Upload
rosario-piazzese
View
23
Download
3
Embed Size (px)
Citation preview
Agenda1. Company Introduction2. Company Proposition3. Company Approach4. What we do? C&D and C&D Suisse5. Contacts
2
Mettiamo a proprio agio l’utente in its digital experiences with the brand.
CHI SIAMO
Codd & Date: a historical nameof the IT Management Consulting and System Integration, with strong experience in complex delivery, professional advice in IT and Organisational environments, in strategic alignment betweenBusiness and IT
Mobile Payment Services company, with a strong international presence, basedin Milan & London and listedon the London Stock Exchange
THENETWORK
CODD&DATE SKILLS
Data & Information Governanace
IT Governance, Risk, Compliance, Assurance & Security
Multichannel digitalfactory
Enterprise Architectures & Strategic Alignment
Designs, Managesand Ensuresmaximum output for every projects
OUR PROPOSITION
Our Mission
… to support SwissCustomers in
creating business advantages in Swiss and EU Contexts
To capitalize EU and Swiss
experiences …
Our GoalCodd&Date is active in EU environmentsince the end of ’80s of last century anddeveloped a significant experience in FSI EUcontext.Codd&Date is active part of EU communitiesas europrivacy.info or Security Councils andis partner of EU market share analyst as IDCto understand and participate in creatingnew praxis and standards for FSI
Codd&Date Suisse has the goal to createconcrete value added for Swiss Customerscustomizing the cross border C&D experienceto identify, design and implement services andsolutions focused on Swiss market share and, inthe meanwhile, coherent with the cross borderinitiatives impacting both EU and Switzerland,as ISO 20022, PSD2, Privacy, Cyber Security andDigitalization, stressing and structuring thehistorical Swiss cross border capabilitiestransforming them in company assets
Fromhere ….
… tothere
CONSULTINGConsulting means to be close to the customers to design, supervise and ensure themaximum performance of each operational strategy. Codd&Date Suisse is not aTechnology Provider so is not involved in typical technology qualifications programs.
And for every solution we plan and implement the most effective approach, providingthe customer with a team of services supported by professionals specialized in each industry.Third party advisory role is one of our main assets.
IT Strategies & Governance
Project Management
IT Governance, Risk , Compliance, Audit & Security
IT & Data Architectures
Payments Architectures &
Consulting
BUSINESS GOVERNANCE AND STRATEGY
ARCHITECTURE TECHNICAL RESOURCES DEVELOPER
Channels & Products IT governanceStrategy
Enterprise Project Manager Cross Platform
Data Management Data GovernanceCompliance
Operational ImpactsBC Expert
EnterpriseInformationComplianceSecurity
Project ManagerBusiness AnalystSolution Architect
System Administrator
Cross Platform
Compliances IT serviceStrategist
Information Software Analist Cross Platform
Privacy Audit & Controls Data Audit & Compliance Cross Platform
Accountability IT processImprover
System & Solution Project managerSolution ArchitectBusiness Analyst
Cross Platform
«Cross Border» Operational ImpactsBC Expert
Security Project ManagerEnterprise ArchitectSystem Administrator
Cross Platform
Talents
IT Strategy & GovernanceWe support our customer in his Hardware and Software selection and/or in defining criteria for
choosing a system integrator
Our team provides sourcing strategy, defines appropriate models to manage vendor selections and takes care of the production of sourcing/procurement models
The Decision Support activity is oriented to help the customer in his choices, both in terms of partners and of products/services
Our consulting services cover extremely topical issues such as Cloud and Mobility, BYOD Strategies and related Control Models, Social Networks and Big Data, IT Strategies and Security
Our team provides also feasibility studies such as impact analysis, risk analysis, financial–economic analysis, costs/benefits analysis and SWOT analysis. Our partnership with IDC
provides to our teams the capability to understand the market trends and to evaluate the more appropriate operational roadmaps
The IT Strategy Advisory concerns activities of business planning and IT alignment to the company strategic governance objectives. This includes consulting services for innovation management and definition of IT/IS Governance models. SLA/OLA Management is a core
component of our services. The base is the logic of Strategic Alignment Model among Business and Operations following the Harvard Henderson – Venkatraman model
Project Management
• Project Management/PM "as a service"• Project Office/PMO "as a service"• Training/Education• Project Audit, Assessment & Recovery• Process Assessment & Improvement
Project or Programme Assurance provides an independent and objective oversight of the likely future performance of major projects and the need to provide confidence for project or programme stakeholders of technologically advanced, high capital or high risk projects. Project assurance is not in contrast with related disciplines of project management, project benchmarking, value assurance or phase–gate model and project risk assessment. It is particularly well suited for projects with a major financial decision point beyond which revisions become exceptionally expensive.
