Expanded Subex Agenda Reveals Limits of RAFM

Subex’s marketing team have been in touch to confirm they have increased the scope of their upcoming user conference:

…the coverage of the event will be much larger than just traditional RA-FM, extending into the areas of privacy, security, risk, predictability, identity, and confidence in data. From a portfolio standpoint, the presentations at this year’s User Conference cover our RA, FM, Partner Management, Network Analytics, IoT Security, Anomaly Detection, Identity Management, and Advanced Analytics solutions.

It should come as no surprise that vendors like Subex want to extend their reach beyond revenue assurance and fraud management. WeDo, their greatest rival, has previously toyed with rebadging themselves as suppliers of enterprise risk management or enterprise business assurance. A good number of former RA managers have incorporated the words “business assurance” into their titles. This kind of expansion can be seen as a positive, but it can also lead to the creation of a void where new expectations are raised long before there is any serious prospect of meeting them.

Early results from the RAG Leakage Coverage Survey confirm that telcos differ in the priorities they set after they have implemented a full range of controls for revenue assurance. Some move on to the assurance of contracts whilst others focus on the cost of network assets. Telcos that have made a significant investment in media content place increasing emphasis on the need to combat piracy, whilst others shift their attention towards the quality and governance of the customer data they collect. I refer to this process as the fracturing of the RAFM consensus, and it is driven by an imbalance between business need, technological possibility, and organizational capability.

  1. Telcos face a broader universe of risks as they offer a wider and more sophisticated range of services to offset the decline of older revenue streams.
  2. Vendors make use of advances in technology to offer new products and services to address this expanded range of risks.
  3. However, telcos lack the organizational agility to consistently allocate responsibility for managing all of the emerging risks.

To put it more simply, if somebody spends all their time doing a switch-to-bill reconciliation for voice usage then there will be no time to teach them how to identify when an internet TV subscription is being abused. Another analyst might be bogged down in handling cases of international revenue share fraud, meaning nobody does sufficient work to identify a rise in account takeovers before the telco’s reputation has been damaged.

Some international associations have shown themselves unwilling to deal with the full spectrum of risks faced by modern telcos. It was around a decade ago that the GSMA’s Fraud Forum considered a proposal to add revenue assurance to their work – and they rejected it. They effectively said it was beyond their ability to use familiar database methods to identify accidental errors that cause considerable loses and huge numbers of complaints from overbilled customers, even though similar technology was also being used to identify fraud. If closing the gap between revenue assurance and fraud management seems too challenging, then what is the prospect of tackling more difficult problems, such as identifying staff who sell information about customers?

Some years ago I recommended to the CFCA that they pay more attention to the value of frauds suffered by telco customers instead of concentrating so much on the direct losses that telcos endure. Since then we have seen an explosion of critical news headlines about SIM swaps and wangiri. Telcos suffer no direct loss when a wangiri scammer tricks a customer into calling back, or when a SIM swapper changes the passwords to the customer’s other online accounts. Ignoring the scale of the damage being done is a terrible mistake. Customers have lost confidence in telcos as a result of our seeming indifference to the crimes that plague them. But there is no point bashing an association for moving slowly when the root cause is that its members only want to move slowly. In this discipline we often talk about collaboration, but it is impossible to collaborate with others whilst being the first and only telco to tackle a problem. Instead of just repeating the mantra of collaboration, we also need to champion leadership. If we do not, then national regulators will be forced to provide that leadership, and the extent to which this is welcomed by some telcos shows just how little influence their risk managers really have.

Businesses like Subex are playing an important role in holding our discipline together. We need them to act as a bridge between the assurance, risk, security, privacy and analytics specialists in our telcos. Their reasons are clear. The technologies developed by vendors can often be applied to a variety of risks, so it makes sense for them to promote a large and inclusive family of users. That should not make us cynical about their motives. The fracturing of RAFM will have serious consequences, but this may not become apparent before they are irreversible. Let me illustrate by recounting a story from many years ago.

I once worked at a telco where I attended project meetings with a department that managed a very specific kind of risk, and no other. Then I suddenly stopped seeing them in meetings. The entire department had been culled to save money. Their purpose had been too niche, and their responsibilities could be covered by other staff with more general skills. Far from giving them job security, the boundaries they built around their jobs had made them inflexible. This gave the executive team a good reason to dispense with them. Amongst them was one of the finest and most successful professionals working in this field, who has since built an international reputation for his work. This shows that the ability of the employee is irrelevant if their job specification is too narrow. We must remain open to taking on more expansive roles in order to deliver the most value to telcos.

I will be talking about the fracturing of RAFM and ways to avoid it at Subex’s User Conference, which is being held in Amsterdam on October 24th and 25th. You can learn more about the event from here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.