of cloud computing services and the privacy/security issues involved have been much discussed (see, for example, our prior blog posts here). But when customers procure cloud-based services, a critical “behind the scenes” issue is often overlooked: is the cloud provider itself relying on third party subcontractors to perform critical functions? When these subcontractors are added to the mix, things become a bit more complicated.

Cloud computing offers a wide variety of services:

  • IaaS: infrastructure as a service to replace a customer’s data center or testing environment;
Continue reading

Posted
By

Although reconciliation of the key terms has been a best practice for over-the-counter derivative trades for some time (particularly with collateralised trades), the scale of the reconciliation exercise imposed by forthcoming regulations in the EU and U.S. has caused many market participants to undertake a fundamental review of the systems and processes in place. For many, compliance can only be achieved by utilising a third party for provision of an appropriate technology platform or an end-to-end service. With imminent compliance deadlines and the late development of the requirements themselves, functionality has understandably been the focus of any sourcing process. However, from a supply chain and outsourcing perspective, a key challenge remains the manner in which the financial services-specific regulations are applied to this type of third-party arrangement.

The New Legislation

With the 1 July deadline for compliance with CFTC Rule 23.502 looming and the equivalent EU legislation (in the form of the Commission Delegated Regulation (EU) No. 149/2013) due to come into force on 15 September, OTC market participants are bracing themselves for major changes to the way they perform portfolio reconciliation in relation to non-cleared trades. In fact, it is looking increasingly likely that the deadline will have to be extended by around three months, to allow further time for compliance by the affected institutions.

Continue reading

Posted
By

As noted in our previous blog postings on the subject (Applications Outsourcing Pricing – Part 1 and Applications Outsourcing Pricing – Part 2), the most prevalent model for pricing applications outsourcing services involves the following components:

  1. a fixed monthly charge for applications maintenance and support;
  2. a fixed monthly charge for a baseline number of application enhancements hours (typically included as part of the fixed fee for applications support) with authorized incremental hours charged on a time and materials basis; and
Continue reading

Posted
By

You’re a CIO and a major software publisher proposes an “enterprise” or an “unlimited” license arrangement. Having made its way up the chain to your desk, you are told the deal looks promising. There can be pitfalls in any software deal. In “enterprise” or “unlimited” license arrangements the pitfalls can be devastating.

Asking yourself (and your staff) four basic questions may help you ferret out the risks and reduce your exposure to many of the big problems.

This is the first of four installments identifying and explaining each of these four questions. The first question is:

Continue reading

Posted
By

The details are not the details. They make the design.” – Charles Eames

Indiana vs. IBM

In 2006 Indiana awarded IBM a contract for more than $1 billion to modernize Indiana’s welfare case management system and manage and process the State of Indiana’s applications for food stamps, Medicaid and other welfare benefits for its residents. The program sought to increase efficiency and reduce fraud by moving to an automated case management process. After only 19 months into the relationship, while still in the transition period, it became clear to Indiana that the relationship was not going as planned. The expected levels of automation were not being realized. Instead, the program reverted back to a caseworker process, and performance was consistently slower than agreed to levels.

Continue reading

Posted
By

In Part 3 of “It’s 2013. Do You Know Where Your BYOD Policies Are?” we will address developing BYOD trends and best practices. Please check out Part 1 and 2 of this 3-part series addressing employee and employer concerns, respectively.

Recent Findings: Widespread Adoption, Lagging Management

Recent studies show that security practices and corporate policies are struggling to keep pace with the popularity of BYOD. As mentioned in Part 1, a recent Cisco study found that 90% of full-time American workers use their personal smartphones for work purposes. Surprisingly, widespread adoption is reported in industries handling highly sensitive and regulated data: banking at 83.3%, and healthcare at 88.6%.

Continue reading

Posted
By

Steve Farmer recently published an article in World Data Protection Report titled “Personal Data Transfers from the European Economic Area: Time to Consider Binding Corporate Rules 2.0.”

What exactly is the ‘”best” solution for an international business needing to handle and transfer personal data across borders?

This has become an increasingly important and common question as business becomes more global and companies grow, reorganise or merge.

Continue reading

Posted
By

In Part 2 of “It’s 2013. Do You Know Where Your BYOD Policies Are?” we will discuss employer BYOD concerns. Check out Part 1 to learn more about employee interests; Part 3 will present developing trends and suggest best practices for BYOD policy drafting and implementation.

The Employer’s Perspective on BYOD

While BYOD provides employees with enhanced user experience, their employers welcome BYOD for cost savings, increased productivity, and improved employee satisfaction. Yet, these benefits come with certain costs, primarily data security risk, as well as regulatory compliance risk.

Continue reading

Posted
By

Imagine you grab your phone only to find it locked, with all of your applications, pictures, and contacts permanently deleted. Imagine your employer’s IT department remote-wiped your phone because they mistakenly believed it was stolen. Better yet, imagine your Angry-Birds-obsessed child triggered an auto-wipe with too many failed password attempts (don’t laugh – it’s based on a true story!). Can your employer really do this to your phone?

Imagine instead that you are the CIO responsible for protecting sensitive corporate and third party information. How can you ensure information security when your employees carry sensitive data in their pocket everywhere they go, and let their friends and family play with these devices?

The use of user-selected personal mobile devices for work (often called “Bring Your Own Device” or “BYOD”) is undoubtedly delivering benefits for employers and employees alike. Yet, competing employee-employer interests and related risks must not be ignored. Remarkably, only 20.1% of companies surveyed globally have implemented signed BYOD policies according to a recent study (Ovum Research Shows U.S. Ahead of Other Countries in Asking Employees to Sign BYOD Agreements). This three-part series will outline competing interests and risks, and will suggest that the best way to manage these risks is through the drafting and enforcement of proper BYOD policies.

Continue reading

Posted
By

Many years ago, I walked through a client’s IT development organization where all the “Onshore” resources from the client’s ADM provider sat in a sea of cubicles. I was there to identify the causes of some issues that had been troubling the relationship and recommend solutions. Having reviewed the contract before the walkthrough, I wasn’t surprised to see a large supplier team present at the client. What did surprise me was how all of the “Onshore” resources appeared to be from the same offshore location where the supplier was based.

Prior to this encounter, my previous experience was that “Onshore” rates typically applied to the client’s former US-based, rebadged resources or other U.S. based employees assigned to the client’s account by the supplier. But something was different this time. It turned out to be my first introduction to “Landed” resources – foreign workers performing onsite work under short term visas.

Given the cost of transportation, visas and temporary living arrangements, I assumed that in order to compete with U.S. Based resources, the supplier must be paying a lot less for these resources. Otherwise, why would 100% of the resources be from offshore? When I asked about the salary cost differential, the supplier said that there wasn’t any and that “by law” they had to pay a prevailing comparable salary.

Continue reading