The Changing Face of the Software Sales Process.

Re-engineering the Governance Risk and Compliance model.


In recent years, largely as result of increased regulatory intervention, financial service providers, and particularly banks, have been encouraged to migrate to the use of powerful, function-specific software for determining potentially unusual characteristics in client conduct and behavior, in order to fully comply with the wider requirements of the anti-money laundering and terrorist financing interdiction process.

As the focus on transaction monitoring has gathered pace, new regulatory requirements have been added to the various responsibilities managed by the Governance Risk and Compliance Departments, and now a far wider canon of financial institutions are required to carry out transaction monitoring on a far wider variety of activities.

As well as continuing to monitor the basic KYC and name-checking procedures, software customers can now choose from a wide variety of software offerings which will provide facilities to engage with internal fraud problems, financial crime management including credit card abuse , anti-money laundering and terrorist financing requirements, PEP lists, Corruption indices, Sanctions listings etc etc.

Now, added to this, are the requirements to be able to monitor broker activity both within the institution and as a result of third-party client self-trading actions. This obviously requires more detailed and sophisticated software than the KYC/PEP tools, which means that a more equal relationship between vendor and bank becomes even more vital. This is particularly true for certain providers who don’t understand the banks, don’t understand the distinction between the front, middle and back office, and whom the banks don’t trust in any event. The winner in this one-sided contest becomes the company which only succeeds because their systems are not complex and they are the cheapest. Thus there is no added value.

Market surveillance tools are now increasingly being called for, looking for market manipulative behavior, or systems which will detect potential market abusive activities. Most recently, US Regulators are now demanding that their EU counterparts impose US extra-territorial requirements on EU exchange members (the recent CFTC oil contract short position reporting limits imposed on ICE are an example), requiring them to submit to US oversight by ensuring that short position limits are not being breached in certain volatile commodity contracts, and to alert their home regulators when clients or brokers take short positions in these contracts in volumes that could be deemed to possess potential volatility-enhancing characteristics.

All the knowledge about these regulations takes its provenance from a legal requirement enunciated in a jurisdiction somewhere in the world, whether it be in the UK, the EU or the USA; and whether it be promulgated by the UN, The Bank of England, the EU Commission, the UK Treasury, or the various US agencies whose actions possess extra-territorial implications such as the US Treasury, OFAC, the SEC et al.

Knowing how they work and how they are applied in the regulatory process is the function of a highly qualified and well-practiced individual sales leader, who also understands how the banking process works, and how each individual piece of legislation will have an impact upon the conduct of business of an individual client institution. Hiring such a skill-set is not an impossibility, vendors can look to hire people from banks. If this is not possible then they can educate their own sales leaders. This might be more difficult as these sales people tend to feel that the ‘sale is king’ and everything, including the most basic of knowledge, becomes secondary and in many organizations unnecessary. You often hear the well trotted out phrase, ‘You don’t have to know what you are selling to sell, a good sales person can sell anything’. This may be true for double glazing, but for banking regulatory software, well we can all see where that philosophy has led!

Currently, there are a wide number of software vendors, (World Check, Oracle, Actimize, Norkom, Fiserv, Bwise, Northland Solutions, SAS Institute, Unisys, etc and a host of smaller vendors) who offer their products on either side of the Atlantic, and now, increasingly, in the Middle East and South East Asia.

Traditionally, some of these vendors, with a few special exceptions, have emerged from the traditional IT software background, designing tools and solutions to be used by banks and financial institutions, and with the primary aim of enabling the client to enhance his profitability. In most cases, the traditional software being sold was either a new edition of an already established product, which had, over time, attracted a solid following of adherents, who could be generally expected, either through inertia, or alternatively the cost and difficulty in re-tooling and re-positioning their established core banking systems, to take the new editions as a matter of course, as they were delivered. Some providers installed these updates as part of their on-going contractual arrangements with their clients, which ensured that the client didn’t even have to think about the sales process at all, and just responded with his cheque-book.

