Tag Archives: investment banker

The Incredible Impact From Superbosses

Please join me for “Path to Transformation,” an event I am putting on May 10 and 11 at the Plug and Play accelerator in Silicon Valley in conjunction with Insurance Thought Leadership. The event will not only explore technological breakthroughs but will explain how companies can test and absorb the technologies, in ways that then lead to startling (and highly profitable) innovation. My son and I have been teaching these events around the world, and I hope to see you in May. You can sign up here.

“I don’t care if you have to take drugs, you have to build it in six months,” said my boss, Khurshed Birdie, when I told him that he was on drugs if he thought my team could create a software development tool set in less than three years. This was in 1986 at Credit Suisse First Boston, one of New York City’s top investment banks. We were rebuilding the company’s trade processing systems to run on a client–server model of computing. This technology is common now, but then it was as futuristic as “Star Wars.”

My team worked day and night to build a technology that became the foundation of the company’s information systems. It gave Credit Suisse First Boston a competitive edge and led IBM to invest $20 million in a spinoff company that was formed to market the tools we had developed.

I was a lowly computer programmer, an analyst when Birdie hired me, a computer geek who didn’t own any three-piece suits, white two-ply cotton shirts or wing-tipped Oxford shoes — the uniform of investment bankers. Yet I was hired on the spot. I had some far-out ideas about how computer systems could be built but didn’t believe for a second that I could implement them. My boss did: He believed in me more than I did, and he bet a $100 million project on my vision.

He allowed me to expand my team from four to 54 people and shielded me from criticism by other teams who had to use my tools to build their systems — and who thought I was crazy. There were a lot of problems along the way, and Birdie allowed me to learn from my mistakes. And then he promoted me to vice president of information technology when I achieved success.

Birdie was what Sydney Finkelstein, a Dartmouth business professor, in his new book, Superbosses: How Exceptional Leaders Manage the Flow of Talent, calls a “superboss.”

As Finkelstein explains, superbosses take chances on unconventional talent. Oracle’s founder, Larry Ellison, hired candidates who had accomplished something genuinely difficult, rather than those with formal qualifications, because he believed they would rise to the technical challenges. Designer Ralph Lauren offered jobs to strangers whom he met while dining in New York City restaurants. Superbosses take raw talent and build self-confidence. They hire for intelligence, creativity and flexibility — and are not afraid of people who may be smarter than they are.

Under Finkelstein’s definition of superbosses, Birdie would be categorized as a “glorious bastard”: someone who cares only about winning. Deep down, he had a good heart —  but was ruthless in setting expectations and driving people to work extremely hard. I’ll never forget him telling me that “Christmas was an optional holiday.” These bosses realize that, to get the very best results, they need to drive people to perform beyond what seems reasonable and achievable.

Even though I achieved a lot, I hated working for Birdie, because I had to neglect my family for months on end. This isn’t something I would ever do to my employees. My next boss, Gene Bedell, was very different. He left his job as managing director of information technology to found Seer Technologies, the start-up that IBM had funded. Bedell convinced me to leave my high-paying investment-banking job to join him in a No. 2 role, as chief technology officer, at the low-paying, high-risk, start-up.

Bedell was what Finkelstein calls a “nurturer”: someone who coaches, inspires and mentors. These superbosses take pride in bringing others along and care deeply about the success of their protégés; they help people accomplish more than they’d ever thought they could.

Bedell managed by a method he called “outstanding success possibilities.” He challenged his executives to set ultra-ambitious goals and then find unconventional ways to achieve them. Instead of managing to what was achievable and possible, we shot for the impossible. And then did whatever it took to get there — without worrying about failure or looking back. It is amazing what you can achieve when you have a single-minded focus. We took Seer Technologies from zero to $120 million in annual revenue and an IPO in just five years — faster than any other software company of that era, including Microsoft and Oracle.

Superbosses create master–apprentice relationships. They customize their coaching to what each protégé needs and are constant fonts of practical wisdom. Bedell taught me how to sell. A year after the company was formed, he sent me to Tokyo to sell IBM-Japan on an $8.6 million deal to fund the creation of a Japanese version of our product. I didn’t think that a techie like me could do these things; he taught me that selling was an art that could be learned and perfected. I helped our salespeople close more than $200 million in software deals. And that is another skill that superbosses have, building what Finkelstein calls the “cohort effect”: teamwork and competition combined. Lorne Michaels, for example, who created “Saturday Night Live,” judged writers and performers by how much of their material actually went to air — but they had to do it with the support of their coworkers, the people they were competing with.

A common trait of superbosses is the ability to delegate work and build jobs on the strengths of their subordinates. They trust subordinates to do their jobs and are as supportive as can be. They remain intimately involved in the details of the businesses and build true friendships. Bedell often invited my family to his vacation home near the Outer Banks of North Carolina. He took me to Skip Barber Racing School to learn how to race a Formula Ford and built a gym in his basement so that his executive team could lift weights together.

You will find the alumni of our project at Credit Suisse First Boston and Seer Technologies in senior leadership roles now, at companies such as IBM, PayPal, American Express and every one of the top investment banks. Many started their own companies, as I later did. There are literally hundreds of people who built successful careers because of my two superbosses. When I became an academic later in life, I was fortunate to have two superboss deans at Duke’s Pratt School of Engineering, Kristina Johnson and Tom Katsouleas, who nurtured me. Superbosses aren’t just in corporations — they can be found everywhere.

