"IT is the business..."
"...and the business is IT", as so many ITIL trainers are fond of saying
Banks need to start thinking of themselves as IT companies, said David Chan of City University London. "A senior banking technologist has said to me: 'A retail bank is nothing but an IT company with a banking licence'," Chan told The Reg. "While this may seem extreme, when one looks at the economics of any retail bank, it is …
"...and the business is IT", as so many ITIL trainers are fond of saying
A retail bank is nothing but an IT company with a banking licence
That truly is a brilliant and insightful statement.
The RBS problem is ultimately symptomatic of a culture within many large organisation where the senior team believe that they can rule by "dictat" without having to understand the consequences of their decisions.
...out-sourcing can exacerbate bad management...
Or, as in the motto of Dilbert's pointy-haired boss, bad management, feels that anything they don't understand must be easy.
> And it's not just a culture issue: there's a trend towards pigeonholing folk into particular roles
> within a process, ensuring that they do one or two things well and need not worry about the
> rest of the machine.
Ain't that the truth... I was recently told by a line manager "we don't need people like you who understand everything any more". Well, next time the proverbial hits the fan I almost certainly won't be there (hence icon - would you given a hint like that) and I wonder how well they'll get on...
Indeed, many of our organisations are ruled by ignorant fascists.
It's not just pigeonholing people but companies
Even when the job isn't outsourced there are so many different divisions/subsidiaries/competing business units/etc all of who are at each others throat then if some other dept asks you to do something that will destroy the company it's better for you to do it - and meet your SLA - than say no that's wrong.
It may even be a legal requirement to "your" shareholders to destroy the bank rather than fail to perform your contract tasks !
> Indeed, many of our organisations are ruled by ignorant fascists.
There's at least one ignorant fascist reading your msg ...
OP: I had exactly the same thing occur to me. The system is very stable and we're not sure we have anything for you to do any more - i.e. they wanted to flick me off and use one of the grads that is smart but can't even code in the languages used (he's not a developer) to cover the system. The handover took less than 1hr - they weren't interested as management felt it must be easy because I did it so easily although the grad didn't appear too at ease with this.
Fast forward and they now realise they can't make any changes to the system because they don't understand how it works - it was RAD and they chose feature implementation over documentation or even TDD (takes too long) - and nobody in their team is a proper developer (a few can VBA). Fortunately it still works and hasn't needed fixing. Never ceases to amaze me how management see developers as just commoditised meat-sacks until the fan gets spattered. They now have zero chance of passing an audit on the grounds that nobody understands, can enhance, can support, or can fix the system. It needn't have been that way.
We need a muppet icon or, given the copyright, a puppet with a hand up its arse.
"we don't need people like you who understand everything any more"
And yet with systems becoming more and more integrated, with more dependancies etc, these middle management drones are heading for a fall, as happened at RBS. The blinkered corporate mentality, complete with little empire builders and the 'cover my @rse' attitude never ceases to amaze.
Answer: Pay the CEO more.
"Question "So. How can they stop that meltdown from happening again?" ..... Answer: Pay the CEO more. .... Syed Posted Wednesday 1st August 2012 10:43 GMT
That is a very bad joke, Syed, whenever nothing can stop it happening again if IT wants such meltdowns happening again. In fact, you surely will have admit that it is IT facilitating such meltdowns in the banking system, which is led to server profit [money for nothing and in bankings case, also money from nothing] to the very top, with instruction from the very top, or are we to be led to believe that sat the very top of the banking industry, are puppets following orders rather than issuing them. I don't think so, bubba, because that would extraordinarily render them totally unnecessary.
But then such meltdowns are quite logically how it should be, whenever a system is so perversely corrupted to server itself invented riches which it then loads onto others as if it were their debts, with additional punitive and arbitrarily decided interest charges and sundry miscellaneous administration costs to ensure no chance of repayment and freedom from its deceptively easy and conveniently efficient slavery model.
It is bound to quite naturally fail catastrophically quickly whenever those pennies drop and whole populations start to realise that they are being ruthlessly conned and treated as ignorant fools to be treated as useful tools.
The most dangerous jobs in the world today, are being a banker and a politician, in full support of the existing status quo position which seeks to maintain the slavery to invented mounting debt models, rather than get rid of it altogether.
1 week? 3 weeks? 6 weeks so far, and still awaiting reconciliation of some transactions.
