Nov

Importance of Vendor Ethics Management in IT – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Why is vendor ethics so important?

A large organization like a financial institutions, banks and brokerages spends millions of dollars on technology spends each year. It is important for the organization to go through a fair evaluation and buying process and engage with right kind of vendors who will provide solutions that fit the requirements and not otherwise. In this process it is important that the evaluation was not clouded by greed or any other kind of influence. Otherwise, wrong solutions may get procured and the company will face serious economic and legal implications.

What should a company do to ensure such fair evaluation?

First and foremost, the company must declare itself ethical and the senior management must practice ethical practices for its staff to witness and follow. Then, on the vendor front, it is important for companies to have a well documented ‘Vendor Ethics Policy’ in place. Vendors must be asked to read this policy and sign a declaration stating that they have understood the policy and will abide by it. Failure to sign this policy should automatically disqualify the vendor. Vendors must also train their staff who will be interfacing with the clients. This also needs to be propagated down the line in the client’s company to all managers who are involved in any procurement process. Special training must be given to anyone who is in the purchase department.

Generally, a company should formulate policies that are more stringent than mere compliance to local laws and customs. Only then such practices can be checked. Also, there should be zero tolerance for cases where conduct is doubtful.

How does the institution ensure that vendors are following law?

It is tough to ensure that the vendor is following all laws in his office but a lot of checks can be done to ensure that the mutual relationship follows the law. Everything must start by signing a formal contract and the vendor signing a declaration that the vendor ethics policy is well understood. Their PAN No, VAT Registration number and Service Tax registration numbers etc must be captured before any order is given to them. All applicable TDS must be deducted and deposited in time. In addition to this, there are several gray areas which you would want vendors to avoid when they are dealing with professionals of your company. For this again, you must ask for a declaration from the vendors that they are complying to laws relating to taxation, fair employment and other sensitive acts of the government. If you don’t do so, you are running a risk.

If you are a listed company, chances are your vendor will be privy to a lot of price sensitive information. Such information could easily be put to misuse. In this context, you must also ask them to sign a ‘No Insider Trading Policy’. This is of importance because the liability of any misconduct on the vendor side on this account can easily be held against you, resulting in huge liabilities. Hence you must be very careful.

Festivals are around the corner and a lot of gifts are exchanged. What are your views on it?

As a company, we don’t accept any gifts. We have a very strict policy. If a person, client or vendor tries to gift us something face to face, we thank them but return the gift. If it comes through courier, we repack it and send it back to the sender with thanks. Of course every company needs to have its own policies around this but as a general guidance, it is better to be conservative. The vendor policy document should expressly state that no offer, promise, kickback, favor, cash, entertainment or anything of value should be given to obtain favorable treatment from the company. Your company employees should similarly be prohibited from soliciting such favors from vendors. This restriction should extend to any family members of both, the vendor and the purchaser company. Also be aware that gifts come in many other forms. For example, a vacation can easily be masqueraded as a ‘site visit’ or ‘client visit’ where such site or client could be in a lucrative foreign land. A four day trip to this country could be scheduled with a single 2-3 hours of ‘client visit.’ Be vigilant when employees bring in requisitions to travel overseas, especially those that are sponsored by vendors. Government clients and those vendors dealing with government employees must be very careful of what their employees are doing. This is because government employees must be like Caesar’s wife – above reproach.

Could there be any concessions?

While we don’t accept any gifts, companies, depending upon the nature of their businesses could relax this policy. It could be acceptable as long as a gift is not intended to obtain favorable treatment from the company, and does not create the appearance of a bribe, kickback, payoff or irregular type of payment. After all, I think no one will believe that someone awarded a 50 Lakh contract to a vendor because the vendor gave him a T-Shirt.

It is also important that it doesn’t raise any potential conflicts of interest. For example, employees could accept a gift from a vendor as long as the total value of a gift does not exceed say Rs 2000 or so. The general yardstick is that a public disclosure of such gifts should not embarrass the company. Intangible gifts like entertainment, those involving travel etc must be approved by the company’s ethics committee. As a general rule, anything that is in gray area or beyond interpretation or comfort must be avoided.