15
IT Governance, Risk, Compliance, Audit & Security
• The IT governance is strictly linked to control policies, performance measurability and compliance.
• The C&D team deals with business processes through activities of assessment, optimization, monitoring and control in accordance with the regulations. The IT risk management is particularly monitored through controls both of second level (risk/compliance) and of third level (audit). Part of our support in this area are topics related with the security of services with special focus on Cyber Security and IT Continuity.
• Cyber Security is the protection of information systems from theft or damage. IT Service Continuity is part of Business Continuity Planning (BCP) and encompasses IT disaster recovery planning and wider IT resilience planning. IT Service Continuity is essential in the implementation of Business Continuity, as specified in ISO/IEC 27001:2013 and ISO 22301:2012 respectively.
IT & Data Governance and Architectures
Data Architecture
Data Governa
nce
Enterprise an
d Da
ta Architecture
In our experience Enterprise architecture is a well‐defined practice for conducting enterprise analysis, design, planning, and implementation, using a holistic approach at all times, for the successful development and execution of strategy. Enterprise architecture applies architecture principles and practices to guide organizations through the business, information, process, and technology changes necessary to execute their strategies. These practices utilize the various aspects of an enterprise to identify, motivate, and achieve these changes
As fundamental part of these activities, Data Governance are especially focused on defining the operational aspects both of the business strategies and of compliance needs. Data governance ensures that data can be trusted and that people can be made accountable for any adverse event that happens because of low data quality. It is about putting people in charge of fixing and preventing issues with data so that the enterprise can become more efficient
Data architecture is a set of processes that ensures as important data assets are formally managed throughout the enterprise.. Data architecture also describes an evolutionary process for a company, altering the company’s way of thinking and setting up the processes to handle information so that it may be utilized by the entire organization. It’s about using technology when necessary in many forms to help aid the process. When companies desire, or are required, to gain control of their data, they empower their people, set up processes and get help from technology to do it
Payments Architectures & Consulting
• CODD&DATE offers a long time experience in supporting financial institutions in the adoption of new standard for payment systems.
• SEPA, Security and ISO 20022, SIC4 evolutions are the more recent update of this world but is not the only one. Mobile payments, peer to peer money transfer, SDD, PSD2, bitcoins/cryptocurrency and block chains and so on are changing drastically the approach to the payment systems, both on IT and business side and not just for financial companies but also for retailer or large distribution players, especially in cross border or multi currencies contexts.
• C&D developped a specific set of skills and capabilities in order to support customers in designing solutions, identifying partners and providers, handling projects and ensuring quality assurance in thisarea.
Digital & New Rules Trends
PSD2
ISO 20022SEPA 2
SIC4
MiFID IIIMDIDD
InterbankingSIC4
Network
Brokerage elimination, cross border impact
Cross border electronic payments integration
Extra bankingcoverage, governancemodel, operation
24/7, GDPR (Privacy Shield)
NIS
DIGITALIZATION
Digital Scenario
Cloud
Mobile
Big Data & Business Analysis
Digitalization
IDC Banking Forum 2016
Compliance, Business Alignment, Technology, Data, Security & Digital
Data Governance
Data protection:
privacyvs
availability
CIA(Confidentiality,
Integrity, Availability)
New trends:clusteringprofiling
predictivemarketing
Access:segregation
vsprivacy
DIGITALIZATION
BUSINESS
COMPLIANCE
RISK MGMT
Management Consulting Transformation: From Advisory to «End to End» Service
...provided by…
.A team of multidisciplinary IT & Management Consulting/Advisor professionals certified and qualified to understandand solve the customer needs.
