It is a statement of the obvious that Information Technology (IT) is by now a fundamental part of most business systems; so one would think that, for example, banks and their regulators would be somewhat obsessive about ensuring that IT systems and controls were robust and “state-of-the-art”, while directors’ and senior managers’ understanding of them was sound and up-to-date.
Sadly, this appears to be far from the case, even in the face of increasing “cyber-security” and similar threats.
A recent study by Accenture found that (even on a fairly loose definition) half of the world’s 109 largest banks had no main board member with any technology experience; while a further 25% had only one such member. One wonders what a similar survey of the (re)insurance industry would reveal. Anecdotally, at least amongst the largest groups, one would expect a better outcome; but perhaps Accenture should ask the same question.
Given that Deutsche Bank recently wrongly paid USD 6BN to a client (which, fortunately, it recovered the next day) because of a self-evident failure of what should have been relatively simple payment controls, it begs the question of what other “accidents waiting to happen” are out there. And yet, they are not accidents; they are fundamental failures of control, and, as such, inexcusable for an institution of the size and supposed sophistication of Deutsche Bank.
However, many of today’s largest banking groups are agglomerations of predecessor institutions, with multiple, often incompatible processes and systems that would give Heath Robinson a bad name; requiring all-too-fallible human intervention to make some sense of them and execute transactions. This, of course, also increases the scope for malfeasance and fraud, because the systems are themselves too easily manipulated, over-ridden or compromised. It reminds one of the Irish joke: “…but, if I were going there, I wouldn’t start from here”.
Not surprisingly, Deutsche Bank’s new CEO has recognized the risks that the Bank faces from its technological systems’ deficiencies; and is taking the proverbial axe to the thousands of “consultants” on which the Bank has been relying to patch its system together; is “insourcing” IT; and giving much more power and prominence to systems and IT executives. We are sure that many other bank CEOs and board Chairs wished that they could do the same, overcoming vested interests and inertia.
We would also hope that regulators, recognizing the vulnerability of crucial deposit and payments systems in particular to failure or compromise, are urging radical and necessary changes upon their charges. Deutsche Bank would have had to find USD 6BN to balance its books. Lesser banks would perhaps have failed because of such a huge and unexpected shortfall in their balance sheet.
So, what does all this have to do with Awbury? We have long worked closely with our banking clients to assist them with managing and optimizing their balance sheet risks and capital positions. What we have described above, is operational risk, for which banks have to provide appropriate capital. We can help manage that too.
The Awbury Team