It's the easiest way to cut costs - i.e. staff numbers.
Instead of having 20,000 servers, each one doing it's own specialised task in it's own customised environment, why not axe a ton of the hardware and run all the mess on one single box o' tricks - maybe even virtualise it all, for added points in the buzzword bingo stakes. Even better, spin the consolidation as being "green" by persuading the gullible and terminally trendy types that we're really saving all those gigawatt*hours because we care about the planet - not for all the money it saves.
However, it does mean that you can end up with 20,000 servers all being dependent on a single DNS box, or that one honkin' great hub is responsible for *all* your enterprise's core traffic. Even if you've built a resilient or redundant system who's ever had the balls to press the big red button to see if it does actually fail-over?
So instead of an insignificant bugette or hardware failure just knocking a small part of your biz offline until the on-call engineer puts down his/her sandwich and shuffles over to press "reset" a whole long line of tits go up and suddenly all the lights go dark - and a funny smell seeps through the IT centre.
So what sounded like a good idea to the accountants who run the corporation, turns into a tangle of interdependencies and unknown unknowns that makes the Butterfly Effect look like a piece of string connected directly to a lever (with a sign saying Do not pull on it). It's not surprising that these systems fail. It is surprising that anyone ever manages to get them running again - though maybe the next major crash won't leave us surprised, at all.
Since Galvanize by the Chemical Brothers was used in the London Olympics opening ceremony, I have had the song in my head quite a bit. Just now I had Q-Tip/Abstract in my head saying 'Virtualize! Come one, come on! [Don't hold back]"
Mr Chan, has in my opinion, hit the proverbial nail on the head.
The middle layer of management never seems to get mentioned, it isn't Mr Hester that is choosing to take risks by de-skilling the workforce but it will be his targets that are causing the problem. Required reduction in IT costs = Management finding an easy fix = ship the development off to a cheaper country whilst retaining their own jobs/salary/bonus.
It is the middle management layer that has failed. They chose not to listen, they ploughed ahead with changes and it has cost the company dearly. Given the culture at RBS, no one questions their boss above project manager level. If you did then the end of year rating system was used as a big stick.
I have said it before but the outcome of any review will be "more control". It wont point the finger of blame at any management strategy, it will be just an extra layer of change control that slows the development process down even further.
The tech staff in Edinburgh are competent and know what needs doing (at least, they were a few years back) but the middle managers are handcuffed by terror of the VPs. Any question or criticism of those above you is a serious CLM.
Many of the technical staff are contractors who have little vested interest in the job beyond this weeks pay cheque. (Admittedly, a very generous one.) I asked a colleague why so many critical systems ran on failure-prone, support-intensive MS Windows systems. He replied with a shrug "We get paid by the hour."
But, not only did he `hit the nail on its head`; he used a 10kg sledgehammer to accomplish it.
I suggest that punishment of the C level ranks at RBS start with the CEO, and he should have his balls whacked with said sledgehammer. Then follow down the line as required.
I'd say primarily a bank's business is making my money grow, and not losing any of it.
The I.T part , which is secondary , is
Making some of it accessible instantly in as many ways as possible e.g
theirs and other's cash machines
maybe a smartphone app
cant think of anything alse i require from a bank, even though they keep trying to sell me breakdown and travel insurance for £7 a month.
While what you said kind of makes sense, you're wrong in your judgement of a bank's business. "Making your money grow" is a secondary objective (as is building trust, making massive profits, and having good IT systems!)
A (retail) bank's business is Risk Management. This should be beaten into everyone working at the bank. Everything they do is about risk management. Too many banks have lost sight of this, and no longer assess risk correctly. This either inflates or deflates their view of the risk of any product or proceudre, leading to either laissez-faire or being overly restrictive.
I guess I take processing transactions and moving money as the primary function of the bank. Though accept there's a lot of off-the-systems work involved in deciding what to move where.
All the websites, apps, direct debits have to funnel the transactions thru the core IT, the mainframe.
Rubbish (assuming you mean something like Investment Risk Management, which is the usual interpretation in this context).
1) A retail bank might want to understand its risk exposure in the "what if our IT fails" sense.
2) A retail bank's business should be processing its customers transactions reliably, efficiently and cost effectively.
3) A retail bank has no reason to put any of its customers money at risk.
RBS management failed on all three.