.
Lead Auditor 27000x/20000,
ISAE 3402/3000 ISO 20022Enterprise, Solution & Technology Architecture
Agile Scrumm
Web & Mobile Cloud Computing
IT Players Consulting Forum
Qualifications
http://www.vipera.com/our‐company/investor‐relations/reports‐and‐constitutional‐documents/
...with the support of…
…in different enterprises…
OUR APPROACH
C&D effort and skills can be focused allover the lifecycle of a product/process.We can walk in at the beginning managing the entire development of the product or the rest of his lifecycle if it would be already started.
Time
Effort
Implementing
Strategic Advisory
OperationalAdvisory
Planning &Programming
Roll Out «As A Service» Maintenance
MaintenanceSupport
AnalysisProject
Maintenance & Continuous Improvement
Consulting «as a Service»
Strategic Alignement
INFORMATIONIT ASSETS
AVAILABILITY ORGANIZATION
CONTROLS RISK MANAGEMENT
OUTSOURCING
BUSINESS
‐CATEGORIZATION‐CLASSIFICATION‐INVENTORIES
‐DOCUMENT MANAGEMENT‐INFORMATION RETENTION
‐DIGITALIZATION & NEW TECHNOLOGY
‐
‐RELIABLE BUSINESS EFFECTIVENESS‐CONTROLLING,COMMUNICATION AND EFFICENCY
‐BUSINESS & TECHNOLOGY ALIGNMENT
The SAM Frameworkfor FSI
WHAT WE DO?C&D AND C&D SUISSE
ASSET MANAGEMENT OPERATIONAL SUPPORT
GOVERNANCE(GRC Architect™ and REPORTING)
DATA PRIVACY
DIGITAL INNOVATION&
TRANSFORMATION
CYBER SECURITY
RETAIL BANKINGand
PRIVATE BANKING GOVERNANCE AND STRATEGY
Assets Management Operational SupportThe Suisse regulation ban the personal arbitrages but let other entities to classified thereself asgaurantee of third party arbitrages.
This particular activity can be applied to the private‐banking as a channel to develop the assetsmanagement practices.
The Assets Management can be built‐in with the tax‐management or the tax‐reporting if necessaryfor fiscal reporting to the autorities.
This model presents some key features that must be keep in mind:Absolute confidentialityTotal availabilityCustomization for different requirements
The asset management apllies to wealth management entities, medium‐size bank licensed companiesand pension funds.
Retail Banking Governance & StrategyThe evolution of the payments systems brought up some side effects on specific topic such as risk‐management, data governance, accountability, costs etc…
We can identify the triggers aspects of this phenomenas and we can also provide a tacit audit processfor this aspects.
SEPA (single euro payments area)AdvisoryProject manager/quality assuranceAutomatic testing processes of new SEPA forms
SIC
SWIFT
TARGET 2
Private Banking Governance & StrategyThe private entities are witnessing a dematerialization of his classical assets such as the financialmanagement ‐> the hi‐tech revolution has introduce new technicals that more time pass, more theywill be popular and use.
Consequently, this «world» need to update his business plans focusing his attentions and efforts inthe production of virtual services that should satisfy the needs of the customers (only the «prime»customers has a human‐personal assistant provided by the bank itself).
This flows in the creation of a «robot advisor» that is available anytime and anywhere which has tosolve all customer’s problems and wants.
C&D is capable to identify, investigate and solve issues that this new tools can set up and we canprovide governance services of them.
