11:30 AM
Brokerage Firms Are Starting to Use Digital Rights Technology to Protect Their Research
At the end of March, Merrill Lynch released an unusual open letter, "Obituaries for Sell-Side Research Are Premature," that caused a stir, particularly in the blogosphere. In it, Candace Browning, Merrill's SVP and head of global securities research and economics, expressed dismay that right after sending out a favorable stock recommendation to clients, the advice was "replicated with plagiaristic precision by a New Jersey-based digital financial news source" (a reference to Theflyonthewall.com).
The backdrop to the letter was the lawsuit that Merrill Lynch, Morgan Stanley and Lehman Brothers filed against Theflyonthewall.com in June for copyright infringement of proprietary research reports. The suit cites specific examples of sentences lifted word for word from the investment firms' reports and published on the e-news site.
"Theflyonthewall is using the shroud of journalism in a perverse way," says a research executive at a top-tier brokerage firm who spoke off the record. "Originally they directly plagiarized; now they paraphrase. But it's stealing. Theflyonthewall and its ilk add no value to the food chain." According to one investment banker who asked to remain anonymous, the top 10 sell-side firms spend $4 billion to $5 billion per year to develop such research.
Theflyonthewall has denied the allegations. "The firms have a reputation in the financial industry such that their actions and recommendations generate waves throughout the financial community and are widely reported as news in the financial press," responds Glenn F. Ostrager, an attorney at Ostrager Chong Flaherty & Broitman, which is providing legal counsel for Theflyonthewall, via e-mail. "Thefly's publication of such daily news from firms in the financial industry is an acceptable and necessary function in the life of the financial community that is constitutionally protected by the First Amendment."
Merrill Lynch declined to comment in detail on the issue, but the firm is considering technology options for protecting its reports — which up until now have been easily shared Web pages or PDFs. "There are two parts to it — one is making sure our valued clients are getting the content they've subscribed to; the other is protecting that content so it can't be redistributed," says Susan McCabe, a Merrill Lynch spokesperson.
"The COOs of research of every major Wall Street firm are focused on better controlling their content," says the research executive from a major brokerage firm. The potential for plagiarism is only one reason. In the bigger picture, the Global Research Analyst Settlement has changed the way sell-side market research is delivered. In the settlement the SEC fined 10 investment firms — Bear Stearns, Credit Suisse First Boston, Deutsche Bank, Goldman Sachs, JPMorgan Chase, Lehman Brothers, Merrill Lynch, Morgan Stanley, Salomon Smith Barney and UBS Warburg — $1.435 billion for undue influence of investment banking interests on their securities research and required the firms to enforce a number of reforms to separate research from investment banking.
You (Only) Get What You Pay For
Before the settlement, the research analyst business model was directly tied to investment banking revenues. Analysts used to help facilitate deals, so the more they could create a name for themselves and build a brand, the more important a role analysts could play in attracting business. Post-settlement, analysts still help vet deals and educate investors, but they don't attract new deals.
At the same time, the way investors pay for research is changing — research costs are starting to be unbundled and disclosed in Europe and here, such that Wall Street firms are starting to look at research as a profit center. Brokerages say buy-side firms are dependent on the analysts' expertise — in the form of research reports and, more critical, direct access to analysts — because the analysts each cover a small universe of companies very deeply, whereas portfolio managers track hundreds of stocks.
Consequently, brokerage firms are trying to ensure that only paying clients receive their research, using technology to control reports. While written reports are not the most valuable delivery vehicle for research, they are the simplest to control. Typically, reports are provided on a secure proprietary Web site, on a commingled Web site such as Thomson First Call Research, and/or via e-mail blasts. There's only so much that can be done to keep out nonpaying clients.
"There's a trade-off between creating a barrier between our clients and our content with passwords to protect research and trying not to disadvantage ourselves because we're too hard to work with," says the brokerage firm research executive. In the future, he adds, his firm plans to collect usage statistics for every research document using proprietary tools, rather than block access using digital rights management (DRM) software. "If there were an industrywide consortium [for DRM] ... I'd probably join it — I just wouldn't want to be the first."
