Spaghetti in the Cloud

The combo of Cloud+Wireless+Mobile has transformed the way I work. For one thing, storing, accessing and sharing documents is now so much easier than having to send everything as bulky e-mail attachments tethered to a hard drive. However, as an independent consultant, with every new project, business or client I work with, I find I need to use different collaboration tools to be compatible with their workflow, IT systems or platform preferences. Great as all these collaborative apps are, the fact that many don’t talk to one another makes it feel like I am being sucked into a mess of virtual cables that don’t interconnect. Sort of “Spaghetti in the Cloud”.

Image sourced from Flickr

It feels like all my apps are unconnected yet tangled up in the Cloud (Image sourced from Flickr)

There is definitely a battle to dominate enterprise collaboration, with Facebook’s recent launch of Workplace to compete with the likes of Slack, the anticipated revamp of Microsoft’s Office 365 Groups when Yammer is decommissioned in early 2017, and Atlassian’s own HipChat. But aside from enterprise social media and chat, there is now competition across multiple collaboration tools. Here is a list of just a few of the productivity apps I have been exposed to across the various projects I work on:

Meetings/Chat

  • Skype for Business (formerly Lync)
  • Google Hangouts
  • Zoom
  • Cisco WebEx for iOS
  • GoToMeeting
  • Fuze
  • Join.Me
  • WhatsApp

Project Management

  • Samepage
  • Mightybell
  • Basecamp
  • Trello
  • Smartsheet

Document/File Management

  • Dropbox
  • OneDrive
  • Google Drive
  • FileApp (iOS)
  • FileManager Pro (iOS)
  • Docs To Go (iOS)

Productivity

  • Google Docs
  • Apple iWork
  • Microsoft Office 365
  • SlideShark

CRM

  • SalesForce
  • Insightly
  • Streak

And this list doesn’t include single-purpose apps like POP, Simplist and Ideament that allow some project sharing; the entire suite of creative, social media, blogging and CMS tools that organisations increasingly embrace as enterprise solutions; and the growing number of apps that support text, photo and video editing on mobile devices.

While some of these tools support content, file, document and even project sharing from within the app, a lot of functionality is native, and therefore embedded, and is not transferable. So I end up having to learn (and unlearn) the features, quirks and limitations of each one, project by project, client by client.

As I have written before, based on my experience of creating digital music (plus using and beta-testing iOS apps), an app like Audiobus set the standard for product compatibility and content integration. So much so, that Apple ended up supporting Inter-App Audio as a new standard for iOS. Since Audiobus, similar apps have emerged that allow audio and MIDI apps to run together on a single device, and to share/stream content between different mobile devices and desktop DAWs (Digital Audio Workstations): Midiflow, musicIO, AudioShare, AudioCopy, Audreio, studiomux etc.

If only enterprise software and productivity app developers would have a similar approach to product design and collaboration….

Next week: StartupVic’s Pitch Night for October

 

Assessing Counterparty Risk post-GFC – some lessons for #FinTech

At the height of the GFC, banks, governments, regulators, investors and corporations were all struggling to assess the amount of credit risk that Lehman Brothers represented to global capital markets and financial systems. One of the key lessons learnt from the Lehman collapse was the need to take a very different approach to identifying, understanding and managing counterparty risk – a lesson which fintech startups would be well-advised to heed, but one which should also present new opportunities.

In Lehman’s case, the credit risk was not confined to the investment bank’s ability to meet its immediate and direct financial obligations. It extended to transactions, deals and businesses where Lehman and its myriad of subsidiaries in multiple jurisdictions provided a range of financial services – from liquidity support to asset management; from brokerage to clearing and settlement; from commodities trading to securities lending. The contagion risk represented by Lehman was therefore not just the value of debt and other obligations it issued in its own name, but also the exposures represented by the extensive network of transactions where Lehman was a counterparty – such as acting as guarantor, underwriter, credit insurer, collateral provider or reference entity.

Before the GFC

Counterparty risk was seen purely as a form of bilateral risk. It related to single transactions or exposures. It was mainly limited to hedging and derivative positions. It was confined to banks, brokers and OTC market participants. In particular, the use of credit default swaps (CDS) to insure against the risk of an obiligor (borrower or bond issuer) failing to meet its obligations in full and on time.

The problem is that there is no limit to the amount of credit “protection” policies that can be written against a single default, much like the value of stock futures and options contracts being written in the derivatives markets can outstrip the value of the underlying equities. This results in what is euphemistically called market “overhang”, where the total face value of derivative instruments trading in the market far exceeds the value of the underlying securities.

As a consequence of the GFC, global markets and regulators undertook a delicate process of “compression”, to unwind the outstanding CDS positions back to their core underlying obligations, thereby averting a further credit squeeze as liquidity is released back into the market.

