Alain Benoist, CTO for Society General, Corporate and
Investment Banking about Risk Management.
Q: According to a magazine article I read, you said recently that IT spend in 2008 will be greater
than IT spend in 2007. I’m wondering if that has been revised at all in light of recent events at
A: Yes. Obviously we’re speaking about what happened to Society General in the past month. Actually we will
end up spending as I said more in 2008 than in 2007 and the events that we experienced were simply – there
was no choice to become best in class in terms of operational risk management so obviously we are continuing
and will probably put more emphasis if it was needed on security, on quality of processes, on risk
management , on controls, and ensuring that we deliver, we are able to manage a business growth but
reasonable operational risk management. Obviously we’re investing in risk management and we have an
internal program, which has actually has granted more budget to address the issues we experienced.
Q: And where is that spend going?
A: Besides security of course there is the traditional business needs but we’re focusing a lot in terms of risk
management. It’s the bulk of the investment in terms of IT as well as the process automation and the integration
between frontal fees, back fees, risk management application. So it’s all the areas where we invest the most.
So it’s efficiency to be able to cope with increased volumes, increased demands in terms of risk management,
and also with our ability to develop in various countries in the world.
Q: Of course what happened at Society General was a quite extraordinary event but it does
throw open a new challenge to risk management. What happens when you have to address your
systems, when you have to start almost at the beginning with such a thorough examination?
A: The challenges we face are determining what are the priorities. Obviously we need to invest and we want to
invest in improved security, improved processes. So the real challenge is to balance and make sure that the
additional investments you’re making in terms of personal risk management are really addressing your two
challenges. It’s very easy to spend money. It’s much more difficult to make sure you spend it on the right things
or the right subjects. What happened to us was actually something with a high impact and a low probability but
we should not neglect also the things which are more likely to happen with a lower impact and finding the right
balance in these risk management investments and make sure you address all the issues is the most difficult.
Q: Many analysts are predicting increased IT outsourcing but of course if banks are outsourcing
their tech to vendors where does the competitive differentiation lie then?
A: Yes, but not everything creates competitive advantage. So it’s very important for a bank to define what is
core competencies and what is not, and as far as we are concerned a lot of things are getting more and more
commoditized. So as soon it is getting commoditized it becomes a more standard offer, these are things we can
think about but you should never outsource your brains obviously, and your brains especially with the banking
industry or when it comes to analytics, risk management, architecture, integration of applications, referential,
your processes, even your services to the client, they are absolutely core to your business and that is not to be
Q: I recently spoke with the MD of IT at Morgan Stanley who said, “Never outsource a problem”,
his theory being that you lose the DNA of the solution. I’ve also spoken with the CTO of a
function at Lloyd’s TSB and he was very much the opposite inclined. He was all for outsourcing
as long as it was done well, and in fact said that many times the people that they outsource to in
traditional sort of low cost centers such as India or whatever, they’re hungry. They’re hungry to
succeed. They’re hungry to make a difference. Could it be that occasionally human capital that
you talk about, is actually outside of Society General’s walls?
A: Really what matters is the way you use your technology and apply it to your business needs. So you need to
be familiar with what you’re trying to do in terms of business, where you can make a competitive advantage to
use your technology to the best effect and manage risk, and I always believe that it’s a unique combination of
technology and business understanding, which really makes a differentiator.
Now it’s true that there are areas where you don’t build a competitive advantage so one of those commodities
could be outsourced offshore. There is no issue. However that business expertise is what makes a difference.
In India it’s common but it’s been just a few years so we still need to invest to which level of maturity where in
offshore locations you can really generate that competitive advantage and manage risks.
Q: Project managers and enterprise architects in the bank often have opposite interests, short-
term results versus long-term continuity. How do you as a CTO bridge that gap?
A: That’s an interesting challenge. On one hand you have the needs of a business, which are usually short-term
and you have the long-term objectives of the bank. You need to identify the areas where you need to invest
over long-term. Those are areas usually internal probability, the ease of integration between applications, what
is required to offer value added services for the client, the issue of managing correctly your referentials. So
there are a few sub topics, which are long-term topics on which you should never compromise.
I would say the best thing is to identify these topics and be sure that whatever projects you have to do in these
areas is properly financed and not exclusively or not to need by the businesses themselves, which should be
set as a separate project. And so budget governance is extremely important to be sure you balance properly
the short-term objectives as well as the long-term objectives for the bank. Of course security and the quality of
your processes is also one area where you should never compromise.
Q: And whose responsibility is it within Society General to keep one eye on the future so that
upcoming trends in technology don’t take you by surprise?
A: I think it’s a collective responsibility. I think it should be part of the DNA of the organization per se, but it
doesn’t prevent you from having specific people, which are – the most important people to do this. So we have
a specific duty to watch the trends on the market. There is also the technology department, which is doing some
market intelligence and even what I’m doing today by meeting with some peers contributes to this. It should be
everyone’s responsibility mostly if you want to remain a competitive, innovative institution.
Register/Login to MeettheBoss and watch the full interview with Alain Benoist.