Posted by: Eric in Opinion
Does your telco have a SOC? That was the most fundamental question raised during the pre-conference training workshop at the WeDo WWUG14 user event, earlier this year. The SOC is a new addition to the family of xOCs. All network operators have a NOC, to monitor their network. Telcos have somewhat adopted the idea of a ROC, which is meant to monitor revenues, though the popularity of the concept may have been constrained by Subex’s decision to trademark the term ‘ROC’. Praesidium, the consulting unit of Mainroad, a sister company to WeDo, now say that telcos will increasingly need a SOC – a Security Operations Centre. So why do telcos need a SOC, and why is this being discussed at a conference for business assurance people?
If a NOC ensures the service is being provided to customers, the ROC ensures these services are generating a financial return to the telco. Complexity is being driven by the convergence of networks and IT, by the increasing sophistication of services, and by the range and power of the devices belonging to end users. This complexity makes security more challenging, and opens more security gaps that might lead to financial loss if left unclosed. These motivations suggest a similar solution to one which has been used before – implement an xOC, to continuously monitor the relevant internal and external intelligence feeds and information sources.
WWUG14 keynote speaker Robert Strickland, former CTO of Leap Wireless and former CIO of T-Mobile US, also talked about RA, fraud and security coming together. Whilst the end consequences might differ, the root causes of security loopholes, fraud weaknesses and revenue leaks will often be connected. This partly explains why a conference of business assurance people is being told about the need to implement a SOC.
However, I am not entirely convinced that the simple trend analysis, and the big bold metaphors and the repeating of established themes, leave any of us knowing what we are talking about, when we talk about the ‘convergence’ of RA, fraud and security, or the need for a SOC. The more operation centres you create, and the more they monitor disparate things, the more you raise the question of whether you could and should implement monitoring in a more holistic fashion. At the same time, saying that RA, fraud and security are converging sounds wonderful, until you wondered what a ‘converged’ practitioner looks like. There is not a single human being alive who is master of every topic that sits under the category of security. What are the chances that we might educate someone to do ‘converged’ RA, fraud and security? In fact, was there not some fundamental disagreement exhibited in this event, because we had a keynote speaker talking about convergence, whilst there was a workshop calling for another, specialized, operations centre to perform different, separate monitoring?
I think the root of this contradiction lies in complexity itself. When dealing with a complex problem, we need a big view that incorporates all aspects, or there is a risk that we misunderstand the problem, and fail to identify some elements of the causes, or some of the consequences that flow from them. This pushes us towards a ‘converged’ view, because we need to see and understand everything at once. However, complexity means an increase in detail, and there is a limit to how much detail any individual human can cope with. So as the volume of detailed information grows, it becomes necessary to create sub-divisions and sub-categories, compartmentalizing information and relying upon ever more narrowly-defined experts to manage each compartment. And that encourages us to establish yet more new, and specialized, teams.
In the past, I have written about ‘the zoom‘, the ability to shift your mental perspective from one where you work at incredibly low levels of detail, to one where you stand right back and see the big picture, to then zoom into detail elsewhere, and so appreciate all the connections. The ability to mentally ‘zoom’ is becoming more and more important, but that does not make it easier for people to master (or for some people to understand the point I am trying to make).
Whilst the call for both a converged view of security with business assurance, and for a SOC, are simultaneously both right, they are simultaneously both wrong. We need an appropriate level of resources to be deployed in managing all risks faced by telcos, and those resources may need to increase if risk profiles deteriorate. But we also need to understand the limits in coordinating resources. Efficiency degrades with scale, and eventually we reach a point where no amount of resources will help us to monitor more effectively, because the organization is unable to prioritize and to make the right decisions.
To put it another way, more monitoring is a viable strategy if there is a sensible limit to how much more monitoring is needed. But endless monitoring just leads to wasted resources – things are monitored for no good reason – whilst creating a logjam for decision-makers when nobody is able to prioritize the conflicting messages from all the data being monitored by different people around the business. So one strategy to deal with increasing complexity is not just to trumpet the mitigation of risks – in ways that specialist suppliers usually do – but to actively reduce complexity, by being less complex! And that might involve resisting the temptation to keep adding new technology to an already overly complicated architecture, aggressively decommissioning technology and services of declining importance, and splitting the telco into separate businesses.
