All of the banter surrounding Facebook’s IPO has reminded me of what I’ve been “preaching” for years. And, repetitious as it may be in my mind, I’m wondering if anyone is listening.
In light of the play-by-play discussion of the Facebook fiasco, as shared with us by writer Rodrigo Campos’ Business Insider article: Here’s How NASDAQ Screwed Up The Facebook, I’m thinking there may be a few more people who have open ears.
Play by play is right! This is concerning, on several levels, to say the least. I’m here to talk about the technology piece and measures that seem to be missing, in identifying issues before they occur.
As an IT specialist in the financial industry, having experience in creating conduits between portfolio data and Bloomberg portfolio uploads, integrating Reuters systems, as well as electronic trading platforms, for data and accurate trading systems, by the millisecond, I can say, I’m not surprised by the fiasco.
The Problem
For a long time, the view into the “systems” side of trading has had me concerned. Oh, there are experts out there, and hey, I pat you on the back! But, I have noticed how much attention is spent auditing trading compliance aspect, and yet, there doesn’t seem to be as much attention to the technology side of the trading.
Granted, I have only been through a few audits, officially, compared to my counterparts, but I have noticed a common thread with outside auditors, including the Securities and Exchange Commission. It seems that there are no “technology specialists” sent in for those audits. It is my belief that that is needed!
I have a “wish list” of the basics for the auditors. This isn’t going really deep, like it should, but just the basics. Why so basic? We can’t delve too deep into the identification of the technology issues if we don’t, first, have the basics covered. So, let’s address those.
Need to Know: Basic Technology
Oh, I think they “think” that they may know technology. But, I have found the auditors to be lacking in the area of knowledge of technology that would help them to identify problems BEFORE they happen.
There was a time when an auditor had difficulty opening his email. I wanted to be kind, so I thought I’d help the guy out. Well, he didn’t want to admit that he needed help, so instead, he called his help desk. Mind you, instead of auditing, we are taking up time calling our auditor-help-desk-central here. And, He still couldn’t figure it out, and for whatever reason, his company help desk was unable to get him past his difficulty. By the way, I had already identified his issue, the training that he would need, and would have been able to help him out in less than 15 minutes. Instead, he asked me to take a 30 minute workaround for him, spending my time to accommodate his lack of knowledge, as well as the audit firm’s lack of knowledge, not including the wasted time he had already spent trying to solve something related to basic email checking.
Why do I I tell you this story? I am relaying this story to illustrate how important it is to have the basic technology covered before the audit. Please auditors, send at least one technology-capable person with the team, for the basic technology things, like checking email. We, as clients, and professionals in the trading industry don’t have time to wait for you to learn what should have been covered, on your own time, before you walked through our doors to audit us.
Need to Know: Who To Talk To
It is not unusual for an auditor to think that looking at a server room qualifies as seeing that a disaster recovery plan works. Excuse me, but seeing that the power is on means that our trading systems backbone is working well? Forget the disaster recovery part of the equation, I would hate to think that the safety of our money, as investors, and that the knowledge of what trading is occurring when, and how, and whether or not the trades are going through at all is based on a little green LED light!
So, when the auditor comes into an office, they need to know who to talk to. My recommendation is that the auditor speak to the person in charge of technology, not the secretary or even the CEO, but straight to the source. If the company does not have a technology specialist, ask them to call in their IT contractor, or whoever handles their servers. If they don’t have anyone, they need to find someone! The auditor should ask them who they call if their systems go down. Let’s hope the company has enough sense to employ not only a technology specialist, but a financial industry technology specialist. If the company does not have such a person, the auditor should make note of it and check back for a follow-up audit with the company. Despite the great selling tactics of the CEO, it is unlikely that he or she really knows how the systems work for trading platforms, and worse yet, a good-looking server room does not mean that data is safe, let alone traversing the systems accurately.
Need to Know: What is Behind the Black Curtain
Probably one of the most frustrating things is how easy it would be to hide things from auditors. Assuming that an audit company or SEC sends in people who understand basic technology (like checking their email) and they ask for the right person to talk to (financial industry technology specialist), are they sure they are getting it straight?
There may be two reasons that something, technology-wise, is hidden:
- The technologist doesn’t have a full understanding of the financial industry and/or technology to support it and has made an “honest” mistake, that, if not corrected would be detrimental.
- The technologist does know what he or she is doing, but has hidden it, or “talked around it” so that it is not readily disclosed. This may not be technically dishonest, but it could still be devastating in a systems failure.
It is beyond the scope of this article to explain all the ways that an auditor could be fooled, whether intentionally or unintentionally, by the hidden technology secrets behind the black curtain, but suffice it to say that it easier than a snap of the fingers to fool the auditors, especially if they do not follow the first two wish list items, above, with having a basic knowledge and talking to the right person.
My recommendation is to have the auditors employ an IT specialist of their own who not only understands technology, but specifically, trading systems and how data transverses throughout the systems, including security, performance, disaster recovery, DR testing, to name a very few. This IT specialist does not have to be present at one company for the entire length of the audit, but can be a part of several teams of auditors, fulfilling this very specific role in a targetted and thorough capacity.
If NASDAQ had ensured that they had such a team of IT Specialists on board to test the capacity of trades, and then tested for MORE capacity, preparing correctly for Facebook’s IPO, would they have had the millisecond delays that tumbled on top of each other, trying to play catch-up, after the fact, and costing companies millions of dollars? Hey, I’m all for my own advice if it only saves a few thousands dollars, let alone millions! How about you?
