The unfolding Mossack Fonseca revelations will certainly keep us entertained for some time to come: will a British Prime Minister have to admit being the beneficiary of a dubious offshore fund inherited from his father? Will the suspicions of embezzlement around Putin finally be proved? And where are the Americans in all of this?

But looking beyond the immediate fallout, one of the most astonishing issues is how did so much client data get accessed by one person or group of persons?

This is 2016, information security is a well advanced field generally based on the sound principle of “Assume we will be attacked from inside or outside and our data will be targeted”. And on that bedrock assumption security controls are built.

Right now all around the World in law firms large and small the question being asked by the Partners is “Could this happen to us?” An excellent question which is very easy to get to the bottom of.

If your IT or Security team cannot immediately articulate how client data is protected and the controls they have in place to prevent a data breach then the answer can only be “Yes, it could happen to you”. (And if the answer from your IT team features the phrases “It’s on our own servers therefore it’s safe” or “It’s in the Cloud and Amazon/Microsoft/Google protect it with 256-bit encryption” then alarm bells should sound).

Data classification and segregation (when part of robust layered defences) are very effective controls to ensure that if or when a breach occurs the perpetrator only gets some of the family silver not all of it (and when implemented properly they certainly shouldn’t get the high value items).

Quite why these controls were not in place at Mossack Fonseca or why they failed may become clear over time, what is clear though is that if the value of the information is high enough – or the value of the damage that can be wrought with it is attractive enough – then someone will attempt to steal and release that information.

And in the Mossfon case this, in particular, is a an intriguing point to consider.

In obtaining and releasing this information to a worldwide group of investigative journalists the perpetrator(s) of the data leak have put a huge target on their backs. No matter how many $millions they received in exchange (or maybe it was done for genuine purposes) that individual or individuals – whether inside job or external hacker – will forever be looking over their shoulder for the Russian Secret Services, mafia hit men or an aggrieved former Icelandic Prime Minister coming after them.

So if someone is paid well enough or feels strongly enough that information should be released then no matter the personal risk to themselves they will do it.

Of course most law firms are not handling this kind of super-sensitive information but if – say – someone was interested in knowing the details of a commercial property purchase, an M&A bid such that they could out-bid the competitor then one could, with relative ease, find some Russian or Chinese hackers-for-hire or a disaffected employee to go and obtain that data for them.

Our experience is that outside of the Magic Circle, few laws firms have dedicated security teams, and those regional firms who have grown by acquisition and as a result have particularly messy IT are at greater risk. In the absence of dedicated security specialists the issue is left to the IT guys to manage. And – with all due respect – that’s akin to leaving the non-legally qualified Company Secretary or Finance Director to manage all of the company’s legal matters by themselves.

So it could well be that the Mossack Fonseca case becomes the watershed moment that makes every law firm wake up to threat and the reality that a breach of client data is very possible.


AppFirst, Inc., the enterprise grade IT forensics and application performance/operations company, today announced that FutureProof, a London based technology consulting company, will leverage AppFirst’s patented miss nothing IT collection to deliver highly accurate analytics for enhanced migration and transformation decisions as part of their AppScore and CloudScore offering.

This partnership will provide significant benefits to firms that require precise data to determine the suitability of applications to migrate and run in the cloud or on other strategic platforms and services. By leveraging AppFirst’s real-time nano-surveillance collection of enterprise IT systems data, FutureProof has the capability to deliver highly accurate analytics through its proprietary algorithm-based AppScore and CloudScore services.

“Historically we were forced to utilize technologies and manual solutions that gave us part of the picture of how an application executes across the IT stack,” said Geoff Davies, Co-Founder, FutureProof. “Commodity data, such as log files or CMDB extracts, were helpful. However they lack the depth of information that the AppFirst platform surfaces which enables us to provide much more meaningful and accurate target solutions and migration plans in a fraction of the time to our clients.”

“Leveraging the AppFirst technology in this way enables an order of magnitude leap forward in application transformation. Organizations are now able to break free from the constraints of traditional lift-and-shift migration approaches and perform true application transformation with relative ease.”