Business assurance practitioners should welcome the convergence with security, but they would be wise to fear it too. It is true that the root causes of security exploits, frauds and leaks will be increasingly intertwined. But business assurance practitioners will not be able to rise to the challenge by taking the same happy-go-lucky, few-days-here-and-there, scam-training-but-who-cares-as-long-as-the-certificate-has-the-right-words-on-it, learn-by-trial-and-error approach to education that they have taken before. It was never fit for purpose, but we got away with it because nobody expected more, and nobody did better. However, this lax attitude to education would prove disastrous if applied to the coming challenges in security. Somebody needs to invest in people, to raise their knowledge and skill levels to the standard necessary to deal with the converged challenges of business assurance and security – and we know that privately-owned telcos tend to be lousy at making this kind of investment in their people.
Governments have realized the significance of the shortfall in private enterprise, and increasingly they are taking the lead by investing in cybersecurity, which includes a crucial investment in educating people. But these governments will rightly focus taxpayer’s money on the more narrow dimensions of security, and not on the broader and related commercial challenges concerning fraud and loss. If business assurance practitioners do not find a way to improve their education, the convergence of business assurance with security might prove to be nothing like a marriage of equal partners; it will be the takeover of business assurance by highly-trained security professionals.
Posted by: Eric in Opinion
I have a very serious point to make today. But in order to make it, I will start with a comic daydream…
Usain Bolt struck his lightning pose for the TV cameras. He smiled, and it felt like the world smiled back. A hush descended around the stadium. The Jamaican shook each long limb in turn. He was a sprinter, built for speed like no man had ever been. He was relaxed. He was ready.
On your marks.
Bolt sauntered forward. He was casual, but deliberate too, carefully placing each foot into position, soles pressed firmly against the starting blocks. Bolt then knelt upright, and made the sign of the cross. Now was the time. He looked up at the sky, and blew a kiss to the heavens. And then he faced down, as if in prayer.
His mind suddenly raced ahead, imagining himself at the finish line. This was the 2016 Rio Olympics, and Bolt was going to win his third consecutive gold for 100 metres. And in doing so, he would run faster than ever before, faster than anyone had ever run. Bolt was sure of it.
The starting gun fired.
Bolt exploded from the blocks. His legs unwound, consuming the ground before him. And it was over, finishing so soon there was no time for thought, nor words. There was only speed, and sound. The crowd roared louder than a hurricane, overawed by Bolt’s power, blown away by what they had witnessed.
Bolt raised his hands, praising the crowd as they praised him. Somebody handed him a Jamaican flag, and he held it aloft, flying it behind him as he toured the track. Then, halfway round, he stopped, to watch the replay on the stadium’s big screen. Bolt waited to see the official time. He knew he had broken his record. The only question was whether he had done something previously unimaginable. Was Bolt the first man to run 100 metres in under 9 seconds?
Bolt waited. He raised an eyebrow. He waited. He smiled, but less broadly. He waited. Why was it taking so long to show the official time for his race?
“Is everything alright, Mr. Bolt? We need you to move on, the high jumpers use this part of the track for their run-up.”
“Where’s my time?” quizzed Bolt. “I want to know my time for the 100 metres.”
“Oh.” The diminutive Olympic official tugged the front of his blazer, and looked nervously around him. “Didn’t anyone tell you? We’re not bothering to measure the times in this Olympics. There’s no need.”
“What do you mean, there’s no need?” asked Bolt, perplexed.
“You had the other guys racing alongside. What’s the point of measuring the time you ran? You definitely came first!”
“I want to see if I did better or worse than before. I might have gone under 9 seconds in that final.”
“Yes, but targets like that promote the wrong sort of competition. You won’t become a faster runner by trying to beat a target like that.”
All trace of a smile was erased from Bolt’s face. His eyes widened. He stepped closer to the official, leaning over him. He uttered one word: “what?”