There have been some vendors however who have also helped their clients meet regulatory requirements. Core banking vendors like Temenos, Misys, ERI Bancaire, Infosys, Flexcube/Oracle, add risk-management plug ins or OEM, or they white-label compliance and fraud products as an added-value service. They are not designed to be market leading even though they can add great value to the customers, they are there so that the vendor can simply say that they have that particular offering. So the question, ‘do you offer GRC products’ could be answered: ‘yes of course, it is part of our overall offering’.

The relationship between vendors and clients in the sales-process for traditional software products was a fairly easy-come, easy-go arrangement. Most of the time, the first port of call was the client IT department, and the relationship with the head of IT was usually a well-forged one, sometimes going back over years. The IT head knew the strengths and weaknesses of the individual providers with whom he dealt. He knew how far he could push for discounts, and he generally knew what he would get for his budget.

In the case of new products, the vendor’s representative’s sales process in days past was based largely on networking and up-selling, relying on his knowledge of the kind of ‘sweetners’ which would be needed to get the different clients’ interests aroused. Whether this was a trip to a leading Golf Tournament, a day at a major race meeting, or a night out in a lap-dancing club, each client buyer had his favourite method of engagement.

As a means of last resort, the salesperson might engage in an RFI/RFP process if it was thought necessary, but most salespeople hate this method. Apart from anything else, it meant having to spend time filling up complex questionnaires, and in most cases, the salespeople wouldn’t know most of the answers, and would have to rely on the pre-sales team for help. The pre-sales team however do not always possess the contemporary requisite level of domain skill needed to sell these complex regulatory products expertly. They possess high levels of technical expertise admittedly, but few of them have the necessary degree of commercial comprehension to understand how the product being offered might not necessary be commercially viable within the specific client profile, and how having to engage in too much pre-implementation consulting and re-engineering could easily make a product wholly unsuitable.

One major US software provider particularly suffered from this condition. Any push-back against what was a totally unsuitable product offering would be met with the ‘pre-sales’ response, ‘Just tell them we can make it work for them in that way’. They completely failed to understand that the client did not want to pay more money and wait for the months of additional consulting time and software re-engineering it would take to get what was already an unsuitable and expensive piece of kit fitted into their IT portfolio.

In any event, everyone in the process of completing RFP’s knew that such an exercise was a complete waste of time. If the vendor wasn’t the company defining the terms of the RFP for all other competitors to complete, then there was no point in competing.

RFP’s were in most cases the last resort of the purchasers inside the client house, who would fall back on the requirement for an RFP in their procurement process, as an excuse for their own lack of knowledge.

The relationship between the clients and the vendors has always been a fairly uneasy one, particularly in the new GRC products, because their effectiveness relies heavily on significant levels of post-sale support to the client, both in training in how to use the product most effectively, and continuation analysis in better interpretation of the alerts generated, and their criminogenic potential or meaning. Vendors salespeople are never going to offer that kind of support to a client because they do not have the expertise themselves . Within their own company, most software vendors’ salespeople consider themselves to be incredibly elevated, and demand significant input from the pre-sales teams and the domain experts within the company.

In most cases they are unwilling to ‘stretch’ themselves too much to get to grips with a new and complex product which requires some time to understand its workings, and, instead, will only focus their attention on those products which they know they can sell most easily and so ‘make their numbers’ in the quickest time possible. Salespeople are obsessed by their commission payments, some of which are calculated in the most arcane ways, and which almost inevitably mean that salespeople will focus on maxing out the commission potential from a particular sales strategy, to the detriment of everything else in their sales catalogue In these circumstances, trying to get them to focus on a new product offering, particularly if it doesn’t carry a ‘big ticket’ price, is doomed to failure.