What about conflict of interest?

This is the easiest trap vendors could lay and could become very difficult for companies to detect. For example if a CTO of a company is responsible for taking final purchase decisions and the vendor has employed his wife or kids at any position, it becomes very hard to decide in such situations because there is an unnatural pressure. Seeking active declaration from employees in such cases helps.

Coming specifically to IT Projects, why is vendor ethics important here?

When you are running a financial services business and you employ a vendor, it is extremely important to ensure that the vendor company practices high degree of ethics for several reasons –

Your entire data set is available to the vendor if he is visiting or working on site on your database. Imagine if someone runs a single query and takes away all the details of your clients in a single file
The mechanism in which he uses your data on applications provided by other vendors may put you into serious IP infringement and data security risk. Many a times vendors of a particular application try and connect to database of some other application without buying necessary APIs or without permission of the other vendor. This amounts to piracy and IPR infringement. In such cases, any legal risk is primarily faced by the institution. Even if you don’t face a legal suit, your data security and integrity both is at stake because one vendor may not completely understand the data and database structure of applications belonging to some other vendor
Sometimes if the contract is not water tight and futuristic, vendors play tricks. For example a client of ours had bought an application with customization rates agreed and included in the contract. But these rates were for a specific development language. Down the line the client needed some customization as an extension of the same application but in a web friendly language. The vendor charged almost twice the rates that was agreed on pretext of a ‘different language/ technology’ and need for ‘more specialized skill sets.

What other unfair business practices can the vendor adopt?

There could be some very minor things but unethical. For example, a ‘lucky dip’ may ‘win’ a senior executive a laptop as a prize making the executive have a positive feeling of gratitude in favor of the organizing company. Some vendors blatantly use their client’s logos on their website and marketing material without taking express written consent. Vendors also adopt other serious unfair practices like fixing prices with other competitors and rigging prices. Sometimes they discuss negotiated or contracted prices with other vendors making it difficult for the client institution to negotiate with them. Some even start lobbying for changes with exchanges, depositories etc taking client’s name and citing client’s needs without taking client’s approval expressly.

What other steps must the company take to take care of ethics and local laws?

Because any form of bribery is a punishable offence in most countries and regulatory agencies around the world, including the ED, U.S. Dept. of Justice, Securities Exchange Commission, and the U.K. Serious
Fraud Office, are aggressively enforcing anti-corruption laws, including matters related to bribery & failure of internal controls, inaccurate books and records, potential corrupt activities of vendors can come back and hurt the company and its officials seriously. To mitigate this, companies must adopt extensive practice of documentation and keep accurate business records. Contractual clauses must include retention of such records by both, the company and the vendor way beyond the period of time of engagement with each other.

Vendors should also be required to report to the client any issue that violates law, anti corruption policies and the company’s general guidelines. Once reported, the company must investigate in each such issue.

To sum up, the culture in the company must be beefed up to maintain the highest level of integrity in all business dealings and create an environment where employees and vendors can raise their concerns without fear of retaliation.

By admin Interview 0 Comments

Mobiles as a device of choice for Financial Markets – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Is it correct to assume that next generation of financial services technology reforms will be led by mobile phones in India?

Yes it is true. India is the second largest mobile user country in the world after China with 77.6 connections per 100 citizens. Mobiles are now at the centre of several technical advancements in consumer facing businesses. Its usage is far ahead of any other device like laptops or desktops. Messaging and other applications are changing people’s habits. They are now continuously hooked to their mobile phones. Habits are changing and vendors need to exploit these changes in habits. A popular retail fashion portal recently closed down its website citing far more use and purchases by users of its mobile apps than its website. They also noted that customer loyalty was far higher in case of mobile app users than website users. In financial services too, every bank and financial services offering company is coming out with its own app. Customers are now getting comfortable in making purchases and moving money through their mobiles. We see a day when payments will completely shift to mobile phones. All this indicates that the mobile will the preferred channel for financial services consumption.