“The Olympic Committee has brought in a much better way to improve athletic performances. Instead of using targets that get objectively measured, we now have some sports scientists, coaches and doctors who will review the video tape of your performance. They’ll write you a report, explaining how you could improve your running process further.”
“They’re going to write some papers that will improve my running process? Nobody timed my run?”
Bolt bared his teeth again, but he was not grinning. He raised his hands again, but not to the sky. They were wrapped around the neck of the Olympic official, throttling him.
Okay, so that was a silly story, and so far I have not mentioned telecoms once. But sometimes I get confronted by supposedly serious people acting in such ridiculous ways that it is difficult to describe the enormity of their silliness. So imagine the following. You want to be the Usain Bolt of revenue assurance. You want your telco’s bills to be more accurate than they have ever been before. You want to be a real champion, delivering bills which are more accurate than anyone’s bills have ever been. You want this, because you really strive to always improve your performance. Now answer one question:
Is it better to set accuracy targets and objectively measure your performance against those targets? Or not?
I think you know which conclusion I am expecting you to draw. There is a reason why we record the performance of athletes using numbers, why we measure companies in terms of profits, and why even governments set themselves targets (even if they always miss them). So you will be as bemused as I am, that a bunch of ‘experts’ in the United Kingdom believe the exact opposite to you and me. The UK has a long tradition of believing its telecoms billing is more accurate than everyone else’s. They believed this because people wrote pieces of paper saying they met accuracy targets which were tougher than anyone else’s. But now, to become even better, they have decided the way forward is to not have any targets at all.
Common sense. Logic. Past experience. Real data. None of these apply, when regulators make decisions like these. Here is the rationale, point by point, per Britain’s regulator:
The removal of the target-based requirements and the retention of the existing process-based requirements should ensure that the approval and audit processes, and ongoing reporting by CPs to ABs, were focussed on CPs identifying and analysing all billing errors. Instead of having targets which envisaged an ‘acceptable’ error rate, the remaining provisions, while recognising that errors may occur, would aim to achieve ongoing improvement in CPs’ systems and processes to ensure that, where errors occur, corrective measures are put in place that address the risk of repetition. This would more closely align the Direction with the provisions of GC11.1 which requires CPs to ensure that all bills represent and do not exceed the true extent of any such service actually provided, rather than setting targets for billing accuracy.
Let us break this down. To begin with, CPs are comms providers i.e. the telcos, whilst ABs are approval bodies i.e. a kind of ‘specialist’ auditor that checks bill accuracy. Some of them believe, and the regulator agrees with them, that the previously mandated level of accuracy somehow discouraged people from measuring and responding to all the billing errors that occurred. The target somehow prevented them from doing these utterly sensible things, which they are legally and morally obliged to do anyway, even though the target was for the total billing error. Words fail me already. What have they been attempting to measure so far, if not the sum total of all billing errors? Why would the absence of any target make somebody work harder to detect and resolve errors?
GC11.1 is clause 1 of General Condition 11, a requirement to be satisfied by every UK telco. It says, in short, that telcos should not overcharge customers. Duh. And yet, as even the regulator admits, mistakes happen. Previously, this reality was dealt with by stating how much error would be tolerated, before a telco was punished. This was the accuracy ‘target’, so to speak, though it should properly be called a tolerance, as it was supposedly mandatory to stay within the target. The theory was that telcos who break the limits deserve punishment. This does not preclude punishing telcos for behaving badly even if they do not break the limits. Governments want people to drive safely, and whilst it is very possible to drive dangerously at low speeds, it also makes sense for law enforcement authorities to automatically punish people who exceed speed limits. But the UK regulator has somehow reversed that kind of thinking. They now believe that having a limit somehow encourages telcos to behave badly, because they will drive up to that limit. Already we are in fanciful territory, as if telcos routinely discover very very very small overcharging errors and then decide they should do nothing about correcting them. But the regulator now thinks that tolerances encourage telcos to believe they will not get punished if they stay within the tolerance, though nothing currently stops the regulator from enforcing GC11.1 more strictly, if it wanted to. However, the regulator’s new approach is to do away with any tolerance, and to leave it completely vague when anybody will be punished for any bad behaviour.