Digital Innovation & TrasformationThe propagation of fintech companies as change the keyfactors of the financial market because they promote theevolution of payment channels and data aggregation.
PSD 2 (Payment Services Directive 2) allows other operators,different from banks, to manage payments lower than 500€.
This particular process means a wave of potential newstreams that can represent new incomes ‐> the entity shouldcreate an automatic interface to manage this type ofpayments (profilization of customers and dataadministration).
We can bring back this events to a specific group of «bestpractices» that can help the entity in the management ofthis phenomena.
IL Digital WorldAbolition of time and space«Wide» access to known and unknown usersAnywhere – Anytime (reti) – Anymedia (login with multiple devicesmore and more cheaper‐ smartphone that costs 4$)New needs‐> New business opportunities («Apps»)Social Media dimensionShared/sharable Processes‐> information circulation (Barilla 2020)
3A
NEW OPPORTUNITIES FOR ENTERPRISESoMarketsoMore efficient protectionoMore efficient processes (internal)o«end‐to‐end» efficiencyoProtection and administration of processes
RISK DIMENSIONS MAP Don’t get the evolution! (dino sindrome) “Stakeholders” expectations Representation (brand awareness) Corporate Management Information confidentiality / protection
Impact
• Marketse‐Commerce (B2x)e‐Brand
• Efficiency (from «star» to «hub»)Processes
a) IT share (workflow)b) Usability anywhere / anytimec) “paper‐free”
“end‐to‐end”a) Lack of “information delay”b) Controlled merge of processes – corporate level/ hub
• Relation Customer management (Unified Communication Process)Multichannel commercial possibilities (i.e. marketplace)
Opportunities
Strategic oneoPresume that a «still niche» could even existoroles and mission of corporate functions‐> «change in culture»
Stakeholders expectationso Performance & CIA (response time, availability 24x7x365) = preserve value
o New opportunity = create value through “end‐to‐end” integration(e.g. pagamento come step integrato: Psd/2, new payment media app‐based, integrated authentication)
Risks
ImageoOffer unsuitabilityo SOCIAL
• Avalanche effect• Information’s quality can not be verified• “Anonymity”
IT management: “size” as the key‐driveroBusiness alignment thru architectureoProcess availability (continuity)oProcess performanceoRight costingoRisk management (through IT process maturity)
Risks
Information confidentiality / protectionoINSIDER THREATS‐> fast analysis of huge loads of data‐> identity / access management
oOUTSIDER THREATS ‐> Cyber crime (a new global structuredbusiness)
oCOMPLIANCE COST ‐> EU/Suisse regulation
Risks
New IT approach (XaaS) (size factor)– Cloud (infra level)– SaaS / PRaaS– “resource hub”
LEGO architecture: IT as enabler of the processes connected to it(toconsider in a «wide» / «end‐to‐end» view)SECURITY (cyber, logical, physical related to INFORMATION)Integrated governance bodyProven process of risk management (“black swan”)
..to do list…
Digital Innovation & Trasformation
In such fields as online lending, money transfer, and credit ratings, FinTech companies are breaking the dominance of financial services’ largest players in novel ways.
We believe that there is a strategy you can employ that will borrow certain useful aspects of these approaches while putting your company in a better position to succeed
The World Economic Forum forecasts that in 2025 the 10% of world’s GDP will be based on registered activitieswhich are working with blockchain principles.