Post-GFC

Counterparty risk is now multi-dimensional. Exposures are complex and inter-related. It can apply to any credit-related obligation (loans, stored value cards, trade finance, supply chains etc.). It is not just a problem for banks, brokers and intermediaries. Corporate treasurers and CFOs are having to develop counterparty risk policies and procedures (e.g., managing individual bank lines of credit or reconciling supplier/customer trading terms).

It has also drawn attention to other factors for determining counterparty credit risk, beyond the nature and amount of the financial exposure, including:

  • Bank counterparty risk – borrowers and depositors both need to be reassured that their banks can continue to operate if there is any sort of credit event or market disruption. (During the GFC, some customers distributed their deposits among several banks – to diversify their bank risk, and to bring individual deposits within the scope of government-backed deposit guarantees)
  • Shareholder risk – companies like to diversify their share registry, by having a broad investor base; but, if stock markets are volatile, some shareholders are more likely to sell off their shares (e.g., overseas investors and retail investors) which impacts the market cap value when share prices fall
  • Concentration risk – in the past, concentration risk was mostly viewed from a portfolio perspective, and with reference to single name or sector exposures. Now, concentration risk has to be managed across a combination of attributes (geographic, industry, supply chain etc.)

Implications for Counterparty Risk Management

Since the GFC, market participants need to have better access to more appropriate data, and the ability to interrogate and interpret the data, for “hidden” or indirect exposures. For example, if your company is exporting to, say Greece, and you are relying on your customers’ local banks to provide credit guarantees, how confidant are you that the overseas bank will be able to step in if your client defaults on the payment?

Counterparty data is not always configured to easily uncover potential or actual risks, because the data is held in silos (by transactions, products, clients etc.) and not organized holistically (e.g., a single view of a customer by accounts, products and transactions, and their related parties such as subsidiaries, parent companies or even their banks).

Business transformation projects designed to improve processes and reduce risk tend to be led by IT or Change Management teams, where data is often an afterthought. Even where there is a focus on data management, the data governance is not rigorous and lacks structure, standards, stewardship and QA.

Typical vendor solutions for managing counterparty risk tend to be disproportionately expensive or take an “all or nothing” approach (i.e., enterprise solutions that favour a one-size-fits-all solution). Opportunities to secure incremental improvements are overlooked in favour of “big bang” outcomes.

Finally, solutions may already exist in-house, but it requires better deployment of available data and systems to realize the benefits (e.g., by getting the CRM to “talk to” the loan portfolio).

Opportunities for Fintech

The key lesson for fintech in managing counterparty risk is that more data, and more transparent data, should make it easier to identify potential problems. Since many fintech startups are taking advantage of better access to, and improved availability of, customer and transactional data to develop their risk-calculation algorithms, this should help them flag issues such as possible credit events before they arise.

Fintech startups are less hamstrung by legacy systems (e.g., some banks still run COBOL on their core systems), and can develop more flexible solutions that are better suited to the way customers interact with their banks. As an example, the proportion of customers who only transact via mobile banking is rapidly growing, which places different demands on banking infrastructure. More customers are expected to conduct all their other financial business (insurance, investing, financial planning, wealth management, superannuation) via mobile solutions that give them a consolidated view of their finances within a single point of access.

However, while all the additional “big data” coming from e-commerce, mobile banking, payment apps and digital wallets represents a valuable resource, if not used wisely, it’s just another data lake that is hard to fathom. The transactional and customer data still needs to be structured, tagged and identified so that it can be interpreted and analysed effectively.

The role of Legal Entity Identifiers in Counterparty Risk

In the case of Lehman Brothers, the challenge in working out which subsidiary was responsible for a specific debt in a particular jurisdiction was mainly due to the lack of formal identification of each legal entity that was party to a transaction. Simply knowing the counterparty was “Lehman” was not precise or accurate enough.

As a result of the GFC, financial markets and regulators agreed on the need for a standard system of unique identifiers for each and every market participant, regardless of their market roles. Hence the assignment of Legal Entity Identifiers (LEI) to all entities that engage in financial transactions, especially cross-border.

To date, nearly 400,000 LEIs have been issued globally by the national and regional Local Operating Units (LOU – for Australia, this is APIR). There is still a long way to go to assign LEIs to every legal entity that conducts any sort of financial transaction, because the use of LEIs has not yet been universally mandated, and is only a requirement for certain financial reporting purposes (for example, in Australia, in theory the identifier would be extended to all self-managed superannuation funds because they buy and sell securities, and they are subject to regulation and reporting requirements by the ATO).

