Blog article
See all stories »

How much can we learn from the Barings Bank Collapse?

Last month, global consulting firm KPMG said the banking crisis in the UK was pretty much over. But, even as they issued this good news, KPMG clawed it back with a warning about the next crisis.  Having repaired their balance sheets after the credit crunch, banks need to prepare themselves against new systemic failures triggered by cyber attacks or serious system outages, says KPMG’s banking experts.

Naturally, the report triggered more discussion about how e-criminals, hacktivists or even hostile foreign government agencies could inflict serious damage on our banking systems. While the external threats are real and make for great news copy, it should be remembered that the worst systemic failures affecting banks have come from shortcomings in internal controls and oversights, especially around identity and access management.

Coincidentally, I am meeting the architect of a banking systemic failure this month. Nick Leeson is the original Rogue Trader whose unchecked risk-taking caused the biggest financial scandal of the 20th century. Nick will be speaking at an event organised by my company and putting his story into the context of today’s scenarios of how institutions approach access risk management in much more digitised operating environments than existed at Barings Bank almost two decades ago.

Leeson is a controversial figure, of course.  His actions contributed to the collapse of a major bank and damaged many people’s careers.  However, he recognises what he did and advises on how problems of stress and risk can be better addressed in business. As a result, his life has moved very far away from his rogue trader days in Singapore. 

But there are important lessons to be learnt from the Barings Bank story.

Clearly there is the requirement to not slacken on how access is governed against external regulations and internal rules and processes.  Leeson worked the system based on his stature as a successful trader, making it harder to challenge and investigate what might lie beneath the numbers. Are human beings any different today? Probably not despite the massive changes in regulatory scrutiny.

What is different from the banking of 1990s is how much more data there is associated with identity and access. Banking systems are much more massively digitised and interconnected. This “big data” could cultivate the seeds of another Rogue Trader threat as large financial organisations try to oversee hundreds of millions of dynamic access privileges and user relationships alongside the big data of transactions and other system actions.  It seems more than likely that rogue trades could be hidden within this data storm especially as organisations draw upon a new talent pool of digital natives with the knack of working the system if they chose.

But big data does not need to be anathema to strengthening IAM as new generations of analytic technologies keep pace and can provide the tools to use that IAM big data to pinpoint access anomalies and dangers much faster.   

Real time access intelligence systems can help banks monitor and analyse how all access risk factors are changing within an organisation and provide a clear view into where the greatest vulnerabilities lie. This will enable better auditability and compliance with security practices and will help banks ensure that access to sensitive data is adequately monitored and controlled.

Risk management needs to keep on relearning the lessons of the past as well as consider how internal and external threats are fast changing too. It’ll be interesting to hear what Nick Leeson thinks when we meet next week and hear what you also think of what we can and cannot learn from the Barings Bank story. 

 

11421

Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 04 September, 2013, 18:39Be the first to give this comment the thumbs up 0 likes

This had nothing to do with technology or lack of it 20 years ago. JPMC / London Whale proves that this has nothing to do with technology or lack of it even today. Banks - and bankers - make money by enabling a transaction, not blocking it, and no amount of technology is going to change that fundamental business reality.