I am sure by now everyone in banking is aware of the almost unfathomable payment processing error that occurred at Citibank in August 2020. $900 million in loan payments were erroneously transferred out of the bank. If you would like to read the details of what occurred, the court documents provide the process, step by step. This year the court ruled the payments were not recoverable. Ouch! I am sure this isn’t over yet, there’s too much at stake.
Citi has a “6 eyes” approval protocol for significant transactions, meaning three people had to sign off on the transactions before completion. Even with that level of oversight it became one of the most significant banking errors in history.
The software performed as designed. Although based on what little is apparent in the court documents it is somewhat clunky and not all that intuitive. Were the employees not trained properly? That is a very good question. If they were not, then the lack of training was pervasive as three people approved the transactions before they were processed. Regardless, this supports the need for a very well trained staff that works with your core solution. Take advantage of every training opportunity.
Software that is not intuitive is, unfortunately, much too pervasive. Some transactions and functions are needlessly complex. Some take multiple days to complete. While it is highly doubtful that a community-based financial institution will have a situation as complex as Citibank did, there are similar areas of concern. Many times I will hear a client refer to “work arounds” or “tricking the system”, internally developed procedures to compensate for inadequate or inflexible core processing functions. Most of this code has been around for decades — why there continues to be “work arounds” is beyond me. There is no reason for that. For every “work around” that exists in your operation (usually in loan operations, but not always), there exists the possibility of erroneous transactions impairing your customers’ and your institution’s financial position. No different than Citibank’s loan payments error, albeit not nearly as large.
As stated within the court documents “In short, although the mistake that gave rise to this case may be the proverbial Black Swan event, and the risk of a re-occurrence may therefore be small, the banking industry could — and would be wise to — eliminate the risk altogether by taking these or similarly modest steps.”
What can the banking industry do? Most of the industry relies on third party software. What can your institution do to reduce risk? First of all, perform an audit to determine every “work around” in your operations. Then discuss each one with your technology vendor. Determine if there is a training issue that is the cause or if software modifications are needed. If training is the issue, that is easily corrected. Do not skimp on training, ever. If software development is required, assuming the tech vendor is cooperative, it may take a while. But remember, until corrected every “work around” has risk attached to it. Sometimes even 6 eyes are not enough. Its 2021, software controls your institution, this should not be occurring. If there is push back from your software vendor, I would enjoy a discussion with you on that subject.
About the Author