Last month, I wrote that The CSR SaaS industry is Growing Up, and what this means for both customers of and providers to the CSR market. Now I have a companion post of sorts. I want to talk to you about why the CSR software industry doesn’t look and feel like a typical, more familiar B2B software industry, such as CRM, HR, or project management software. In other words, I want to talk to you about “why CSR software isn’t”.
Why is this topic important? Because the short explanation for “why CSR software isn’t” is that we have certain structural issues within the CSR software industry that we need to be aware of and focus some resources on correcting. Like my Growing Up article, I will take a look at what this means for customers, providers, and investors in the CSR market. And I will close with some thoughts about what we can do about this so that all CSR stakeholders will be better positioned to make an even greater impact on the world around us.
Be warned – I do not expect everyone who reads this to agree with me. That’s okay. This is an important topic, and worth a debate.
What SaaS is
To set the stage, let’s have a quick review of SaaS, or “software as a service”. Most of the software used today by companies to support their Corporate Social Responsibility (CSR) programs is SaaS. Software as a service refers to software applications that are accessed over the Internet. They are stored, hosted, managed and delivered to the clients from a central data center(s). SaaS software is also referred to as on-demand, web-based, in the cloud, or hosted software.
There are many advantages to the SaaS model. These include: no installation and server management by the client, cheaper upfront costs, regular upgrades, and better security. Furthermore, SaaS is a big market, north of $50 billion according to leading market research firm IDC. This is a business model that is here to stay.
Why CSR software industry issues matter more today than ever
So far, so good. SaaS software is the preferred model for CSR. Upgrades keep it current. Easier to manage. Better security. Big industry. “What’s the problem?” you ask. Well, as I mentioned, the problem is that we have structural issues impacting the CSR software industry. All stakeholders in this industry, from customers to competing vendors to investors, need a better understanding of this. In fact, I would argue that stakeholders all too often ignore these structural issues. That is not to say that there are fundamental problems with CSR software that should send all of us running to the hills to hide. Rather, the point I want to impress upon everyone is that all of us need to recognize and hopefully address these issues so that all of us get better at our CSR-related jobs.
And why do I care about how well you do your job? Good question. Because you and I have something important in common. We are working in this sometimes-crazy, niche industry because we care about making this a better world … and because CSR is one avenue to get us there. For emphasis, this isn’t just the rambling of a CSR consultant opining on an industry. Larry Fink, the CEO of Blackrock, the largest asset manager in the world, cares about this too. Mr. Fink recently addressed the role of business in our communities in his annual letter to CEOs as he called for a new model for corporate governance.
Mr. Fink writes that companies have been too focused on quarterly results, to the detriment of achieving long-term value. He goes on to discuss what long term value means. It starts with understanding the strategy for achieving financial performance of a company. But he goes even further when he writes:
To sustain that performance, however, you must also understand the societal impact of your business … (because) … a company’s ability to manage environmental, social, and governance matters demonstrates the leadership and good governance that is so essential to sustainable growth, which is why we are increasingly integrating these issues into our investment process.
Wow! The investment community cares about ESG’s … big time. This is good news. And so, to reign this post back into my original theme, if we are the CSR professionals who are being called upon by Corporate America to lead our companies to answer a call to CSR action by the CEO of the largest asset management firm in the world … then we do not need simply good software, good services – good “tools” – to do our work … we need the best tools.
Why the CSR software industry isn’t just a matter of CSR software
With the stage set, let’s turn to the problem at hand – there is more to this industry than just the software. And where these issues with the CSR software industry come into play. I want to focus on three:
- Maturity – the CSR software industry is still taking shape because CSR is still evolving;
- Risk – it is not proportionately distributed among stakeholders; and
- Labor – the work of CSR inherently requires a lot of manual labor, even with well designed sofware.
Let’s take these one at a time.
Maturity: CSR is still evolving
Corporate Social Responsibility is a relatively new business discipline. For example, when I ran a United Way office and developed the first widely used online giving software in the UW system almost 20 years ago, companies did not have CSR departments, or VPs of Corporate Citizenship, or Chief Sustainability Officers. As CSR evolved from an HR benefit (think charitable giving programs) or an engineering discipline (think re-engineering a manufacturing facility to produce more widgets using fewer resources), entirely new business processes had to be created, measurement tools developed, software code written. Take a look at some company’s Annual CSR Report. It addresses a number of previously unrelated disciplines: charitable giving, employee engagement, legal governance, sustainability.
On top of that, standards for CSR reporting are still taking shape … and how can software really become standardized when the outputs needed by business from that software have not been standardized? Consequently, there is no single software solution that meets all of our various CSR needs. Imagine if you wanted an accounting system or project management software, and you had to buy three different software packages from three different vendors, then use a reporting tool like Tableau to pull together your outcomes in order to tell your story. That’s where we are today with CSR.