Gartner, the analyst firm, faces challenges similar to those Wall Street research departments are dealing with — it needs to provide research in a user-friendly way to clients and occasionally members of the press while blocking access to all others. "What we sell are our thought-provoking ideas," points out Eric Ouellet, VP of research for the firm. "We're very sensitive to the intellectual property [IP] we have. But on the other hand, the value of the IP is that clients use it." If the process of accessing a document becomes too unwieldy for clients, they may balk at paying for the service, Ouellet notes.
Who Gets to See What?
Another issue for Gartner, according to Ouellet, is that clients sometimes overstep their license agreements, so the firm would like to be able to count how many different people are accessing reports. This is parallel to the challenge of investment firms that want to gauge the value of their research by finding out how many people are reading it. Currently, Gartner restricts access to research by requiring authentication to the Web site and by using built-in Adobe Acrobat rights protection. Ouellet adds that a debate is taking place within Gartner over whether to buy DRM software.
Many solutions exist today that offer DRM, content protection or, as some call it, digital restrictions management or Big Brother. (Mainstream discussions of DRM often center around protecting recording labels' music copyrights.)
A subset of DRM products that could help investment banks keep their research reports from falling into the wrong hands is enterprise DRM or enterprise rights management (E-DRM or ERM). ERM software controls access to documents such as Microsoft Word, PDF, e-mail and intranet Web pages, protecting proprietary documents from unauthorized use. Adobe, with its LiveCycle Policy Server, and Microsoft, with its Windows Rights Management Services, lead the ERM pack, followed by Liquid Machines, EMC and NetApp. In some cases (including the Adobe and Liquid Machines products), ERM software not only can control who may look at which documents, but also embargo documents until a given release date.
Goldman Sachs plans to roll out a pilot of ERM from Liquid Machines (Waltham, Mass.). Goldman also invested in the vendor, leading a $7.5 million round of funding last fall. Goldman declined to comment for this article.
Adobe's LiveCycle Policy Server lets companies set across-the-board policies that limit access to documents. It can track when someone has tried to open a document and has failed due to lack of permission. Adobe says its software can be used to revoke access to a document at any time, even if that document has been burned to a CD or widely distributed. LiveCycle works with PDFs (naturally), Word, Excel and CATIA files.
Microsoft's Rights Management Server (RMS) provides basic identification and authentication through Active Directory. It also provides cryptography and controls around documents to keep them confidential and prevent printing, copying and pasting. Liquid Machines provides an extension to RMS that lets it work with Adobe Acrobat, Visio, Office XP and Office 2000. Liquid Machines Email Control lets customers enforce RMS protections on e-mails passing through Exchange Server and SMTP.
In February 2006, EMC acquired Authentica, another provider of enterprise DRM, and Authentica is now an extension of EMC's Documentum Enterprise Content Management platform.
Why ERM Has Few Takers (So Far)
Other than Goldman Sachs, no firm that Wall Street & Technology contacted has gone public with use of ERM. One problem with ERM is that, in many cases, it's necessary to install an applet on the client side. But financial firms have strict firewalls, so this is no simple task. Another reason these ERM/DRM products haven't been broadly adopted is the lack of standards. "There's not even a hint of a standard," says Gartner's Ouellet.
Some firms protect their documents with what you could call DRM lite. "Some companies are comfortable just using the built-in protection features of PDF that prevent printing, cutting and pasting," Ouellet says. "It's a poor man's ERM; it doesn't address the whole gamut of requirements, but it's a start." True ERM, Ouellet continues, includes: identity (to ID the user), authentication (to determine the users level of privileges) and confidentiality (the security behind the document).
Ouellet advises firms against trying to do too much rights management at once. "People start checking off everything on the ERM list and end up with a convoluted solution that requires a ton of administration and is borderline useful," he says. "You can paint yourself into a corner where you can't access documents at all."
The anonymous research executive points out that there's a much bigger issue here: how to assess the profitability of each client and then determine the amount of research-analyst resources that client deserves. That would mean tying together CRM software, profitability analysis and entitlement engines so that it would be possible to give people access to exactly what they're paying for. When a client downloads too many reports or consumes too much of an analyst's time, that client could be shut off.
Experts interviewed for this article aren't aware of any software on the market that can do all this. But by combining ERM, CRM and customer analytics software, they say, you could start to build such a solution.