In Pursuit of a Simpler Solution

The increasing complexity of financial markets can leave them prone to flash crashes and system outages, as well as make them targets for cyberattacks.


Catastrophic risks are not new to the 21st century, but the explanatory literature has certainly exploded, and complexity is a common theme. A case in point: Richard Bookstaber’s A Demon of Our Own Design, a 2007 book that exposed the hazards of financial innovation in part by citing sociologist Charles Perrow’s 1984 (updated 1999) Normal Accidents on technological complexity and how it outruns engineers’ ability to prevent breakdowns.

Austria-based mathematician John Casti synthesizes much of the contemporary theorizing about complex systems and extreme tail events — and our technology-dependent society’s palpable sense of foreboding — in X-Events: Complexity Overload and the Collapse of Everything. “What we really want to know is how such surprises [X-events, or black swans] come about and what we can do to either prevent them or at least prepare for and mitigate their adverse consequences,” Casti writes.

That’s easier said than done, even after 300 pages on X-events and three more years of academic studies and practical refinements of risk management techniques. Coastal communities have taken steps to be better prepared for the next superstorm or tsunami. Have financial institutions and markets achieved the same in anticipation of the next systemic meltdown — which is as likely to be technologically as it is economically caused?

There is no more tangible and transparent case study of system robustness than the one that unfolds daily in the financial world. Online service outages, cyberattacks, flash crashes and exchange downtime all become fodder for the news media and — from the boardroom point of view — headline risks, capable of wreaking reputational and macroeconomic havoc beyond the costs borne by any individual firm.

“The need to strengthen the security and resilience of our financial markets against cyberattacks and technological failures is clear,” Commodity Futures Trading Commission chair Timothy Massad said in a September speech, signaling newfound regulatory attention to “system safeguards.”

The assurance Massad and others seek is elusive because finance is rife with complexity. Banks wrestle every day with older, legacy technologies that are not a natural fit with mobile and cloud computing innovations. The process of migrating from old to new is an operational risk in itself, as more than a few market participants have learned after software upgrades went awry. What’s more, industry players rely on a slew of payment, trading, processing and settlement infrastructures that are highly interconnected or tightly coupled, meaning that they have to be fortified against the possibility of contagion. As Massad explained it, “A failure in one institution can have significant repercussions throughout the system.”

For a handle on how the industry got into this fix, ask a technologist. Simon Paris, president and chief sales officer of financial technology software leader Misys reels off some root causes: multiplicity of systems, rising transaction volumes and, amid relentless pressure to compete and innovate as cost-efficiently as possible, “human creativity putting new demand on systems.”

Traders grapple with fragmentation of liquidity, but technical or product fragmentation is also a cost and risk concern, says Steve Woodyatt, CEO of London-based market-access technology company Object Trading. He observes “great variability” across market venue operations, to which trading firms must adjust, and warns that “you don’t have to be the biggest player to suffer from an error with catastrophic market impact.”

Such logical solutions as simplifying complexity and enhancing resilience are as daunting as they are obvious — at least in the near term. Paris contends that “marketplaces have to be industrialized” with streamlined IT infrastructures like those often found in the manufacturing, energy and consumer goods sectors. Paris and Woodyatt agree that change management capabilities will be as critical as any IT decisions.

Consultant Brian Walker, co-author of a recent Accenture report on resilience and cyberrisks, sees a silver lining: Technologies that compound complexity can also inhibit massive breakdowns because “there is no single point of failure.” Skills, controls and governance that “institutionalize resilience” are key, he says. Financial services may be just the industry to show the way.