Mark is a multifaceted Technology Executive focused on leading business improvement initiatives and aligning technology with corporate performance targets with implementation success across disparate industries: FinTech, InsurTech, and Media.
Mark serves as a C-Level Advisor to Clients as well as a leader in HP Marin Group’s Data and Legacy Systems Practices. His expertise includes Technology alignment, Cloud Strategy, Transformations, Master Data Management, Governance, and Data Security.
Prior to joining HP Marin, Mark has had twenty-eight years of experience in IT/Operations in both FinTech and InsurTech. He has held several senior leadership positions including Divisional CIO for Financial Products and Services for XL Capital, Global CIO for Syncora Guarantee (an IPO Carve-Out bond insurance firm), and as CIO for ASCAP. Earlier in Mark’s career, he managed Equity IT (trading floors) and Investment Banking for both ING and Societe Generale Cowen. Mark has worked at several Blue-Chip organizations including Brown Brothers Harriman and Bankers Trust (now Deutsche Bank). Additionally, he has served as a consultant at UBS Private Bank, Lehman Brothers, and Ameritox (BioTech).
Mark holds Masters’ degrees from Columbia University and The University of Chicago. He is also a member of various industry groups including Fairfield Westchester SIM.
Sajid Khan: Mark, thank you very much for taking the time out of your busy schedule for this interview.
You’ve been a strategist, an author, worked closely with C-Level Executives, and have lead IT departments from some of the best firms in the industry. What is your definition of strategy as it relates to technology in today’s environment?
Mark: I think it is worth exploring a bit about how strategic planning has evolved, to understand where the planning cycle is now.
When I first started out in FinTech working for Chemical Bank (now JPMorgan Chase & Co), strategic plans encompassed a 4 – 5 year approach, with little variations. At the time, I was in operations and worked for a strategic planner, and that longer-term view, was pretty much the standard. From an IT perspective, those plans were achievable, since most everything was run on big iron. Functionality and data changes were incremental, and distributed systems were just gaining steam. A lot of the mainframe code was undocumented, and in some instances, firms became skittish about touching it, hesitant that they break something and have significant production issues.
The only time that I saw plans deviating was if there was a merger or a takeover. The approach mostly consisted of merging data onto similar mainframe platforms or figuring out what apps would service the business and customers best. The innovation side really got the short end. Marketing teams were frustrated as they tried to differentiate in the FinTech arena, only to be stymied by technology that could not quickly catch up to where product creation wanted to go. It was a very frustrating time.
Fast forward to 2019, and that very same approach would put a firm out of business. Agility is the one word that comes to mind when talking about a strategic plan since things are so fluid. In some cases now, the technology is moving so quickly, that firms are trying to think of use cases in some instances to take advantage (think Blockchain) of the technology.
The big change then is IT genuinely partnering with the business to achieve their goals, so the plans have to be communicated and understood, from all C-Levels, to the board, and throughout the organization. It has to be consistent, and the reasons explained for pivoting when it happens.
IT budgets are usually substantial, so the plans must include how outcomes will be measured, staffing, governance changes, etc. Also as part of the plan, there has to be areas that have to be funded for foundational builds that can be approached in an agile fashion. For example, since I now work mostly in the data realm, funding for MDM, Data Governance, Stewardship, goes a long way. If done correctly, a company can pivot quickly, by having one version of the truth, and flexible architectures to meet demand. A correct Business, Informational, and Technical architecture will provide flexibility. That has to be thoroughly communicated, and the strategic plans, if agile, should provide deliverables to show the value along the way.
SK: In your opinion, what have been some of the biggest challenges faced by leaders in regards to formulation of Data Management Strategy during the last few years?
Mark: Some of the challenges we see around formulating a comprehensive data strategy, is that often time’s business goals are not always clear. Without the business vision and go to market strategy, the best guess IT data strategy will give you best guess results.
So having had the opportunity to work in the advisory capacity as a CIO, some clients do have robust and comprehensive business strategies. But sometimes those strategies are skewed to be either too defensive or offensive concerning IT. Generally, it is not enough to have a defensive strategy, focusing on minimizing downside risk (like rules governing data privacy, integrity of financial reports, or regulatory compliance), nor is it enough to implement an offensive strategy which targets customer and revenue growth (like customer loyalty, up sell & cross sell, and market expansion). The key is to establish the proper framework for arriving at a just right strategy blend, as no company is purely Defensive or Offensive. The company’s strategy will impact the formulation of its Data Management Strategy. The challenge is for the DM strategy to be flexible and agile to be able to respond to the changes in the business’s defense – offense needs.
I had published an article on monetizing data in Financial Technology Today which goes into much more depth on this topic. To summarize some of this, without the correct data strategy, monetizing data becomes almost a non-starter. You can throw all the AI, ML, and the latest technology in Graph Databases across all your Data Lakes—if your data quality is sideways, your output would be dubious at best, and harmful at worst.
One thing worth mentioning here is GDPR within the context of a data strategy. Most firms are never thrilled with new regulations and worry about financial fines and headline risk for noncompliance of anything that is regulatory. HP Marin Group has a piece that I co-authored with our CEO Harry Hanelt coming out in Forbes magazine on leveraging GDPR to build out a full data strategy. It will undoubtedly help IT departments get the funding they need to address Data Strategy holistically, and give them a leg up if followed through.