Any push-back by a member of the pre-sales team or a domain expert who insists that the salesperson take their own responsibilities in the process will be met by loud accusation throughout the company of an unwillingness ‘to step up’ and assist in the sacred act of selling. Other accusations can include ‘failing to give me the brief I need to sell effectively’, but whatever the excuse, it usually boils down to the salesperson demonstrating their lack of confidence in their own ability to sell outside the box, in circumstances where they do not have either the knowledge or the willingness to acquire the knowledge necessary to enable them to sell a new product successfully.

Being associated with failure to sell a new product profitably threatens both their commission expectations, and their self-anointed air of superiority . This is a very important point and so often overlooked, because the 50-50 salary structure engenders an environment whereby the sales people have no interest in spending time developing their skill-set as it takes away time from trying to earn money.

The client institutions on the other hand, look upon the salespeople involved from the vendor’s side as an inherent breed of inferior individuals, members of a class of ‘untermensch’ who do not deserve any respect and even less time. Pre-sales teams are looked upon as being almost entirely composed of ‘geeks’ and technophiles, who possess no commercial instinct, and who do not understand the commercial imperative; while the salespeople, are perceived to be inherently treacherous, who will say anything if they think it will win the contract and who are focused only on their own commission.

Perhaps not unreasonably, the sales side are not perceived to offer any form of provision of essential equipment or systems that will help the compliance team with local or international regulatory requirements. Banks have an inherently negative view of salespeople, a feature which is so often borne out by the comments contained in so many RFPs which often admit that a large proportion of the responding vendors will be inadequate. This almost inevitably results in the employment of Management Consultants to determine product choice, but at vast cost, (One major insurer spent over £1,000,000 on consulting advice, which they subsequently ignored)! Such actions do not invoke confidence in the final vendor chosen. The banks on the other hand are constantly under pressure from their non-executive directors to minimize their (the non-execs) risk, when choosing a vendor. Only in the most extreme cases do the banks perceive the vendors to be equal partners in the process, professionals who add value to the business process.

The problem is that financial institutions believe those in the business departments to be innately superior to any other kind of partner in their commercial sector. They cannot believe that anyone other than their own kind can understand their business, and they have no intention of talking out of school. Headhunters know this phenomenon better than most because during buoyant financial times, bankers will almost never entertain the idea of moving over to a software vendor house under any circumstance! However, they do not pay the same degree of respect for the compliance departments, many if not most of whom are staffed by young, relatively inexperienced people, earning very low salaries by conventional banking standards. There may be 6 figure salaries available for a Global Group Head of Risk or Compliance in a major Tier One house, but by and large, the average compliance officer earns significantly less than someone in the financial role.

Thus, the tendency is for compliance staff to remain in post for a relatively short period of time, moving on regularly, not necessarily to gain significant increases in technical or domain knowledge, but merely to get more money. This means that financial houses are always having to begin again in their search for compliance staff, and are constantly having to train and re-train at the most basic level, which is the level that itself, does not understand the higher compliance needs imposed by increasingly global standard setting agencies.

So the compliance department develops a vicious circle of inexperience. The very people who should be developing long-term skills and should be laying down deep roots into the fabric of the institution in order to be able to bring a growth of experience to their role and function, are moving on to other fields, having to re-train again in a new house, while new staff have to be found to replace them. Because they are traditionally poorly paid, they have to recruit from a relatively low level of school leaver, or junior grade to fill the necessary posts.

Compliance thus increasingly becomes more a question of written process or procedures, and pen-pushing staff spend a huge amount of time complying with written protocols, ticking boxes as opposed to bringing real investigative verve to the process; and real practicable fraud experience and compliance grey heads are left on the shelf. Being told they are too qualified or too experienced for a particular role is the constant complaint of many hugely experienced candidates, because their skills demand far more money, and their experience can prove to be a difficult challenge, when some particular piece of potentially lucrative but dubiously flaky business presents itself. Easier not to employ them at all!

