Driving Efficiency in Brokerage Operations & Technology – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Driving Efficiency in Brokerage Operations & Technology – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

What is a key challenge area today for brokerages and technology partners?

Capital markets have experienced a revolution driven by changes and improvement in technology and increased competition. Clients now have a variety of choice. Electronic trading, including the advent of algorithmic trading has dramatically increased trading volumes and liquidity. But the cost of access and intermediation has come down drastically, forcing brokerages to cut costs. Those that have caught the technology wave have become bigger and those who have not are struggling for survival. Whole financial industry is also facing the burden of increased cost of regulatory reporting and oversight which is only going to increase given the increasing spate of terrorism and money laundering activities that are happening. Buy side consolidation is forcing sell side to look beyond execution service and provide more value added services which again comes at a cost. Since costs are continuously increasing, brokerages are looking for ways to reduce cost and many a times technology spends becomes a casualty.

Is there any option other than cutting cost?

For brokerage business, no other market is as fragmented as India. In India, there are around 3000 brokers. This fragmentation leads to low business volumes and brokerages end up chasing the same customers. This in turn places the bargaining and pricing power in the hands of customers. Lower brokerage rates, low business volumes and falling market create an environment of low brokerage earning. In such a scenario, brokerages resort to cost cutting to remain afloat. Current level of expenditure is only measured against revenues generated. However, brokerages have realized that the percentage of income is not going to increase with increase in turnover. There has to be new strategies to increase profitability. However, brokerages must also realize that there is only a limit to which costs can be cut. After that, it becomes very difficult to manage operations and customers start feeling the pinch by receiving poor service. Brokerages must look very hard on the way they are running their operation and must look for means to increase their efficiency to run their operations better and provide better service to their customers rather than cutting on levels of service.

Lot more investment is needed in innovative ideas, both from brokerages and from their technology vendors to improve this situation. Innovation will push the fixed costs down and that will help brokerages make money and this will not come at the cost of efficiency and processes.

How do you think brokerage technology will evolve in future?

There will be more efficient applications that will improve the brokerages’ operations on the back of better client insight.

If cars can be driven unattended, why can’t brokerage operations be run unattended? In any case, this (brokerage operations) area used to be very person intensive. Now the need of people is lot lesser. I foresee further automation and innovation to make this area person less. Brokerages must be presented with ‘out of the box’ solution and not a ‘black box’ solution. Solution must be such that brokerages must configure it once and then the solution should be in a position to take over the entire operations. This can only happen when solutions are intelligent, there is less customization requirement and there is increased standardization in processes.

To draw a parallel example, I would like to cite the example of firewall technology in companies. Earlier this technology by delivered by different devices and expertise put together. For example, to deliver enterprise security devices like switch, firewall, routers, modems and network were various components that were involved. Now, there is just one appliance needed which is simply plug and play.

Similarly in brokerage, one application must cater from CRM to post trade compliance. I call it ‘brokerage in a box’. It is not that innovation is not happening but it is happening in bits and pieces.

We have for example created a simple solution for brokerages that run several branches and have problems in account opening. Traditionally, these branches send the filled form along with all the documents to the head office or processing centre where the account opening team entered the data and checked all the documents. If everything was found to be in order then the account was opened. However, this approach has several problems. First, there was a lot of load with the account opening team. There was operational risk of error because of this load. Many a time accounts opening got delayed because there was lot of to and fro happening between the respective branch and account opening team. We created a solution using which branches and franchisees themselves do the data entry that get uploaded in the application used by the account opening team. All validations are built at source which means the concerned branch or franchisee sending the account knows about any data deficiency upfront and now directly takes ownership of it. This reduces the work of account opening team considerably. Very different approach is needed from here onwards and a lot of onus for this is on technology vendors.

Microsoft is setting up a data centre under the sea in a project named Natick. Their argument is that when data centres consume so much of electricity for air conditioning, can something disruptive be done to save on this cost. They also argue that since world’s 50% population lives near the shores, there will be less latency by deploying data centres off the coast than deep inside land. That time will also not be far when these data centres will be completely powered by renewable energy generated from sea itself, maybe from wind, wave, tide or currents. The project began with one person seeding the idea at Microsoft. This is classic example of disruptive innovation and this kind of approach is needed even in financial markets.

What do you think of current pace of innovation in the back office space?

Back offices have remained more or less similar in the last fifteen odd years. The only thing that changed is features. There is no quantum jump. The last major shift that happened was perhaps these applications being developed on Windows platform from a DOS based platform. Subsequent to this, nothing much has changed in back offices.

Today brokerage start ups with lesser clients are doing better than traditional brokerages because they are utilizing technology better and managing to provide better satisfaction levels to their clients. Quality is scoring better than quantity. They are also looking at profitability closely and are not just focussing on revenues.

What do you think of vendor client relationship especially in the brokerage industry?

This relationship is very symbiotic and there are several examples where both, the client and the vendors have grown together. However, some brokerages try to squeeze their vendors on price and margin front. Brokerages must realize that this partnership is like a marriage. The marriage will survive only if both the partners survive. There is not point in just one of the partners surviving. Domain expertise for technology vendors comes from brokerages and they must both innovate together.

What are the risks in dealing with multiple vendors?

There are several technical risks like failure of interfacing, non compatible technologies etc. However, the biggest risks are non technical which we don’t even factor in. Like delay due to handshaking, extensive coordination and delays in project schedule because of multiple points of dependencies.

How do you think brokerages can increase their customer base and retail participation in India?

Retail participation is currently a very big problem. In the last one and a half decades, retail customers have burnt their fingers very badly. The issue is complex and involves analysis from various fronts. For example, returns have been inconsistent, volatility has been very high, 20-30% of small listed companies have vanished, IPOs have been priced very aggressively and have provided negative returns. All this has disappointed retail investors and have driven them away from equity markets. A very concerted effort is needed to bring them back. Their trust levels in the whole system will need to be increase. It is not a brokerage problem; it is a financial services industry problem. Luckily the regulators and exchanges are doing a very good job of investor protection.

What role can technology vendors like you play in this process?

As I mentioned it is an industry problem. Technology vendors are just one cog in the whole wheel although their role is important. Vendors can certainly create applications that are closer to clients needs and map their requirements better so that financial services firms can deliver better experience to these clients.

What is the future of intermediation especially for small players like sub brokers and franchisees?

Sub brokers and franchisees are again facing the heat. About 30% of sub brokers have closed shops in the last three years primarily because their risk reward ratio is much skewed. Their earnings are far lesser as compared to the risk they are bearing. One large client default pushes them out of business. Again technology and better risk management systems have a huge role to play so that these sub brokers can survive and remain in business.

What is the future of technology vendors catering to financial markets?

