Governance: A Higher Power

Good but elusive, pervasive but difficult to quantify, powerful but intangible, the ideal of IT governance has been sought by CIOs ever since the concept began to attract a following in the late 1990s.

Apostles like the MIT Sloan School’s Peter Weill have extolled its benefits. “Companies with better than average IT governance earn at least a 20 percent higher return on assets than organizations with weaker governance,” he asserted in these pages last June 15 (see Recipe for Good Governance), upon the release of his book (with Jeanne W. Ross) IT Governance: How Top Performers Manage IT Decision Rights for Superior Results.

One company Weill identifies as an exemplar of good IT governance is State Street, the $5.5 billion Boston-based financial services company that manages $1.2 trillion in assets. And few situations reveal IT governance in action as well as the massive integration project that followed hard on the heels of State Street’s daring acquisition of Deutsche Bank Global Securities Services in 2003.

State Street, the $5.5 billion Boston-based financial services company, manages $1.2 trillion in assets. Often derided as “Staid Street,” its $1.5 billion acquisition of Deutsche Bank was considered daring by many and, to date, largely successful.

Acquisitions are “a fabulous opportunity to test the limits of governance,” says Weill, director of the Sloan School’s Center for Information Systems Research. “What good governance does is it makes decision rights and accountabilities clear. Instead of arguing over or even wondering who should make certain decisions, the company can go about making the integration work.”

Analysts call the State Street-Deutsche Bank integration, now nearly complete, a success. State Street has held onto an impressive 88 percent of the revenue generated by the Deutsche Bank business, falling just 2 percent short of the acquisition’s ambitious goal.

Yet State Street CIO Joseph Antonellis, a hard-nosed MBA, struggles to identify how much of that 88 percent is attributable to IT governance. “I don’t know if I’d attribute any of it” to governance, he admits.

In other words, even this top disciple has a difficult time explaining the mysteries of IT governance. “I guess I attribute the project’s success to the fact that the conversions went seamlessly,” Antonellis continues. “We were able to service clients, and that happened because we have a good IT governance process and good execution on IT. You have to keep the revenue and keep your clients happy, but you can’t do it at all costs. The IT governance process allowed us to work with the business units to make those balanced decisions more profitable.”

“IT governance” is the name Antonellis gives to the higher power that guided him through those myriad decisions—a power that he agreed to try to explain.

The Acquisition: A Leap of Faith

In January 2003, when State Street spent $1.5 billion acquiring the business unit of Deutsche Bank that serviced global stocks and bonds for institutional clients, it wasn’t because State Street wanted Deutsche Bank’s technology. State Street had its own technology that it believed was superior to the 900 applications it would inherit. And it didn’t necessarily want Deutsche Bank’s employees. About 1,000 of the 3,000 Deutsche Bank employees transferred to State Street were soon laid off.

No, the prize for State Street was Deutsche Bank’s more than 600 global securities clients. The acquisition would instantly nearly double State Street’s business in most of the major European markets, and once it took over those portfolios, State Street executives were confident they would be able to cross-sell other services.

Analysts, however, were skeptical. The acquisition’s success was predicated upon State Street retaining 90 percent of the revenue of the acquired business, even though typical revenue retention rates in a customer acquisition are closer to 80 percent, according to Guillermo Kopp of Tower Group, a financial services consultancy. And all this was happening during an extremely difficult time for the normally placid, two-century-old company sometimes called “Staid Street.” After a 24-year run of double-digit profits, State Street’s earnings had come to a screeching halt in 2001. Soon after the acquisition, the company posted its first quarterly loss in 26 years.

The company would have to build capacity to absorb the 11,000 portfolios of Deutsche Bank’s 600-plus clients, migrate the new client data and shut down the Deutsche Bank systems—and do so swiftly, before too many clients decided to go with competitors who offered them a better deal.