AppFirst’s nano-surveillance technology allows firms to see every call of every process across the entire IT stack, regardless of when it occurs, and without impacting application performance. This includes all custom code, third party software, rogue code and all processes that run on a system.

“Application migration and transformation planning can now be done with accelerated success unlike other approaches that lack this real-time, comprehensive insight,” said Ronald Ranaldi, President of AppFirst. “Up until now companies were forced to work with suboptimal data in the planning and design phases of transformation programs, often resulting in application issues not being identified until production testing. The Futureproof and AppFirst technologies and methodologies enable accelerated identification and on-boarding of business critical applications by eliminating the data gaps of exactly how an application executes across the entire stack. You don’t have to compromise quality, security, compliance or performance to make this important transition.”

About AppFirst
AppFirst was founded in 2009 and has been deployed globally in over 70 countries. The patented technology enables rapid and un-intrusive collection of real time foundational metrics, at the sub nanosecond level, in conjunction with collecting and time synchronizing multiple other data types. AppFirst’s rich data set can be used for many purposes including security introspection, detailed forensics, regulatory compliance, real time transaction tracing, real time topology viewing, operations management, performance management, detailed cost tracking, and many other applications for both cloud and proprietary environments.

About FutureProof
FutureProof is a data-led business and consulting company who work with large organizations to leverage the power of their existing data, bringing together complex information from multiple sources into easily interpreted visualizations and powerful insights that enable decision support, change planning, delivery and ongoing success measurement.

FutureProof uses market leading technology combined with our solutions delivery experience to protect the capital investment of your existing technical architecture, delivering enterprise solutions and services that reduce complexity, cost and increase business efficiency.

For more information about AppFirst, please visit or call 800-782-2181 x111 or via email info(at)appfirst(dot)com.

For more information about FutureProof, please visit or call +44 20 3289 1584 or via email contactus(at)madefutureproof(dot)com.

Recently I read the fascinating story of “Etak”, the world’s first in-car navigation system. Etak was the brainchild of engineer Stan Honey who was hired by Atari co-founder Nolan Bushnell as a navigator for his boat “Charley” in the 1983 Transpacific Yacht Race, during that voyage the spark of the idea was formed and backed by Bushnell.

Today we take GPS and positioning data for granted, it’s used in everything from sat-navs, to our smartphone making nearby restaurant recommendations or adding location tags on photos. Which is what undoubtedly makes this story so incredible: that Etak provided a sat-nav like capability in 1985. That’s a full 10 years before the GPS system came online and 15 years before it became usable for the general public. No wonder then that when people first saw Etak in operation many thought it was some sort of trick.

I encourage you to read the full story here but a short description of this down-right ingenious system is that Honey and his team married the centuries old tried and tested mariners’ technique of dead reckoning with basic realtime data sources – namely a compass, turn indicators and speed/distance measuring device.

Beginning from a known starting point, the system worked by recording the road turns you made combined with the measured distance and used an algorithm to deduce where you must be on the map. For example, from a known start point if you drove 1 mile North, turned East for 0.5 mile, then turned North-East and drove for a further 3 miles those data points can be used to plot your position on the map. And the more turns you made the more data the algorithm had to work with and the more accurate your position. Indeed, so good were the algorithms that parts of the technology are still in use today by Apple in their Mapping App.

The wonderful ingenuity of this system provides an important lesson in the art of the possible.

All too often organisations know the kind of things they’d like to understand but believe they don’t have the data and need their GPS equivalent to be invented first. However, as Stan Honey of Etak demonstrated,  often the data is there already or you can create what you need with relative ease.

In our work at FutureProof usually we find the necessary data is spread across multiple systems, held in spreadsheets or even people’s heads. But this data doesn’t need to remain isolated and can easily be brought together using readily available Analytics tools and techniques.

By adopting a standardised approach to the problem answers can be obtained quickly and cost effectively.