Just as financial services firms have seen disruptive times; it is now time for technology vendors to see disruptive times. Ubiquitous internet and 4G services are going to create a digital revolution in India. There will be unprecedented convergence of business, media, social media, internet and devices. Businesses will see a sea change. Those technology companies who ride this wave well and help their clients in this revolution will survive and even grow bigger while those that don’t evolve will perish. The changes coming up will be as disruptive as advent of internet itself.


Anti Money Laundering for Securities – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Anti Money Laundering for Securities – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft Private Limited

What is Anti Money Laundering?

Money Laundering (ML) is the act of converting illegitimate and ill gotten money like those sourced from smuggling, extortion, drugs and terrorism into legitimate money that evades suspicion and scrutiny. Money laundering typically involves three stages –

  1. Placement – introducing ill gotten money into banking/ securities system
  2. Layering – merging ill gotten money with legitimate money for all money to look legitimate &
  3. Integration – process of integrating both legitimate and illegitimate money into regular flow of money making the whole stream to look legitimate.

Anti Money Laundering (AML) is described as activities taken actively by financial institutions to detect money laundering and to prevent it.

AML in banks and financial institutions is quite some time old and enjoys very sophisticated practices for detection and prevention. However, AML in securities domain is pretty new and is still challenging.

Why is Anti Money Laundering Important?

AML is important to curb financing of illegal activities discussed earlier. It is necessary that ill gotten money be checked, forfeited and should not enter the main stream money flow disguised as legitimate money.

Who lays the guidelines for AML in India?

The legislative framework for AML was laid by the Prevention of Money Laundering Act, 2002, after which substantial progress has been made in increasing awareness and robustness of Anti Money Laundering guidelines. The Financial Action Task Force (FATF) which is an independent and inter-governmental body is responsible for setting standards in this area. In 2010, after a tough evaluation, India was admitted as the 34th member to the FATF. FEMA has spelt out clear AML obligations to be complied with. Both RBI and SEBI have issued necessary guidelines on the monitoring mechanism and obligations of institutions on Suspicious Transaction Reporting. It is now incumbent upon institutions and service providers to follow these guidelines in true letter and spirit.

Whose responsibility is it to monitor for AML activities?

Every financial organization is expected to study their clients and their transactions and file a ‘Suspicious Transaction Report’ (STR) to the country’s Financial Intelligence Unit (FIU). The FIU itself studies the transactions reported and if it finds anything suspicious, it reports the transaction and client to country’s law enforcement agencies.

How does AML in securities stack up with AML in banking or finance?

AML in securities industry is tricky because most jurisdictions and markets don’t accept cash for securities transactions, which is normally used traditionally in ML and terrorism funding activities. ML in securities is also very lucrative for launderers because not only does securities markets helps them launder money, it also helps them generate money. Systems and processes have to be robust and intelligent enough to capture such ML activities in securities space.

What is the scope of AML in securities? Is insurance also covered?

Generally AML in securities refers to AML in Wholesale Markets, Wealth Management, Investments funds and

processing, unregulated funds like Hedge Funds, Bearer Securities, Bills of Exchange etc. Depending on jurisdiction, trading in securities is not limited to securities dealers and brokers but also touches upon banking and insurance. Insurance may thus be covered under securities and an AML guideline covers it as well.

How does ML take place in Insurance?

Money launders use insurance policy and industry to convert their black money or cash into legitimate money. Popular methods in not so advanced countries include buying long term single premium plans using cash and then surrendering the policy in free lookup period. The insurance company refunds the premium money in full and in cheque and when the money launderer deposits this cheque in his bank account, no suspicion is raised because the source of money is legitimate (coming from an insurance company). Additional indicators could be customer canceling a policy and asks the refund to be sent to a third party or a customer interested in products early surrender value or a customer purchasing an insurance policy using different instruments like traveler’s cheques or bearers cheques and cash.

What are the common patterns of laundering seen in securities industry that a market participant should be careful about? How can it be detected by use of technology?

Several common patterns are seen in securities markets in money laundering and AML strategies should be formulated accordingly.

Some patterns pertain to converting illegitimate money into legitimate and some pertain to generating more money.

For converting illegitimate money to legitimate, money launderers may involve simple tricks like –

  • providing misleading information to intermediaries while opening accounts
  • making many small cash deposits and buying securities when the amount becomes large
  • Using brokerage accounts to hold funds for long term and similarly using broker’s pool accounts or broker’s beneficiary’s account to hold shares for long term
  • transactions where one party is seen to be deliberately taking loss thereby transferring money to another
  • purchase of long term investments followed by a sudden liquidation regardless of fees and penalties
  • customer engages in extremely complex transactions where his profile may be otherwise
  • Engaging in boiler room operations etc.Sometimes money laundering clients may bring cheques from another reputed financial institution to open an account or for transactions making the intermediary lower their KYC standard because they get biased into believing that the originating financial institution has already conducted its own KYC investigation and hence issued a cheque which may not be the case.

    Sophisticated tricks may involve selling deep in the money options at a throw away price or generally at inferior terms allowing the counterparty to exercise the option and get money (so that payment looks legitimate),

    Generation of more money involves tricks such as manipulating low priced securities, use of shell companies for reverse merger, insider trading and other kinds of frauds.

    Technology plays a very crucial role in detecting AML activities. For example, all client lists must be daily scrubbed against debarred entities list. It may so happen that when a client is registered he may be acceptable but later he gets blacklisted hence daily check is needed. The case of undervalued options can be checked by having a good options pricing tool in place and software having validation that disallows in the money options to be sold cheap or at no cost. Similarly, trading systems must continuously scan for clients whose trading positions and strategies are not consistent with their risk profiles.

Do employees also play a role in money laundering? Should they also be monitored?

Certainly. Participants think AML is only about screen people like Politically Exposed Persons or drug/ terrorism and suspicious transactions but it is also about intermediaries, distribution channels, products, payment methods and most importantly employees of the organization who may be in collusion with the money laundering client.

In fact each organization must look for vital clues within the organization to check any such activity. Some indicators of employee involvement could be –

  • employee reluctant to take leave
  • employee’s lifestyle is lavish and inconsistent with his earnings
  • employees job demands and goals are intense making him compromise on KYC guidelines
  • employee is located in a different country than his supervisor
  • a management culture that rewards numbers more than compliance with requirements
  • employees bringing supporting documentation for clients which is inadequateThe AML monitoring department must constantly draw up policies to monitor its employees against this list. Software products must also have necessary checks in place. For example, it has been seen that employees delete transactions or amend the terms of transactions which may benefit clients in an undesirable way. Software should not allow any deletes. Any changes that employees may want to make should be through passing of necessary journal entries or reversing journal entries and never by deleting because auditors may not go through deleted transactions in normal course of time.

What basic care should a brokerage take to make sure it doesn’t become an agent for money laundering?