I'm with Daren. The payment system that the banks co-operate in running is fantastically important to the nation, but not to each individual bank. Banks borrow short term and lend long -- that's how they make money and it's what defines a bank -- and they care most about managing that risk to ensure that they are able to meet their obligations over the counter every day. And that's not primarily about payments, whether it's phone apps or CHAPS. We think that's what banks do, but it's not what they think they do.
Nonetheless, the payment system is vitally important to the rest of us, and RBS have exposed the risks of leaving it, unsupervised, in the hands of people for whom it's always going to be a secondary interest. I think there's scope for regulation -- a technical assessment distinct from the banking regulator -- to ensure that every participant in the payments system, merchants, acceptors and banks, works in an efficient and recoverable way.
It sounds like you are deliberately missing his point. The core function of a retail bank is to take customers deposits and invest them to make more money (traditionally by lending this money long term to individuals/businesses).
If all these investments went up the swanny, then the bank's customers would lose their deposits.
Hence, the risk of the investments is of utmost, critical importance.
Hence "a banks business is risk management".
"3) A retail bank has no reason to put any of its customers money at risk."
Rubbish. A retail bank takes in customer deposits at one rate and lends them out at a higher rate, the difference being their profit. Even if we ignore the fact that they "create" money by lending out more than they have on deposit there is always going to be a risk involved in lending out.
I would love to have a look at the Risk Logs and Register for the Downsize, outsource and offshore projects that RBS ran!,
I would also like to see who signed off on the corporate risk exposure of halve your change team, and run the risk of creating £300m+ in liability dents in your balance sheet.
Although I doubt the Fundementally Supine Authority has demanded these as part of a review of RBS/Natwest's suitability to hold a banking liscense.
> making my money grow
But it isn't your money. You gave them your money and it became their's. This is the side of banking that gets glossed over too often. The only difference between giving me your money and giving the bank money is that I don't have a license and you expect the bank to always be able to give you some of their money whenever you ask for it at a future date.
Banks don't 'grow your money'. They just agree to credit your account with additional funds every now and again so that - you hope and expect - over time you they will give you more of their money than you have given them.
"A retail bank takes in customer deposits at one rate and lends them out at a higher rate, the difference being their profit. Even if we ignore the fact that they "create" money by lending out more than they have on deposit there is always going to be a risk involved in lending out."
Why so? Let the investors (shareholders) carry the serious risks. Maybe even the senior staff. After all, they are the ones who expect the serious rewards. Just ask any Barclays shareholder how much their shares have grown (prior to Diamond joining anyway).
Or, alternatively, withdraw the Government protection on (relatively) small deposits (large deposits aren't protected). Then see which banks start running scared because they know the public will found out that they are risking too much depositor money.
Sadly the only time the public will realise the risks is when it all goes titsup and they discover the bank can no longer give them any money. Although everyone ought to know how banks work it's a bit harsh to teach Mr. Average Joe about it by depriving him of the ability to buy food or clothes for his family and forcing him out onto the street.
[quote]I'd say primarily a bank's business is making my money grow, and not losing any of it.[/quote]
The primary role of any business is to generate a profit. Risk, IT and so on all flow from that primary goal.
If you are shareholder, then I agree. Growing the share price and dividend are the primary objective of a publicly listed company. Growing turnover/market share count for nothing and are just vanity unless they can be turned into solid income (and profit).
As a customer the primary goal of any bank is to minimise the amount they spend on you, whilst making you generate income. They will be doing everything they possibly can to ensure your money grows as slowly as possible, because the margin between what they pay you as a saver and what they lend out is where their income is generated (actually probably a lot less reliant on you as a saver as they have the money market to borrow from so even less incentive to pay you anywhere near a competitive rate of interest).
On a side note, co-op premier account charge of £13 a month is pretty good I think for mobile phone insurance, worldwide family travel insurance, European RAC breakdown cover, £300 interest free overdraft.
Forget about YOU when it comes to the bank because you, personally, are one depositor. A depositor is a class of customer. You are a liability on their balance sheet.
The Bank, itself, needs to make money and it makes it by using your money as security against loans from the money markets, and then lending that out at a higher rate of interest than they paid. Simples. The charges, etc, against your account, barely scratch the surface of the kind of money they need to make the kind of money they want. Mostly they are to offset the costs of running the branch. The more you have on deposit, the more they can borrow, meaning the more they can lend which makes them more money.