SK: What is your take on Data Security and the fundamental steps/solutions to control it?
Mark: I was just speaking with the CIO of a large media company. He was lamenting that 10 years ago, he hardly spent any time on Data Security. Now it became a significant part of his day. The headline risk alone makes this obvious.
I am not a CISO, but have worked with some great ones. One of the key fundamental elements in Data Security is training the human. Ensure that everyone in your firm goes through a high-level training about two-factor authentication, Spear Phishing, Password sharing, etc. I know it sounds rudimentary, and it is, but the statistics bear it out. According to the government’s Notifiable Data Breaches, Malicious or criminal attacks account for (59%), human error (36%), and system fault (5%). The system fault piece is frequently older code, where non-standardized security measures were built right into the application. Standardization is critical, and working with a risk professional is also recommended.
What is of significance though, is that every firm will be breached in some way at some point. I hate to be pessimistic, but the number of DDOS attacks is proliferating. Therefore, it is critical to have your Response Plan tied into your Business Continuity Plans. This is an area where it truly looks like a Venn diagram.
SK: Would you like to share some of your key initiatives that you implemented for processes and procedures related to the Data and Legacy Business Systems domains and regulatory practices?
Mark: As consultants that assist from strategy through to implementation, we spend a great deal of time listening to the client. A significant portion of that time is not just hearing about the various technical challenges but understanding the firm’s culture so that we can present the approach and changes in a way that will resonate and adhere, especially as it represents a change to process. We are keenly aware of mitigating risk and controlling costs. At the bottom of all this is an approach to data strategy that not only meets the business and technical needs but that is germane to your firm and the scope and scale of your project.
Any SDLC approach or methodology has to be adjusted to fit the firm and business vertical. It would be nice if one size fits all, but we have never really seen that. A real time trading environment, like we have had with several hedge funds, is a very different play than the automation of insurance underwriting platform using AI. HP Marin Group approaches solutioning from a holistic approach; looking at process, organization and technology. Sustainable solutions are ones where form follows function … ones that are grounded in a holistic view. Too often companies build their approach and architectures around a tool or technology. (Remember PowerBuilder?). This can be limiting when building out an entire MDM plan.
The legacy systems space has a different set of challenges. Environments and architectures are often rigid and inflexible presenting risk and high cost for change. At the core is a void of knowledge. Legacy systems are poorly documented if at all and what knowledge exists is resident in legacy programmers who are aging out. We tackle and overcome the challenge through the use of a software analysis platform that provides in-depth and complete information about the legacy system in a visualization platform. This eliminates the knowledge voids and resource dependencies exposing knowledge for easy consumption. We accelerate client projects significantly; from analysis through design and implementation, reducing cost and risk. Our approach eliminates the need to forge through undocumented code, the manual approach. Leveraging automation we provide extensive application insight, facilitating a much quicker solution. Some of the visual analytics at your fingertips are: transparent logic and process flows, data traceability, visual call maps and APIs, dead code, redundant code, traceable business logic, business rules extraction and more.
Our platform provides knowledge on demand, which is an exciting capability for old ridged poorly documented legacy environments. Our clients have the knowledge to address change in legacy to meet business needs and they have overcome the fear of don’t touch it in case it breaks.
SK: Overall, what’s the greatest achievement in your career thus far?
Mark: I have been lucky enough to have had a few, including doing an IPO carve out and building an entirely new team and outsourcing within six months from XL Capital to Syncora Guarantee. The team was stellar, and we all supported each other.
But on a more somber note, 9/11 represented my team’s greatest success. I was at Société General Cowen, and we were located at the end of Wall Street. As you can imagine, everything went down. We had 6 days to bring up a real-time trading environment. We had good BCP plans, but still, some of the Sun Servers were located in downtown Manhattan. We got dispensation from the authorities, to go down there and retrieve those boxes to use as a backup. It was horrible to look at the devastation, and move forward. But we had to since the market was going to trade.
Everything we had was in duplicate, or even triplicate, as a failsafe for a real-time environment. I have to say, these were all Sun Boxes, and they were solid as heck. When the trading screens came up, and the traders were executing their orders, we received a standing ovation from them. That is something I will remember forever, and am thankful for the men and women who made that possible.
SK: What advice would you offer to our readers who aspire to follow in your footsteps?
Mark: When I started I was lucky enough to be in a management training program at Chemical Bank, where we went through the business in detail. Everything from credit markets to operations. I then started a business analyst, and eventually rotated into technology, since automation and data were my interests. However, one day I went from being a business analyst to being put on the floor to run a 300 person trading desk when I was at ING 4 years later. Talk about learning to think on your feet.
So it is good to learn as much as you can. If you are a technologist, don’t be afraid to ask to work in a business line. The business will appreciate it, and you will see firsthand the real challenges. If you want to go into senior management in any capacity, spend time on the line. Understand the issues, and see how you can help to solve the challenges. It will ultimately build trust, and the right kind of dialogues.