CPs point out that they use process-based requirements for their own internal audits and for ensuring billing accuracy, so compliance costs could be reduced. This could also encourage voluntary compliance with the Direction by CPs with annual relevant revenues under £40 million not covered by its scope.
I was an auditor, once. I mean, I was a real auditor, once. In the real audit world, fees have to be earned, budgets managed, profits made, and there were a fair few other audit firms competing for the same work. In that real world, there is a simple but important rule of thumb: process-based audits are cheap, substantive auditing is expensive. Auditing a process is cheap because it is subjective. You contemplate whether anything might go wrong, and if you can think of nothing that might go wrong, then you conclude that nothing will go wrong. Substantive auditing is expensive because you have the hard work of actually checking real data, to see if it really is right or wrong. As there might be a lot of complicated data to check, this can get expensive, even on a sample basis. But whilst substantive auditing is hard and expensive, you must do some, or else your audit might be a total crock.
Contrast that real world insight to the paragraph from the regulator. It implies that telcos, and with the full knowledge of some kinds of auditors, have already been favouring the cheaper kind of audit work, which involves more of the subjective stuff, and less of the actual checking of data. The regulator notes that the less real checking done by telcos, the cheaper their audits will be. This is correct. And if audits get cheaper, the regulator hopes telcos will start volunteering to do audits even if they are not mandatory. This is pure speculation, and hardly a desirable goal anyway. Why encourage the voluntary proliferation of weak auditing practice, instead of focusing stringent audits on business practices that really need auditing? And how is any of this a valid argument for ending a requirement that was designed to protect customers from too much overcharging?
The arrangements should be more adaptable and future-proof as they would be based solely on processes rather than targets which might need to be changed as usage and services changed.
Remember, this regulation is supposedly about protecting real customers of real comms providers. This clause implies customers will be better protected in future, if no objective targets are set. Why? Because setting objective targets is difficult. But if it is difficult to set objective targets, how much harder would it be to decide the appropriate punishment for a telco that demonstrably overcharges its customers, when there is not even a guideline target to compare their performance to? And what, if anything, is objectively measured by a process-based audit?
Although we would be removing elements of the current requirements, we believe the remaining requirements of the Direction would be adequate to protect consumers by ensuring that CPs processes were focussed on ensuring the accuracy of bills. Indeed, for the reasons explained above, we consider that the focus on the process-based requirements should result in a closer alignment with the objectives of GC 11.1 and should therefore be more effective at protecting consumers.
In other words, though they are making the regulations easier, they claim this does not really make them any easier. In fact, they somehow claim it makes the regulations tougher, and hence more effective at protecting customers. Telcos will no longer need to do things they previously had to do. By telcos not doing as much, somehow customers will be protected more than before.
There is a simple counter-argument to the regulator’s position. Hardly any countries mandate targets for bill accuracy. The regulator continues to be challenged by telcos who complain British bill accuracy regulations are much tougher than those found anywhere else. For many years, the British regulator insisted it was necessary to set targets, even though they knew other countries did not. Either they were wrong to set targets before, or they are wrong to do away with targets now. Which one is it? What else changed, that might justify this u-turn? How is it that the UK regulator argues it was right, when they said it was necessary to adopt the toughest billing accuracy tolerances that the world has ever seen, and the UK regulator argues it is still right, when they say there is no need to measure performance against any kind of tolerance at all?
In a recent podcast with Mike Willett, I said the UK’s bill accuracy scheme was prone to ‘shenanigans’. Whilst it can be long and boring to explain what is involved in these shenanigans, I believe this latest regulatory twist provides ample evidence of the fundamental problems with the UK’s billing accuracy regime. The historic source of these problems is straightforward: the regime began with unrealistic and unworkable targets, endorsed by people who simply never accumulated enough data to realize how badly they had underestimated the true extent of billing error. From that point on, nobody was allowed to lose face. The auditors could not lose face, for being less knowledgeable and experienced than they pretended. The telcos could not lose face, because any telco that did would unfairly suffer relative to every other telco. And the regulator could not lose face, because they would have to admit they implemented a regulation that delivered collective delusion instead of consumer protection.