Some basic steps are

  • strictly adhering to KYC guidelines
  • disallowing cash withdrawals and use of cash for purchase of securities
  • not allowing withdrawal or sale proceeds to be paid to a 3rd party
  • not allowing changes to a financial product after the transaction that enables payments to be received from or paid to third parties

What are the main challenges that institutions and regulators are facing in AML compliance in the securities sector?

There are several challenges in this area starting from inconsistency in definition of ‘securities’ itself. Reporting requirement for securities has only been introduced very recently in many jurisdictions. Many institutions find it difficult to file STRs on time because transactions in securities market are very fast paced. Some institutions may not understand STR requirements itself. Institutions should also train employees rigorously on AML and the implications of ML as institutions that don’t comply will attract heavy penalties and will lead to reputation loss and even imprisonment of directors or those responsible.


Adoption of Cloud in Financial Services Industry – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Adoption of Cloud in Financial Services Industry – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

There is so much of discussion around Cloud. What is the reality on ground?

The reality is that a lot of businesses have adopted Cloud for various activities. In a survey, 82% of the companies have reported that they saved money by moving to Cloud.

Initially, there was a wave where non critical functions of an organization like attendance monitoring; project planning etc. was moved to Cloud and critical functions were being self managed. But now we see important and critical functions being moved too. We increasingly get queries from financial community if we have applications for trading, risk and settlements on Cloud. I think it’s a fundamental shift in the thought process and adoption.

Several platforms like Salesforce.Com, Netflix have become market leaders being on Cloud. Internally, we also use Cloud based software extensively for managing client interactions, our own engineer’s timesheets etc and experience the benefits of Cloud on a day to day basis.

What are the various categories of services offered on Cloud?

It all started from Software as a Service (SaaS) but now not only software but we see several extensions like Platform as a Service from Google in the form of Google App Engine and Microsoft in the form of Azure, which by the way even we are leveraging for our own application which we are putting on Cloud. Then there is Infrastructure as a Service like the Amazon Web Services and NYSE Euronext Infrastructure Cloud and also a host of services for Individuals. So what started as Software as a Service on Cloud is rapidly extending in other areas. Customer’s acceptability and willingness to subscribe to such services is also increasing dramatically.

How do you see Cloud penetrating Financial Services as a business?

Financial Services as an industry is normally late adopters of any new path breaking technology like Cloud is. Participants here want complete clarity on regulatory aspects, service aspect and continually assess the advantage vs. risk involved. But once they are convinced, the go the full path to embrace such technologies.

My estimate is that Indian Financial Services firms, especially the trading community we operate in is yet to adopt Cloud as a platform because vendors are yet to roll out large, organization impacting platforms on the Cloud. However, we are confident that when such services will be offered, they will be adopted rapidly because these same firms have experienced the benefits of Cloud in other areas.

As a company, do you have offerings on Cloud for Financial Services business?

Yes, we are rolling out a personal portfolio management application on Cloud for individuals because we feel individuals have experienced the benefits of web through success stories like, and several mailing applications. This solution is not run of the mill PMS offered by several financial services portals. It is very comprehensive and automated application offered as SaaS which will help individuals right up to providing data for filing their tax returns.

There are some other areas which we will offer soon on Cloud which will certainly be an industry first. However at this point of time we can’t disclose it because of confidentiality.

What will be the challenges in hosting applications in Financial Services Industry in India?

Where there are opportunities, there are bound to be challenges. For example, there is not much clarity on whether a bank can sign a water tight agreement and start hosting their data exclusively outside of India. Most bankers won’t do it but can they host such data non-exclusively to avail value added services like analytics? If yes, under what conditions.

Then there is this whole issue of trust. Will a trading house host their proprietary trading strategies and data with the same hosting solution provider who is also hosting for their competitors?

Third, there is the issue of legal enforcement. How fast can a financial institution get remedy in case of a data security breach or loss of data because the service provider decided to close down its service? Agreements could be made tight but capitalization of small service providers itself could be an issue.

What is the future of Cloud?

The future of course looks bright. It is estimated that by 2015, spending on Cloud could be in excess of USD 180 Billion. Innovation will happen on multiple fronts. From Financial Services perspective we will see dramatic changes in Big Data and Analytics. Now each firm need not do big investment in sophisticated analytics tools. There will be smaller, boutique firms specializing in ultra sophisticated analytics tools which will provide services to banks and financial firms over the Cloud. This will be a big leveler especially for small financial services firms. Suddenly a small bank can have the same analytics capabilities as their more sophisticated counterparts like Citibank.

Then, we will see a dramatic change in how content is delivered and accessed. Amazon Web Services Content Delivery Network is again a great leveler for smaller financial services portals and it enables them to distribute content in a low latency environment like larger portals.

Thirdly, it will also change the manner in which applications and data currently in Cloud is accessed. Currently, clients are dependent on their vendors to build in APIs to access these applications.

Once a lot of applications and services migrate to Cloud, which is already happening by the way, we will see a lot of innovation around how these applications and data is accessed from them. For example the Railways could build standard APIs and open access to data from their platform to private operators to analyze and build in value added services.

The growth of Cloud will also happen because Mobile Apps are growing rapidly. Their growth will feed each other.

I also expect a lot of E-Governance Applications to be put on Cloud by the existing government to bring about service delivery and transparency over the web. In a decade, I expect governments all over the world to be the biggest consumers and also providers of Software as a Service over the Cloud.

Personally do you use Cloud on a day to day basis?

Yes, extensively. I have personally been one of the earliest adopters of Cloud and have experienced its benefits.

I use several apps that are provided over the Cloud. Very recently I signed up with a Cloud storage based company to keep a back up of all my personal documents.


Disasters Happen: Is your Business Continuity Plan Ready? – Interview with Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Disasters Happen: Is your Business Continuity Plan Ready? – Interview with Mr. Jayesh Shah, MD & CEO, Prism Cybersoft Private Limited

What is BCP and Disaster Recovery?

Institutions like banks, brokerages, exchanges, depositories etc face continuity threat from incidents like fire, flooding, terrorism and other natural and man made calamities. Businesses must go on even if such adversities are faced. Services need to be rendered and data needs to be protected. A Business Continuity Plan (BCP) and Disaster Recovery (DR) is any plan to continue operations if a place of business is affected by disasters mentioned above. Such a plan mentions how the business will restart its operations, how quickly and how it will recover its lost data or move all operations to some other location. For example, if a fire destroys a building where an institution was running its operations from, how will the institution resume its operations from somewhere else with minimal loss of time, effort, continuity etc? Businesses in developed countries place a lot of emphasis on BCP and DR in the post 9/11 scenario. The concept by itself is not new. In olden days, kings use to involve their teenager sons in affairs of the kingdom so that if the king gets killed untimely in a battle, son can take over without much loss to the kingdom.

