Mercantil Bank: Adopting and Adapting ITIL Case Study

Mercantil Bank, N.A. is the fourth-largest commercial bank headquartered in Coral Gables, Florida. It has served its community for over 35 years.

The bank has 22 Banking Centers – 15 located in South Florida and seven in Houston, Texas, as well as one loan production office in Manhattan, New York. The bank offers a wide variety of domestic, international, personal and commercial banking services, including investment, trust, and estate planning through its subsidiaries, Mercantil Investment Services, Inc. and Mercantil Trust Company, N.A.

1.1 How are IT and IT Service Management important to the success of your organization?

IT works hand-in-hand with the business to ensure the bank remains up and running at all times.

As a bank, business interruption is unacceptable, as that means ‘money loss’ as well as possible regulatory violations. We work together with the business to implement and maintain services for our internal and external customers.

IT service management (ITSM) has become the solution to many historical issues, including discontent with IT. One contention was that IT had no statistics or fact-based information that could help us identify the weaknesses that affected the delivery of services.

The adoption of ITIL was a learning and sharing experience which helped us understand how we could do better as a department. ITIL allowed us to see that we needed to set an expectation for users with regards to our response time, etc.

1.2 What significant ITSM projects or programmes have you undertaken to improve what your organisation does?

We have adopted incident management, change management, problem management, service level management, knowledge management and request fulfilment.

2.1 What business and technical challenges did you face?

Adopting and adapting ITIL involved a change of company culture, a change that is still evolving.

Previously, everything that came into IT entered through one funnel. There was no distinction between requests and incidents, which made it difficult to identify how to prioritize our response. At the same time, we were limited with our ticketing system because our ITSM tool was not ITIL-compliant.

User tickets ended up in a ‘black hole’ once they made it to IT. Consequently, users had no visibility regarding the status of their ticket.

In addition, we were restricted to just two service level agreements (SLAs): three days for failures and 30 days for requests. This was a problem because, for example, not every request takes 30 days. There was no prioritization and we ultimately learned the definition of the word ‘backlog’.

2.2 Configuring the configuration management database 

Our original configuration management database (CMDB) was created in a Microsoft Access database updated manually by the Information Security department. There was no interface with IT and, as a consequence, discrepancies crept in. That meant we listed applications that were no longer used, which used different names, or had different owners. Two years ago, we decided this situation had to change.

With the acquisition of an ITIL-compliant CMDB tool that works with our other ITIL processes, we are now able to maintain an updated CMDB which is available to both IT and Info Security. This means we have full ownership of the information.

2.3 Change Management - Becoming cohesive 

Adopting change management in the bank was also very challenging. Previously, changes happened at any time, which could lead to a server going down without the knowledge of any stakeholder who was using it.

This lack of control over changes made troubleshooting more difficult and less efficient; identifying the root cause of a problem was based solely on trial and error.

We introduced a Change Advisory Board (CAB) which meets every week to agree on the implementation of changes. The stakeholders talk to each other before a decision is made and, if users will be affected in any way, we send out a communication to let them know how they will be affected. Also, certain changes are now postponed if they conflict with a systems update or on-going maintenance.

We have moved from an approach of ‘what happened?’ to ‘how did it occur?’ We find the root cause and work out how to do better next time.

2.4 Why did you choose ITIL?

ITIL was adopted in our affiliate company located in Venezuela back in 2007. Around 15 key IT resources (managers and key personnel) became certified in ITIL Foundation in order to kick-start a new culture.
While the IT teams embraced ITIL, it took us years to get everyone else on board. However, as it became more widely adopted and people began to see positive results, they joined the culture. It has taken time and education to bring our staff along the ITIL journey.

ITIL exposed many of our previous deficiencies in IT, to the point where today we often bring an ITIL book to meetings to support our discussions, (for example, with the Information Security team) because we know it works.

2.5 How has ITIL training certification been useful in achieving your goals? 

To give you an analogy, ITIL Foundation has given us a new dictionary of words. Then, taking the intermediate classes and attending webinars and local chapter meetings has given us the knowledge to create sentences and paragraphs with those new words.
The business now understands that each business process needs an owner, (otherwise known as a business relationship manager), who works with IT to improve how they work. As we grow and mature, different roles have become relevant. Each needs defining along with the services they relate to.

Additionally, the bank has implemented project management methods, which are supported by ITIL.

2.6 What plans do you have for the future?

We are creating a knowledge management process for IT. We recently implemented a small knowledge base for users, including a number of how-to documents to guide our staff and users through our practices.

The plan is to create knowledge articles at the conclusion of every project implementation. Similarly, an article will be created each time we find a common solution to an IT-related issue. Users don’t always realise they can do certain tasks themselves; we need to improve the knowledge base so they can source this information. This is our goal for the next six months; we need to communicate how users can benefit from the changes we are making.

2.7 How do you communicate what you do, to your employees?

We send a periodic email which informs employees of improvements and new processes we have adopted. We use the corporate intranet to communicate bigger changes. We also have a portal through which we inform users of current outages, along with an ETA for when the network will be up again.

Top ITIL Do’s:

• Only create an ITIL-related role once the need becomes evident
• Differentiate between incident and request
• Implement change management, no matter the size of the company
• Know your services!

Top ITIL don’t Do’s:

• Don’t introduce KPIs or CSFs that are too difficult to calculate or measure
• Don’t create an ITIL role unless it is necessary.

Rosal Urdaneta was born in Venezuela and graduated from FIU (Florida International University) in MIS (Management Information Systems). She has worked in the banking industry since 1999.

Rosal has worked for 17 years in Mercantil Bank FKA Mercantil Commercebank. Firstly as a Business Systems Analyst, then as a Business Analyst Supervisor. In 2010 Rosal took over responsibility for the Service Desk and the Support Business Analysts area. She is currently the IT Service Manager. This role involves incident management, problem management, knowledge management, request fulfillment and management, and management of the ITSM tool (ServiceNow).

Rosal is certified in ITIL Service Strategy, ITIL Service Operations, and Six Sigma Green Belt.

She has been married for 17 years and is a mother of two boys. Rosal considers managing the three men in her life as another full-time job!