The title might suggest that the rollout of new software was the issue, but the article states the very contrary: it was the old software that was the culprit:
> An internal review at the bank found humans manually operating the old software were ultimately at fault
> An internal review at the bank found humans manually operating the old software were ultimately at fault
Which is of course an entirely bogus cop-out. If a mistake can be made in a manual operation then sooner or later it will be. Lower down the article says that manual checks that were supposed to catch this error failed to do so. Ineffective checks are a management responsibility, and that responsibility goes all the way up to the CEO.
"But the employee didn’t select the correct system options -- instead allowing the loan to be repaid in full with interest. Colleagues who are supposed to catch such errors didn’t."
From experience in investigating mishaps like that:
1) no maker-checker control,
2) no imposed limits (with forced maker-checkers - more than one checker)($900m with one click???? what the actual ....),
3) lack of training,
4a) pressure to do this NOW NOW NOW NOW (sorry for the caps),
4b) overworked/tired (matching point 6 below), if that person is "stuck" at home with two screaming kids aged 2-6 for the past five months, I feel for them.
5) toxic environnment that did not allow the employee to spend 2 extra mins to think twice before clicking,
6) in these COVID times not having someone next to him/her and/or was too afraid to ping someone to ask "hey dude, just to make sure, am I using MenuOption1 or MenuOption2 for this almost $1b thingie?" (again, inadequate training & toxic env.)(easier to tap someone in the bag and ask them to look at your screen that get on a Lync call, share screen.
Absolute controls in place would be limits & maker-checker.
And this is the point, when I browse the "jobs" HN, I NEVER see any on audit/controls/GRC.. as if DevOps are the gods of everythinig and auditors are useless and not needed.. sigh
I know there are other (better?) websites when it comes to looking for Audit/Sec work, but I feel that things like that should be taken care of in the development cycle, not the post-mortem of a mishap.
> And this is the point, when I browse the "jobs" HN, I NEVER see any on audit/controls/GRC.. as if DevOps are the gods of everythinig and auditors are useless and not needed.. sigh
The roles that get posted to HN are almost exclusively development related or development adjacent (such as PM roles).
If you're not looking for those roles, it tends to not be very helpful directly. But if can be useful to look through, identify companies that appear to be doing interesting things, and then looking up their full job board to see _all_ of the roles they're hiring for.
> ...Colleagues who are supposed to catch such errors didn’t.
This might well be a case of to be the hard problem of shared responsibility becoming someone else's responsibility.
There is no perfect solution - even the implicit death penalty does not prevent avoidable airplane crashes (AF 447, PIA 8303...) - but it seems that things could have been done better here, as indicated by the preceding sentences:
"After Revlon repurchased part of the debt, a Citigroup employee was supposed to manually adjust the share of the loan the remaining lenders still owned ahead of interest payments scheduled to be sent out this month."
It is asking for trouble to have a process that allows you to start a task having no immediate, irreversible consequences, but which presents few or no barriers to accidentally executing one that does. Were the "colleagues who are supposed to catch such errors" notified of the actual transaction that was about to be performed, or only of the one that was intended?
I'm put on a banking project (as external) which already flushed down the toilet around ~$500M. Based on my experiences of the meetings and meetings about meetings, I totally understand how the incompetence lead to this clusterfuck.
My question to my boss was rather: "but _where_ do these banks get this huge amount of money from? I guess it's not from the $5 account fees." He answered that although he is in the banking business for decades, he still doesn't know.
These 100s of Millions of losses are not necessarily threatening core business. I find it amusing.
This is a very misunderstood article. The money they "create", i.e loaned or paid out, has to be funded by a deposit or similar borrowing. Making sure they can fund all their commitments is what liquidity managers and treasury departments do, it's why regulators subject banks to annual ILAAPs (Internal Liquidity Adequacy Assessment Process), it's why banks have liquidity risk and modelling teams to manage any "gap" risk banks are running in this respect.
If banks could simply create money then they'd never go bust. The only exception is the Central Bank, which can create new money that is it uses to buy assets of the same value, supporting prices and improving liquidity in the financial system.
Only central banks create money. The others redirect money away from insurance vaults.
Insurance requires a load of money in a vault for when disaster strikes. When it does, they curtail lending. The impact of losses is not felt immediately. It is felt much later.
The banking industry owns more money and is scheduled to own a whole lot more money in the future. And by "more money" I mean more market share of all the money in the world.
The biggest threat to their treasures is when government prints more money. Because it limits what they are able to spend lest they cause spiraling inflation.
The banking industry is the MOST powerful industry in the world. And they don't know it or they keep the realization of that power in a tight fist.
Edit: in the context of this loss, they didn't lose anything. They just bought the debt from the creditor. They are still owed money from the debtor.
I worked at Citi for a very short time way back when. We were doing some things I thought were a bit “sketchy”, and was wondering if we were breaking the law.