What is the importance of Business Continuity Planning and Disaster Recovery?

Like many other businesses, financial services business is sensitive. Enormous wealth is made or lost in seconds. If an institution is an intermediary, like a stock broker, it has a responsibility and it shoulders. Transactions worth millions is done through it by its clients like investors and traders. Any disruption in its service could result in losses worth millions to its clients and in turn itself if it is not covered and has not planned to meet such events effectively.

Why should an institution plan for DR?

An institution such as an intermediary executes millions of transactions on a daily basis. A minute disruption in service due to god or man made events like flood, fire, malicious software etc could lead to losses for itself and its clients. Apart from monetary loss, reputation loss and data loss could be fatal. Once client’s trust is lost, it is extremely difficult to regain. BCP and DR is fast becoming a must have for critical businesses like financial institutions.

Is there any area that is ignored in a DR plan?

It’s a myth that DR setup is very expensive. Technologies like virtualization and cloud makes it very easy and cost effective to set up a DR site.

DR is like an emergency service. One prays that is never needs to be activated but once it is triggered; it needs to work seamlessly, as expected.

The problem with most DR plans is that while a lot of planning and care is taken to get it implemented, there is virtually no effort taken to test out whether it is running as expected. Lack of testing may disappoint when the DR facility is actually needed. Ideally, once a quarter, the institution must invoke the DR facility without giving any notice and work for one full day on that facility to ensure that operations can be run on DR when invoked.

Also, care needs to be taken that the same disaster doesn’t hit both primary and DR sites. For example having a DR site in Pune for operations in Mumbai is not a good idea because both Mumbai and Pune fall in the same seismic zone.

Another important thing to be kept in mind relates to myth people have about source of disruptions. Institutions plan very carefully for natural disasters. However disruptions due to natural disasters are only about 3% of the cases. More than 75% of cases of outage are because of hardware malfunctions, human error or software getting corrupt, including computer viruses.

Is there any guideline or regulation for brokerages around the need to have DR?

Yes. Regulator has laid down guidelines for BCP and DR and has provided subsequent guidance. However most of the guideline is for exchanges, depositories and clearing house.

What is the difference between BCP and disaster recovery?

Most people think they are one and the same thing. However, DR is a part of Business Continuity Planning. BCP is a much larger plan that involves planning for failure due to systems, processes or people. Infrastructure and system failure is a part of it.

How does one need to plan for DR? Is a real time DR needed?

Normally, a Business Impact Analysis (BIA) is conducted. In this business processes are separated between critical and non critical. For example, a brokerage must analyze very carefully all the aspects of a transaction value chain. It must also analyze criticality of each function and the business tolerance of each function if it were to go down. For example, an institutional client’s DMA business could be said to be extremely critical with zero tolerance to go down. Same could be said for dealing and real time risk management. Back office operations are important but not mission critical. In the sense that an hour of delay in back office can be managed and won’t prove as a show stopper. Once such criticality map is drawn up, brokerages need to draw up a DR plan accordingly. Since real time DR could be resource hungry, not all parts of the transaction value chain need to go to real time DR. Functions like back office etc could go into delayed DR. Available for use but may not be instantly. An hour or two of delay could be tolerated.

One broker I knew placed their servers in a third party data centre which itself has a strong real time DR facility. Without spending a single additional rupee, the brokerage has moved to real time DR.

To what level is this planning necessary?

Business impact analysis discussed above has to be detailed and finally two critical points have to be reached. These are – Recovery Point Objective (RPO) and Recovery Time Objective (RTO). RPO is the accepted latency of data that will not be recovered. For example if there is fire in office and one has backup till yesterday, today’s work will be lost. In many cases, this will be acceptable. RTO is the defined acceptable time it needs to take to restore all functions. Supposing a critical function like trading is halted because of server crash and it takes 10 minutes for the backup server to start and all trading to migrate to this server. In such case, RTO is said to be 10 minutes. Obviously, the lower the RPO and RTO are desired, the more an institution will need to spend to build redundancy. Current guidelines say that exchanges and depositories should have a Recovery Point Objective and Recovery Time Objective of 4 hours and 30 minutes respectively. However, most institutions will try and do better than this.

How fast can a DR facility be activated?

It actually depends on the overall business and technical architecture of the DR site. Activation could be done within few milliseconds to few minutes depending upon a variety of factors like hardware redundancy, bandwidth and scalability of the DR site.

One popular exchange has its DR facility in Chennai. From time to time, it keeps testing this facility by switching off the Mumbai facility during live market. All traders are then shifted to Chennai based DR site for subsequent trading in milliseconds and this shift is so seamless that traders don’t even come to know.

Fast activation naturally needs more money in terms of hardware and support.

What is the state of BCP and DR in Indian Capital Markets?

Readiness on BCP and DR today varies from one institution to another and it typically depends upon IT sophistication of these institutions. However, one common theme that cuts across all institutions is that significantly more planning and investment is needed, especially in the bottom 3 quartile of institutions.

Do you think Financial Institutions must step up their efforts in this area?

Yes of course. Much better understanding and financial investment is needed. Institutions don’t lack the money to put such processes and infrastructure in place. Most have the resources and do millions worth of transactions on a daily basis. They lack the IT awareness and expertise to put this in place.

Are there any people issues that one needs to keep in mind?

Yes. It is important to keep a couple of very high quality people at the BCP or DR site too. This is to take over operations when needed if the institution’s regular office people fail to reach office. If done intelligently, a lot of cost optimization can also be done. For example, if a flood prevents Mumbai staff to reach office, it can have a simple failover plan to start the DR server and a mechanism for critical people to be able to connect their home PCs to this server. Hardware redundancy has to be backed up by a working plan and there should be people to run operations along with enabling the technology. If a couple of trained people are not there to manage the DR set up, and main office staff is stranded, applications will start but there won’t be any one to run it.

Is it all about Hardware Redundancy and Process Planning?

No, a detailed Threat and Risk Analysis needs to be conducted in which the institution needs to properly analyze every potential threat which it faces like earthquake, fire, electricity outage, flood, cyber attack like virus etc. Many threats are purely human which needs solution involving human beings and don’t need hardware solution. If the institution out sources some of its processes, it must ensure that the vendor doing the outsourcing job must also have a proper BCP and DR in place else this may prove to be a weak link.

Institutions must realize that BCP and DR are no longer just a requirement. It is a necessity. It is like insurance for your business. An institution doesn’t realize the impact of not having it, until disaster strikes.


Leveraging benefits from Big Data- Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Leveraging benefits from Big Data- Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

What is big data?