The irony is that while LEIs are not yet universal, financial institutions are having to conduct more intensive and more frequent KYC, AML and CTF checks – something that would no doubt be a lot easier and a lot cheaper by reference to a standard counterparty identifier such as the LEI. Hopefully, an enterprising fintech startup is on the case.

Next week: Sharing the love – tips from #startup founders

Deconstructing #Digital Obsolescence

Remember the video format wars of the 1980s? At one point, VHS and Betamax were running neck and neck in the consumer market, but VHS eventually won out (although the also-ran V2000 was technically superior to both). Since then, we’ve had similar format battles for games consoles, video discs, computer storage, CD’s and e-books. It’s the inevitable consequence of operating platforms trying to dominate content – a continuing trend which has probably reached its apotheosis with the launch of Apple’s Beats 1 streaming service. This convergence of hardware and software is prompting some contrary trends and, if nothing else, proves our suspicion of hermetically sealed systems…

about-format2

Trevor Jackson embarks on a format frenzy….

1. Digital Divergence

Earlier this year, UK music producer Trevor Jackson released a collection of 12 songs, each one pressed on a different media format: 12″, 10″ and 7″ vinyl; CD and mini-CD; cassette; USB; VHS; minidisc; DAT; 8-track cartridge; and reel-to-reel tape. Of course, he could have also used 78 rpm shellac records, digital compact cassettes, Digital8 tapes, 3.5 and 5.25 inch floppy disks (still available, I kid you not) or any of the multitude of memory cards that proliferate even today.

While Jackson’s “Format” project might seem gimmicky, it does demonstrate that many digital formats are already obsolete compared to their analogue counterparts (and until very recently, I could have played 8 of the 12 formats myself – but I’ve just donated my VHS player to our local DVD store).

As I have blogged previously, there is an established body of digital/analogue hybrids, especially in data storage, and I can only see this continuing as part of the creative tension between operating systems and content formats.

2. Digital Archeology

Each new hardware/software upgrade brings a trail of digital obsolescence (and a corresponding amount of e-waste). It’s also giving rise to a new discipline of digital archeology, combining forensics, anthropology and hacking.

Back in 2002, it was discovered that a 15-year old multimedia version of the Domesday book was unreadable* – yet the hand-written version is still legible, and available to anyone who can read (provided they can decipher 1,000-year old Norman English). Apparently, it has taken longer to decrypt the 1986 video disc than it took to create it in the first place.

More digital archeologists will be needed to mine the volumes of data that reside in archival formats, if we are to avoid losing much of the knowledge we have created since the advent of the personal computer and the public internet.

3. Digital Provenance

We’re used to managing our data privacy and computer security via password protection, network protocols and user authentication. If we think about it, we also question the veracity of certain e-mails and websites (phishing, scamming, malware, trojans etc.).

A while ago I blogged about the topic of digital forgeries, and the associated phenomenon of digital decay. Just as in the art world, there is a need to establish a method of digital provenance to verify the attributes and authenticity of content we consume.

We are already seeing this happen in the use of block chains for managing cryptocurrencies, but I believe there is a need to extend these concepts to a broader set of transactions, while also facilitating the future proofing and retrofitting of content and operating systems.

4. Digital Diversity

In response to closed operating systems, sealed hardware units and redundant formats, there are several interesting and divergent threads emerging. These are both an extension of the open source culture, and a realisation that we need to have transferable and flexible programming abilities, rather than hardwired coding skills for specific operating systems or software platforms.

First, the Raspberry Pi movement is enabling richer interaction between programming and hardware. This is especially so with the Internet of Things. (For a related example, witness the Bigshot camera).

Second, Circuit Bending is finding ways to repurpose otherwise antiquated hardware that still contain reusable components, processors and circuit boards.

Third, some inventive musicians and programmers are resuscitating recent and premature digital antiques, such as Rex The Dog‘s re-use of the Casio CZ-230S synthesizer and its Memory Tapes to remix their first single, and humbleTUNE‘s creation of an app that can be retrofitted to the original Nintendo Gameboy.

These trends remind me of those Radio Shack and Tandy electronics kits I had as a child, which taught me how to assemble simple circuits and connect them to hardware. (And let’s not forget that toys like LEGO and Meccano started incorporating motors, electronics, processors and robotics into their kits many years ago.)

 5. Salvaging the Future

Finally, as mentioned above, built-in digital obsolescence creates e-waste of the future. A few recycling schemes do exist, but we need to do a better job of reclaiming not just the data archives contained in those old disks, drives and displays, but also the materials from which they are made.

* My thanks to Donald Farmer of Qlik for including this in his recent presentation in Melbourne.

Next week: #FinTech – what’s next?