As a direct result of this short-sighted but deliberate policy, bankers rarely know what their real compliance exposures are, so secretly want their software vendors to be able to come to them and provide a full consultancy-led sales process, one which they can trust and rely on, but they let themselves down by refusing to engage in a sensible internal product review process as to which vendor to choose. This is a vital part of the product selection process because different vendors sell different tools, and one particular product may not be right for an individual bank’s needs.

One of the major problems associated with this practice is that in the case of compliance procedural software, the department possessing the sole need for the solutions is the under-resourced Compliance Department. Even today, such departments are not widely respected inside the banking culture. Banks may be willing to pay lip-service to the concept of ‘reputation protection’ but they are generally unwilling to spend the kind of money it may necessarily take to provide that cover.

The bank’s IT department is unlikely to understand the regulatory imperative of the software and is all too likely to spend a lot of time arguing against the need to buy such software in from outside providers, arguing the case for creating the solution internally. This is just a normal case of ‘turf protection’, and only very rarely does the internal IT department manage to build a suitable form of compliance system. However, in too many cases, the Compliance Department is too far down the food-chain to have any real ‘clout’ in managing the debate about how much money to spend, and in all too many cases, they end up with only a small percentage of the budget they need, meaning they either buy the wrong product altogether, just for the sake of implementing something, or they try to eke out their limited budget by acquiring products that will simply not scale sufficiently to meet their needs.

Unhappily, the vendors so very rarely help themselves by employing the right people to sell their products. They employ frankly sub-standard people who are unwilling to take the time to learn the inner workings of the products they are being increasingly called upon to sell, and who are equally unwilling to learn the inner workings and imperatives of their potential clients. Instead they merely rely on the standard ‘Give me the three killer facts I need to get their attention’, and then they rely instead on an over-elaboration of their achievements and give a differentially truthful picture of what the product can do.

To succeed most effectively in this space requires a root and branch re-engineering of the thinking behind the kind of people needed by the vendors of solutions to lead the sales development of their solutions.

First, the people selected to lead the sales process must be individuals who possess significant domain expertise in their own right to be able to hold down a senior consulting role in any professional provider. Their personal skills must be sufficient to be capable to winning the trust of the clients with whom they will be expected to work in an equal and harmonious partnership. Their primary aim at the start of the process must be to win the trust of the potential client and to demonstrate such a sufficiency of professional expertise that the client can expect their judgement to be unimpeachable.

Secondly, having demonstrated a very high level of domain expertise in their knowledge of the law and the regulatory interface required, including knowledge of the functions and the environment within which the regulatory systems are required to operate, the sales leader must be capable of working with the client to determine the most effective and efficient way of implementing the product’s capabilities for their best needs. To this end, the sales leader must be capable of demonstrating thought leadership by bringing a high level of compliance consulting knowledge to the process. By demonstrating strength and high competency in this function, the sales leader not only generates greater client acceptance of his product’s capabilities, but places himself and his product in the position of being a ‘trusted brand’ which is vital, if the closing of the sales process and its subsequent longer-term relationship management is to be successful.

Thirdly, and finally, the sales leader must be capable of maintaining a post-sales regime of client care and product nurturing and development, in order to continue to ensure that the client maintains his faith in both the sales procedures, and the quality of the product at the same time. Such a regime must be continued through the delivery of on-going training in both the use of the product, but also in the wider understanding of the financial crime phenomenon itself, so that better interpretive analysis can be achieved from the alerts generated through the use of the process. This should be coupled with the demonstration of greater client-relationship management skills, through on-going regular compliance feedback and client information processes.

In this way, the relationship between the vendor and the client becomes one of mutual synergy, one in which the client plays an equal role with the vendor in identifying and determining the way forward in achieving the delivery of a ‘best execution’ process for the client’s needs, and dispense with the unfortunate lack of trust in the validity of the product purchased and the integrity of the vendor’s salespeople, which presently so identify the present sales process of compliance transaction monitoring product offerings.

With my grateful thanks to Fearghal McGoveran for his valuable contributions to this article.