Bad apple
The JC’s amateur guide to systems theory™
|
Bad apple
/bæd ˈæpl/ (n.)
One of those mischievous human imps occupying unobserved crevices in the great steampunk machine who, by their human frailty, ruin the best-laid plans of the machines.
On the conventional wisdom, bad apples are the sole remaining fly in the ointment separating us from the sunlit uplands of financial services utopia that our patient labours by now have surely earned. Once the last bad apple has been rooted out all will be well in perpetuity.
It’s not clear what we’ll all then do, but this is but a quibble.
The JC ponders human nature a lot, as you know. He wonders whether we should be quite so credulous. Is not the barrel of bad apples bottomless? Aren’t bad apples just gonna be bad?
Would we not be better worrying less about curing humans of their nature, and more about neutralising its unwanted effects?
For there will always be bad apples, and they will always seek out, find and exploit zero-day flaws in the system. We should expect this, because it is in their — our —nature. what which is This is what bad apples do.
Bad apples will find zero-day vulnerabilities exactly where the system least expects them, and is therefore paying least attention: ostensibly harmless, sleepy backwaters. LIBOR submissions. The accounting department. The Delta-one index swaps desk. In a family office.
The question is not where are all the bad apples as much as where are all the zero-day vulnerabilities they will surely exploit?
And the more byzantine, multi-dimensional, formalised, technology-overlaid and complex our system becomes, the more vulnerabilities it will have, and the harder it will be to find them, should they start playing up.
Leaving it to “the system” to detect and destroy bad apples — by policy attestation, outsourced compliance personnel in Manila reading from playbook, “A.I.-powered” software applications — is the Bond villain’s way of despatching an enemy: you tie it up and leave it unattended while a nasty-looking, but plainly fallible, clockwork machine counts down from a thousand.
In the meantime these elaborate risk control systems tend to snare peaceable, but ignorant, citizens as they go about their quotidian day, while the bad apples, wise to the ways of the world, have already worked out the flaws and work-arounds.
How to spot a bad apple
The regrettable thing about bad apples is this: they have a habit of looking like boring functionaries, or even the good guys, right up to the moment that they don’t.
Good bad apples and bad bad apples
Before you know it’s a bad apple, a good bad apple doesn’t look like a bad apple. Bad bad apples look like bad apples, so they quickly get rooted out by good apples. Even a bad good apple can spot a bad bad apple.
But good bad apples: well, Q.E.D., no-one believes they are bad apples. That’s what’s so good about them.
Hence, our controversial proposal: A bad apple that doesn’t look like a bad apple isn’t a bad apple.
So it seems to us it won’t really do to say we must be better at spotting bad apples — thereby spreading by association the stigma of bad appledom on those mediocre apples who failed to spot them. Why did they not notice perfidy going on around them? Are they on commonly stupid, or or have their bad apple detectors somehow been disarmed?
Might they have been disarmed by process? To test this hypothesis consider what happens to those within our formalistic system who do call out bad apples. People like Bethany MacLean, Harry Markopolos, Erin Arvedlund, Dan McCrum, and that junior credit officer at Credit Suisse who asked, of Archegos, “why do we even have daily termination rights if the client is not amenable to us using those rights?”
These people are regarded, before the fact, as bad apples. Not bad bad apples,[1] but impertinent: irritants; turbulent priests the place would be better off without. Meanwhile the real bad apples carried on with their heroic poses — NASDAQ chairmen, Bank chairmen, visionary innovators, star traders. They only started to look like bad apples after it.
Before and after fact: a play in two acts
Quiz time: taking the information supplied about who everyone thought was the hero, or bad apple, before a celebrated financial markets catastrophe, fill in who you think it might have turned out to be after the event.
Incident | Before | After | ||
---|---|---|---|---|
Hero | Bad Apple | Hero | Bad Apple | |
Enron | Jeff Skilling Ken Lay Andrew Fastow |
Fortune Journalist Bethany MacLean Short-seller Jim Chanos |
_______ | _______ |
Madoff | Bernie Madoff Fairfield Sentry The SEC |
Option Trader Harry Markopolos Barron’s Journalist Erin Arvedlund |
_______ | _______ |
Barings | Nick Leeson Peter “not terribly difficult” Baring |
Er... | _______ | _______ |
Archegos | Bill Huang Co-heads of PB, everywhere |
Junior credit officer, Credit Suisse | _______ | _______ |
FTX | Sam Bankman-Fried Caroline Ellison |
Matt “So, it’s a ponzi scheme?” Levine Terry Duffy (CME CEO) |
_______ | _______ |
WireCard | Markus Braun Jan Marsalek BaFin |
FT Journalist Dan McCrum Internal lawyer Pav Gill Short-seller Matthew Earl |
_______ | _______ |
The JC’s view: the “bad apple” concept is not a good one if the virtue of one’s applehood is only apparent in hindsight.
What to do
Now hindsight-coloured hand-wringing is all good sport, but what to do about it? Regular readers might not be surprised to hear the JC say that deprogramming the steampunk machine and asking people to use their experience, judgment and intuition might be part of it. Ask searching questions.
Asking searching questions is not how modernist organisations like to work.
Enter the Opco
Imagine the scene: a monthly risk operating committee meeting with a standing agenda designed systemically and mechanically to identify minimise and manage risks to the business. Some snivelling COO functionary will have spent the preceding fortnight issuing progressively pointed warnings to “stakeholders” that their contributions to the 300-page deck that will serve as materials for the meeting — whose existence is mandated by the committee’s terms of reference — and whose target operating model demands be circulated 48 hours in advance.