Why do you believe mobile will play such an important role?

Mobile industry in India has seen a revolution. Penetration is deep and it is acting as an agent of social change. With 60% of Indians less than 35 years of age, and a whole lot of them subscribing on internet on mobile, the whole concept of service delivery will change. Mobiles are ubiquitous. Android devices are now available at less that USD 100. Few days ago Google also announced its intent to launch mobile phones for USD 50. This will empower youngsters and individuals living in rural areas like never before. Like other services, financial services industry offerings will need to get aligned to deliver services on mobile phones. Youngsters don’t like to visit branches or service centers. Brokers and Financial Institutions will have to push services to them and delivery through internet will gain a lot of significance. Aadhar can now have mobile numbers updated against them. This also opens up a lot of opportunities to deliver services through mobile phones. Similarly, mobile money will also drive financial inclusion. This will give a boost to capital markets because more individuals will now open trading accounts and will also subscribe to mutual funds.

What is the role of telecom companies in increasing the penetration for financial services on mobile?

Globally, innovation on this front has happened not only by banking and financial services companies but also by mobile operators pushing for such services through the mobile phone. Normally, experience of other similar countries like India have shown that the business case for banking and financial services companies to push financial services for the un banked on mobile phone is weak. They like providing additional services to their existing client base rather than helping to acquire new ones. Adding new unbanked clients through mobile financial services is an area lucrative for telecom companies. Hence both need to come together. Telecom companies need to take up from where banks leave. Then this market will see rapid expansion. In fact this is the reason why we see so much of interest of telecom companies in setting up payment banks.

Coming to capital markets, what is happening to internet based trading using computer and laptops?

With the screen size of mobiles increasing and that of laptops decreasing, software vendors have started taking mobiles and tablets very seriously. My observation is that people are not actively using laptops and desktop computers for trading and accessing their reports now. They are more hooked on to their mobiles and are sending orders from such hand held devices. This trend is only going to increase. Mobiles truly allow people to move. A laptop or desktop ties people down to their offices or homes. There are restrictions on trading and on accessing trading sites from office. In such cases mobile phones come in handy. These days’ people open their smart phone, watch the market and enter 2-3 orders in their lunchtime. Mobiles are adding a new category of traders who otherwise didn’t have the time or wherewithal to trade. Increase in trading volumes through mobile also endorses this. In some brokerages about 10% of the trading volumes are coming from mobile phones. On one of the exchanges, trading volumes from mobile went up from INR 1932 Cr in January 2014 to INR 3742 Cr in November 2014.

What about user interface and experience?

There was a time when mobile interfaces used to be very basic and speed was an issue. Now mobile devices have very rich and colorful user interface. Most of the mobiles today allow multitasking. Earlier, people were afraid that in case they take a position in the market and are unable to square it up due to poor connectivity, they will face a loss. But now on connection side, with 3G proliferating and 4G being launched, speed of connectivity is usually not an issue. I am convinced that mobile trading is the future. It will be used more than desktops and laptops. One of the challenges that the industry will need to meet is providing this same service over 2G networks because 3G services will not be available in hinterland and rural areas.

Is back office functionality also coming on mobile?

Yes traders and investors want to access their important reports like bills, margin details and pay-in, pay-out details on their phone. The need is not for all reports and communication but for important ones. The challenge for brokerages and vendors like us is to push relevant and important parameters to their mobile for consumption and quick decision making.

How is it helping in Risk Management?

A push and messages based communication reduces risks for the broker or financial institution. Banks actively send SMS to their clients for account debits and credits. Active communication ensures that the client is in loop at every step. When traders receive information, they can take decisive steps easily and quickly. For example if a trader faces an intraday margin call, he can be reached instantly on SMS regardless of wherever he is. This can result in margins being transferred immediately. Apart from helping the broker, it brings down the risk of overall market. It also helps the trader because he can then carry forward his position without his collaterals getting impacted. Active communication certainly reduces risks.