Now UK customers are reaping the rewards of all that face-saving. Instead of protecting customers with realistic targets, backed by tough data-driven audits and a genuine desire to penalize the worst offender, the UK’s regulator has ensured nobody lost their job. To do this, they needed to deliver a through-the-looking-glass explanation for why the only thing better than having an insanely narrow accuracy target is to not have any target at all!
After his disappointment in Rio, Usain Bolt called a press conference, and said he would run just one more race, with the intention of setting a new 100 metres world record that would never be broken.
“Wow Usain!” shouted one of the press corps. “What’s your target for this unbreakable new record? Is it 0.01 seconds?”
“What are you smoking?” replied Bolt. “Nobody can run 100 metres in 0.01 seconds. That target would be madness.”
Another member of the press corps shouted out. “If you’re not going to run it in less than 0.01 seconds, why bother having a target at all?”
Bolt put his head in his hands. Mo Farah, his friend, sat alongside. Farah put his hand on Bolt’s shoulder, consoling his old pal. Bolt slowly turned to face Farah. “Don’t be down,” said Farah, “they just don’t understand what people like us are trying to accomplish.”
“Maybe they don’t even care,” mused Bolt.
Posted by: Eric in M&A, News
Basset, the Swedish revenue management software firm, has been purchased by Enghouse Systems for USD10mn. You can see the press release here.
Though their strengths lay in managing wholesale and roaming revenues, Basset has long been a minor player in the business assurance market. Formerly called Bassetlabs, they have offered FMS and RA tools for over 10 years – but with little sales success. Rival software developers invested more heavily in their assurance products, and soon eclipsed Basset in terms of market share, riding a wave of growth that eluded Basset. Nevertheless, Basset continued to pitch themselves to the revenue assurance and fraud management community, though their misreading of the market was exemplified when they became the leading vendor sponsor of GRAPA. Basset’s current product portfolio makes little mention of assurance; we shall have to see if their new owners decide to exit the market.
Enghouse Systems is a publicly-traded Canadian software conglomerate, whose strategy appears to be based around acquiring underperforming enterprise software firms. Basset is just one of three firms they have already bought this year. Enghouse is growing rapidly, and are on course to earn over USD200mn in revenues by year end. Purchasing Basset should help Enghouse to increase sales in Europe.
Posted by: Guest in Opinion
Today’s guest post is by Ahmad Nadeem Syed, Director of Revenue Assurance and Fraud Management at Mobilink. When long-standing talkRA contributor David Leshem argued why people are more valuable than tools, he prompted a flurry of replies, both agreeing and disagreeing with David’s opinions. Ahmad was amongst the respondents, leaving a thoughtful comment that said neither is more valuable than the other, because value is generated when tools complement people. He finished his comment by asking that the next talkRA blog on the topic should discuss that theme of the complementary combination of people and tools – so I invited him to write it! Ahmad graciously agreed, and here is his article on why we should focus on the combination of people and tools, rather than dwelling on each element separately.
In the Stone Age, human needs were limited to eating and sleeping. Their food comprised of available wild animal meat, fruits and vegetables. They used stones or wooden arrows for hunting and long sticks for plucking fruit that was out of reach. We can see the apes doing the similar thing even today, while breaking a coconut.
The activity incorporates three things: (1) the goal – the instinct to survive; (2) the people – the Stone Age human; and (3) the tools – stones and wooden arrows. Imagine various situations; there are hungry people with available tools but not knowing (the skill) how to aim and throw the stone or arrow at the prey. In another situation: there are hungry people with skill, but no tools available with lot of food available. In both the situations the ultimate goal of survival is not met if the variables become constant.
With the passage of time, the goals kept moving and growing from survival to comfort to luxuries, both vertically and horizontally. This necessitated having more and better tools coupled with people having advanced skills who are able to use these tools for the purpose of achieving the desired goals.