But lending is risky. So their job is risk management with a side order of risk assessment. Everything else is trimmings. So when I say a bank's job is risk management, I mean that they have to manage the risk of their customers not paying back. By which I mean YOU not paying back, meaning they cannot honour their debts, and the bank that lent to them cannot honour THEIR debts, and all the way up. See?
Keeping track of the money is a core function. It doesn't matter what else you do if you can't do that.
These days, we're dealing with computers, it's not clerks with ledgers and hand-written cheques. Yes, when you lend that money out, the bank is taking a risk. Doing the banking right depends on managing those risks. But without reliable working IT, the business is dead in the water. All that's left is the petty cash drawer.
'making my money grow'
FAT CHANCE - with the low interest rates now available. Even given the low inflation
CM is a communications tool. It works if it puts the change plans in front of people who are technically and institutionally able to challenge them. It works better if those people include the ones who will have to fix what goes wrong. What can't work is a lovely paper trail with all the manager's signatures.
The phrase you're looking for is 'Blame Management'. Not only does it allow peons to (at least attempt) to defend their actions, it means that you can follow the paper trail along to the end, fire the guy who signed off all the other signatures and fire him.
This way, nobody else is to blame, the management can be seen to be Doing Something and no business processes need fixing. Its an amazing technique.
Nail - meet hammer head. You've hit it exactly - the best written Change Management policy document does NOTHIING unless it is interpreted by someone who (or a team of whos) that can holistically assess it's true impact and risk, in obvious and non-obvious ways. Which as the article points out, is precisely what is missing when you offshore so much of your expertise and demand a uniform process populated by specialists and drone workers. Once you have the latter condition, no amount of Change Management policy makes any difference - there are too few people left that can actually assess the change for non-obvious impact. RBS is not alone in the banking world in ending up in this positoin - in fact, they are in very close company with many other banks these days...
>Nail - meet hammer head
Unfortunately it's more like "that's a thumb"
"Yes but we are required to hit something 99.99% of the time"
"But it's a thumb"
Well we could escalate a "not hit a thumb" request to the new 6levels of change management but in the meantime keep hitting the thumb - we don't want to trigger a failed to hit something incident.
Change management is great. In RBS its an arse covering exercise. So you end up with folks processing meaningless changes and not spending time doing the diligence on the changes that are liable to fuck you over.
Oh my, I've never seen someone actually get the phrase so close to how the management said it... I guess you hit the nail on the head of that one.
The amount of times I tried to say "if we carry on as normal, we will carry on breaking the thing that just broke". But getting through management to get a fix or change to the broken thing was near impossible.
There was an article in Forbes last year covering this very issue:
"Banks need to start thinking of themselves as IT companies, said Professor David Chan of City University London"
As opposed to PayPal that seems to be an IT company that thinks it's a bank.
'A retail bank is nothing but an IT company with a banking licence'
So wrong in so many ways. A retail bank is a bank; IT is just part of the infrastructure, a means to manage the business processes. If the processes are bad, no amount of IT will change that.
I would agree that IT is now fundamental to how a lot of businesses work (including banks); but if a bad manual process is turned into an electronic process, that doesn't suddenly make it a good process. The businesses have to get their processes correct (including making sure that they manage risks) and if a business doesn't understand what its core function is, then it is doomed to fail.
Let the flames begin!
Whilst I agree around the principal of there is no such thing as an IT project, only business projects with larger or smaller amounts of IT, in the case of our national banks, the Prof is right.
RBS is an IT company with a banking liscense, because if you switch off the IT, the bank ceases to trade, and is therefore not a functioning Bank.
A lot of managers, in both IT and Business areas, have not realised the mission criticality creep of technology, and many still think that IT is an optional extra. RBS demonstrated the fallicy of that perception.
So maybe today the "IT Project" mantra in this tech heavy world should include a second line that says, "there's no such thing as a pure business project, only IT projects with a larger to smaller business component"
They actually still have an entire "paper based contingency plan" for just about everything AFAIK. So no, the bank does not cease to trade or function. It just functions painfully slow and gets a throwback to the 18th century.
There may be a "paper-based contingency" on paper which would give the bank tellers and other wetware an illusion of functionality.
In reality, the inter-bank transfer processes cannot happen manually.
If those fail, the bank will be gone inside 3 days.
