As Stephen Green, ex CEO and chairman of HSBC reminded us before he became Lord Green and joined the UK government in 2010: “Corporate governance is the very essence of a company.”
Where then, does the responsibility rest for appropriate technological infrastructure that goes to the very heart of a business? Surely, it is with the plc boardroom.
In financial services, where businesses are dealing with money belonging to other people—their customers—this responsibility takes on further weight. Yet the banks have, over the past decade, treated their IT infrastructure as a mere function, and an inferior one at that, rather than as part of a strategic goal.
A plethora of legacy systems have been hidden away amid siloed decision-making delegated to IT “geeks” rather than “strategic thinkers”, as laid out in the extreme hierarchy of the financial institution world.
Spurred on by the sheer adrenaline of cut-throat competition linked to the reward of bonus pay for performance, there has until very recently been no whiff of collaboration in the industry on technology that could both safeguard and reduce costs of operation. Change, where it has come, has been incremental, and largely cosmetic.
Yet when banks have failed time and again in their technological responsibility, incidents with serious implications for customers have been repeatedly presented as “IT glitches” by their spokespersons in the UK mainstream media.
One is spoilt for choice when it comes to examples. Three years ago in July 2012, a computer breakdown for about a fortnight left thousands of customers unable to access their accounts at Ulster Bank.
Sir Philip Hampton, chairman of parent bank RBS at the time, said what had happened was “completely unacceptable” and that the computer failures “should never have happened”. Such language is at odds with the reality of the approach banks appear to have taken on updating their technology of their own volition.
A simple internet search for IT glitches at banks provides plenty of material that should certainly scare shareholders—and terrify customers. Because if acceptance of responsibility needs to precede action to ensure that it never happens again, then there is little indication as yet that the banks are changing their thinking around the importance of IT to their governance.
If and when they do, the transformational task will be enormous. In the meantime, as the fines for misconduct levied by global regulators ratchets up, who can say what the extent of fines for technological neglect might be, if it could ever be uncovered and quantified?