Yes, I know that I got lucky in having good bosses; most are jerks who demotivate employees, slow their growth, backstab and take credit for others’ work. You are usually stuck with whomever you get. But there is nothing that stops you from being a superboss. As you begin to achieve success, start helping others and nurturing your colleagues and subordinates. Show the leadership qualities that you’d like your own boss to have. You will gain as much as the people you help — and build a better company.

This article first appeared at the Washington Post.

cyber

Cyber Threats and the Impact to M&A

As investment bankers and their lawyers pore over the details of a potential corporate merger, a new and troubling issue has emerged that could affect the terms of the deal, or even derail it. Cyber risk is now a top agenda item, not only for deal makers but for shareholders, regulators and insurance companies.

While assumption of risk is nothing new when acquiring a company, assuming cyber risk raises a whole new set of concerns that must be addressed early in the M&A process. Specific industries, such as healthcare, financial services and retail might require detailed attention to data risk as it applies to HIPAA (Health Insurance Portability and Accountability Act) standards, financial regulation and PCI (payment card industry) compliance. A thorough analysis of the target company’s network systems needs to be part of the due diligence process and may require the services of a network assessment vendor. Insufficient cyber security and the need for significant remediation of these networks could lead to unforeseen expense and may be a consideration in final negotiations of the target price.

Understanding the evolving face of hackers should also be a consideration. Hackers have traditionally been motivated solely by financial gain. However, as evidenced by recent cyber attacks against Sony, Ashley Madison and the Office of Personnel Management, hackers may be driven by political agendas or moral outrage or may be part of state-sponsored cyber espionage. If the acquired company comes with intellectual property or produces controversial products or services, it could be at higher risk of attack.

Regulatory Issues Affecting M&A

Increased regulatory risk for the acquiring company should also be of concern. Regulators in the U.S. and around the world have had a laser focus on privacy matters and have made their authority known in two recent court decisions.

  • On Aug. 24, 2015, a decision was made that will have profound impact on how the CIO, compliance officers, cyber security officials and others view what is an acceptable level of cyber security. In Federal Trade Commission v. Wyndham Worldwide Corp. et al. No. 14-3514, slip op. at 47 (3rd Cir. Aug. 24, 2015), the FTC alleged Wyndham failed to secure customers’ sensitive data in three separate incidents. As a result, 619,000 customer records were exposed, leading to $10.6 million in fraudulent charges. The Third Circuit Appeals Court affirmed the FTC’s authority to regulate cyber security standards under the “unfair practices” of the Federal Trade Commission Act. Therefore, key stakeholders in the acquiring and target companies need to come to terms regarding acceptable levels of cyber security before the deal is closed.
  • On Oct. 5, 2015, the European Union’s Court of Justice declared the U.S. and E.U. Safe Harbor framework invalid. The ruling abolishes an agreement that once allowed U.S. companies to move E.U. residents’ digital data from the E.U. to the U.S., and it will affect approximately 4,000 companies. For some companies, the ruling could drastically alter their business models. Therefore, an acquisition of any of these companies will require careful consideration as to how the company collects and uses the online information of the residents in the 28 countries that make up the E.U. An acquiring company could face regulatory scrutiny and costly litigation for noncompliance of their newly acquired entity.

Transferring Your Cyber Risk

One method to provide protection for the acquiring company would be to enter into a cyber security indemnity agreement with the targeted company. The agreement can exist for a period after closing, but there should be an expectation that—after a specified length of time long enough to remediate and integrate the target company’s IT networks—the agreement will expire. The liability protections should be as broad as possible and should include all directors and officers, who are often named in derivative lawsuits in the aftermath of a data breach. The agreement should address the many different actions that might be required after an unauthorized network intrusion of the target company. Costs related to defense attorneys, IT forensics firms, credit monitoring vendors, call centers, public relations companies and settlements should be anticipated. The firms to be hired, the rates they will charge and the terms of reimbursement to the acquiring company should be outlined in the agreement.

Many businesses have also turned to cyber insurance as a means to transfer cyber risk. In fact, the cyber insurance industry has grown to $2 billion in written premiums, with some expecting it to double by 2020. Cyber policies typically cover a named insured and any subsidiaries at the time of policy inception. Parties in a merger should be aware that M&A activity will likely have an impact on existing cyber insurance policies and often require engagement with insurance companies. When an insured makes an acquisition during the policy term, the insurance carrier often requires notification of the transaction pursuant to policy terms specifically outlined in the policy. Because cyber insurance policies are written on manuscript forms, there is no one standard notification requirement, and compliance terms will vary from insurance company to insurance company. If the target company has revenue or assets over a certain threshold, the named insured may be required to:

  • ƒProvide written notice to the insurance carrier before closing;
  • Include detailed information of the newly acquired entity;
  • Obtain the insurer’s written consent for coverage under the policy;
  • Agree to pay additional premium;
  • Be subject to additional policy terms.

Cyber risk can have a huge impact on any M&A activity. Legal liability and the means to transfer it should be a top priority during the transaction. There likely will be a big impact on existing insurance coverage. All parties need to focus on their rights and responsibilities and must engage the right experts to maximize protections in the process.