CIO FINANCE SUMMIT

EXECUTIVE BOARDMARCH 5th, 2015

CONFERENCE CALL MINUTES

• Prentice Dees, Bank of America• Garrett Gleason, Thrivent Financial• David Saul, State Street• Mike Woodson, Santader Bank North America• James Quin, CDM Media

In Attendance:

Regrets:• Nancy Selph, UBS

The world of technology is changing, and all of our Board members recognize this. The changes are coming from a number of areas including:

• Business users are becoming more technologically savvy• Alternate delivery mechanisms (i.e. Cloud) are changing IT accessibility• Marketplace demands require greater flexibility and responsiveness

As a result of these, and other pressures, IT departments have to make the shift from being technology builders, to instead become technology brokers.

Agenda Item One:THE CHANGING FUNCTION OF IT

CIO Finance Executive Board Conference Call Minutes

Our board members have:

• Adopted cloud technologies• Are making use of open source tools• Have implemented agile methodologies• Utilize aggressive PMO principles• Have built strong business management capabilities• Broken silos and siloed approaches

These changes have still not been enough; new ideas are not being translated into new business capabilities fast enough. The primary impediment is application time to build with integration as the key stumbling block. To overcome this a new model is needed for IT which needs an even deeper understanding of existing and required people, processes, and technologies. This cannot be a point in time effort however and requires regular and ongoing “rehabilitation”.

Shifting gears into more technology focused issues, the first area the Board felt compelled to investigate was that of data, and specifically data management. Organizationally data value is being recognized more than ever before which is leading to retention issues. Everyone wants to keep everything now with no real rationale for why, other than that data might have value, might have relevance. As a result, too much data is being retained leading to three distinct problems:

• Data complexity• Regulatory complexity• Backup complexity

We need to find opportunities to “decomplex” the data. Even if all of the data points being retained are determined to be necessary, the manner in which data is being collected and stored leads to massive duplication, and tremendous structural complexity. Until this core issue is addressed, resolving any other issues will be nearly impossible.

As an extension of this, we need to look at things from a customer-centric position. This means we have to step back from a one-size-fits-all approach, even as we simultaneously embrace common development platforms and a building-block driven approach. This is tough to do, and is especially tough to do efficiently and quickly.

IT however has a unique ability to see across the business as a whole, to identify hitches and hold-ups in existing processes, and to help the business become more streamlined. This isn’t just an opportunity; it’s an obligation and is a fundamental step in changing the perception of IT from a cost center to a value generator by becoming a strategic facilitator.

Even though significant efforts have been made in terms of Project Management and Business Relationship Management, IT departments need to keep pushing in these areas. IT’s greatest strength is it’s process expertise and it needs to bring this excellence to bear because the key to success is executing on the right principles with the right processes.

Agenda Item Two:THE CHANGING ROLE OF IT

Agenda Item Three:DATA MANAGEMENT

The regulatory environment is incredibly complex and becoming more so every day. Data is a huge regulatory trigger and the two issues cannot be picked apart – data really is the dark side of regulation. This is especially so for systemically important institutions and in many cases the burden of management is overwhelming the ability to innovate.Combined these add up to a nightmare situation for backup management; IT departments struggle with what to back up due to a confusing regulatory environment, and how to back it up in a timely fashion, due to excessive data volume. By addressing the first two issues, we can make back-up and retention a non-issue.

The key is good data architecture, good enterprise architecture, and good enterprise information management principles and practices. These are not easily done however and need dedicated focus and discipline.

One area of data and data management that warranted specific attention during the conversation was that of threat management and threat data management. Financial institutions face a significant burden in terms of protecting themselves against cyber threat and thus need to take leading edge approaches to risk management as a result. One of the ways in which they are doing this is by using so-called “Big Data” technologies and principles to address risk management issues.

From a technology perspective the tools to collect, collate, model, and give early warning from aggregated threat data do exist and are beginning to be used. The vast amount of data in play however means that the mechanics of managing threat data is incredibly difficult and quite specialized. It is unfeasible for enterprises to self-

Agenda Item Four:THREAT MANAGEMENT

develop and self-manage threat data management and modeling capabilities even though they are doing so for other aspects of the business. The volume and variety is significantly greater than neophytes might realize with so much data coming from so many locations that it is impossible to keep up.

At the end of the day this is not an IT issue but a broader business issue that IT is overseeing. Threat data management needs to be a component of a broader operation risk management approach. To be truly successful however, enterprises need to take a more open approach whereby threat intelligence is shared outside of organizational boundaries. Businesses need to overcome their fear of sharing and find a way to mitigate or eliminate the competitive impact of sharing such information.

• The thirty minute session structure is good in terms of creating an energetic and content-packed event, too often conversations had to be cut off because speakers took to long to get to the Q&A section of their session.

• The real value of sessions, whether delegate or partner led, is in the dialogue so speakers need to do a better job of managing their time to allow for dialogue at the end of sessions. A minimum of ten minutes of Q&A is best.

Agenda Item Five:EVENT OVERVIEW

• When it comes to partner sessions the audience collectively wants concrete action plans; they do not have the time for “teaser” pitches that don’t offer prescriptive guidance. They want to hear what really works.

• Partner sessions that leverage the “voice of the customer” either through presentation of a specific case study (as opposed to market pitch) or the inclusion of a client speaker were much more effective and engaging.

As a final agenda item, the group quickly reviewed their experiences at the 2014 CIO Finance Summit. While they collectively found the Summit to have been effective and a worthwhile expenditure of their time, they did offer the following commentary:

The CIO Finance Executive Board is a panel of industry experts and leading vendor organizations that meet quarterly to help drive the agenda of CDM Media’s annual CIO Finance Summit. The Summit is attended by a carefully selected group of industry practitioners intent on creating broader and deeper understanding of technology and leadership issues for the user community at large.

For questions about membership in the CIO Finance Executive Board, or to discuss either attendance at or sponsorship of the CIO Finance Summit, please contact either Mark Southam at 646-722-3079/ mark.southam@cdmmedia.com or James Quin at 312-374-0809 / james.quin@cdmmedia.com.