This strategy of quick data migration is a best practice, says Kopp, who is Tower Group’s vice president of financial services strategies and IT investments. “You put a little more effort up front in doing that migration, but then you don’t have to maintain duplicate systems,” he explains.

Along the way, any stalled decision could have slammed the project into a wall. According to John Petrey, executive vice president and CIO of Banknorth, which has made dozens of acquisitions in the past several years, “Not being able to get decisions made is probably the single biggest risk to not having a successful merger. You have to get decisions made by certain deadlines, or you’re dead.”

But it wouldn’t take a miracle for State Street to make its decisions on time.

It would take good IT governance.

The Hierarchy: How State Street Made 11,000 Decisions

Ask for a definition of IT governance, and as likely as not you’ll get a description of its componentsa group of things that, together, add up to governance. At State Street, those components are a group of committees through which decisions cascade as strategy generates policy, which is then executed. And migrating 11,000 Deutsche Bank client portfolios was going to take a lot of execution.

At the top of State Street’s governance pyramid is the Operating Group, which consists of the CEO, vice chairman, CIO, CFO, the head of human resources and the three heads of the major business lines: custody, asset management and global markets. This is the group that greenlighted the Deutsche Bank acquisition. It meets weekly to discuss strategy. A subgroup of this committee, called the Executive Steering Group (with nearly the same roster), meets once or twice a month to talk specifically about IT and operations. (See “State Street’s Governance Hierarchy,” this page.)

The next level down is the IT Council, composed of Antonellis and his six direct reports. This group convenes twice a month to discuss IT best practices, cross-enterprise projects and IT change management.

Below that is an Office of Strategy and Governance, made up of IT and product managers from each of State Street’s three business divisions, which reviews and studies new technologies, establishes the enterprise architecture blueprint and maintains the systems development methodology.

Finally, an Integration Project Management Office, established for the Deutsche Bank acquisition, functions as something of a fractal of the whole structure, with managers from each discipline—including IT, sales, human resources and client services—working out the various and sundry details of each component of the integration. The rule of thumb at State Street is that any decision involving up to $5 million goes up to the IT Council. Decisions that involve up to $10 million rise to the Executive Steering Group. Decisions $10 million or more are handled by the Operating Group. Strategy trickles down.

“At the very top of the house, there’s an expectation of cost reduction. And the way to achieve that is to make sure that you have synergy with your applications and your platforms,” Antonellis says about the Deutsche Bank integration. “You drop down to the IT Council, the first level, and they said, ‘Let’s go out and inventory everything we have.'” From there, the business experts in the Integration Project Management Office compared and contrasted specific Deutsche Bank features against what State Street already had, looked for redundancies and decided when a Deutsche Bank functionality should be brought over and built into State Street’s product set.

Before former State Street CIO John Fiore started to wrap his arms around IT governance in 2001, decisions were made “in each business silo,” says Antonellis, who was executive vice president and head of Institutional Investor Services before becoming CIO. “There was little integration. Redundancy. Too many platforms. You interacted with staff based on personal relationships. If I happened to know that my brethren over in global asset management were utilizing some software, I would pick up the phone. Now it’s much more prescribed. There’s a certain amount of flexibility, but now we have standards.”

Not that IT governance is all about standardization and centralization. “You have to be careful,” Antonellis warns. “You can’t be too structured and too rigorous or you’ll stifle innovation, and then you won’t be nimble.” The point of all these committees isn’t to determine that the company should, for example, standardize on IBM’s WebSphere for Web services, he says. It’s to have processes in place to decide if the company needs a standard. And if so, who will choose it (that is, decision rights).

One size does not fit all. “Depending on your organization, you create the framework for IT governance—how centralized you want to be, how many standards and requirements you want to impose on people, and how [IT] interacts with the business units,” Antonellis says. The structure needs to be created based on the culture of the company. For instance, he says, “Some people would never impose IT on the CEO, but our CEO loves it. He used to be an assembler programmer in his first job out of college. He wants to be involved in IT decisions.”