The term big data is used for data sets that are so large that traditional tools of database management don’t work on them. Managing them requires special approach and technology. Data sets now are bigger than what it used to be because data is now being captured by multiple devices like mobile phones, cameras, RFID devices, sensors etc and also because of prolific use of social media where the culture of ‘likes’ and ‘shares’ reveal a lot about likes and dislikes of people.


How big is big data today?

The volume of data generated today is enormous. It is said that 90% of the data generated in this world was generated in the last two years and this period is only going to get shorter. In terms of business investments, the size now is about USD 25-30 Billion and will cross USD 50 Billion soon. In terms of data size, we create 2.5 quintillions bytes of data each day. That is 25 followed by 17 zeroes in terms of US measurements.

Where is it being applied?

Big data is now being applied everywhere. Apart from financial services where we are discussing, big data is being applied to spot business trends, predict whether, predict and combat diseases, in science, space exploration and research, media and telecom. In short it is being applied everywhere.


What are the challenges in Big Data?

While the benefits of big data are enormous, having the data itself is not enough. There are several challenges that need to be overcome. Some of them are –

  1. Having a good analytics team to convert big data into actionable insight
  2. Most companies are unaware of what policies to put in place and what data to capture. Even now Indian insurance companies quote car insurance rates even without knowing whether the driver owner is a male or a female. Unfortunately it is the entire industry that works in the same way and even if one single company wants to improve the quality of data capture, it is tough for them to do.
  3. Many institutions are worried about the potential cost implications of putting in place more hardware, analytics software and data analysts

Financial institutions have however realized that this tsunami of data cannot be avoided and infact can be leveraged to make business intelligence out of it that can be precious.


What are the various dimensions of big data?

There are three popular V’s associated with big data. They are – volume, variety, and velocity. Volume is how much data is collected. Gone are the days when brokerages used to work on only live prices. Now they want to store tick by tick data. Imagine the kind of data storage that is needed. Velocity of data is how fast data is being processed. Variety of data is the different kind of data structures in which data is represented. With social media, it can be videos, pictures, likes, tweets, posts, usual fields and so on.

As you can figure out, the complexity of data analysis grows multifold because one now has to analyze from these different kinds of data and sources.


What is its role in the context of financial services industry?

In a survey conducted, about 62% of the companies felt that big data has significant potential to create advantages for them. This really tells something. The business case for such implementation is very strong as companies can draw insights in their business that was previously not available. Gut feel can be replaced by actual facts.

But before companies can really start taking advantage of big data, they must evolve themselves as data centric organization that is comfortable with working with data.

Who is responsible for data within a company?

Generally it is the CIO who is responsible for big data within an organization. However, it is the business and analytics team that must own it and benefit from it. Financial institutions are seeing big data as a technology challenge. That must change. It is a business challenge and opportunity.

What are issues around analytics in big data?

Financial Services Businesses have all the data they need for better analytics. They just need to define what they want out of it. It is important to have clarity on the objectives of big data implementation. This has significant downstream impact. The kind of analysis needed will determine what data to capture, what to ignore, the data format etc. Organizations also need to have the right kind of people to make sense from the analytics generated.


What are the differentiators of big data management Vs traditional data management techniques?

Traditional data management techniques involved querying a database and working with small samples of data. Big data on the other hand involves working with very large amounts of data in different formats and in different storage devices. Generally, software for big data access allows parallel access of data and processing. Traditional methods involved storing data on hard disks but cloud has pushed big data into a different realm by storing data in cloud and making localized hardware storage redundant and useless. It has also reduced the cost of storage drastically. Big data normally works across different data sets and formats simultaneously and has several sophisticated algorithms that analyzes quickly through both structured and unstructured data and updates results on a real time basis. The business insight gained is also unparalled.


How can financial services companies leverage big data for business benefits?

Financial institutions can benefit from big data in a number of ways. It gives very deep insight into customer behavior and financial institutions can profit from that. It gets a 360 degrees view of the customer, preferences, likes and dislikes. Social media analytics can also tell an institution what is in favor and flavor and what is not. Big data analytics can also lend a lot of power to the marketing team to segment clients correctly and evaluate what offers to roll out and when. Many a times marketing teams roll out festival discounts without understanding whether the offer will be profitable because of increase in volumes or unprofitable because of reduction in margins for the company. This kind of analysis can be very easily done by understanding the customer behavior. Another area where big data can add enormous value is risk management. This is because now it is possible to look at different aspects of data and behavior simultaneously.


Can the issue of customer retention also be addressed?

Customer retention is a very big issue in India because India as a country is very value conscious. By knowing the thresholds of acceptability, institutions can price their offerings more intelligently and even roll out retention offers that are more likely to be accepted by customers rather than offering the same prices to all. Generally, several aspects of customer service can be addressed and improved using big data. All this will automatically increase customer retention.

What benefits does it bring in customer centricity?

The organization can know much more about its customers, dramatically increasing its focus towards them. It can customize and personalize all services by analyzing what the customer wants. As customers we see several airline offers for a place we have searched on search engines. However, do you know that most of these offers are actually customized just for you? It is not something which is offered to all customers. A lot of offers on pre-paid mobiles that customers get are customized for them after studying their usage pattern.


What are the general concerns about dig data management?

Just as there are several benefits, there are several hurdles around big data and its implementation. Some of them are –

  1. Organizations are not willing to bet a big change in their data management strategy
  2. They may not be in a position to assess exactly where big data projects will benefit them
  3. Poorly defined data definition and data policy leads to poor capture and retention of data
  4. Lack of tools and people who can leverage the analysis that big data can generate


Insurance companies, especially in developed nations have used data analytics for a long time. What is the situation in India?

Insurance companies in developed nations are known for their technology adoption and extensive use of analytics. They are used to predictive modeling to analyze their customer behavior, conduct segmentation, roll out offers and forecast claims. However in India insurance companies are just beginning to adopt behavioral modeling and analytics. Since most of the business here is controlled by brokers and agents, pricing power is limited. Things will only improve as we go along.

What benefits can big data analytics can bring to brokerage and asset management industry in particular?

Like other industries, brokerages and asset managers can benefit tremendously too from big data analytics.

Sentiment of clients can be analyzed and accordingly sales can be done and offers can be tailored. Big data analytics can tell organizations when is the right time to introduce and withdraw new products and services. By analyzing customer’s responses to offers made, pricing can be fine tuned. By analyzing commission structures, channel efficiency can be improved and their remuneration can be fine tuned. Better margining can be done and better risk management systems can be put in place. Trading sentiment analysis can be done and compliance programs like Anti Money Laundering and Insider trading can be put in place. These are some very strong outcomes of using big data intelligently.


How should an organization go about implementing big data projects?