Personal vs Public: Rethinking Privacy

An incident I recently witnessed in my neighbourhood has caused to me to rethink how we should be defining “privacy”. Data protection is one thing, but when our privacy can be compromised via the direct connection between the digital and analog worlds, all the cyber security in the world doesn’t protect us against unwanted nuisance, intrusion or even invasion of our personal space.

Pressefotografen mit KamerasScenario

As I was walking along the street, I saw another pedestrian stop outside a house, and from the pavement, use her smart phone to take a photograph through the open bedroom window. Regardless of who was inside, and irrespective of what they were doing (assuming nothing illegal was occurring), I would consider this to be an invasion of privacy.

For example, it would be very easy to share the picture via social media, along with date and location data. From there, it could be possible to search land registries and other public records to ascertain the identity of the owners and/or occupants. And with a little more effort, you might have enough information to stalk or even cyber-bully them.

Privacy Law

Photographing people on private property (e.g., in their home) from public property (e.g., on the street outside) is not an offence, although photographers must not cause a nuisance nor interfere with the occupants’ right of quiet enjoyment. Our current privacy laws largely exclude this breach of privacy (unless it relates to disclosure of personal data by a regulated entity). Even rules about the use of drones are driven by safety rather than privacy concerns.

Since the late 1990’s, and the advent of spam and internet hacking, there have been court decisions that update the law of trespass to include what could be defined as “digital trespass”, although some judges have since tried to limit such actions to instances where actual harm or damage has been inflicted on the plaintiff. (Interestingly, in Australia, an act of trespass does not have to be “intentional”, merely “negligent”.)

Apart from economic and financial loss that can arise from internet fraud and identity theft, invasion of privacy via public disclosure of personal data could lead to personal embarrassment, damage to reputation or even ostracism. (In legal terms emotional stress falls within “pain and suffering”).

Data Protection Law

The Australian Privacy Principles contained within the 1988 Privacy Act apply to government agencies, private companies with annual turnover of $3m or more, and any organisations trading in personal data, dealing with credit information or providing health services. There are specific provisions relating to the use and misuse of government-derived identifiers such as medical records and tax file numbers.

The main purpose of the privacy legislation is to protect “sensitive” information, and to prevent such data being used unlawfully to identify specific individuals. At a minimum, this means keeping personal data such as dates of birth, financial records or hospital files in a secure format.

Some Practical Definitions

The following are not legal definitions, but hopefully offer a practical framework to understand how we might categorise such data, and manage our obligations towards it:

“Confidential”

Secret information that must not be disclosed to anyone unless there is a legal obligation or permission to do so. (There are also specific issues and exceptions relating to “classified information”, public interest matters, whistleblower protection and Freedom of Information requests.)

“Private”

Information which is not for public or general consumption, although the data itself may not be “confidential”. May still be subject to legal protection or rights, such as the right of adopted children to discover the identity of their birth parents, or the right of someone not to be identified as a lottery winner.

“Personal”

Data that relates to, or can specifically identify a particular individual. An increasing issue for Big Data, because data that otherwise resides in separate locations can now be re-connected using triangulation techniques – scrape enough websites and drill down into enough databases, and you could probably find my shoe size.

“Public”

Anything that has been published, or easily discoverable through open search or public database retrieval (but, for example, does not include my past transactions on eBay unless I have chosen to disclose them to other users). My date of birth may be a matter of record, but unless you have authorised access to the relevant database or registry, you won’t be able to discover it and you certainly shouldn’t disclose it without my permission.

Copyright Law

One further dimension to the debate is copyright law – the ownership and related rights associated with any creative works, including photographs. All original content is copyright (except those works deemed to be in the “public domain”), and nearly all copyright vests with the person who created the work (unless they have legally assigned their copyright, or the material was created in the course of their employment).

In the scenario described above, the photographer would hold copyright in the picture they took. However, if the photograph included the image of an artwork or even a framed letter hanging on the wall, they could not reproduce the photograph without the permission of the person who owned the copyright in those original works. In some (limited) situations, a photograph of a building may be subject to the architect’s copyright in the design.

Curiosity is not enough justification to share

My personal view on all this is that unless there is a compelling reason to make something public, protecting our personal privacy takes precedent over the need to post, share or upload pictures of other people in their private residence, especially any images taken without the occupants’ knowledge or permission.

Just to clarify, I’m not referring to surveillance and monitoring by the security services and law enforcement agencies, for which there are understandable motives (and appropriate safeguards).

I’m saying that if we showed a little more respect for each others’ personal space and privacy (particularly within our homes, not just in cyberspace) then we might show a little more consideration to our neighbours and fellow citizens.

Next week: It’s OK to say “I don’t know”