Alexander Brown – Technology Partner, Simmons & Simmons Ray Bricknell – Managing Director, Behind Every Cloud

Dear CEO - Mitigating IT Outsourcing Risk Choosing an Institutional Quality IT Vendor

•  Context : IT Outsourcing within “Dear CEO” concerns •  Is it “in Scope”? •  Impact of growing trend toward “Cloud” •  Operational IT Risk Mitigation – Local and Endemic

•  What does a rigorous IT Vendor Selection Process look like?

•  IT Vendor Selection Criteria

•  Areas for Improvement: •  Endemic Market Risk Mitigation – Cloud Vendor input? •  Cloud Vendor selection: A better way?

•  Panel Discussion – (Please hold questions until this session)

“What constitutes an Institutional Quality IT Vendor?”

Dear CEO - Choosing an Institutional Quality IT Vendor

•  Concern driver: endemic risk through financial interdependence

•  But – reading with IT Outsourcing and especially Cloud in mind

Surely Outsourced IT is a critical activity in the support of regulated activities?

Is IT Outsourcing “In Scope” for FCA “Dear CEO” Concerns?

•  IT Outsourcing Operational Risk: Local versus Endemic

Local e.g. Infrastructure Platform Event i.e. Single Vendor, Single Fund

Endemic e.g. Major Vendor Liquidation or BCP Event i.e. Single Event affects Multiple Funds - and even Wider Markets

With CLOUD (vs. On Premise or Co-Lo/Mgd Service on own kit) these two risk exposures begin to grow and merge

•  UK Asset Management IT Outsourcing Market: Small number of providers; Shared risks (e.g. E14 Flood)

Hundreds of funds: Shared Vendor exposure; Shared BCP exposure

So… BEC View: If it isn’t already in scope – it should be!!

Partially mitigated by thorough and ongoing Due Diligence

Is IT Outsourcing “In Scope” for FCA “Dear CEO” Concerns?

The typical IT Vendor Selection process:

• Internet

• Word of Mouth

• Expos &

• Conferences

• Events

• Webex’s

• Free trials

• Experience

• Provider Meetings

• CTO Discussions

• Technology Reviews

• Demo’s

• Follow-up Meetings

• 1000 .ppt slides

• Business Case

• Business Requirements

• RFI Development

• RFI’s Out / In / Review

• Data Capture

• RFP Creation

• Solutioning Workshops

• Reference Site Visits

• RFP Out / In / Review

• Solution Presentations

• Contract Negotiations

• Final Vendor Selection

The Good (hopefully)

The Bad

The Downright Ugly!

0

2

4

6

0

2

4

6

0

2

4

6

Formal RFI/RFP Identify

Vendors High-Level Assessmen

t

Highly prone to “Garbage In- Garbage Out”

Far too little “Open Market Feedback”

The Two Stage Formal RFI & RFP Process:

RFI/RFP Scope

Agreed - Approval to

Proceed

Identify Wide Range of Potential

Vendors

Desk Based Analysis of Vendors / Offerings

Select “Long List” Target

10 12 Vendors

Execute Non –Disclosure Agreements

Issue RFI

Multi-Vendor Briefing

Presentation and Open

Q&A

Develop RFI Content 1

Closed 1:1 Vendor Q&A

Sessions

Expect Approx. 2 “No-Bids”

Review Formal RFI Responses

Select Short List Target 4 to 6 Vendors

Release RFP to Short List

Vendor Q & A Cycle

Review RFP Submissions

Review Product

Collateral

Review Public

Domain Collateral

Review Indicative

Cost Models

Develop RFP Content

Develop RFP Response Template

Agree Selection

Criteria and Weightings

Develop Capture and Collection

System 1

2

RFI & RFP Process (cont.)

Client Side Q&A Cycle

Select “Internal Short List” for Presentations

and Due Diligence

Vendor Presentatio

ns (4-6)

Review, Analyse,

Score and Report

Reduce “Internal

Short List” to 2-3

Vendors

Legal Terms and

Conditions HL Review

Financial Due Diligence

Site Visits * 3 per Vendor (DC’s and

NOC)

Conduct Security

Audit

Conduct Technical

Due Diligence

Develop “Like-For-Like” Cost

Models

3

Commercial Negotiations

Contractual Negotiations

Review, Analyse, Score

and Report

Now 2 “Preferred Vendors”

High Level Design

Finalisation

Announce Final

Successful Vendor

Decision

3

Average Timeframe and Internal/Consultancy Cost: 4 – 6 Months £100k – £150k

IT and Cloud Outsourcing Vendor Selection Criteria e.g.:

Selection Criteria (for panel discussion later) •  Regulation and Compliance •  Clients Profile Breakdown incl.

•  By Size •  By Revenue

•  Client References - ALL •  Financial Viability

•  Revenue and Profitability Profile •  Business Model •  Ownership

•  Independent Accreditations •  Contractuals i.e. T&C's •  Flexibility and Scalability •  Topology (Local / Global) •  Sector Alignment •  Risk Profile •  Technical

•  Teams (Support/Migration/Management) •  Platform Components •  “Onion Layers” •  Vendor Relationships •  “Active-Active” => “Always On” •  Application Layer Support

Pre- Requisites •  Assessment of Key Risks and

Issues •  Internal Requirements Definition •  Internal Cost Model (“Like for Like”)

•  Strategy •  Incl. Technical; Incl. Tactical •  Incl. Timing and Resourcing

•  Business Case Approval

Areas for Future Focus and Improvement

•  Endemic Market Risk Mitigation •  Cloud Vendor input to potential solutions? •  Whole of Market Cloud Vendor Dependency Data

•  Cloud Vendor selection: A better way?

•  The Clovertm Cloud Vendor Rating Engine

Dear CEO - Choosing an Institutional Quality IT Vendor

Customer Confidential

Requirements Gathering & Service Catalogue

IT Strategy & Business Case

Multiple RFI’s & RFP’s

The CLOVER™ Cloud Vendor Rating

Engine

Constant Immersion in the Cloud Ecosystem Buying Cycle

50+ Suppliers Analysed (and counting…)

Data Ratified Bi-Annually

3 * Recommended:

-  The Good -  The Good -  The Good

Client Specific Inputs

Detailed Client Output

Regular Vendor

Self- Updates

via Portal

“Qualified Leads”

Vendor Feedback

External Financial

s &

Media

Existing Asset Management Customer Feedback

+

-

Interactive Panel Discussion:

“What constitutes an Institutional Quality IT Vendor?”

Your Panellists:

Ian Bowell – CTO – Prologue Capital

Alex Brown, Technology Partner - Simmons and Simmons

Mark Fowle – CEO and co-Founder – Attenda

Jon Gasparini – Financial Services CTO – Fujitsu

Alex Parker – CTO – Commensus

Roy Wood – Sales and Marketing Director – Advanced 365

Chair:

Ray Bricknell – MD – Behind Every Cloud

Dear CEO - Choosing an Institutional Quality IT Vendor

Thank you for your time, please join us for coffee outside.

Contacts for any follow up questions:

Alex Brown, Technology Partner - Simmons and Simmons

Alexander.Brown@simmons-simmons.com

Ray Bricknell – MD – Behind Every Cloud

Ray@BehindEveryCloud.co.uk

Dear CEO - Choosing an Institutional Quality IT Vendor