First and foremost, the organization should be convinced that big data is beneficial for the organization. The business case must support the implementation. It should establish the business area where the big data project will be implemented. For example, an organization may decide to implement it in the area of commissions that it charges to its clients and it pays to its channel partners. Then it must go ahead and carefully define the structure of big data set up. This will include definition of what data to keep, in what format and what data to let go etc. This will also include the data governance structure and also roles and responsibilities of team members who are involved. Then, it must conduct a small pilot to see how the management, extraction and analytics are working. This will act as a dipstick to see if the project is really adding value to the organization. If the results meet expectations, then the organization must go ahead with full fledged implementation. Else, corrective measures must be taken. After the project is on stream, a very careful, periodic analysis must be conducted to ensure that such an implementation is actually meeting its objectives. A lot of time such projects and its analytics will need fine tuning.

Organizations must realize that this implementation is different from organization to organization and hence deep patience, planning and insight is needed in every stage of implementation.


Importance of Vendor Ethics Management in IT – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Importance of Vendor Ethics Management in IT – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Why is vendor ethics so important?

A large organization like a financial institutions, banks and brokerages spends millions of dollars on technology spends each year. It is important for the organization to go through a fair evaluation and buying process and engage with right kind of vendors who will provide solutions that fit the requirements and not otherwise. In this process it is important that the evaluation was not clouded by greed or any other kind of influence. Otherwise, wrong solutions may get procured and the company will face serious economic and legal implications.

What should a company do to ensure such fair evaluation?

First and foremost, the company must declare itself ethical and the senior management must practice ethical practices for its staff to witness and follow. Then, on the vendor front, it is important for companies to have a well documented ‘Vendor Ethics Policy’ in place. Vendors must be asked to read this policy and sign a declaration stating that they have understood the policy and will abide by it. Failure to sign this policy should automatically disqualify the vendor. Vendors must also train their staff who will be interfacing with the clients. This also needs to be propagated down the line in the client’s company to all managers who are involved in any procurement process. Special training must be given to anyone who is in the purchase department.

Generally, a company should formulate policies that are more stringent than mere compliance to local laws and customs. Only then such practices can be checked. Also, there should be zero tolerance for cases where conduct is doubtful.

How does the institution ensure that vendors are following law?

It is tough to ensure that the vendor is following all laws in his office but a lot of checks can be done to ensure that the mutual relationship follows the law. Everything must start by signing a formal contract and the vendor signing a declaration that the vendor ethics policy is well understood. Their PAN No, VAT Registration number and Service Tax registration numbers etc must be captured before any order is given to them. All applicable TDS must be deducted and deposited in time. In addition to this, there are several gray areas which you would want vendors to avoid when they are dealing with professionals of your company. For this again, you must ask for a declaration from the vendors that they are complying to laws relating to taxation, fair employment and other sensitive acts of the government. If you don’t do so, you are running a risk.

If you are a listed company, chances are your vendor will be privy to a lot of price sensitive information. Such information could easily be put to misuse. In this context, you must also ask them to sign a ‘No Insider Trading Policy’. This is of importance because the liability of any misconduct on the vendor side on this account can easily be held against you, resulting in huge liabilities.  Hence you must be very careful.

Festivals are around the corner and a lot of gifts are exchanged. What are your views on it?

As a company, we don’t accept any gifts. We have a very strict policy. If a person, client or vendor tries to gift us something face to face, we thank them but return the gift. If it comes through courier, we repack it and send it back to the sender with thanks. Of course every company needs to have its own policies around this but as a general guidance, it is better to be conservative. The vendor policy document should expressly state that no offer, promise, kickback, favor, cash, entertainment or anything of value should be given to obtain favorable treatment from the company. Your company employees should similarly be prohibited from soliciting such favors from vendors. This restriction should extend to any family members of both, the vendor and the purchaser company. Also be aware that gifts come in many other forms. For example, a vacation can easily be masqueraded as a ‘site visit’ or ‘client visit’ where such site or client could be in a lucrative foreign land. A four day trip to this country could be scheduled with a single 2-3 hours of ‘client visit.’ Be vigilant when employees bring in requisitions to travel overseas, especially those that are sponsored by vendors. Government clients and those vendors dealing with government employees must be very careful of what their employees are doing. This is because government employees must be like Caesar’s wife – above reproach.

Could there be any concessions?

While we don’t accept any gifts, companies, depending upon the nature of their businesses could relax this policy. It could be acceptable as long as a gift is not intended to obtain favorable treatment from the company, and does not create the appearance of a bribe, kickback, payoff or irregular type of payment. After all, I think no one will believe that someone awarded a 50 Lakh contract to a vendor because the vendor gave him a T-Shirt.

It is also important that it doesn’t raise any potential conflicts of interest. For example, employees could accept a gift from a vendor as long as the total value of a gift does not exceed say Rs 2000 or so. The general yardstick is that a public disclosure of such gifts should not embarrass the company. Intangible gifts like entertainment, those involving travel etc must be approved by the company’s ethics committee. As a general rule, anything that is in gray area or beyond interpretation or comfort must be avoided.

What about conflict of interest?

This is the easiest trap vendors could lay and could become very difficult for companies to detect. For example if a CTO of a company is responsible for taking final purchase decisions and the vendor has employed his wife or kids at any position, it becomes very hard to decide in such situations because there is an unnatural pressure. Seeking active declaration from employees in such cases helps.

Coming specifically to IT Projects, why is vendor ethics important here?

When you are running a financial services business and you employ a vendor, it is extremely important to ensure that the vendor company practices high degree of ethics for several reasons –

  1. Your entire data set is available to the vendor if he is visiting or working on site on your database. Imagine if someone runs a single query and takes away all the details of your clients in a single file
  2. The mechanism in which he uses your data on applications provided by other vendors may put you into serious IP infringement and data security risk. Many a times vendors of a particular application try and connect to database of some other application without buying necessary APIs or without permission of the other vendor. This amounts to piracy and IPR infringement. In such cases, any legal risk is primarily faced by the institution. Even if you don’t face a legal suit, your data security and integrity both is at stake because one vendor may not completely understand the data and database structure of applications belonging to some other vendor
  3. Sometimes if the contract is not water tight and futuristic, vendors play tricks. For example a client of ours had bought an application with customization rates agreed and included in the contract. But these rates were for a specific development language. Down the line the client needed some customization as an extension of the same application but in a web friendly language. The vendor charged almost twice the rates that was agreed on pretext of a ‘different language/ technology’ and need for ‘more specialized skill sets.

What other unfair business practices can the vendor adopt?

There could be some very minor things but unethical. For example, a ‘lucky dip’ may ‘win’ a senior executive a laptop as a prize making the executive have a positive feeling of gratitude in favor of the organizing company. Some vendors blatantly use their client’s logos on their website and marketing material without taking express written consent. Vendors also adopt other serious unfair practices like fixing prices with other competitors and rigging prices. Sometimes they discuss negotiated or contracted prices with other vendors making it difficult for the client institution to negotiate with them. Some even start lobbying for changes with exchanges, depositories etc taking client’s name and citing client’s needs without taking client’s approval expressly.