State Street Executive VP Sharon Donovan Hart was the top liaison between the businesspeople and the technologists during the Deutsche Bank integration.

Weill agrees that there’s no one right way to do governance. “The structure is not important,” he says. “What you really care about is decision rights: Who has the right to make decisions?”

In the Deutsche Bank acquisition, State Street had a ready-made governance model: it’s own. Because it was acquiring a business unit (not merging with another business), and because the CIO of the acquired business unit was staying at Deutsche Bank, it was clear from the get-go whose governance model would prevail (Antonellis’s). With clearly defined decision-making committees in place, and clear criteria for how decisions moved up and down the hierarchy based on the expense involved, State Street executives already knew who would be making the critical decisions and how they would be making them. Now they just had to do it.

The Execution: Dismantling a $1.5 Billion Giant

Nobody saw more decisions pass go than Sharon Donovan Hart. As State Street’s executive vice president of business project services, Donovan Hart was in charge of the integration project management office, and, as such, was the top liaison between the businesspeople and the technologists. Those 900 apps that State Street had to ferret through? She looked at them all. The conversion of 11,000 portfolios? She was there, helping decide which clients would be brought onto State Street’s platforms and when. Yet when she describes her approach, she speaks less of governance and more about how a clear strategy, provided by the executive team, helped her group make decisions.

“When we go into Deutsche, there are certain things that are not on the table for a decision—we just want to do those,” says Donovan Hart, one of Antonellis’s six direct reports and a 20-year State Street veteran. These were the criteria that she received from the IT Council, based on the objectives established by the Executive Steering Group:

• Anything that relates to us having to scale State Street’s existing systems, we’ll put IT resources against that.
• Anything that relates to our ability to convert these portfolios, that’s a priority.
• Any project that relates to retiring a system because of the costs associated with it, that’s a priority,” Donovan Hart says.

Everything else—a particular feature requested by a client, for instance, or a change that might make pensions run more smoothly—was open for discussion.

The tricky part was that there wasn’t necessarily anything wrong with any of Deutsche Bank’s applications. This was where governance was critical. For example, Deutsche Bank had a sparkling-new compliance application, but it had been rolled out to only six clients. Should it be adopted broadly, supported on a limited basis or simply yanked?

“The decision that people had to make is, OK, this application is brand new, but they only have six clients on it, and we have our own compliance systems,” Antonellis explains. “Yes, that Deutsche Bank application may have the functionality, but it would take time and money not only to convert the Deutsche Bank clients to it, but then to convert our own client base. We had to decide.”

Based on the parameters that had been set by the executive groupsthe cost-cutting mantrathe integration project management office Deutsche Bank’s decided to retire compliance application. The alternative, while it might have seemed logical, would have resulted in redundancies.

“If we didn’t have clear focus,” Donovan Hart says, “we could have been spending a lot of time building out product feature sets—because that would have been the natural pull from the business side—and lost sight of the need to convert and retire systems.”

In the end, of the 80 major systems that were part of the Deutsche Bank acquisition, State Street brought over only three (and is still deciding on a fourth)—a feat that was possible only because dismantling the $1.5 billion giant had been defined as a strategic goal.

The Decision Point: Balancing Service with Costs

When banking acquisitions go bad, no one ever points and says, “Aha! Poor IT governance.” Instead, Tower Group’s Kopp says, acquisitions usually stumble because customers see a decline in service. So here was another challenge. While the IT strategy at State Street focused on cost reduction, the business goal was to retain 90 percent of the Deutsche Bank revenue. To do this, the bank had to make sure not to let service slip.

It was a tense time, complicated by the fact that the competition was watching, trying to steal Deutsche Bank customers. “[The competition was] underbidding,” says Antonellis, “because their intent was less on winning business and more on taking a competitor out of the marketplace.”

