Laundering money and funding terrorism cannot withstand analytics and AI

Despite banks’ substantial investments in technology, people and processes to meet regulations, they currently lack effective and efficient systems for tackling financial crimes such as money laundering and terrorist financing. Regulators cannot keep pace with change, and the time and investment to overhaul banks’ legacy systems are too great given the complexity of global organizations and inevitable disruption to operations. But the three elements — technology, people and process — match EY’s strengths in technology consulting, especially when paired with deep financial services industry and risk and compliance expertise. EY continues to invest and evolve its financial crime (FinCrime) practice as it listens to financial institutions’ demands for services that embed regulatory compliance expertise and technology innovation, offered at scale on an outcomes-based pricing model. EY’s FinCrime practice collaborates across the firm to combine legacy capabilities and emerging technologies to differentiate from competitors’ portfolios in the market and provide, in TBR’s current analysis, industry-leading offerings.

EY’s connected approach to disrupting financial crime: Technology disruption, industry collaboration and process innovation

Over the course of EY’s two-day Financial Crime Analyst Summit, the firm’s leaders and banking sector clients spoke with TBR about the challenges financial institutions face, including high operating costs, stifled revenue growth, and demands to undergo business transformation while maintaining compliance with evolving regulations. Many industries contend with the first two challenges, but this last one — transforming while complying — fits well with EY’s strengths: industry expertise, emerging tech capabilities, and a deep understanding of the regulators in the U.S. and globally. In applying those strengths, EY’s financial crime practice relies on three pillars — technology disruption, industry collaboration and process innovation — in other words, meet demand for services and solutions that are backed by regulation credibility, infused with technology innovation and offered with tiered pricing to successfully disrupt FinCrime.

Before getting to the specific ways that EY addresses FinCrime, one key aspect of the financial services market as a whole deserves extra attention: trust. In the consulting and technology spaces, trust has come to mean delivering on promises and securing data. In the banking space, with the additional weight of money and regulators, trust becomes the single most important factor in determining the extent of a provider-client relationship. With a heritage as a trusted auditor, a reputation for delivering consulting services, and a position between clients and regulators, EY has built up enough trust capital to take on industrywide challenges.

A wave of health IT innovations still struggling to crack entrenched industry roadblocks

Lack of ubiquitous interoperability a lingering vexation in the healthcare sector

TBR believes the pace of health IT innovations will continue, and even accelerate, especially as value-based care takes hold of the healthcare sector. However, full realization of the benefits of new healthcare technologies will continue to be deferred until we have, according to the Centers for Medicare and Medicaid Services (CMS) Administrator Seema Verma in her conference remarks, “a healthcare ecosystem where data flows freely.” In the same forum at HIMSS18, White House Senior Advisor Jared Kushner added that “even with the most advanced military on Earth, the U.S. still struggles to exchange records between the DoD [Department of Defense] and VA [Department of Veterans Affairs].”

Dr. Jon White, deputy national coordinator for Health Information at the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator (ONC), highlighted the challenges of enforcing regulatory rules designed to prevent data blocking during the HIMSS18 Compliance Symposium. While healthcare organizations that do not share patient information as required may face fiduciary penalties, White acknowledged that his agency has yet to comprehensively define what constitutes information or data blocking. He also described other complications stemming from fees associated with connecting health IT infrastructures and the proper reading of Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations. Even beyond these challenges, White noted that some healthcare organizations as “an out-and-out business practice,” still refuse to share data, despite the risks of fines or other consequences.

Also during the HIMSS18 Compliance Symposium, Ken Mortensen, data protection officer for InterSystems, made a tacit admission that healthcare organizations may continue to block data sharing with impunity, provided they can sufficiently “explain the rationale behind their actions” if and when they are accused of information blocking and subsequently audited by the Office of the Inspector General (OIG). TBR believes this sets a troubling precedent that may shift the focus of healthcare organizations in favor of governance versus care delivery, at least in terms of crafting satisfactory practices, policies and accounts of internal activities to indemnify against potential audits.



The 2018 Healthcare Information and Management Systems Society Annual Conference & Exhibition (HIMSS18) took place at The Sands Expo Convention Center in Las Vegas. The 2018 event was the largest yet, with nearly 44,000 attendees, over 300 educational sessions, and over 1,350 vendors demonstrating their healthcare IT solutions.