Come to today’s modern age; if it can be called modern in the eyes of the generation coming after say 50 years, in the wake of rapidly changing human needs and the technology. Humans have always been more and more dependent upon technology with the passage of every moment, may it be personal, social or business life. The mobile phone, for example, has become an essential part of our lives. Some are using the latest smart phones, and some are still content with only voice and SMS. Both classes have developed the skills to use these tools to meet their varying needs. Can anybody today imagine toady’s life without mobile phones, and in reverse, lot of mobile phones but no people?
The computers are integral part of any business, but then we need people with varying skills to develop the applications and run the computers. Can anybody imagine any business today with lots of people but no computers or vice versa? Some may argue some small businesses still rely on pen and paper, but then these are also tools.
I call this the PNT (People-Need-Tool) phenomena. People are meant to live, and so they have needs, and tools allow them to meet their needs. Once the first set of needs is met, another set of needs become a necessity and therefore another set of tools is required.
Let me mention a busted myth here. It was commonly said that automation will cause widespread unemployment as computers will replace the human. But the reality is different. As the business and social needs increased, the way of managing these sectors changed, generating and using high volumes of data. Handling of these data volumes require better, high performance and sometimes specially designed computers/tools. The operation of these tools needed skilled people, therefore the automation instead of creating unemployment, paved the way for IT education and thus generating new opportunities.
Let us take the examples of telecommunication. I work for a GSM operator, where network elements are producing over a billion CDRs on a daily basis. These CDRs are processed by mediation, IN and billing systems. As the head of the Revenue Assurance and Fraud Management team, where I have a highly skilled team of analysts and IT professionals, I use very high performance RA and FM systems to ensure that no revenue leakage occurs. I will be completely stuck, the day either my key people are absent, or any of my key systems goes offline.
I therefore believe in people and tools being a complementary combination, without any preference.
Posted by: Eric in Interviews
People keep asking me about Subex, the Indian business assurance vendor, like I should know all about its inner workings. Or rather, they ask like I should know about its inner workings and know if there is any truth to this-or-that rumour which floats around those internet chatrooms for people who talk a lot about share prices. I find this odd. Firstly, I do not work for Subex. Although I try to keep an eye on their business, if they intend to keep a secret hidden in their headquarters in Bangalore, I am unlikely to discover the secret from my vantage point in the UK. Secondly, internet gossip about share prices is about as reliable a source of information as that ubiquitous internet spam which begins by saying: ‘here’s one weird tip to…’ and ends by saying something like ‘…remove all wrinkles from a 90 year old face’ or ‘cut your tax bills in half’ or ‘purchase an iPad for less than $10′. If you take internet chat seriously, then you must be in the wrong line of work. Unless you are following my internet chat, in which case you are a very wise person indeed and you are bound to have a successful career. That is because I only tell you good stuff. And that is because, when I want to find out stuff, I ask people who might know the answers. So I asked Subex CEO Surjeet Singh what he thought about his company’s last set of results, and his objectives for the business over the next few years. Here are some excerpts from our conversation…
Eric: Surjeet, you may remember that I already reviewed Subex’s financial results for last year, so I don’t want to discuss numbers, but I’d really like to know which element of last year’s results pleased you most, and where you feel there is greatest room for improvement.
Surjeet: What made me happy was the 24/25% EBITDA margin we attained. It was vital that we steadied the ship and, as part of the turnaround, rapidly moved to a situation where we demonstrated that Subex is a profitable business. So the EBITDA margin pleased me. Where we need to improve is when we compete for business in Europe. We feel we’re dominant in Asia and the Middle East; during the last 14 months we had seven transactions in that part of the world which were in the three-to-five million dollar range. But in Europe we didn’t win as much as expected.
Eric: what’s holding you back in Europe?
Surjeet: Historically Subex has been weaker in Europe. Subex hadn’t developed the same touchpoints with prospective customers in that region. Also, Subex’s poor results in the past, and rumours about our financial status have had a negative impact in Europe which we haven’t experienced elsewhere. Management has focused on making better in-roads into Europe, and I’ve asked Vinod [Kumar, Subex COO] to be hands-on with this. I think we’ve improved a lot in the interim.
Eric: I get the impression that Subex is feeling more optimistic about growth than it has for a while.