The business side fought back (at least in one case) by matching the low bids. IT contributed by making strategic decisions about when to convert customers to State Street’s platform, the better to keep them happy.

The bulk of the Deutsche Bank customers were in the United States, where conversions were simplest (for regulatory reasons). So the Integration Project Management Office (which had decision rights because it was the cross-functional team on the front lines of the conversions) decided to focus first on them. Once that decision was made, Donovan Hart’s group had to hammer out specific “flights,” or groups of portfolios, that would be moved over on a given weekend. “Instead of Client A just going on that weekend, our flight might consist of Clients A, B, C, D, E and F,” she says. “It could have been half a dozen, or it could have been 120, based on the size of the portfolios we needed to convert.”

When there were two similar customers with the same number of holdings, the regional business managers were called in to help prioritize. “We’d say, based upon the size, the revenue, the client’s willingness, we need to make a decision,” Donovan Hart says. Part of the decision took into account the fact that the clients were dividing into groups of their own—those who were going through with the conversion and those who were thinking about taking their business elsewhere.

One such customer was Vyvian Heath, manager of pension and investments for Kaiser Permanente. She put out an RFP, and one of the bids she received was considerably lower than any other. State Street agreed to match it, and she took it up on its offer largely because she wanted to continue working with her key contacts at Deutsche Bank, who had stayed on with State Street.

But it was State Street’s IT systems that not only kept Heath a customer but also made her a happy one. She notes that now she can crunch numbers in better ways and receive more reports electronically than she could with Deutsche Bank. Plus, the conversion process has been painless because her points of contact didn’t change.

That’s exactly the kind of thing that State Street executives like to hearand are, in fact, hearing. By the end of 2004, State Street had brought over so many clients that the company had increased the total number of portfolios it was servicing by 33 percent and its monthly transaction volumes by 47 percent. Eighty-five percent of client conversions were complete. All that, and State Street has kept 88 percent of the revenue.

For Antonellis, that was close enough.

The Faith: The Business of IT Is Business

Although Antonellis can’t measure exactly how much IT governance helped, the fact that it did is with him a matter of faith.

“If we didn’t have an IT governance process,” says Antonellis, “we wouldn’t have an enterprise architecture; we wouldn’t have standards; we wouldn’t have best-practice procedures. You could very well envision [in the extreme] a group of people saying, ‘Let’s build it all out'”—meaning, in this case, that each Deutsche Bank customer would have had, in effect, his own personalized suite of enterprise IT functions. The business driver, Antonellis says, would have been, “‘Let’s get this business on board and keep the clients happy.’

“And then,” Antonellis continues, “you build a whole new silo parallel to the bank’s existing silos—which, quite frankly, is what happens in many acquisitions.” If the Deutsche Bank acquisition had been handled like that, State Street might even have surpassed its goal of retaining 90 percent of customer revenue—but at what operating cost going forward?

It remains to be seen whether even world-class IT governance will be enough to get State Street back on track. During the company’s third-quarter earnings call last October, CEO Ronald Logue announced another round of layoffs (425 employees this time), which he said would help the company trim $50 million more from its expenses. The company had spent another $16 million in that third quarter on merger and integration costs related to Deutsche Bank, and executives had to deny rumors that State Street might soon be the company being acquired, rather than doing the acquiring.

Still, Antonellis continues to look for efficiencies, and he’s been asked to roll out his governance model to the operations side of the house.

“I’m not a technologist, I’m a businessperson,” Antonellis says. For too many years, the business cast IT in the role of “order-takers” and said, “‘We make the decisions, and you go execute.'”

Now, that’s no longer the case.

“Good IT governance brings IT into the strategy of the company, creates solution sets, and then works to rationalize your processes.

“To me, IT governance is good business process applied to business decisions,” says Antonellis.

And there’s nothing metaphysical about that.

Sarah D. Scalet, senior editor for CSO (a CIO sister publication), can be reached at sscalet@cio.com.