Information Technology Risk Management

Events of 2008 and What They Have Taught Us

So, I can't talk about all the resolutions that each one of us will have based on what we learned from this historic year, but I did think of a number of noticeable events that will change us forever. Here's my list for your reading pleasure:

Political - Anything is possible - November 4th 2008.

There is no correlation between the size of an organization and its ability to survive 'tough' times. 

Putting political affiliations aside, "Yes We Can" will be a campaign slogan that will go down in the history books as a start of a new era. Defying all the logic of running a "traditional" campaign, this was one that reminded us of the power of grass-roots efforts. There are different lessons each one of us walks away from similar experiences. For me, if I can sum up the lessons learned from this campaign in one sentence, it is: "Against-all-odds" has been rendered meaningless.

Economical - Contrary to common belief, age and size do not matter - September 15, 2008.

There is no correlation between the size of an organization and its ability to survive 'tough' times. If you have any doubts, take a look at Lehman Brothers, Bear Sterns, AIG, Indymac, Madoff Investment Securities. While we are at it, let's not single out the Financial Services sector. General Motors, the behemoth automaker, was reported to be days away from declaring bankruptcy in absence of a government bailout.

Political & Economical - TARP Announced - Oct 14 2008.

I once had a boss who always joked about 'given enough time and money anything can be accomplished.' Well, in the case of the $700 billion TARP program, it didn't get us where we thought we would be with the US' financial system. Billions of dollars have been transferred from the Treasury's books to financial institutions accounts. This didn't get the lending machine going the way our Treasury Department had envisioned. But what do I know? Maybe two-and-a-half months doesn't quite fit the definition of 'enough' time; still, something's nagging in my head that says 'enough' time and money are not the answer to all of the world's problems.

Trust - The Madoff Scandal - December 11 2008.

Compliance, Risk Management, Audit, Management and Regulatory Oversight programs failed to protect us from Mr. Madoff's alleged ponzi scheme. He seemingly got away with billions of dollars in profit from a large number of individuals and investment management firms, literally for decades. From what we hear so far, there were red flags that should have alerted these investors. Perhaps there were. Still, people from all walks of life invested with his firm. Why? Simply because we want to engage people we trust. Be it the main street bank around the corner for my savings account or the mega funds management company for my retirement account.

Confidence

In the banking world, we often use the words trust and confidence in the same sentence. In fact, more often than we should. Trust can instill confidence in a certain process, entity or an individual. On the other hand, confidence on its own doesn't necessarily mean that we trust that certain process, entity or an individual. The lack of trust caused by a series of events in the banking world shook consumer confidence month-after-month in 2008. In response to some of these events, the FDIC and the NCUA temporarily raised the limit on the federal deposit insurance coverage from $100,000 to $250,000 per depositor. This was an important step that had to be taken by the regulators. Still, the message it conveys to me is - Don't worry if you don't TRUST the institution you bank with. You must have CONFIDENCE in the system because your money is protected by the federal insurance fund.

We as a community need to work on regaining that trust. As I mentioned earlier, regaining trust will instill confidence.

Risk Management

There will be blame game for years to come. There will be senate hearings where we bring on the CEOs from the largest companies in the world and humiliate them for the lack of governance and overall risk management in their organizations. There will be reporters following Madoffs trying to get the sound-bites to get to the bottom of the matter (as if they will tell us everything about how they did it as they are walking on the streets of Manhattan while the cameras are rolling).

Many years ago, I was told by a banker "Risk is good. That's how we make money for our clients and our shareholders." Somewhere in that statement there was an implicit meaning that at the core of his profession was a profound understanding of how to manage risk. And everyone in the organization followed this 'methodology' of managing risk to the "T". Well, we are better informed now that some of these organizations didn't practice what they stood for.

We have talked enough about how some of the largest organizations failed to manage their own risk. But let's shift gears for a moment back to the senate hearings I alluded to and ask the same from the caretakers of the (banking) regulatory framework for the country. Aren't they supposed to manage their own risk by providing the oversight and protecting the taxpayers? I am not talking about the taxpayer who invested with Madoff. That's a discussion for another time. I am talking about the people who were standing in line on July 14, 2008 outside Indymac's branches. I am talking about the people who work for AIG. I am talking about the people who worked for Lehman Brothers - no, not the ones who received six/seven/eight-figure bonuses, but the ones who spent decades at these organization and need (and wait for) that paycheck before making that next payment. We all know the answer - yes, regulations exist to protect the consumer. But they failed us. It's time for a new risk management framework for the regulatory agencies to manage their own risk.

The Words, People and the Phrases That Will Remind Us of 2008

Systemic Risk, TARP, Treasury Secretary Henry Paulson, Governor Eliot Spitzer, SAR (on client #9's activities), Yes We Can, President-Elect Barack Obama, Risk Management, Jerome Kerviel and Societe Generale, Ponzi Scheme, Bernie Madoff and too many others to mention all in this blog.

Tasks to Do and Skills to Acquire

So, here's my takeaway from 2008, based on what I just mentioned above (not in the same order). 1) Trust in the banking sector has been shaken. For the most part, people do have confidence that their savings are safe with the US' banking institutions. But if I am a banker, I want my customers to be confident because they trust my institution and not because the FDIC has insured their funds - aka, work on regaining that customer trust in 2009. 2) More money is not a solution to every problem. TARP funding alone will not get us through this time. We need to get back to the basics of earning money from Operations and not be known as the "bailout nation." 3) Risk management is back in vogue, except you can't say that you are a risk manager at the next barbecue because you will be ridiculed until you decide to change your profession. Everyone from the consumer to a bank to a regulator needs to learn to manage their own risks. I have. I suggest you do the same.

Yes, that's a long and a complicated list to handle. But here's the good news, back to what I started off the list with: Yes We Can.

Happy New Year to all of our readers! I am glad it's 2009.



About the Author




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.