Can mobile also be leveraged in the KYC process?

Brokerages have started exploiting mobiles in account opening and meeting KYC requirements. They now report receipt of application forms, documentation requirements, deficiencies in documentation and final account opening status via SMS. The client is thus kept in loop at every step of account opening. This visibility lends comfort to the client and improves service. It also reduces fraud to a great extent.

These days depository participants also send SMS for shares credits/ debits and also for events like corporate action, IPO credits etc which otherwise wouldn’t come into investor’s attention normally. Mobile thus helps investors to be better informed and take quick decisions. They get empowered.

Contract notes and important communications are already being sent by e-mails now. Will that change?

Messages with attachment will continue to go by emails. However, Messaging is the future in mobile communication. At least for short information updates. In a few years from now, e-mails will become out of fashion and most communication will happen through messaging. Popular messaging apps like Whatsapp and FB messenger do not allow APIs for third party use else these platforms could have been used very effectively. Big service providers could have their own chat and messaging platforms which their clients can use.

Will security be a cause of worry?

Yes certainly. In fact in a survey conducted by a US based software company, 53% of the respondents cited security as a concern in accessing financial services over mobile. Telecom companies and financial services companies are taking active steps to improve this on a daily basis.

By admin Interview 0 Comments

Evolving Role of Technology in Compliance – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Why do we hear about compliance in financial markets so much these days?

Businesses are becoming increasingly complex. More businesses now have cross border operations than anytime earlier. People have become much more mobile and global travel has increased multi-fold which is good news. However, amidst growing business, what is also increasing its footprint is illegal activities like drug trade, terrorism, extortion and other related activities.

These activities use banking and financial markets as a channel to move their illegally gotten wealth. It is important for regulators to put a stop to these activities. The general belief amongst regulators is that if such people are cut off from formal banking and financial services channels, it will be very difficult for them to finance such operations. A lot of regulation is being put in this space to curb such activities and financial institutions are being asked to comply with them.

Another need comes from within the financial industry itself. The financial market meltdown of 2008 caused US government to push legislations like the Dodd-Frank Act for increasing transparency and customer protection that has global repercussions as far as compliance is concerned. Another act called FATCA was notified. FATCA stands for Foreign Account Tax Compliance Act, enacted in March 2010. The objective of this act is to detect and discourage tax evasion by US persons. Its aim is to ensure that persons from the US with financial assets outside the US pay US tax.

It is generally felt that there is a global tightening of regulation to restrict increase of nefarious activities. If one studies the provisions of FATCA, one will realize that never in history earlier has America promulgated an act with such wide reach. The Indian government is also taking active steps to make foreign banks reveal data on Indian depositors. The whole banking and financial arena will be much more transparent in 3-5 years from now as compared to what it was earlier.

How is technology helping this process?

Compliance as an activity is highly dependent on right technology. Technology is needed to extract trading, financial and stock holding, ownership and all other kinds of direct and indirect information from all investment, trading and holding data. In absence of technology, this information cannot be correctly analyzed, compiled and reported to tax authorities. Technology plays a very crucial role in detecting activities like AML, Insider trading, front running, cartelization etc. Such compliance starts with some very basic things like all client lists must be daily scrubbed against debarred entities list. It may happen that when a client is registered with an institution, he may be acceptable but later gets blacklisted. If such checks aren’t run routinely, the service provider may face compliance problem Similarly, trading systems must continuously scan for clients whose trading positions and strategies are not consistent with their risk profiles. Technology like Direct Market Access has solved the problem of front running. Insider trading continues to remain a menace.

A lot of compliance today is possible because technology supports such compliance. The whole process of electronic pay-in and pay-out has resulted in implementing a lot of controls like restricting money and fund transfer to 3^rd parties. Increased compliance has been possible because market infrastructure institutions like exchanges, brokerages, depositories and clearing corporations have adopted technology to a large extent in their day to day operations.