These five simple steps will help you achieve what you need:

  • Produce a clearly defined requirement of the questions that need to be answered.
  • Identify where the data to meet this requirement is located. Typically we try to articulate this through a “systems-on-a-page” diagram showing all of the data touch points.
  • Determine any necessary data transforms or algorithm processing required to turn data into actionable information and insights.
  • Produce a clear solution design covering data loading, processing and presentation.
  • Through reporting and visualisations, get the information into the hands of those who need it, can interpret it or act on it.

The data repositories and analytics tools necessary to deliver these initiatives are increasing in capability at a breathtaking pace, with offerings available to organisations large and small. Larger organisations often call upon technologies and capabilities from their traditional vendors and systems integrators.

But the cloud space is where the real innovation is taking place. Market leader Amazon Web Services provides a powerful end-to-end suite of tools covering data extraction through to visualisations, with Salesforce Analytics and others hot on their heels.

So, it’s very likely that the answers you need are already there in the data you have at hand and it’s never been easier to uncover those answers. Which is a good thing if you don’t want to wait 10 years for the US Military to open up their systems and technologies.




Guest blog by Fred Mann, Associate Consultant at Clarasys

MiFID II is coming and is set to change the way that investment firms do business. The relationships between manufacturers, distributors and customers is set for a major overhaul and, whilst the regulations are still to be finalised, what’s clear is that the way in which firms conduct business will change and these changes will have an impact on profitability.

However, as I describe in this blog firms can take steps now to minimise the impacts on their business.

Firms that are not agile enough (both distributors and manufacturers) will see themselves left behind as the rest of the market races away, with more streamlined and competitive offerings. This move away from the status quo of manufacturer-distributor relations towards a more independent model may seem daunting, even to the most agile and fast moving of firms. This need not be the case as we will now discuss.

MiFID II has a wide range of changes to the conduct of business, meaning that on the whole almost every business will need to make changes of some description. However these changes are internal and operational when compared to the Macro changes of the market space. The major changes coming in with MiFID II come in the form of commission and best execution.

This move has already happened in the retail investing market with the RDR (Retail Distribution Review) of 2012. Following a 2014 report by the FCA which looked at the effect of the removal of commission on the retail market, there is evidence that the RDR has had a transformative effect on the retail investment market. The report states that the removal of inducements had led to more competition in the market, leading to better value for the customer (FCA post implementation review 2014).

The price of the these products has gone down in some cases more than the price of commission on products before RDR. One reason for this is that many products have been simplified to reduce costs, leading to lower charges to customers. Similarly the lack of the inducements has meant that many firms that did not accept commission before RDR are now far more competitive when compared to distributors who did.

A report from CASS Business School from 2013 stated that while the number of advisors fell following the implementation of RDR, that those firms that could prove that they were sufficiently adept at meeting the requirements of a more tech savvy and informed client base are more likely to see a strong demand for their services remaining over time (The impact of RDR on the UK’s market for financial advice).

We see these trends continuing into the commercial market following the implementation of best execution regulation under MiFID II and for firms that stay agile and embrace the changes can thrive, while those who stay still will lose out.

The inducements part of the legislation means that manufacturers can no longer pay commission to distributors in order for preferential treatment when picking products for their clients to invest in. This will fundamentally change the relationship between the two and independant distributors will need to look fundamentally as to whether it is worth their while being independent, as the cost involved in research to prove you are truly independant will rise. However from a customer point of view there is evidence that since the FCA rules requiring more transparency of product prices in 2014 that the price of many of these products have fallen.

On the manufacturer’s side this will mean that distributors will have a legal duty to the customer to pick the best product for them, meaning that products that may have been viable with commission based sales may soon not be worthwhile to keep open. This has the potential to completely change the makeup of the market as many funds as consolidated.

With regards to best execution, the directive indicates that the information given under MiFID I is not adequate and in response the level of detail that must be given when recommending a product. This takes the form of metrics and documentation.

There is also a change to the rules regarding execution only and advisory products. The viability of many products on an execution only basis has also been left in doubt. For example, when it comes to funds, many UCITs that have in the past been execution only will now become complex products and by definition not execution only.

How can we help?