By way of contrast, most B2B software supports stabilized markets, processes and workflows. Sales is sales, so the feature requirements for sales CRM software are well define. Same goes for online HR software, accounting, project management, etc.
Risk: disproportionate distribution
This one makes most people I talk to about it scratch their heads. But follow along, because it is either a problem for the current stakeholders or an impediment to attracting new ones, or both.
Leading CSR program sponsors are represented by the largest companies and most well known brands out there. The Fortune 500, the Global 2000. Big companies mean rigid vendor procurement processes, legal complexity, and risk aversion. By comparison, leading CSR vendors are small businesses. A CSR vendor generating $10 or $20 million in revenue is a market leader. Compare that to Wells Fargo Bank ($88 billion in revenue in 2016) who recently completed the largest workplace giving campaign (just one of its many CSR programs) in the country for the ninth straight year.
So what happens when a giant company procurement department negotiates a contract with small business vendor? All of the business risk gets down to the vendor, who is all too eager to sign the new contract and unwilling to walk away over an issue like future liability management. What’s the biggest risk to any SaaS business? Data theft. And no small CSR vendor can obtain liability insurance that even comes close to covering the monetary risk it is taking on in these contracting situations.
Efficient SaaS platform architecture is based on multi-tenant databases where security is built in logically, but not necessarily physically. So, enter the hacker. The hacker who successfully accesses a CSR vendor database gets all of the data, not just the data housed for one customer. Why is a hacker even interested in CSR data? Because it is employee related and giving related. That means there is the potential to steal both PII (personally identifiable data) and financial (gift transaction) data.
Consider the math. Assume the CSR vendor has 100 customers, each having 10,000 employees. A successful hack gets 1 million data records. Customers sue – that’s their employee data being stolen. At a minimum, they are seeking a credit monitoring service be paid for by the vendor for a year. Even at the low cost of $100 per person, we are dealing with a potential liability of $100 million. No small business gets underwritten for that size business liability. Hence we have the disproportionate distribution of risk. Big companies insisting that small companies accept data security risk that they cannot insure, and everyone is just praying that the first CSR vendor hacked is “the other guy” or “the other guy’s vendor”.
Is this a healthy way for an industry to balance business risk? Or is in an impediment to serious growth? Most SaaS companies push risk onto the user. As long as the provider isn’t negligent with the services it provides, the user has little resource in the event of, say, a data breach.
Labor: too much manual work
This one surprises a lot of people. “I thought the point of the software was to REPLACE manual labor!” you exclaim. Well, not exactly. “Yes” if we are talking about sustainability software that manages plant efficiencies, carbon footprints, etc. But “yes and no” if we are talking about charitable giving and employee engagement software. Let’s focus on the “yes and no” scenarios.
CSR software has successfully automated, and in many ways improved, the experience of users, employees, donors, and recipient charities. Easier giving, simpler matching, participatory registration, transactional verification, audit trails, compliance reporting – all ‘check’. However, we have two pink elephants in the room. First, companies are not simply purchasing SaaS software – they are almost always purchasing gift processing and and disbursement services … which I refer to as the “after thought” of everyone’s procurement process. Secondly, companies are outsourcing their CSR program management – they don’t realize, but they are. And the evidence for this lies in the staffing ratios at CSR vendor companies.
First pink elephant. Gift processing is a financial services offering. The typical company purchasing CSR software underwrites the software but not the management of the money related to the various giving programs that will be supported. Little attention is paid to bank accounts, ownership of funds, transparency of the disbursement process, recovery of mis-directed funds, audits, compliance risk and financial regulations. To be sure, CSR vendors are hard working, with smart employees and the best of intentions. But they are primarily software companies. The industry relies on too many inexperienced parties moving too much money. Too often, customer and vendor alike are satisfied relying on people and spreadsheets disburse funds and reconcile bank accounts. And when a company facilitating international gift processing like Ammado abruptly shuts its doors, lots of CSR stakeholders – companies, donors, vendors and especially charities – are negatively impacted.
Years ago, when I was at KindMark, we envisioned a CSR marketplace where charitable gifts were processed with the efficiency and accuracy of VISA, the audit trails of a FedEx package, and the accountability of a bank. In 2004, for the CSR industry did not have the capital or the interest to build such infrastructure. Well, now we do. And until we invest in that infrastructure, CSR software will be sold requiring manual support to manage the money.
Second pink elephant, labor. Companies are basically outsourcing CSR program management when they engage a CSR software vendor. The evidence for this lies in the support staffing ratios at a CSR vendor, where there is an expensive, sizeable cost associated with account management. Every vendor has them, every customer gets them, and they spend a lot of time performing day to day tasks in support of client CSR programs. Very few customers buy “just the software”. Juxtapose this with CRM or internal chat software. Imagine that you have just signed up for Salesforce (CRM) and Slack (communications). And every week your staff is on the phone talking with both vendors, getting help with reports, updating system configurations, and even discussing strategies to be more successful.