Blockchains are a technology that may be integrated into multiple areas. Examples include a payment system and digital currency, facilitating crowd sales, or implementing prediction markets and generic governance tools
Changing customer’s behaviour
New competitors and disintermediation
Tighter regulation
Blockchain
Cost and operational risk reduction
Digital Innovation & TrasformationPayments Compliance Transformation Roadmap
Management AwarenessTrainingCoachingAnalysisDesign & Implementation
Management AwarenessTrainingCoachingAnalysisDesign & Implementation
Management Awareness
Training
Coaching
Analysis
Design & Implementation
Digitalization and Payments
Motif
TS2 Card Management
Payment acquiring
p2p moneytransferZAC
Bill payments
Integration protocols− SWIFT, EBICS
− HTTP(s), SOAP, REST, XML, (s)FTP
− IBM MQ, JAAS, IIOP, JDBC
− SNMP, TRAP, SMPP 3.4, SMPP
Real time authorisationinfo
Remote banking
Card controlNFC payment
Wallet
Some experiences in EU
Mashreq BankCodd&Date is at the core ofMashreq’s mobility strategy.Mashreq offers mobilebanking and paymentservices in the UAE, Egyptand Qatar, the serviceincludes:• Alerts• Mobile Banking• Mobile Money Transfer• NFC Mobile Payment• Mobile CRM, loyalty andcoupon management
Cyber Security
The cyber security needs a technological drill‐down and a in‐depth knowledge of thedirectives/regulations.
We can offer convertible matrix for te conversion of the EU directives into Suissescenery.
We can provide managerial support for the development of new internal structures ‐>this topic includes the supplier definition and a specific services choice.
If necessary, we can lead penetration test for the risk‐management helped by somepartherships with specific companies.
CODD&DATE for Security
Compliance Governance & Risk Mgmt
Assurance & Security
Management Models
Organizational Models
BPM Models
IT Governance, Strategies and Design
Covering
Constant uptime of IT operational engine andrelevant components(Business Continuity)
Technical choices toavoid vulnerability(Cyber Security,
Information Security, Security By Design)
BUSINESS AS USUAL
Data PrivacyThe Data privacy is a lien for the correct functioning of all the businesses that aspecific entity has.
The overturn of the Safe Harbour Privacy Principals (October 2015) forced Europe toadopt new measures to protect the data privacy.
Privacy Shield + GDPR (General Data Protection Regulation) where the twocountermeasures adopted by Europe.
C&D can summarize this two EU directives to give the customer convertible matrixfor the conversion of the EU directives into Swiss scenery and rank tools of privacy toclassify all the files and docs.
C&D is sponsor and partner of the «europrivacy.info» blog and could ensure thesupport of high level international certified professionals(CISA,CISM,CGEIT,CRISC,CSX)
Rules ScenarioCompliance Individual Rights Security Measures Best Practices
SEPA2Single Euro Payments Area • Information Availability • CIA (Confidentiality,
Integrity, Availability)• Data Governance (ISAE 3000)• Need to know
MiFID IIMarkets in Financial Instruments Directive
• Information Availability• Data Privacy
• CIA (Confidentiality, Integrity, Availability)
• Data Protection• Segregation of duty• Need to know
PSD2Payment Services Directive
• Information Availability• Data Privacy
• CIA (Confidentiality, Integrity, Availability)
• Data Protection
• Data Governance• Need to know• Segregation of duty• Defense in depth
Rules ScenarioCompliance Individual Rights Security Measures Best Practices
GDPRGeneral Data ProtectionRegulation
• Data Privacy • Data Protection • Data Governance• Need to know
NISNetwork Information Security • Information Availability • CIA (Confidentiality,
Integrity, Availability) • NIS
Cyber Security• Information Availability• Critical Infrastructure
Protection
• CIA (Confidentiality, Integrity, Availability)
• IoT
• Data Governance• Need to know• Defense in depth
Privacy Shield • Data Privacy • Data Protection • Data Governance• Need to know
Cloud Security• Information Availability• Critical Infrastructure
Protection
• CIA (Confidentiality,Integrity, Availability)
• IoT
• Data Governance• Need to know• Defense in depth
Individuals vs Systemics
Individual Rights Systemics
Defenses
BI and ReportingThe reporting process is a key factor for the correct growth of an entity
This process creates a tracking all over your assets to protect the entity from legaltrials against itself.
It also allows to control the opportunistic behaviour of the manager during theeconomic process that they rule.
