United States: HealthChecks And Digital Confirms

As a Follow-Up to an Interview We Ran Earlier This Year with Tim Schutt of PwC's Global Risk Management Solutions Group, we asked that he and colleagues Dave Hsu and Rick Boren run through a few current trends on the operational risk side of things in the energy trading game.

"Generally speaking, the state of the trade confirmation process, particularly in the commodity markets, has a long way to go. Follow through is still lacking. You still see a situation where the people who initiate the trade, will also do the confirmations. Until recently, little has really been done, e- commerce wise, to fix this issue," says Dave Hsu.

Now with the digital signatures bill signed into law, perhaps we will soon have a fast, reliable medium to provide a legally binding document. Which of course is the next step to closing the loop on the whole confirmation process. This will be particularly important in the power and gas markets, on say the hourly desks. If traders can suddenly do a deal and confirm it, online and in a matter of minutes, think of how the market might advance. The mind boggles.

Though the digital signatures process is still somewhat cumbersome, Schutt believes it's a perfect opportunity for a third-party intermediary to link up with say one of the bigger commodity brokerages to provide these digital certificate services to counterparties on both sides of the transaction. Though we might be a year out from this sort of thing now, Schutt says more than one client has asked about it.

"The digital certificate and public key technology is actually there today, the problem is of course standardization among vendors. But, there are new, trusted third parties being created right now, that can serve as cross-certifiers of different kinds of digital certificates, such as EnTrust or RSA," Boren says. Boren leads PwC's Information Security group.

One such third-party cross-certifier is PwC's own beTrusted unit. Earlier this week RSA entered into an alliance with PwC to help facilitate use of public key infrastructure (PKI) technology for e-businesses. EnTrust for its part recently launched a new services bundle - Trade Services - a financial services industry solution for fast deployment of secure transactional infrastructures for Web-based trade services. No surprise there really, most of the more advanced risk management methodologies originated in the financial services industry, before they hit the energy game.

"Unlike a lot of things that have taken years to make the transition from the financial sector to the energy trading sector, I think PKI technology and digital certificates will be adopted much more quickly. We already see rapid adoption rates in the consumer industrial products groups, lots of demoing and pilot projects of the technology," Boren says. "It's just a matter of time before it works it way into trade confirms for energy."

On the energy trading side, Hsu says most of the client interest has come from the risk-management office or from legal. But at the same time he says that digital certificate technology is about third or fourth on the technology list for most trading companies. Most are still trying to get their hands around physical and financial trading and risk platforms, and then there's that pesky FAS133 compliance thing, and then... you get the idea. Now if we're talking about general system and network security, well, that's an entirely different story.

"With the greater use of outside data inputs, for instance, the security aspects of a trading operation are growing by the day. Quite a few companies are already security-aware. They're extremely interested in how vulnerable they really are," Schutt says.

Boren concurs. He says that his Information Security group - sometimes affectionately known as the 'hacker group' - has scaled up significantly to meet the demand for wide-scale network security assessments in the energy sector.

"Information security policies have a long way to go in this industry. Adoption rates of new technologies are pretty high in this market for linking companies to customers, vendors and employees. But security isn't usually taken into account until after the new systems are deployed," Boren says.

"Even then, employees are rarely given a thorough understanding of what their new role is in information security. We suggest to clients that security standards should be adopted for every technology and platform within the organization," Schutt says.

Bottom line here is that as more e-commerce initiatives weave their way up the corporate food chain, through the risk committee and up to the board, security concerns and needs should now carry significant weight in any new technology decision.