The Irish Times is running a story today that provides a perfect example of why large, highly interconnected financial institutions can unexpectedly become very dangerous. Titled “Ulster Bank counts the cost of catastophic IT meltdown,” the report describes the misery being experienced by Ulster Bank’s customers and management as a result of a bungled software upgrade at an Edinburgh processing office. 100,000 customers and 20 million transactions were immediately impacted. The newspaper’s financial correspondent, Simon Carswell, opens with these adroit words: “Given the febrile climate of financial markets, the technical problems could not have come at a worse time for a group that has already had a chequered recent history.” Yes indeed.
Ulster Bank is controlled by the Royal Bank of Scotland (RBS). As readers will recall, RBS had to be nationalized by the British Government during the Financial Crisis. The British Government still holds an 84% stake. RBS is the seventh largest banking conglomerate in the world (over $2 trillion in assets)–larger than Bank of America and JP Morgan Chase. In an indication of its weakened state, it is only 48th largest in the world by market capitalization ($25 billion). Yet RBS remains as large as the entire economy of the United Kingdom.
Presumably, Ulster Bank’s processing center is in Edinburgh as part of the “efficiencies” available to the RBS conglomerate by reason of its scale.
Apparently an outside contractor (no doubt another “efficiency” in operations) attempted to fix a slow running systems scheduler with a patch. This in turn caused the system to run two separate days’ processes in parallel, thereby crashing the system. Now there are frantic attempts to find out what happened: inadequate testing, improper or nonexistent contingency planning, reckless outsourcing, incompetent customer communication, and so on. All issues familiar to those of us familiar with the engine rooms of large financial institutions. Under political pressure, the CEO of Ulster Bank has agreed not to take his annual bonus for 2012 (the CEO of RBS, Stephen Hester, had earlier and rather more promptly also agreed not to take his bonus). It is not yet known whether anyone will be fired. Chris Sullivan, head of UK corporate banking at RBS, somewhat hopefully declares that the whole world will learn from this “unprecedented” disaster. Yeah right!
The important lesson from this episode is not that large banks should ensure that nothing goes wrong. It undoubtedly will. Instead, the lesson is that these kinds of catastrophes can and often do take place. They are not always as visible as the one with which Ulster Bank and RBS are contending. But they happen with varying degrees of severity all the time, whether in the form of customer data breaches, online banking outages, or risk modeling updates. This is but part of the human condition.
By creating the impression that such “glitches” can be fixed and avoided in the future we are lulled into a false sense of security. Even the “too big to manage” rhetoric can be misleading because it suggests that smaller scale operations can indeed be managed flawlessly. While it is true that ultra large companies emerging from merger and acquisition sprees are likely to intensify the odds of things going wrong, the finest and most disciplined companies of any size can and do run into unexpected difficulties. As the Comptroller of the Currency has just pointed out in its Semiannual Risk Perspective, current economic conditions are actually intensifying operational risks:
Increased operational risk is a key concern as banks try to economize on systems and processes to enhance income and operating economies. This risk may be amplified by the use of third-party products or distribution systems.
On this occasion it looks as though RBS has contained the situation. Any similar operational failure could, however, also trigger counterpart defaults, which can evolve quickly into a cascading problem as a contagious problem spreads through the financial network.
The problem is not whether we have eliminated the chance of things going wrong–an enduring political fantasy–but whether we can manage the damage once it is triggered.
And this, to my mind, is one of the most powerful reasons why we must be extremely concerned about the continued existence and growth of ultra large financial institutions.