To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/financialservices/0,3800010322,39168771,00.htm

Avoiding the next Northern Rock
Opinion: Why banking needs less trust...

By Steve Boyle

Published: Monday 15 October 2007

The banking and finance sector can take months to spot that things are going wrong. Steve Boyle says it needn't be like that. The whole Northern Rock affair could have been avoided if the bank had used zero-trust management techniques.

silicon.com Retail & Leisure

Get the latest retail and leisure news straight to your inbox. Sign up for the R&L newsletter today.

The key to making sense of the Northern Rock crisis is to understand that its business model was based on short-term funding of their lending book - it was cheaper to finance and increased its profit margins. This worked for a while but the fatal flaw was the assumption that limitless liquidity would be available in the markets, at cheap rates indefinitely.

When this source of cheap finance was squeezed until its pips squeaked, it was only a matter of time before Northern Rock's liquidity dried up.

One can argue that the Bank of England's and the FSA's controls should have been stringent enough to detect the situation. But ultimately the buck stops with Northern Rock chief executive Adam Applegarth and his board for their failure to identify the business risk, or for committing the cardinal sin of understanding it and choosing to ignore it.

Balancing the appetite for risk and reward is a well-understood principle of business - but risk must be managed actively and continuously. One of the fundamental problems of the current business model is that it encourages - often with regulatory and governmental connivance - organisations to ignore inconvenient truths.

Being aware of risk but making clear decisions to mitigate it as far as commercially possible - or taking a conscious, scrupulous decision to accept it - should be an integral part of operating a business or managing a project.

This is where banking business operations can learn major lessons from the mystical arts of good project and risk management practice. A zero-trust management approach at Northern Rock could have helped avoid the crisis in confidence that has so damaged its business.

It has long been understood that if you systematically assess the probability and impact of adverse events on hitting your project completion date on time, within budget - and take action to manage those risks - you stand an infinitely greater chance of success than if you bury your head in the sand or choose to ignore risks that represent a clear and present danger.

The trick is to identify the data required, ensure the technology is in place to collect it quickly and efficiently, ensure that the data can be verified and guarantee that the operational implications are conveyed simply and quickly to the senior executives responsible.

Zero-trust management is a logical and straightforward concept, based on these proven project management and risk management principles. The concept says that if you cannot provide evidence to support your actions, then they are based on judgement only, not the facts. Judgement without facts will not do.

Too often the people in charge of delivering against targets - whether this represents financial performance or project delivery dates - try to paint status red as a shade of green.

Ultimately, the only way that those in charge can be sure their success is protected is if they adopt a no-trust model. They must insist on being shown the evidence. They must make sure their subordinates or contractors can prove they have understood the risks and are actively managing them, to the standards agreed.

It is a ruthless approach to management in any book but the ramifications of failure for the bank executive, the project manager - and ultimately the consumer - are too extreme to leave to a throw of the dice.

It requires the will to demand real-time management information at a level of detail that very few in the banking sector have yet to pursue. There is no point in reading a risk assessment report one week after the fact. Effective response requires instant access to operations data.

It is a tall order, requiring the standardisation of data generation and analysis across all areas of the bank. But the reward is considerable - the safeguarding of the future existence of the bank.

Our regulators exist to protect us and enforce compliance with standards. The Bank of England, in close conjunction with the European Central Bank and other global central banks, takes a risk-based view to maintain the financial stability of the UK economy and in regulating the behaviour of our financial services institutions.

But are our existing controls on capital adequate? Clearly not and paying lip service to risk management may tick the boxes but will do nothing to protect the business. A much more rigorous approach to risk would have demanded adequate liquidity insurance from Northern Rock - no trust, evidence only please.

Taking a broader view, it is clear that the early warning systems built in to key industries and policed by regulators, regularly fail and the consumer ultimately ends up footing the bill. All business - and banks are no exception - can learn significant lessons from the rigours of good project management practice, agreeing milestone plans with clear responsibilities and acceptance criteria that provide evidence that the objective has been reached.

Zero-trust management will not solve a liquidity crisis in the financial markets but it will ensure that organisations have their eyes open to managing risk in any business environment. Further, a supplier's performance under a service level agreement becomes quantifiable by a commercial client or a regulator once you have a clear plan and have agreed up front what good performance looks like.

Ultimately, UK banking desperately needs transparency - a comprehensive picture of the risks and obstacles ahead. It also needs a detailed plan to handle the eventualities, as well as highly developed early warning systems that allow management to take action, as situations develop, at the earliest possible moment. It also needs a model that is not based on trust.

Steve Boyle is chief executive officer at Sutherland Consulting