OBASHI Think

See things clearly

What explains the IT problems in banks?

The citizens of both California and Japan live in the shadow of ‘The Big One’ – earthquakes of catastrophic and devastating power that will inevitably occur, one day.

 

Before these events, numerous ‘foreshocks’ will take place, smaller earthquakes, associated in time and space with the ‘mainshock’.

 

Unless things change, the finance sector will one day suffer its own ‘Big One’ – a combination of events that will cause key parts of the global financial system to stop working properly, and/or to stop working for an extended period of time.

 

For the last couple of decades, many minor foreshocks have occurred in finance when systems failed - but the problems were quickly diagnosed and repaired. 

 

As connectivity and complexity have increased, during the past couple of years there have been two foreshocks of much greater intensity: the 2010 ‘Flash Crash’, and the 2012 IT ‘glitch’ in the RBS /NatWest /Ulster banks.

 

What I write below doesn’t mean that banking’s ‘Big One’ will necessarily happen today, or next month, or next year.

 

But, without change, it will happen...

 

Warnings

 

For the past few years we’ve been warning of the inevitability, and impact, of a major IT systems failure in the banking sector.

 

For example, this is a blog comment I posted on October 2008,

“...Despite performing highly dangerous operations 24/7, Oil & Gas refineries rarely suffer catastrophic accidents. This is because they are legally required to accurately document and understand how the assets of the business interact to enable the flow of product through the assets of the plant.

 

There is no such requirement in the financial world, or indeed in most sectors of the economy, despite our routine reliance on IT and flows of data between business assets to perform business tasks (‘business assets’ includes people).

 

As complexity has built up over time, with systems and technology being piled on top of other systems and technology, the need to understand vulnerabilities is becoming ever more acute. A failure may not cause a physical explosion but it could certainly cause an economic one...

 

The disaster is coming, let’s hope the world economy is in much better shape before it hits...”

Another blog comment from June 2009,

“...When oil or electricity flows we trust that each asset/component/machine that enables the flow has been individually tested to meet safety/operational standards. We know that they will all have been engineered and put together to meet rigorous standards.

 

There are no such standards in IT. So when something like a server fails and data flow stops it can cause immense disruption, if it hasn’t been anticipated...

 

With many mergers and demergers in the offing we can expect more incidents in finance. We have to hope they don't cause serious disruption to the economy, with knock-on effects in society...”

A quote from my blog of two weeks ago, ‘Is the financial system becoming too complex to depict?’,

“...As complexity has built up over time, and staff turnover has led to knowledge loss, perhaps it’s not surprising that stakeholders within banks/financial institutions are not 100% sure on how each flow of data traverses the business...”

 

The data refinery

 

Lately, we’ve seen serious, ongoing IT problems at the RBS, Natwest and Ulster banks.  The impact on customers - people and businesses - has been widely discussed, so for the sake of brevity, I’ll skip past those.

 

Although explanations as to the cause of the immediate problem at the banks have included a software bug, outsourcing of key IT staff, and a mistake by an inexperienced operator, there is a more fundamental issue which lies at the root of many IT project failures, both in finance and in the wider business world.

 

Globally, the fundamental problem facing banks, businesses, governments and people is that there are no standards for flows of data.

 

Why is that important?  One reason it is important, is that over 90% of money exists in the form of electronic data.  

 

As we have seen, when this data doesn’t flow, we have a serious problem.

 

A bank can be thought of as a refinery.  Instead of processing flows of oil, or flows of gas, a bank processes flows of data (money).

 

But these ‘data refineries’ are operating in a way that is different from their industrial counterparts.

 

In industry, over decades, standards and practices for measurement, management, safety, optimisation and valuation, were created by engineers, scientists and architects, to accurately understand different flows through a plant.  Flows like oil, or gas, or electricity.

 

This meant business could accurately capture and communicate how the organisation worked - how activities, processes and the supporting technical infrastructure were linked to deliver the outputs required.

 

In today’s oil or gas refinery, computer models are used so that everyone – board, managers, engineers, operators – can clearly see, and easily communicate, how everything is put together to enable the flow of product through the plant. [more]

 

Digital sensors are attached to every asset (pumps, valves etc), and digital flows (representing product flows) are clearly understood and constantly monitored.  The flow of oil and gas products is analogous to the flow of data.

 

Print-outs from these computer models simplify communication of complexity, providing a common language between business managers, technical specialists and regulators. 

 

When people move between different companies they

“...can read and understand the documentation, regardless of the company they worked for previously.  They have a clear view of how the plants operate in a standard way.  Any changes to the plants, or to the assets on the plants, undergo a rigorous process of change control, to ensure the integrity of the information and documentation...”

Within the UK, the Health and Safety Executive ensures that all of the assets and flows that make up an Oil & Gas plant are fully documented before the owner is granted a license to operate that plant,

“...Fundamentally, good governance in Oil & Gas relies on managing the underlying policies controlling risk.  Understanding what assets are used for, what value they add to the business, and how the process reacts to change, is critical for assessing such risk.  Maintaining accurate, and current, documentation and data is crucial...”