What other steps must the company take to take care of ethics and local laws?

Because any form of bribery is a punishable offence in most countries and regulatory agencies around the world, including the ED, U.S. Dept. of Justice, Securities Exchange Commission, and the U.K. Serious
Fraud Office, are aggressively enforcing anti-corruption laws, including matters related to bribery & failure of internal controls, inaccurate books and records, potential corrupt activities of vendors can come back and hurt the company and its officials seriously. To mitigate this, companies must adopt extensive practice of documentation and keep accurate business records. Contractual clauses must include retention of such records by both, the company and the vendor way beyond the period of time of engagement with each other.

Vendors should also be required to report to the client any issue that violates law, anti corruption policies and the company’s general guidelines. Once reported, the company must investigate in each such issue.

To sum up, the culture in the company must be beefed up to maintain the highest level of integrity in all business dealings and create an environment where employees and vendors can raise their concerns without fear of retaliation.


Mobiles as a device of choice for Financial Markets – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Mobiles as a device of choice for Financial Markets – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Is it correct to assume that next generation of financial services technology reforms will be led by mobile phones in India?

Yes it is true. India is the second largest mobile user country in the world after China with 77.6 connections per 100 citizens. Mobiles are now at the centre of several technical advancements in consumer facing businesses. Its usage is far ahead of any other device like laptops or desktops. Messaging and other applications are changing people’s habits. They are now continuously hooked to their mobile phones. Habits are changing and vendors need to exploit these changes in habits. A popular retail fashion portal recently closed down its website citing far more use and purchases by users of its mobile apps than its website. They also noted that customer loyalty was far higher in case of mobile app users than website users. In financial services too, every bank and financial services offering company is coming out with its own app. Customers are now getting comfortable in making purchases and moving money through their mobiles. We see a day when payments will completely shift to mobile phones. All this indicates that the mobile will the preferred channel for financial services consumption.

Why do you believe mobile will play such an important role?

Mobile industry in India has seen a revolution. Penetration is deep and it is acting as an agent of social change. With 60% of Indians less than 35 years of age, and a whole lot of them subscribing on internet on mobile, the whole concept of service delivery will change. Mobiles are ubiquitous. Android devices are now available at less that USD 100. Few days ago Google also announced its intent to launch mobile phones for USD 50. This will empower youngsters and individuals living in rural areas like never before. Like other services, financial services industry offerings will need to get aligned to deliver services on mobile phones. Youngsters don’t like to visit branches or service centers. Brokers and Financial Institutions will have to push services to them and delivery through internet will gain a lot of significance. Aadhar can now have mobile numbers updated against them. This also opens up a lot of opportunities to deliver services through mobile phones. Similarly, mobile money will also drive financial inclusion. This will give a boost to capital markets because more individuals will now open trading accounts and will also subscribe to mutual funds.

What is the role of telecom companies in increasing the penetration for financial services on mobile?

Globally, innovation on this front has happened not only by banking and financial services companies but also by mobile operators pushing for such services through the mobile phone. Normally, experience of other similar countries like India have shown that the business case for banking and financial services companies to push financial services for the un banked on mobile phone is weak. They like providing additional services to their existing client base rather than helping to acquire new ones. Adding new unbanked clients through mobile financial services is an area lucrative for telecom companies. Hence both need to come together. Telecom companies need to take up from where banks leave. Then this market will see rapid expansion. In fact this is the reason why we see so much of interest of telecom companies in setting up payment banks.

Coming to capital markets, what is happening to internet based trading using computer and laptops?

With the screen size of mobiles increasing and that of laptops decreasing, software vendors have started taking mobiles and tablets very seriously. My observation is that people are not actively using laptops and desktop computers for trading and accessing their reports now. They are more hooked on to their mobiles and are sending orders from such hand held devices. This trend is only going to increase. Mobiles truly allow people to move. A laptop or desktop ties people down to their offices or homes. There are restrictions on trading and on accessing trading sites from office. In such cases mobile phones come in handy. These days’ people open their smart phone, watch the market and enter 2-3 orders in their lunchtime. Mobiles are adding a new category of traders who otherwise didn’t have the time or wherewithal to trade. Increase in trading volumes through mobile also endorses this. In some brokerages about 10% of the trading volumes are coming from mobile phones. On one of the exchanges, trading volumes from mobile went up from INR 1932 Cr in January 2014 to INR 3742 Cr in November 2014.

What about user interface and experience?

There was a time when mobile interfaces used to be very basic and speed was an issue. Now mobile devices have very rich and colorful user interface. Most of the mobiles today allow multitasking. Earlier, people were afraid that in case they take a position in the market and are unable to square it up due to poor connectivity, they will face a loss. But now on connection side, with 3G proliferating and 4G being launched, speed of connectivity is usually not an issue. I am convinced that mobile trading is the future. It will be used more than desktops and laptops. One of the challenges that the industry will need to meet is providing this same service over 2G networks because 3G services will not be available in hinterland and rural areas.

Is back office functionality also coming on mobile?

Yes traders and investors want to access their important reports like bills, margin details and pay-in, pay-out details on their phone. The need is not for all reports and communication but for important ones. The challenge for brokerages and vendors like us is to push relevant and important parameters to their mobile for consumption and quick decision making.

How is it helping in Risk Management?

A push and messages based communication reduces risks for the broker or financial institution. Banks actively send SMS to their clients for account debits and credits. Active communication ensures that the client is in loop at every step. When traders receive information, they can take decisive steps easily and quickly. For example if a trader faces an intraday margin call, he can be reached instantly on SMS regardless of wherever he is. This can result in margins being transferred immediately. Apart from helping the broker, it brings down the risk of overall market. It also helps the trader because he can then carry forward his position without his collaterals getting impacted. Active communication certainly reduces risks.

Can mobile also be leveraged in the KYC process?

Brokerages have started exploiting mobiles in account opening and meeting KYC requirements. They now report receipt of application forms, documentation requirements, deficiencies in documentation and final account opening status via SMS. The client is thus kept in loop at every step of account opening. This visibility lends comfort to the client and improves service. It also reduces fraud to a great extent.

These days depository participants also send SMS for shares credits/ debits and also for events like corporate action, IPO credits etc which otherwise wouldn’t come into investor’s attention normally. Mobile thus helps investors to be better informed and take quick decisions. They get empowered.

Contract notes and important communications are already being sent by e-mails now. Will that change?

Messages with attachment will continue to go by emails. However, Messaging is the future in mobile communication. At least for short information updates. In a few years from now, e-mails will become out of fashion and most communication will happen through messaging. Popular messaging apps like Whatsapp and FB messenger do not allow APIs for third party use else these platforms could have been used very effectively. Big service providers could have their own chat and messaging platforms which their clients can use.