Surjeet: We’re running the business with the future in mind, ensuring we’re financially sound and planning to generate a good return for investors. And we’ve had some good news relating to that: Subex received an investment grade credit rating from Fitch. With the future in mind, we’re putting together an advisory board of industry professionals – including ex-CEOs who know telcos and people like that. They will guide us in terms of development and delivery. And we’re managing money internally like we’re managing an investment portfolio, with three-year targets for each element of the portfolio. That way, we use our money wisely, concentrating on the areas where we pursue growth, and not spreading ourselves too thin, trying to do too many different things.
Eric: Which elements of the portfolio are you investing most heavily in?
Surjeet: We have invested heavily in asset assurance, the management of network capex and opex. You already know how important asset assurance is to us; we’ve invested in making it a success. Analytics is also important to our new portfolio. As for vertical expansion, we’re working on a test bed that will see us develop our products for use in utilities. We preferred to concentrate on utilities rather than financial services companies because we feel it will be easiest to convert our tools for use in utilities.
Eric: The possible downside is that utilities are not known as fast-changing businesses.
Surjeet: No, but they have the cash, and we expect there will be plenty of change in utilities during the coming years. They will want to make use of the data they collect.
Eric: You alluded to targets over a timeframe of the next few years. Can you be more specific?
Surjeet: I want Subex to be earning $100mn revenue annually, with a 25% EBITDA margin, within three years from now.
Eric: Can I quote you on that?
Surjeet: Please do.
Eric: We often talk about managed services as being important to how you’ve changed the revenue profile of your business. Long-term managed service contracts makes your revenues more predictable, and less volatile. Subex has increased the share of revenues from managed services to an extent that rivals have not been able to match. Can you comment on why that is?
Surjeet: Customers want bundling, and they want it to be quick and efficient. Subex reset its own revenue cycle to ensure we can quickly and efficiently bundle products and services, in order to please customers. It’s a very important competitive advantage for us.
Eric: To be clear, I sometimes talk about outsourcing as being one end of the spectrum that is labelled ‘managed services’, but when you talk about Subex supplying managed services, you’re not really talking about outsourcing of revenue assurance and fraud management. However, I admit that I previously predicted there would be more outsourcing by this point in time, and I assumed that Subex would take the lead because it would give your business the deepest ties with your customers, and hence the greatest predictability for your revenues. Am I right in thinking you’re not already an outsourced supplier of revenue assurance and fraud management – in the sense of employing the people who do assurance on behalf of the telco? In other words, you’re bundling hardware with software, but the telco still employs the people who do revenue assurance and fraud management for their business. Is that right? Might that change in future?
Surjeet: You’re right. We don’t currently provide a fully outsourced service for revenue assurance or fraud management. When I talk about bundling, I’m talking about bundling hardware and hosting with the software. However, I think we are on an evolutionary path with our customers. When you’ve provided a bundle of software, hardware and hosting for several years, and you provide that bundle smoothly and efficiently, the customer becomes more open to the option of full outsourcing. Full outsourcing is something I could envisage happening at the level of a telecoms group, and I foresee it will be viable to make such an outsourcing deal in the next year or 18 months. Previously groups have tended to have a variety of fraud management and revenue assurance suppliers across their entities, but we’re reaching a stage where Subex is the supplier to every subsidiary of a group. That makes it far more viable to do outsourcing at group level.
Eric: So you’re suggesting that the trend towards shared service centres in telecoms groups is also a potential enabler for outsourcing? If a group runs a shared service centre for revenue assurance or fraud management, where it’s pooling work done on behalf of all the operating companies, then that lends itself to the possibility of simply outsourcing the work of the shared service centre?
Surjeet: That’s right. We don’t see the trend towards shared service centres as a threat to Subex’s business model, because it also increases the opportunity to outsource. If a group can decide to implement a shared service centre for its revenue assurance and fraud management, it creates a real possibility that they might do a 10-year deal to outsource that function, allowing Subex to take care of every aspect of the function, from the software that is used, to the payroll for the staff who work in that team.
Eric: A 10-year outsourcing deal? So you’re really thinking long-term about Subex’s future revenues.
Surjeet: We’re really thinking that far ahead.