Aggregated lateral movement and more: EY’s latest SOC serves the GCC

Covering the evolution of digital transformation centers over the last few years, we’ve frequently noted that new ways of working have infected many traditionally structured and operated organizations, often through nontypical talent and specially designed workspaces (yes, we’re talking about “funky chairs”). The latest development may be the most surprising as it comes from EY, a long-established and traditional firm in one of the most conservative services lines. EY’s newest security operation center (SOC), which services the Gulf Cooperation Council (GCC) countries, opened its doors in Oman at the end of 2017 and serves local and regional clients with cybersecurity and analytics offerings. According to EY, the center was designed to attract and retain talent, while also reinforcing EY’s strengths around industry expertise and creating opportunities for new EY clients, with layers of activity that call to mind the aggregated lateral movement of security threats (but in a good way).

Constant challenges: Managing talent and clients while delivering security

To tackle the challenge of attracting and retaining talent in the GCC, EY has relied on a staff that is a mix of local nationals and expatriates, acknowledging that increasing the local talent pool will remain a strategic priority over the next decade. While local governments and universities have invested in science, technology, engineering and mathematics (STEM) studies and even cybersecurity specifically, the number of graduates needed to meet local demand will not reach scale for four to five more years, with maturity in security talent coming another five years after that. An additional way EY has addressed this shortfall has been to make the local security work as appealing as possible — the Level One employee staring at a screen identifying false positives has been replaced with analytics and automation in a mixture heavily reliant on EY’s developing security capabilities and enhanced by analytical models, rather than use cases. In the GCC SOC, the entry-level talent begins at Level Two and is investigating all the time, according to EY’s local leadership. Notably, for a region not known for its gender-diverse workforce, roughly half the professional security staff is women in some GCC locations, proving the local governments’ STEM investments are paying off.

While solving for the talent problem, EY must also address client needs, specifically around an operating model that accommodates regional legal structures and plays to EY’s industry expertise strengths. Not surprisingly, Oman as a generally neutral, trusted and respected member of the GCC provides a solid base for a regional security center. Also not surprisingly, EY’s current SOC clients come from government entities, oil and gas companies, and the financial services industry. Quite surprising to TBR was EY’s ability to draw new clients to its new SOC. Typically consultancies have sold security services to existing clients, and almost all clients brought through the new digital transformation centers have already had well-established relationships, making this GCC SOC doubly unique.

Super 7 webscale ICT capex spend will reach over $63B by 2022, driven by investments in network capacity and data center builds and expansions

HAMPTON, N.H. (March 2, 2018) According to Technology Business Research, Inc.’s (TBR) 1Q18 Webscale ICT Market Landscape, Super 7 webscale ICT capex will grow at a 19.5% CAGR to over $63 billion in 2022 as these companies continue to invest in network capacity to support traffic growth, and data center builds and expansions to support their cloud businesses. Microsoft and Alphabet are leveraging strong ICT capex spend to help Azure and Google Cloud close the market share gap with Amazon Web Services (AWS).

Additionally, the Super 7 are developing machine learning (ML) and artificial intelligence (AI) features that will become table stakes for cloud providers, though development is not capex-intensive. Cloud providers are investing in AI and ML to differentiate their core solutions, but the market for these technologies is nascent.

“AWS is the leading IaaS provider by revenue, but Microsoft Azure and Google Cloud are growing revenue faster than the incumbent due to years of data center investment across geographies. Microsoft is closing the gap quickly and will challenge AWS in the short term, while Google, which was later to the market, is more of a long-term threat,” said Michael Soper, a senior analyst at TBR. “Beyond data centers, webscale companies are making undersea cable investments to support cloud and video traffic growth. Alphabet, Amazon, Facebook and Microsoft will continue to build these networks to carry traffic across oceans and typically partner with each other as they do so.”

After significant ramp-up in network infrastructure and services spending among the Super 7 in 2017, incumbent vendors will likely experience volatility in the webscale market in 2018. Vendors are coping with a lower level of loyalty from webscale companies, when compared to their traditional customers, as they leverage contract manufacturers and/or their own design teams for new infrastructure. The success of ODMs such as Quanta, Arista, SuperMicro and Celestica, along with new efforts to capitalize on the webscale market from IT services providers, will further fragment the supplier landscape.

TBR’s Webscale ICT Market Landscape tracks the ICT-related initiatives of the seven largest webscale companies in the world, known as the Super 7, which includes Alibaba, Alphabet, Amazon, Baidu, Facebook, Microsoft and Tencent. The report provides a market assessment, deep dives into company strategies and analyzes capex trends, particularly as they pertain to ICT. Vendors are also covered from the perspective of relative opportunities with webscale companies as customers.