A key issue for the banks, and, in fact, for most other types of business today, is that they do not have comparable clarity on how everything – people, process and technology - is put together to enable the flow of data. 

 

As a former senior IT manager at RBS says, in an interview with ‘Computing’ magazine,

“...Documentation is another area regarded as dull, but which can be a major source of failure. One area RBS IT got right was producing the diagrams showing how the bank’s many systems are connected. I have passed through many banks that have failed to get this basic piece of housekeeping right, even where they had large teams of architects theoretically guiding the development of the infrastructure.

 

However, large swathes of infrastructure across the industry have little if any documentation. Even where teams are forced to produce a disaster recovery plan, this can turn into a box-ticking exercise, producing plans that are impossible to follow...”

But it’s not only a question of mapping how systems are connected.  That shows how the various types of technology are joined together - but it doesn’t document why they are joined together. 

 

It is only by documenting how banking processes and procedures use the data flowing between the connected systems, that that we have the context to see why the systems have been connected.

 

As described above, the equivalent is what happens in industries like Oil & Gas.

Flow and standards

 

So why aren’t there comparable standards for flows of data, in finance, and in the rest of the business world?

 

The fact that there are no standards for data flow isn’t particularly anyone’s fault.  (Some of the reasons are technical in nature, I’ll discuss those next time.)

 

Throughout history, whenever a technology is adopted it usually takes many years to reach agreement on the best, and least risky, way to use the technology on a widespread basis.

 

We don’t think twice about lighting a gas fire, switching on an electric kettle, or starting a car, precisely because we are subtly aware that, over decades, flows of gas, electricity and petrol have been engineered to minimise the chances of a disaster.

 

But if we go back far enough, we will find that there were many disasters when such technologies were introduced.

 

For example, in the United States, towards the end of the 19th century, thousands of steam boiler explosions caused hundreds of fatalities, and destroyed many businesses.  It wasn’t until 1914, after many years of argument, that standards were introduced.  The standards created clarity on how flows of steam interacted with other business assets, and helped the industry operate steam boilers as safely, and as profitably, as possible. [more]

 

Today, ‘governments and business groups are only, and tentatively, in the early stages of regulating and shaping’ today’s data flow reliant industries.

 

A key difference in this process, however, compared to previous industrial eras, is that business is now done on a global scale.

 

Whenever a steam boiler exploded, the damage was mostly done at a local level. People within the vicinity were injured or killed, and the physical assets of the owner’s business, and some nearby businesses, were destroyed. 

 

Further afield, some other businesses would lose money or goods, or not have contracts fulfilled.  Only rarely was there a national, or an international, dimension.

 

But today, when data doesn’t flow as it should, the problems caused can instantly reverberate around the world. 

 

Think about what has happened in the past few days alone:

  • Amazon Web Services failed for hours, taking down the services of companies like Netflix, leaving customers unable to view online movies
  • Passengers at Australian airports faced long queues and flight delays due to a global outage of computerised check-in systems
  • The addition of a ‘leap second’ by the ‘Earth’s official time keepers’ caused unprepared companies to lose online operations for a short period

Connectivity has increased, in both the business and domestic spheres, to the extent that everything is becoming connected: people; the things people use; businesses; the things businesses use; governments; and countries.  In tandem, the associated complexity of systems through which data flows, has increased exponentially in just a few years.

 

Yet, in my opinion, we have proportionately less understanding of interconnectivity and the critical interdependencies that enable flows, than we did towards the end of the 20th century. [more]

Trust

 

Creating clarity on flows of data, particularly in finance, is one of the most critical business tasks of our time.  This is simply because, as businesses and as individuals, we rely on flows of data for so much of what we do. [more]

 

It doesn’t matter in which country you live, or what kind of government you live under.  As we’ve said before,

“...No matter what the political system, no matter what the economic system, no matter what the regulatory regime, the above holds true. The understanding of flow is critical to understanding how the business works and to moving the business forward in order to achieve strategic objectives...” 

History has shown that if you understand flow, you understand how your business works. [more]

 

And if you can clearly demonstrate that understanding – as eventually happened with flows of water, steam and electricity, and more recently, with flows of oil, components, and petrol - you can create trust. And where there is trust, people are more likely to do business.

 

There are no quick fixes.  There cannot be trust without transparency. And without transparency you can't create business clarity.

 

What government and business, and key industries like finance, have to decide together, is how much risk they are willing to carry, and for how long, before the situation is properly addressed.

 

Connectivity will only continue to increase, as will complexity.

 

The explanation for the IT problems in banks, and in other businesses, is a lack of clarity on data flow.

 

 

 

Views: 528

Add a Comment

You need to be a member of OBASHI Think to add comments!

Join OBASHI Think

© 2017   Created by Fergus Cloughley.   Powered by

Badges  |  Report an Issue  |  Terms of Service