It wasn't uncommon for big-bank ceos to talk about the importance of IT to their operations--at least, back when they still had operations worth talking about.
They hired top CIOs, integrated them closely with the business and paid them CFO-level salaries. And why not? Banks pushed electronic representations of money around the world via lightning-fast networks and powerful computers, calculating risk, interest and profit with every transaction. In this way, financial firms sometimes resemble IT companies with a clever marketing twist.
So, if IT was so important, was it part of the problem? Could better IT have saved Citigroup, the financial-services supermarket that's now being sold off in parts, or the Wall Street firms that crumbled?
At Citigroup, many blame former CEO Sandy Weill for inadequate tech spending and integration of acquired companies. And the issues go far beyond routine business performance.
"Information technology by itself could have done nothing," says Douglas McKibben, research vice president of banking at Gartner Industry Advisory Services. "But IT plays a very important and proactive role in risk management, and it supports the business efforts to understand risk exposure."
Citigroup went on a mergers-and-acquisitions tear in the last decade, but information systems were never sufficiently integrated. CEO Vikram Pandit admitted that each of the businesses was operating with its own back office. According to Bloomberg News, Pandit told investors and analysts last May that Citigroup had "140,000 people in IT and operations ... 16 database standards ... 25,000 developers. This results not only in waste, but doesn't give us any opportunity to leverage our organization."
There are a couple of different things Pandit probably meant by "leverage our organization." For one thing, Citigroup failed to achieve the coveted "single view of the customer," which would have enabled its far-flung branches and businesses to bundle its products and services. But it's likely that Pandit was also referring to achieving the slightly lesser-known "single view of the operational risk profile for a humungous global bank investing in complex financial derivatives."
A comprehensive view of risk across the enterprise could have raised the necessary red flags. In this way, IT could have at least mitigated the damage. However, for that risk analysis to make a difference, decision makers would have had to trust it and act on it.
McKibben believes that processes and operations on Wall Street are more to blame than IT for the financial meltdown. Trading risky mortgage-backed securities had little to do with IT systems--it had to do with a failure of operational oversight. But going forward, IT will have a critical role to play in preventing this kind of widespread failure from happening again.
For one thing, good enterprise risk management requires a holistic view of the enterprise. Standardized data input from across business lines and geographies is critical for any global business.
In this way, IT can force fiscal rigor by requiring that each transaction include complete data that passes a certain risk threshold. Linking risk data with other information--such as compliance, revenue and customer data--is also important.
Perhaps nothing could have saved Citigroup once it joined the feeding frenzy that drew in so many other banks. But with better visibility and reliable risk data, perhaps we won't have to feel this kind of pain again for at least a few years.