Not a soul will have read these materials before the meeting — it wouldn’t be physically possible at the average adult reading speed — and nor would one be any wiser if she had: the COO’s muted threats are just the weft and warp of the financial services dominance display. It is all very performative. As, indeed, is the deck.
Each risk function will dispatch mid-ranking delegates to attend the meeting. These are essentially votive lambs. They are offered up to take a beating, if one is needed, without making things worse for those who sent them, so must be resilient not to break down in tears at the first sign of angst, and savvy enough not to throw her superiors under the bus they assuredly deserve to be under. The delegate must “talk to her slides” — though in practice she will understand very little about them — aiming to sound informed enough for her contribution to pass without remark, but not so informed as to prompt questions.
If the Opco chair got out of the wrong side of bed, or should a delegate’s attestations be too anaemic, or not anaemic enough, the chair may snap. She will give the delegate a five-minute shellacking in front of the assembled. This is the modern-day equivalent of a public stoning — not to the death, but “to the pain”: there are three hundred pages to get though, and eighteen risk groups presenting, after all. For most delegates, attendance is a 2-hour-long game of Russian Roulette where there are only a handful of bullets in what is quite a large chamber. Consolation takes the form of the private chat channels, alive with wincing wonderment while eviscerations happen.
In any case, should the opco chair come for you, her question will not be, “where is your risk”, but the far stupider one, “why are you displaying a risk”, as if “risk” is not an immutable function of commercial life. Such grumpiness is outdated in our compulsively empathetic times, and may soon pass into history, the same way bear-baiting, throwing Christians to lions and rucking with your studs all have. We think this is a pity: financial services ought to be a blood-sport: there should be some sense of jeopardy. We lose something important if everyone is kind, respectful of standpoint, mindful of lived experiences and inclined instead to passive-aggressively knifing people in the back in private.
In any case the Opco will methodically plough through each risk function’s slides, which will all tell the same story: in the main, plain sailing, but with the odd fixable glitch in process — the inevitable snags of modern financial services — and a remediation plan for how they will be resolved. All kinds of metrics will be presented, analysed, and set out in voluminous graphs, charts and data tables. There may be a dashboard of “high risk” situations, derived from these metrics, but its RAG array will read uniform green — perhaps studded with the odd amber, for the sake of plausibility — hazards in the form of easily-addressed talking points included “for good order” and with confident denials of elevated risk of loss.
It will be like this because we are enculturated to be always in control, for all systems to be go, all processes in good standing, all engines ticking over without significant strain. We tell ourselves that as long as this is so, we are safe. We have been acclimatised to believe that the greatest sin is to disrespect process.
But what good is a risk report designed to tell you everything is under control? What real-world function does this fulfil?
You ask, “did Malachite appear on any risk reports in the two years leading up to its collapse? Did Archegos? Did Amaranth?” We hope the answer here is “no,” because that means there’s a bad apple. if it were “yes,” and no-one intervened, then the system has broken down.
But these are rhetorical questions, and you don’t ask them lest you become the bad apple.
The Opco reimagined
Imagine if the Opco’s standing agenda were instead to ask open questions, not designed for assurance that all is well, but to put up for discussion the things that might be not.
What is on your mind? What are you worrying most about? What should we worry most about? Describe your worst nightmare.
Wouldn’t that be a more effective way of surfacing the bad apples? sometimes the most counterintuitive questions might provide food for thought.
Which client is printing the most business? Who is generating the most revenue? Who is borrowing the most money? Who is generating the most trading? What could possibly go wrong there?
Who diverges most from the pack? Whose performance seems too good to be true? Who has them most leverage? Who has the biggest positions? Which are the most concentrated names? Where is the thinnest liquidity? Whose docs, and margin lockups are the most severe?
Have all risk control and business groups discuss these observations together. Do it in person. No decks, no BlackBerries, no-one phoning in. No interruptions. Put on lunch. No bullying. Open minds. Require everyone to engage. Everyone should contribute. Every one should know each others fundamental parameters. Everyone should be interested.
And then he woke up and it was all a dream
There are several reasons this will never happen. They are as immutable, and predictable, as they are stupid. They boil down to various iterations of the golden rule of cross-examination: don’t ask questions to which you don’t know the answer.
Regulators would puke
We have to submit the minutes of our risk meetings to the regulator. They have great powers to demand further information from us. The last thing we want is to have them asking difficult questions. We wish to create the impression of calm, ordered, measured, control. Nothing to see here folks, move along. We can’t afford to give any kind of impression there are things we do not know, things we cannot manage, or things about which we are worried in our business. Encouraging coal-face staff to indulge their paranoid fantasies is the last thing we should do.
There is certainly sense in this, but it insane all the same. The best way of managing our regulator — a body whose existential purpose is to manage risk of catastophe — is to be wilfully blind to the risk of catastrophe.
Senior management would puke
Even if the regulators would be cool with it — they wouldn’t — the of the Opco chair would not.
“Imagine,” she might say, “if someone flagged this kind of crazy risk in a risk meeting, and we discussed it, and we decided to do nothing about it, and then that exact crazy risk happened. Management would be incandescent. We might get disciplined. Or fined. Or even fired.”
See also
- Human error
- Sidney Dekker’s The Field Guide to Human Error Investigations
- Rumours of our demise are greatly exaggerated
References
- ↑ Though Dan McCrum was subject to a criminal investigation, so he might feel differently about that.