Blog : BOARD TALK
|Posted on August 31, 2014 at 4:25 PM|
We are beginning to have serious language problems when it comes to Corporate Governance - and that is despite an assumption that English is the common language. Introduce others and you may very well have a chaos of attempted comprehension.
For some considerable time now, IT failure in banks- that is, abject and gross failures of technology and the investment in it thereof- has repeatedly put at risk customer data, attacking trust and the very heart of these allegedly secure financial services. But such failure is generally reported in the media - and by the financial institutions - as 'glitches.'
It's a bit like 'mis-selling', for which read 'fraud' - or 'complicit mis-selling but will settle when it comes to the crunch.'
What on earth is going on ?
This is beginning to sound a whole lot like 'too big to fail' - it's 'too big to admit' or the run on confidence could be catastrophic.
Two days ago, after being among at least FIVE banks targeted in a co-ordinated attack on financial instituions according to US officials, JP Morgan Chase said it had increased its defences against computer hackers. Oh good. But when it comes to what has been discussed at the level of boardrooms for the last few years on IT and cybersecurity, we have no idea. That may well be because there is little to relate.
Another awful word much-loved by the financial services industry is 'legacy', used to describe IT systems. My trusty OED yields some gems on this one. 'Legacy' in this context means 'something handed down by a predecessor.' It also means re adj.computing 'denoting hardware or software that has been superseded but is difficult to replace because of its wider use.'
BOOM. Because the reasons banks can't/haven't replaced all this 'legacy stuff' is dual: because of the SILO problem: none of the right departments speak to one another, and because of the COST problem (it might clash with demands at the top for bonuses) Why are these choices not a fundamental issue of governance within any institution? Actually, they really are....
And another thing. When they want to - because they see an opportunity, or they are struck dumb with the fear of the unknown, or maybe just maybe they have learnt something since 2008, financial institutions can, it seems, collaborate. They are doing that when it comes to social media. And it is not as if there are no alternatives.
Banks are already paying massive legal costs for misconduct - and these have an impact on their shareholders. The potential for costs on IT failure is huge.
This morning the Financial Times reported that cyber security experts "have warned of a constant threat of organised cyber criminals on the financial sector after the US Federal Bureau of Investigation and the US secret service announced an inquiry investigating recent cyber attacks against several financial companies including JPMorgan, the largest US bank by assets".
So now, it seems that that financial services institutions cannot even say they did not see it coming.