83,243
edits
Bad apple: Difference between revisions
no edit summary
Amwelladmin (talk | contribs) No edit summary |
Amwelladmin (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
{{a|systems|{{image|bad apple|jpg|}}}}{{dpn|/bæd ˈæpl/|n|}}{{C|newsletter draft}}One of those mischievous human imps occupying unobserved crevices in the great steampunk machine who, by | {{a|systems|{{image|bad apple|jpg|}}}}{{dpn|/bæd ˈæpl/|n|}}{{C|newsletter draft}}One of those mischievous human imps occupying unobserved crevices in the great steampunk machine who, by human frailty, ruins the best-laid plans of the machines. Bad apples need not be mendacious, ill-spirited or even conscious, but often are. [[Bernie Madoff|Bernard Madoff]] was a bad apple, but so was the [[GameStop]] share rally, and Citigroup’s archaic [[Citigroup v Brigade Capital Management|loan servicing software]]. | ||
On the conventional wisdom, [[bad apple]]s are the | On the conventional wisdom, [[bad apple]]s are the last remaining fly in the ointment. They alone keep us from the sunlit uplands of [[financial services utopia]] that our collected labours have surely earned. Once the last bad apple has been rooted out, all will be well in perpetuity. | ||
It’s not clear what we’ll all then ''do'', but this is | It’s not clear what we’ll all then ''do'', but this is surely just a quibble: the problem we would love to have. | ||
The JC | The JC likes to ponder human nature, however inexpertly. He wonders whether we should be quite so credulous. Is not the barrel of bad apples ''bottomless''? Aren’t ''bad apples just gonna be bad''? | ||
Would we not be better worrying less about ''curing'' humans of their nature, and more about ''neutralising'' its unwanted effects? | Would we not be better worrying less about ''curing'' humans of their basic nature, and more about ''neutralising'' its unwanted effects? | ||
For there will ''always'' be bad apples, and they will always seek out, find and exploit [[Zero-day vulnerability|zero-day flaws]] in | For there will ''always'' be bad apples, and they will always seek out, find and exploit [[Zero-day vulnerability|zero-day flaws]] in our fragile systems. We should expect this, because it is in their — ''our'' —nature. ''[[Air crashes v financial crashes|This is what bad apples do]]''. | ||
Bad apples will find [[Zero-day vulnerability|zero-day vulnerabilities]] exactly where | Bad apples will find [[Zero-day vulnerability|zero-day vulnerabilities]] exactly where we least expect them, and are therefore paying least attention: ostensibly harmless, sleepy backwaters. [[LIBOR]] submissions. [[Enron|The accounting department]]. [[Citigroup v Brigade Capital Management|The outsourced loan servicing team in Bangalore]]. [[Kweku Abodoli|The delta-one index swaps desk]]. In a [[Archegos|family office]]. | ||
The question is not | The question is not “where are all the bad apples?” as much as “where are all the [[Zero-day vulnerability|zero-day vulnerabilities]] they will surely exploit?” | ||
And the more byzantine, multi-dimensional, formalised, technology-overlaid and ''complex'' our system becomes, the more vulnerabilities it will have, and the harder it will be to find them, should they start playing up. | And the more byzantine, multi-dimensional, formalised, technology-overlaid and ''complex'' our system becomes, the ''more vulnerabilities it will have'', and the harder it will be to find them, should they start playing up. | ||
Leaving it to “the system” to detect and destroy bad apples — by policy attestation, outsourced compliance | Leaving it to “the system” to detect and destroy bad apples — by policy attestation, outsourced compliance teams reading from [[playbook|playbooks]], “[[Chatbot|A.I.-powered]]” software applications — is surely the Bond villain’s way of despatching an enemy: you tie it up, gloat for a while, deliver a quick monologue and then leave it unattended while a nasty-looking, but plainly fallible, clockwork machine counts down from a thousand. | ||
In the meantime | In the meantime, the same risk control gin-traps snare other passing, peaceable, but ignorant, citizens as they go about their quotidian day, while the bad apples, wise to the ways of the world, have long since untied their bonds and made for the exit, unnoticed by the systems and controls. | ||
==How to spot a bad apple== | ==How to spot a bad apple== | ||
The regrettable thing about bad apples is | The regrettable thing about bad apples is their habit of looking like boring functionaries, or even good guys, right up to the moment that they ''don’t''. | ||
=== Good bad apples and bad bad apples === | === Good bad apples and bad bad apples === | ||
Before you know it’s a bad apple, a ''good'' bad apple doesn’t ''look'' like a bad apple. '' | Before you ''know'' it’s a bad apple, a ''good'' bad apple doesn’t ''look'' like a bad apple. Sure: ''bad'' bad apples look like bad apples; they quickly get rooted out by good apples. Even a bad good apple can spot a bad bad apple. | ||
But ''good'' bad apples: well, [[Q.E.D.]], no-one ''believes'' they are bad apples. That’s what’s so ''good'' about them. | But ''good'' bad apples: well, [[Q.E.D.]], no-one ''believes'' they are bad apples. That’s what’s so ''good'' about them. | ||
Hence, our controversial proposal: A bad apple that doesn’t ''look'' like a bad apple ''isn’t a bad apple''. | Hence, our controversial proposal: A good bad apple, that doesn’t ''look'' like a bad apple, ''isn’t a bad apple''. | ||
It won’t do to say ''we must be better at spotting bad apples'' — thereby spreading by association the stigma of bad appledom on the mediocre good apples who fail to spot them. | |||
We should ask ''why'' did they not notice perfidy going on around them? Are they uncommonly stupid, or or have their bad apple detectors somehow been disarmed? | |||