The response from my boss: we’re only breaking the law if we get caught, so theoretically we’re not actually breaking the law since no one has “caught us.”
Guess there was some logic there. Of course this was a very long time ago. And sure they follow those pesky banking rules now
, never, ever “breaking the law.”
Readit News
> An internal review at the bank found humans manually operating the old software were ultimately at fault
Which is of course an entirely bogus cop-out. If a mistake can be made in a manual operation then sooner or later it will be. Lower down the article says that manual checks that were supposed to catch this error failed to do so. Ineffective checks are a management responsibility, and that responsibility goes all the way up to the CEO.
Doesn't look like good risk management at all.
"But the employee didn’t select the correct system options -- instead allowing the loan to be repaid in full with interest. Colleagues who are supposed to catch such errors didn’t."
Saved you a click.
1) no maker-checker control,
2) no imposed limits (with forced maker-checkers - more than one checker)($900m with one click???? what the actual ....),
3) lack of training,
4a) pressure to do this NOW NOW NOW NOW (sorry for the caps),
4b) overworked/tired (matching point 6 below), if that person is "stuck" at home with two screaming kids aged 2-6 for the past five months, I feel for them.
5) toxic environnment that did not allow the employee to spend 2 extra mins to think twice before clicking,
6) in these COVID times not having someone next to him/her and/or was too afraid to ping someone to ask "hey dude, just to make sure, am I using MenuOption1 or MenuOption2 for this almost $1b thingie?" (again, inadequate training & toxic env.)(easier to tap someone in the bag and ask them to look at your screen that get on a Lync call, share screen.
Absolute controls in place would be limits & maker-checker.
And this is the point, when I browse the "jobs" HN, I NEVER see any on audit/controls/GRC.. as if DevOps are the gods of everythinig and auditors are useless and not needed.. sigh
I know there are other (better?) websites when it comes to looking for Audit/Sec work, but I feel that things like that should be taken care of in the development cycle, not the post-mortem of a mishap.
The roles that get posted to HN are almost exclusively development related or development adjacent (such as PM roles).
If you're not looking for those roles, it tends to not be very helpful directly. But if can be useful to look through, identify companies that appear to be doing interesting things, and then looking up their full job board to see _all_ of the roles they're hiring for.
This might well be a case of to be the hard problem of shared responsibility becoming someone else's responsibility.
There is no perfect solution - even the implicit death penalty does not prevent avoidable airplane crashes (AF 447, PIA 8303...) - but it seems that things could have been done better here, as indicated by the preceding sentences:
"After Revlon repurchased part of the debt, a Citigroup employee was supposed to manually adjust the share of the loan the remaining lenders still owned ahead of interest payments scheduled to be sent out this month."
It is asking for trouble to have a process that allows you to start a task having no immediate, irreversible consequences, but which presents few or no barriers to accidentally executing one that does. Were the "colleagues who are supposed to catch such errors" notified of the actual transaction that was about to be performed, or only of the one that was intended?
My question to my boss was rather: "but _where_ do these banks get this huge amount of money from? I guess it's not from the $5 account fees." He answered that although he is in the banking business for decades, he still doesn't know.
These 100s of Millions of losses are not necessarily threatening core business. I find it amusing.
> QE is the puppet show; bond trading is the real deal.
They create it.
https://www.bankofengland.co.uk/quarterly-bulletin/2014/q1/m...
If banks could simply create money then they'd never go bust. The only exception is the Central Bank, which can create new money that is it uses to buy assets of the same value, supporting prices and improving liquidity in the financial system.
Insurance requires a load of money in a vault for when disaster strikes. When it does, they curtail lending. The impact of losses is not felt immediately. It is felt much later.
The banking industry owns more money and is scheduled to own a whole lot more money in the future. And by "more money" I mean more market share of all the money in the world.
The biggest threat to their treasures is when government prints more money. Because it limits what they are able to spend lest they cause spiraling inflation.
The banking industry is the MOST powerful industry in the world. And they don't know it or they keep the realization of that power in a tight fist.
Edit: in the context of this loss, they didn't lose anything. They just bought the debt from the creditor. They are still owed money from the debtor.
The response from my boss: we’re only breaking the law if we get caught, so theoretically we’re not actually breaking the law since no one has “caught us.”
Guess there was some logic there. Of course this was a very long time ago. And sure they follow those pesky banking rules now , never, ever “breaking the law.”
Q. Why did we click `Send $900M?` A. Not sure. Tom felt all clicky-clicky, so he clicked it.
Q. Why did we hire Tom? A. Also not sure. [Action Item: Fire Tom]
Strengths: Architecting risk management systems
Weaknesses: Sometimes I click on things to see what happens
https://giphy.com/gifs/emibob-ads-missile-warning-system-xUL...