Business owners are normally involved with a lot of philanthropic and social service work. Do they need to be careful about compliance?

Compliance is for everyone, including business owners involved in philanthropic work. I know of few cases where business owners who were otherwise very strong in compliance in their own business, did not check if the organizations they were doing social service for were also high on compliance. They fell into trouble because the organizations they were associated with on honorary basis were lax on compliance. Such business owners learnt the hard way that they either need to force these organizations to comply or quit doing such work.

How can technology help companies in these days of Social media revolution?

Companies, especially those with retail client facing businesses where reputation is very important – like financial services and banking etc must be very careful about what is being posted on social media about them. Any comment has the potential to go viral these days. These days there is technology available to monitor electronically what your employees and general public at large is posting on social media. Some companies, mainly MNCs are putting technology in place that approves each post that a company’s employee posts on social media platforms like Facebook and Twitter to ensure that their employees are not reckless and that they don’t make any statement that is in deviation with the company’s policies or statements.

How is technology helping regulators?

One of the biggest beneficiaries of increased use of technology by businesses is regulator itself because it can now ask for information in ways it couldn’t ask for earlier. With better technology, now data can be extracted in multiple formats and can be analyzed in dimensions not possible earlier.

Governments worldwide are using technology to find breaches, non compliance and flagrant evil deeds of individuals and institutions. For example the US government set up a team to investigate if any group made windfall profits from the market crash after 9/11 incident of bringing down the World Trade Centre. The government wanted to find out if someone had advance information of such incident and had indulged in abnormal short sales. Such investigation involves scouring and data mining of unimaginable amounts of data. It can only be done by deploying right technology.

Risk from basic things like mailing has become a big issue. How do we ensure that we remain compliant to local laws and protect our intellectual property at the same time?

This is a challenge most corporations face today and the Chief Compliance Officer or CEO should be highly aware of the risks associated and take active steps to safeguard. Today, 90% of the data transferred from any company to the external world is in digital format. If one wrong email containing client data is sent to a wrong recipient, it could result in loss of millions in law suites and fines apart from reputation loss. To protect itself, the first thing that companies have to do is sensitize all its employees on the fall out of any such case. Employee – employer agreement must also cover adequate clauses to protect the employer from employee’s evil intentions and actions.

Compliance by itself is becoming as big as Admin or Legal department. Any observation?

Yes it’s true, especially in headquarters of large banks and conglomerates. JP Morgan had announced its intention to spend USD 4 billion and commit 5,000 employees for compliance. Similarly, HSBC expressed its intention to employ 3,000 more compliance officers after paying a USD 1.9 billion fine for AML violations. It is estimated that 70,000 finance jobs will be created in Europe alone to handle compliance related jobs. There are 3^rd party businesses coming up to help institutions comply with laws. Compliance is becoming an industry by itself.

What is the cost of non compliance?

Most laws have their financial penalties. For example, under section 13 of the Prevention of Money Laundering Act, 2002, there is fine for non maintenance of records that ranges from INR 10,000 to INR 100,000 per instance of non compliance. While the monetary cost of non compliance can be measured in terms of money, there are a lot of non monetary costs that cannot be measured. For example, for serious breaches under the PMLA section 4, one can get arrested with rigorous imprisonment not less than three years and can extend up to 10 years. Offender’s assets can be impounded and the business approval and licenses can be cancelled. Non compliance of FATCA has resulted in several billion USD of fines. Recently CSFB pleaded guilty and paid USD 2.6 billion as fine.

Cost of non compliance is too high to ignore and no one should take a chance. Only spending on technology itself will not help. Internal controls also need to be enhanced. Due to FATCA, American citizens with considerable assets are renouncing their citizenships and some Indian institutions are reluctant in opening accounts for NRIs fearing repercussion in case an individual declares as a NRI but is actually an American Citizen.

By admin Interview 0 Comments