Clarasys and Futureproof’s MiFID II proposition focuses on how you sell your products. With the regulations changing the way financial services products are sold both by distributors and by manufacturers, making sure you are compliant when MiFID II lands will require a reevaluation of both how you market and sell your products and to whom you sell to. Be this through process change, data governance or profit and loss analysis.

As regulatory changes no longer allow for the payment of commission for sale and recommendation of financial products, there will have to be a serious examination of how products are sold and of their viability in the marketplace. Our healthcheck will assess the way MiFID II will change the way you market and sell your products, and assess your risk to exposure to a new, more regulated market. Our experience in process optimisation and lead to cash consulting make us well placed to understand how best to sell products, keeping them competitive and compliant.
MiFID’s changes affecting who can buy what fund and how, as well as the changes regarding the client’s best interest means that more information is needed to know who your product is aimed at and who buys your product.

By looking at the highest performing and most influential products first, it is possible to deliver value and benefit quickly that can become a template to replicate change over a whole product portfolio, be this in process, documentation or sales strategy.

Futureproof’s advanced data analytics examines the products, enabling you to understand who the customers are, the fund’s susceptibility to changes in MiFID and how this will affect the profit and loss of the product. Through powerful interactive visualisations you can model what-ifs and make decisions as to the necessary changes. This can be scaled to address a portfolio of products across the business.

By looking at the content of the directive and the regulation that has already come out regarding the retail sector, we predict that much of the change in compliance following the introduction of MiFID II will be around information and documentation needed for interactions between the the manufacturer, distributor and customer. By making sure that you have the structure in place to execute this documentation when MiFID comes into force in January 2017 you will be on your way to being compliant.

London, 14th October 2015. Clarasys, a leading management consulting firm, in partnership with FutureProof, the enterprise data and analytics specialist, announces an innovative new MiFID II Health Check service.

The framework for MiFID II and MiFIR have been agreed for some time but the implementing measures and technical standards are yet to be finalised, as a result firms know their business will be affected but are unsure exactly what the impacts will be.

The MiFID II Product Health Check from Clarasys and FutureProof is a pragmatic and highly effective solution that provides firms with a thorough view of how MiFID will affect their ability to sell certain products and enable them to run what-if scenarios to determine impacts. And as a result identify the changes required to how they sell the products and the impact on their P&L.

The service is designed to minimise impact on internal stakeholders and quickly provide actionable results enabling firms to plan their response to the incoming regulations.

More information can be found on the FutureProof website here or contact FutureProof on 020 3289 1584.

Chris Hamilton, Director Clarasys, said “MiFID II will have a significant impact across the FS sector. With little over a year to go, timelines for assessing and making the necessary changes to be compliant are already tight. That’s why we think it’s important for firms to act now to understand the scale of change they need to undertake, and begin the process of becoming compliant.”

Geoff Davies, Director and Co-founder of FutureProof said “Drawing on our deep experience working with complex data sets for large financial services firms and our expertise in analytics visualisations these Health Checks represent a highly effective way for firms to plan their response to the new regulations and ensure the impacts are minimised.”


About Clarasys 

Clarasys is a fast-growing global consultancy firm based in London.

We believe that there’s a better way to do consultancy. For Clarasys, doing it right means working closely with our clients to forge rapid business transformations, and not only meeting the manifest challenge, but discovering the root cause.

We’re committed to collaboration, working with our clients – rather than merely for them – to ensure that we not only understand their priorities and their goals, but that they become ours too. We’re process driven and tech-neutral, meaning we choose the best tools, resources and approaches to enable our clients to flourish.


About FutureProof 

FutureProof are a data-led business and consulting company who work with large organisations to leverage the power of their existing data, bringing together complex information from multiple sources into easily interpreted visualisations and powerful insights that enable decision support, change planning, delivery and ongoing success measurement.

FutureProof provide customers with accelerated routes to business transformation using their Domain Solution Packs, which offer pre-defined data models and analytic information repositories that connect to existing enterprise data, delivering information rapidly via industry standard Business Intelligence tools.

London, 30th September 2015 FutureProof, the leading enterprise data and analytics specialist, announces a major new release to CloudScore, its cutting-edge application assessment and Cloud planning service.

Read more