A bank has to be a good IT practitioner, but it also has to have good marketing, good sales, good service management, and as noted above good risk control. Oh, and also know a whole lot about, er, banking, which many in IT will probably think is a lot easier than it is, as there are just so many rules, regulations to comply with, and intricacies - BASEL III anyone?
When I look at the banks that I have consulted for or worked with, they KNOW the importance of IT - they can see it in their budgetary lines, and by how much floorspace IT takes up. Unfortunately, they also know that most in IT sit a lot lower on the totem pole than bankers, marketers, risk management staff, etc. IT may just beat out the call centre staff...maybe. So when a bank wants to look in a mirror, they do NOT want to see themselves as an "IT organisation". Maybe if we in IT decided to start wearing suits again, take off our MP3 players, hire more women - maybe then it would be more attractive. But as long as IT are socially and paywise down the scale, banks (run by bankers, you will remember) do NOT want to think of themselves as IT companies. And can you blame them?
But that does not excuse the central point of the article, which is about IT expertise, not just focus. You can have IT as a support function, but you can still develop, nurture, and retain stellar expertise in IT. LIke Taleb's Black Swan event, you can count the cost savings of not having true expertise for many years running - until the day it all goes titsup, leading to huge losses... Banks are supposed to be good at risk management, and it is time for them to re-run the numbers of their savings, factoring in the possibilities of huge negative events like these...
"RBS is an IT company with a banking liscense, because if you switch off the IT, the bank ceases to trade, and is therefore not a functioning Bank."
Any business depends on a selection of tools, people and processes. IT is fundamentally a tool closely attached to the processes. It is the money making processes that define what the business is, not the tools. If I cut RBS electricity, water supply, or postal service off they'd soon cease to trade, but that doesn't make them a post office, or a 'leccy or water company. The utilities have large IT infrastructure, but that doesn't make them IT businesses either. The Prof needs to think again.
It's not just a tool. It's the ONLY tool which can allow a modern bank to run. Money exists in IT. Whether that makes a bank an "IT company" is just a matter of words. The fact is that RBS (and other banks in my experience) have allowed a senior management culture to develop that thinks that IT is just something that can be bought in as and when required as a commodity. Reality is not like that but who has the balls to tell them the risks they are taking?
I've been on the sharp end of senior management sharing their views with us about the relative unimportance of IT compared to the real banking business and suggesting that if we want to work in IT we should get a job in an IT company :) Quite charming really.
And it is these Luddites that often cause so dammed many problems for IT because they fail to understand how IT impacts their business.
Imagine a wholesale distributor who (IMHO, stupidly) migrates core billing services to a `cloud provider`, and has to deal with the aftermath of the cloud provider fucking up. Can you say insolvency??
Yet there are those members of damagement who only look at the spreadsheet, and see the line item cost for IT, and think: "We have to cut that, or else we won't get our quarterly bonus". I have seen it happen. My employer bought up such a company, and the first thing we did was to kick the asses of the entire `C` level suite out the door. The morale there was in the pits, as the employees did not give a shit about damagement, because damagement did not give a shit about anyone else but themselves.
One of the first questions we were posed with was: "What is going to happen to the remaining IT staff"? A lot of jangled nerves were soothed when they were told that the cloud was being ditched, and the outsourced IT functions were being brought back in house.
"Cloud??? We don't do stupid shit like that for core billing services." We don't want to put a core business function in the hands of a third party, whose only risk is having to refund a portion of your monthly bill for failure to live up to its SLA; while for the business, the risk has no limits. Bad proposition, IMHO.
You can strongly disagree all you like, but your argument just shouts agreement, you say "IT is now fundamental to how a lot of businesses work", it would be much easier job to say which businesses are not fundamentally dependent, even the corner shop has accounting and ordering systems which are crucial, and if they could get by without IT then could their suppliers? (i.e. they are still dependent).
Mapping a business process to an IT process takes a special kind of animal, one who understands business and IT and can translate between the two, you can consider this a business function or an IT function, but in reality it's irrelevant where you put the headcount SOA exists because you can have off the shelf systems which do what most businesses need - in which case you're just an IT reseller, providing wetware for the SOA, if your product can work with SOA then you're developing bespoke IT systems.
The reason why you're wrong (and the statement is right) isn't to do with the fact that a valid business plan is required it's because you're forgetting that "IT Company" is just "IT + Company", the paradigm has already changed.
Biting the hand that feeds IT © 1998–2017