Confronted by so much short term political uncertainty and lack of coordination, many systemic risks, particularly in the financial sector and the economy writ large, are going unnoticed. One of the causes of these blind spots is both the presumption of financial safety in the global economy since the Great Recession, while at the same time a general misperception of what makes a financial institution systemic. Since the dust settled from the global financial crisis and the wave of regulation on banking risk have been implemented, questions remain about the likely causes and locations of the next “big one” in finance. This “big one” may very well stem from widely interconnected payroll and data processing firms that are veritable utilities in the global financial system, among other possible points of vulnerability.
As is all too often the case, risk management and, in this instance, financial regulators, have largely addressed yesterday’s threats to the global financial system. Since 2008, the global threat landscape has evolved rapidly and in some insidious ways. For example, in 2008, the concept of a bank’s entire business model being held hostage to ransomware was a distant possibility – and not factored at all in how systemic financial institutions (SIFIs) are governed by the macro-prudential framework. Since then, this threat is not only a very real possibility, as we have seen with the Sony Entertainment cyber-attack, and the numerous named and unnamed hospitals, universities and other organizations that have become the “soft targets” or, better still, the practice range, for increasingly sophisticated exploits. Along these lines, a safer global financial system is one that keeps pace with the accelerating risk-reward trade off in the global economy, while at the same time keeping stock of “feeder” institutions that provide the piping through which capital and data flows. From time to time this global audit needs to shine a light on the seemingly inconsequential areas of the economy to look for critical relationships and organizations that are either too big to fail or, in this case, too interconnected to ignore.