• $25 billion: Wells Fargo, JPMorgan Chase, Citigroup, Bank of America, Ally Financial (2012)
• $13 billion: JPMorgan Chase (2013)
• $9.3 billion: Bank of America, Wells Fargo, JPMorgan Chase, and 10 others (2013)
• $8.5 billion: Bank of America (June 2011)
• $2.6 billion: Credit Suisse (May 2014)
• $1.9 billion: HSBC (2012)
• $1.5 billion: UBS (2012)
Taken together, these historical facts show how even very large financial institutions can suffer or even cease to exist if they fail to embrace technological innovation, or embrace it without a commensurate investment in the information management capability required to effectively evaluate risk. Thus, the stylized facts that should concern current financial institutions are:
• Firms entering the market, particularly those entering with some technological advantage, are a threat.
• Excessive risk taking based on impaired risk assessments (often the result of technological innovation without the supporting information flow) is a threat.
• The likelihood that any firm succumbing to these threats will be expelled from the market is high.
Poor information management itself has causes. In some cases, the underlying causes may have included a regulatory (and rating agency) arbitrage in which financial institutions were incented to do the minimum while benefiting from things like deposit insurance (an explicit stamp of approval from regulatory authorities) and high public ratings from rating agencies, or even the implicit stamp of approval that comes purely from compliance and the absence of regulatory censure. But more importantly and more generally, low industry standards for excellence in information processing have meant the absence of competitive pressures to innovate and excel. This environment, which has persisted for decades, is now coming to an end.
Cultural Issues
While identifying more effective management of information assets as a key strategic objective for the firm is a good first step, implementing an effective strategic management process is not without challenges within a modern financial institution. Among those are serious cultural and organizational challenges that can work against the development and deployment of an integrated approach to information management. One such challenge is so pervasive and so constraining that it deserves special consideration. Within the broader fabric of corporate culture, there lies a deep cultural rift – a rift that may be more or less pronounced depending on the business mix and particular firm characteristics, but that is almost always material. It is the rift between IT (alternately management information systems, or MIS) and non-IT. This rift has developed over decades, with rapid technological change and exponentially increasing business dependencies on technology as the driving forces. Importantly, the initials IT stand for information technology – something that should be a core competency for a financial institution. But far from being core from an integrated strategic management perspective, business managers and their IT counterparts are often separated culturally to such an extent that they are speaking different languages, both euphemistically and literally. Business executives frequently view their IT organizations with distrust. Common complaints are that their process requirements are opaque, that they do not understand the organization's business objectives, or, worst of all, that they are not motivated by incentives that are aligned with the business strategy.5 On the other side, IT personnel often hold a dim view of the non-IT businessperson's understanding of technology generally, and IT technology in particular. The IT presumption that the business side doesn't understand its own problem, doesn't understand what the solution should be, or simply can't express itself intelligibly, can easily lead to ill-formed plans and projects whose poor outcomes further the distrust, in addition to sapping the resources of the firm. Importantly, the rift reflects the fact that information processing is not viewed as a true core competency within most financial institutions, and that consequently IT is seen as a supporting, or enabling, function – critical yes, but no more so than operating an effective health benefits program (or company cafeteria, for that matter).
The Senior Leadership Component
Senior leadership positions such as chief financial officer or chief credit officer are typically viewed not only as great executives but also as repositories of subject matter expertise and corporate history. The people who hold such positions are expected to understand the entire fabric of their respective organizations thoroughly and often are expected to have personal experience at multiple levels of job seniority. Chief credit officers will invariably have had deep experience in underwriting and workouts over a range of products and markets. Chief financial officers will usually have had deep hands-on experience in preparing and analyzing financial statements, and frequently in auditing financial accounts from different parts of the company. Unfortunately, this deep experience in their respective disciplines is a double-edged sword. As the needs within risk and finance become increasingly dependent on analytics and information processing, these leaders may not have the experience or vision to help shape the data and analytic infrastructure of the firm to enable competitive capabilities to be developed in these key areas.
Contrast this with the chief information officer, chief technology officer, or whatever the C-level executive responsible for IT is called. These leaders are responsible for establishing a forward-looking competitive infrastructure design and overall vision for the firm, and because their peer-level leaders may not have comparable technical depth, that responsibility may be very highly concentrated. As individuals, they have frequently distinguished themselves in general manager roles or within a specific discipline other than IT. But even for those with relatively deep or long-tenured association with IT, how many in the financial services industry actually rose up from within the IT culture? How many have ever personally designed a software application and seen it through each phase of the development process? How many have personally developed a major data processing system? How many have written a single line of production code? Certainly, outside the financial services industry – and not just in the technology space – the answer to all these questions would be: the majority. However, the honest answer within the financial services industry has to be: very few. This shows both the general lack of interest senior managers have in actively managing their companies as information processing companies, and the reason that financial institutions are so challenged by the basic needs and competitive demands that they currently face in this area.
For corporate leaders not directly responsible for IT, the acceleration of technological change within their respective disciplines has been more recent but the vintage effect of the experience base is no less pronounced. For example, 10 years ago almost all chief compliance officers were attorneys and most reported to the general counsel. As compliance risks and regulatory attention evolved toward more systemic information-based areas such as anti-money laundering (AML), customer identification programs (CIP),