Will security be a cause of worry?

Yes certainly. In fact in a survey conducted by a US based software company, 53% of the respondents cited security as a concern in accessing financial services over mobile. Telecom companies and financial services companies are taking active steps to improve this on a daily basis.


Evolving Role of Technology in Compliance – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Evolving Role of Technology in Compliance – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft

Why do we hear about compliance in financial markets so much these days?

Businesses are becoming increasingly complex. More businesses now have cross border operations than anytime earlier. People have become much more mobile and global travel has increased multi-fold which is good news. However, amidst growing business, what is also increasing its footprint is illegal activities like drug trade, terrorism, extortion and other related activities.

These activities use banking and financial markets as a channel to move their illegally gotten wealth. It is important for regulators to put a stop to these activities. The general belief amongst regulators is that if such people are cut off from formal banking and financial services channels, it will be very difficult for them to finance such operations. A lot of regulation is being put in this space to curb such activities and financial institutions are being asked to comply with them.

Another need comes from within the financial industry itself. The financial market meltdown of 2008 caused US government to push legislations like the Dodd-Frank Act for increasing transparency and customer protection that has global repercussions as far as compliance is concerned. Another act called FATCA was notified. FATCA stands for Foreign Account Tax Compliance Act, enacted in March 2010. The objective of this act is to detect and discourage tax evasion by US persons. Its aim is to ensure that persons from the US with financial assets outside the US pay US tax.

It is generally felt that there is a global tightening of regulation to restrict increase of nefarious activities. If one studies the provisions of FATCA, one will realize that never in history earlier has America promulgated an act with such wide reach. The Indian government is also taking active steps to make foreign banks reveal data on Indian depositors. The whole banking and financial arena will be much more transparent in 3-5 years from now as compared to what it was earlier.

How is technology helping this process?        

Compliance as an activity is highly dependent on right technology. Technology is needed to extract trading, financial and stock holding, ownership and all other kinds of direct and indirect information from all investment, trading and holding data. In absence of technology, this information cannot be correctly analyzed, compiled and reported to tax authorities. Technology plays a very crucial role in detecting activities like AML, Insider trading, front running, cartelization etc. Such compliance starts with some very basic things like all client lists must be daily scrubbed against debarred entities list. It may happen that when a client is registered with an institution, he may be acceptable but later gets blacklisted. If such checks aren’t run routinely, the service provider may face compliance problem Similarly, trading systems must continuously scan for clients whose trading positions and strategies are not consistent with their risk profiles. Technology like Direct Market Access has solved the problem of front running. Insider trading continues to remain a menace.

A lot of compliance today is possible because technology supports such compliance. The whole process of electronic pay-in and pay-out has resulted in implementing a lot of controls like restricting money and fund transfer to 3rd parties. Increased compliance has been possible because market infrastructure institutions like exchanges, brokerages, depositories and clearing corporations have adopted technology to a large extent in their day to day operations.

Business owners are normally involved with a lot of philanthropic and social service work. Do they need to be careful about compliance?

Compliance is for everyone, including business owners involved in philanthropic work. I know of few cases where business owners who were otherwise very strong in compliance in their own business, did not check if the organizations they were doing social service for were also high on compliance. They fell into trouble because the organizations they were associated with on honorary basis were lax on compliance. Such business owners learnt the hard way that they either need to force these organizations to comply or quit doing such work.

How can technology help companies in these days of Social media revolution?

Companies, especially those with retail client facing businesses where reputation is very important – like financial services and banking etc must be very careful about what is being posted on social media about them. Any comment has the potential to go viral these days. These days there is technology available to monitor electronically what your employees and general public at large is posting on social media. Some companies, mainly MNCs are putting technology in place that approves each post that a company’s employee posts on social media platforms like Facebook and Twitter to ensure that their employees are not reckless and that they don’t make any statement that is in deviation with the company’s policies or statements.

How is technology helping regulators?

One of the biggest beneficiaries of increased use of technology by businesses is regulator itself because it can now ask for information in ways it couldn’t ask for earlier. With better technology, now data can be extracted in multiple formats and can be analyzed in dimensions not possible earlier.

Governments worldwide are using technology to find breaches, non compliance and flagrant evil deeds of individuals and institutions. For example the US government set up a team to investigate if any group made windfall profits from the market crash after 9/11 incident of bringing down the World Trade Centre. The government wanted to find out if someone had advance information of such incident and had indulged in abnormal short sales. Such investigation involves scouring and data mining of unimaginable amounts of data. It can only be done by deploying right technology.

Risk from basic things like mailing has become a big issue. How do we ensure that we remain compliant to local laws and protect our intellectual property at the same time?

This is a challenge most corporations face today and the Chief Compliance Officer or CEO should be highly aware of the risks associated and take active steps to safeguard. Today, 90% of the data transferred from any company to the external world is in digital format. If one wrong email containing client data is sent to a wrong recipient, it could result in loss of millions in law suites and fines apart from reputation loss. To protect itself, the first thing that companies have to do is sensitize all its employees on the fall out of any such case. Employee – employer agreement must also cover adequate clauses to protect the employer from employee’s evil intentions and actions.

Compliance by itself is becoming as big as Admin or Legal department. Any observation?

Yes it’s true, especially in headquarters of large banks and conglomerates. JP Morgan had announced its intention to spend USD 4 billion and commit 5,000 employees for compliance. Similarly, HSBC expressed its intention to employ 3,000 more compliance officers after paying a USD 1.9 billion fine for AML violations. It is estimated that 70,000 finance jobs will be created in Europe alone to handle compliance related jobs. There are 3rd party businesses coming up to help institutions comply with laws. Compliance is becoming an industry by itself.

What is the cost of non compliance?

Most laws have their financial penalties. For example, under section 13 of the Prevention of Money Laundering Act, 2002, there is fine for non maintenance of records that ranges from INR 10,000 to INR 100,000 per instance of non compliance. While the monetary cost of non compliance can be measured in terms of money, there are a lot of non monetary costs that cannot be measured. For example, for serious breaches under the PMLA section 4, one can get arrested with rigorous imprisonment not less than three years and can extend up to 10 years. Offender’s assets can be impounded and the business approval and licenses can be cancelled. Non compliance of FATCA has resulted in several billion USD of fines. Recently CSFB pleaded guilty and paid USD 2.6 billion as fine.

Cost of non compliance is too high to ignore and no one should take a chance. Only spending on technology itself will not help. Internal controls also need to be enhanced. Due to FATCA, American citizens with considerable assets are renouncing their citizenships and some Indian institutions are reluctant in opening accounts for NRIs fearing repercussion in case an individual declares as a NRI but is actually an American Citizen.