SaaS software isn’t supposed to be so labor intensive, is it?
What we can do about it
Having just hammered away at the industry from which I derive a living, let me repeat something I stated above: these issues should not send us running to the hills to hide. I mean that. Every industry has issues. And I listed maturity as the first structural issue because maturity has been the underlying problem with issues #2 and #3. It takes time – and capital – to get issues and problems straightened out. With the CSR software industry clearly maturing, now is a great time to start tackling the structural issues because they are impediments to growth and success. In fact, they are impediments to Larry Fink’s call to action to all of us who are responsible for helping companies deliver of CSR programs that deliver ESG benefits.
So let me close this long post by looking at ‘what we can do about it’ from the perspective of our three stakeholder groups.
What this means for companies
Companies need to recognize who their CSR service providers are and who they are not. What CSR software can do and what it cannot do. For starters, what reasonable risk underwriter expects a company generating $5 million, $10 million or even $20 million in revenue to shoulder hundreds of millions of dollars in potential liability? Cyber security is the number one threat to all businesses, so why would Fortune 500 companies push security controls and liabilities down to small vendors as if they have successfully offloaded risk and liability? Better would be to proactively work with vendors handling sensitive data to collectively address risk management. Even better than that, how about getting HR data out of the CSR giving program business altogether?
Let’s also remember that the software can only do so much of the work that needs to be done. CSR success requires services, and someone has to do the work. Companies need to develop more internal CSR program and management expertise. For example, does your VP of Sales call up Salesforce every week to talk about how to sell? No! Expertise is why you hired the VP of Sales.
When it comes to gift processing, take this more seriously. For example, when your procurement protocol says you need a SOC audit from your CSR vendor, think financial. Don’t cut corners and accept the SOC from the third party data center as fulfilling this requirement. Billions of dollars are being transacted through CSR programs every year – yes, billions. Does VISA figure out how to balance out money from your credit card account to pay your electric company or a restaurant by using spreadsheets? We need to invest in better gift processing infrastructure. Why is every CSR software company managing customer and donor money? Why isn’t this work consolidated and outsourced to expert providers and merchant networks?
What this means for software vendors
First of all, kudos for so much being accomplished over the past 10 years. YourCause, Benevity, FrontStream, BrightFunds, StratusLIVE, Cybergrants – when I was at KindMark and we were being acquired by Kintera, most of you were either just getting started or were still an idea. You’ve accomplished what we could not – so well done! But times have changed. Far more companies are using your software, far more donors have data in your systems, and far, far more money is being transacted. Growth, capital and probably consolidation are needed in order for you as an industry to continue to serve your stakeholders well.
Don’t be afraid of having honest conversations with your customers over issues like cyber security, liability, gift processing, and even the internal costs of managing programs. Your customers need more expertise – help them get it. Think hard about gift processing and disbursement. Do you really want the liability of the next Ammado on your hands? Wouldn’t your investors prefer that you be more “CSR software” and less “money transmitter”? I bet you have customers who help advance the cause to build a better mousetrap.
What this means for investors
To our last group of stakeholders, I hope I have your attention, too. Because you are the source of capital that can push industry growth in the right direction. If by now you are thinking that your CSR company investment isn’t just a CSR company investment, good. Because it’s not. You have invested in what I would call an “enterprise services business” until you have solved the labor problems, gotten out of the financial services business, and re-balanced the liability. Also keep in mind that you have SaaS “neighbors” who could become competitors or allies as the industry evolves. For example, online HR and nonprofit CRM work overlaps with CSR in areas of employee engagement and charitable giving. And we have global initiatives around ESG reporting and UN SDG goals that are impacting current CSR models.
So, I guess to investors I would encourage you to think about this: knowing what you know about your respective investments, how do you want your businesses to evolve? Do you want an enterprise services business with fin-tech components that just needs more automation? Do you want to become a more pure SaaS company? Do you want to engage SaaS “neighbors and then tackle some of these issues discussed?
Bringing it home …
First of all, this is a long post, so thanks for sticking with me to the end. If I haven’t been clear about this, let me say it here: I may have been living the issues for years, but I don’t have all the answers.
Whether you agree with all of my points or not, I hope you will agree that Corporate Social Responsibility is an important discipline that is only going to become more important with each passing year. We have structural issues in the CSR software industry that supports our work, and we need to address those issues … issues I have mentioned today, and maybe some that I need to write about tomorrow. If we don’t, those issues become impediments to growth, success and the ultimate goal of achieving a greater impact on our communities and helping others.
If the investment community follows Larry Fink’s lead, and I hope it will, then for starters let’s agree that we need to increase the investment in the tools and infrastructure upon which we rely to perform our important CSR work. Anybody up for next steps?
As always, if you would like to speak with a professional at CSR Matters about your CSR needs, please do not hesitate to contact us.