Might they have been disarmed by ''process''? To test this hypothesis consider what happens to those within our formalistic system who ''do'' call out bad apples. People like [[Enron Corporation|Bethany MacLean]], [[Harry Markopolos]], [[Bernie Madoff|Erin Arvedlund]], [[WireCard|Dan McCrum]], and that junior credit officer at Credit Suisse who asked, of [[Archegos]], “why do we even have daily termination rights if the client is not amenable to us using those rights?” | Might they have been disarmed by ''process''? To test this hypothesis consider what happens to those within our formalistic system who ''do'' call out bad apples. People like [[Enron Corporation|Bethany MacLean]], [[Harry Markopolos]], [[Bernie Madoff|Erin Arvedlund]], [[WireCard|Dan McCrum]], and that junior credit officer at Credit Suisse who asked, of [[Archegos]], “why do we even have daily termination rights if the client is not amenable to us using those rights?” | ||
| Line 63: | Line 65: | ||
Now hindsight-coloured hand-wringing is all good sport, but what to do about it? Regular readers might not be surprised to hear the JC say that ''deprogramming the steampunk machine'' and asking people to use their experience, judgment and intuition might be part of it. ''Ask searching questions''. | Now hindsight-coloured hand-wringing is all good sport, but what to do about it? Regular readers might not be surprised to hear the JC say that ''deprogramming the steampunk machine'' and asking people to use their experience, judgment and intuition might be part of it. ''Ask searching questions''. | ||
But asking open, searching questions is not how modernist organisations like to work. They are instead designed to give every impression of this kind of governance, while delivering nothing of the kind. This is how management by committee works. | |||
===Enter the [[opco|Opco]]=== | ===Enter the [[opco|Opco]]=== | ||
| Line 69: | Line 71: | ||
{{opco scene setter}}}} | {{opco scene setter}}}} | ||
</div> | </div> | ||
In any case the Opco will methodically plough through each | In any case the Opco will methodically plough through each department’s slides, which all will tell variations of the same story: in the main, ''plain sailing'' but, by way of colour, the odd fixable glitch in [[process]] — nothing serious; just the inevitable operational snags of modern financial services — and for those, a remediation plan, already in train, for how they will be resolved. | ||
All kinds of [[metric]]<nowiki/>s will be presented, analysed and set out in voluminous graphs, charts and data tables. There may be a dashboard of “high risk” situations — but only ones numerically derived from [[metric]]<nowiki/>s. In any case the [[RAG]] array will read, mainly, uniform ''green''. Perhaps the odd amber, for the sake of punctuation, attesting to easily-addressed low-impact hazards to be included “for good order” and with confident assurances there is elevated risk of loss. | |||
It will be like this because we are enculturated to always need to be in ''control'', for all systems to be ''go'', all processes in good standing, all engines ticking over without significant strain. We tell ourselves that as long as this is so we, personally, are safe and cannot be blamed. We have been acclimatised to believe that the greatest sin is ''to'' ''disrespect'' ''[[process]]''. If you disrespect process, you ''can'' be blamed. | |||
But what good is a risk report designed to tell you everything is under control? What function does this fulfil? | |||
Did [[Long-Term Capital Management|LTCM]] appear on broker risk reports before it collapsed? Did [[Amaranth]]? Did [[Malachite]], or [[Archegos]]? We ''hope'' the answer here is “no,” because ''that means there’s a bad apple''. If it were “yes,” and no-one intervened, then ''the system has broken down''. | |||
We can see here how, curiously, how a ''good'' bad apple — the kind that is so good that no-one can be blamed for not having noticed it — is, for the prospects of those who manage operating committees, a kind of ''good'' apple, in that it presents a pass; an alibi; an excuse for being none the wiser. | |||
What tawdry games we play. | |||
=== The Opco reimagined === | === The Opco, reimagined === | ||
Now imagine, for a moment, an Opco of a different kind. A fantasy opco, designed not to This one s standing agenda were instead to ask open questions, not designed for assurance that all is well, but to put up for discussion the things that might be not. | |||
''What is on your mind? What are you worrying most about? What should we worry most about? Describe your worst nightmare.'' | ''What is on your mind? What are you worrying most about? What should we worry most about? Describe your worst nightmare.'' | ||
| Line 90: | Line 96: | ||
''Who diverges most from the pack? Whose performance seems too good to be true? Who has them most leverage? Who has the biggest positions? Which are the most concentrated names? Where is the thinnest liquidity? Whose docs, and margin lockups are the most severe?'' | ''Who diverges most from the pack? Whose performance seems too good to be true? Who has them most leverage? Who has the biggest positions? Which are the most concentrated names? Where is the thinnest liquidity? Whose docs, and margin lockups are the most severe?'' | ||
Have all risk control and business groups discuss these observations ''together''. Do it in person. No [[Microsoft PowerPoint|deck]]<nowiki/>s, no BlackBerries, no-one phoning in. No interruptions. Put on lunch. No bullying. Open minds. Require everyone to engage. Everyone should contribute. Every one should know each others fundamental parameters. Everyone should be interested. | Have all risk control and business groups discuss these observations ''together''. Do it in person. No [[Microsoft PowerPoint|deck]]<nowiki/>s, no BlackBerries, no-one phoning in. No interruptions. Put on lunch. No bullying. Open minds. Require everyone to engage. Everyone should contribute. Every one should know each others fundamental parameters. Everyone should be interested. | ||
=== And then he woke up and it was all a dream === | === And then he woke up and it was all a dream === | ||