The reporting system can be really usefull in order to manage and control the entity ‐> the reporting produce a «box of information» which can be used to satisfy someneeds such as regulation one, market one and internal review.
In the end, the reporting system allows to support new products and generate newreporting models.
Data Governance Process Re-engeneering or Definition
Data Governance Approach Definition
Data Governance
Process Assessment
Data Management
Data Dictionary
Data Glossary
Naming Convention
& Data Modeling
Standards
Data Architecture Office Set-Up and Tutoring
SecurityData
MaskingStrategy
Data Quality
Master DataMgmt
Data Architecture Administration
Monitoring and Audit
Application Management DWH/DBM/BI
Assessment DWH and Database Marketing
Software Selection
(DWH & BI Technologies)
Feasibility study and
RFP redaction
PMO and Demand Management
DWH-Database Marketing - BI
Data Integration Processes Analysis
Program & Project Management DWH, Database Marketing and Business Intelligence
Delivery DWH/DBM systems
Delivery Business Intelligence systems
Data governance initiatives improve data quality defining a datamanagement process and assigning a team responsible for all theprocesses phases in order to reach data accuracy, data accessibility,consistency, completeness and security.While data governance initiatives can be driven by a desire to improvedata quality, they are more often driven by the needs in responding toexternal regulations.To achieve compliance with these regulations, business processes andcontrols require formal management processes to govern the datasubject to these regulations.
We brought into production some major DataWarehouseprojects, designing and delivering the entire solution orreviewing and optimizing solutions already operating.We reached a good technological expertise and goodknowledge on logical and physical DWH data modeling as wellas data integration processes reaching good methodologicalexpertise.
Our references on complex DWH and BI projects, qualify us asa valid player in the management and implementation of DataWarehouse and Business Intelligence solutions as well as inprogram management task related to DWH evolution.
C&D Services in area Data Mgmt & AnalysisData Governance
Main contractor
The previous slide describes our “on field” experience in several financial institutions with a real large amount of data to handle and astrategic digital approach like Banca Mediolanum in Italy.We actually work with the Internal team at “Data Architecture and Data Management” Area.In the last 3 years we helped Banca Mediolanum starting‐up and promoting a Data Governance model inside the ICT Direction.We live in the customer office and work strictly in contact with all the other data driven projects for new digital strategies, GRC and soon, in some cases like tutors, in other cases supporting analysis and data modeling; Always performing a continuous auditing andcheck‐on Data Management Decisions.We also support Banca Mediolanum experimenting new data oriented technologies (POC, Feasibility studies and so on) as like asmanage technological and architectural projects (Data Masking – Teradata Warehouse….)
Our Role
CA Erwin, C&D Data Modeling Metodology, Project Management
Methodology and Technology
10 FTE in 2015 – Actual deadline in December 2017
People involved
Mediolanum Data Governance Project
GRC ARCHITECT™Company Strategy
Operational Support
Security & Assurance
FINMA (eg. 2008/21), MiFID II, ECB (Cross Border, Accountability, etc.) &
Market Evolution
Banking & Finance (and all regulated market shares)
GRC ARCHITECT™ Knowledge Management System
Policy Framework
Process standardization
Control system
CMDB
Operational Engine
CONTACTS
Codd&DateSuisse Sagl
Via Maggio 1CCH ‐ 6900 Lugano
Switzerland
+41 91 260 16 09
info@codd‐date.chwww.codd‐date.ch
Codd&DateSuisse Sagl
Bahnhofstrasse 100CH ‐ 8001 ZürichSwitzerland
+41 44 562 71 77
info@codd‐date.chwww.codd‐date.ch
Codd&Date Group CEOMauro Duca
mauro.duca@codd‐date.it+39 02 87393631
Codd&Date Suisse GMRosario Piazzese
rosario.piazzese@codd‐date.ch+41 44 562 71 77
Codd&Date Suisse BDMOscar Neira
oscar.neira@codd‐date.ch+41 44 562 71 77