Five Lessons Business can Learn from the NYSE “glitch”

Share Your Thoughts: Facebooktwittergoogle_pluslinkedin

This article discusses how the New York Stock Exchange mishandled a Business Crisis-Risk™ so poorly it brought hysteria to the market place, exposed the ineptitude of senior management and their business crisis incident response plans, and more important and of more consequence, exposed the antiquated business model that NYSE has spent millions of dollars in public relations to defend.

NYSE-shut-down cyberattackBusiness readers maybe well aware of what happened on July 8, 2015 at the New York Stock Exchange.  Depending on the news source you rely upon, you may believe that the NYSE was not trading for several hours due to a computer problem which may have been the result of a cyber-breach.  Many news organizations repeated this story, and some brought on cyber ‘experts’ who highlighted a tweet sent the night before by the hacking group “anonymous” predicting a bad day on wall street.  This fit neatly into a story line which started with the United Airlines ground stop due to a “computer router glitch” and the Wall Street Journal’s website homepage experiencing “technical difficulties”  – all simultaneous with the NYSE’s problem. The truth though, was not as spectacular; the NYSE failure was nothing as dramatic as a coordinated cyber breach, but rather was the result of a self-inflicted disaster due to the poor management of a Business Crisis-Risk™ (BCR). 

A BCR is a risk which is inherent in the structural, functional or operational aspects of an organization.  In NYSE’s case it was a BCR businesses can face at any time.  As CFO of a public company, I faced the same BCR five times during my career, and each time something unexpected happened it was attributed to a computer system upgrade.

Wednesday July 8, 2015 was going to be a heavy trading day:  the Federal Reserve minutes were being released giving an indication of when the FED would raise interest rates; Greece was in the midst of defaulting on their debt and discussing an exit from the Euro Currency, and the Chinese Stock market had been falling more than 30% over the prior week.  The investment eyes were focused on the stock exchanges, and although no longer the largest exchange, the NYSE is the most popular.  

‘All of the major business networks have correspondents on the floor of the NYSE; given this media exposure, why would the senior leadership of NYSE conduct a system upgrade on Tuesday night and go live at the opening bell?  I can only speculate based upon the NYSE’s own press release: that this was a ‘roll-out of a software release’ and ‘customer gateways were not loaded with the proper configuration compatible with the new release’, not an emergency fix. Why then would the NYSE expose the organization to this risk on a busy trading day, and more important, why didn’t they have an incident response plan if the conversion did not go smoothly?

A quick NYSE tutorial:

Unlike the NASDAQ and other computerized markets, the NYSE uses “Market Specialists” to provide additional information regarding trading activity and news to other members of the exchange.  More important, if there is an order imbalance, they step in and use their own money, buying or selling shares to create an orderly market. These are the people in colored jackets and large badges that we have seen in images of the trading floor.  I have visited the floor of the exchange several times and it is an exciting place.

NYSEHaltsTradingThe Specialists have a language all of their own; they walk up to a booth and shout “4 by 400 on the mark” and a young associate types into a machine, recognizing the broker’s brokerage firm by the colored smock and badge number, executing the order as the person walks away.

As a CFO, I would receive calls from the Market Specialist on the floor if unusual trading was occurring on my company’s stock.  In ‘the old days,’ this was the way most of the volume was transacted on the NYSE, and provided better information and better pricing for investors (known as tighter spreads).  As markets became more automated, more volume ran through computerized systems based on algorithms; the NYSE developed their own computerized system, much to the disappointment of the Market Specialists – Archipelago (ARCA).  Soon, gone were many of the Specialists, those little pieces of paper that littered the floor were replaced by fewer specialists who now walk around with tablets. They no longer yell as much as pound on their tablets, but still provide additional information to those brokerage houses that have purchased a seat on the NYSE.  

NASDAQ is fully computerized: there is no trading floor, only analysts (located in Maryland), who watch and report stock activity. The NASDAQ has ‘market makers’ who will provide liquidity, but for the most part, this is done by automated trades.

In the battle of the stock markets, the NYSE has maintained that these Specialists were a competitive advantage and a reason why companies should list on their exchange.  A few years ago, during a computer outage at the NASDAQ, NYSE touted their Specialists as an important part of an orderly market, a human back-up system, in a kind of ‘see I told you so’ moment.  Their blunder last week exposed the need for Specialists as fallacy, and undercut their competitive advantage.

The computer conversion problem had an impact specifically on the specialists and their ability to execute trades.  Since the cameras of the media were on those people in jackets and badges, standing in booths staring at frozen, flat-paneled screens, it appeared that the NYSE was not trading.  Many major news networks used that image and connected random dots to create a nexus with United Airlines and the WSJ, ignoring that millions of stock transactions were still occurring on NYSE listed shares.

The NYSE bound trades were being re-routed through ARCA, so in fact the NYSE was trading their listed companies’ stock, but not through the Specialists but through the other exchanges And why is that we did not hear that?  Former New York City Mayor Rudy Giuliani said it best when he slammed New York Stock Exchange (NYSE) officials for their “atrocious” handling of the temporary shutdown of trading. “The biggest problem here is they’re not explaining it. … The crisis management here is atrocious,” Giuliani said on Fox Business Network’s “Cavuto: Coast to Coast.”

During the event, NYSE President Thomas Farley was not visible.  Giuliani contrasted this to past disruptions where Former CEO Dick Grasso was highly visible.  In fact, when Farley finally gave a news interview, he spoke only to one network, CNBC, quite likely because they lease the most amount of space on the floor of the Exchange.  He ignored Fox, who owns the Wall Street Journal, Dow Jones, Fox Business News, Fox News and Market Watch omissions something that did not go unnoticed.

The failure of the NYSE to have an effective Crisis Management Plan, with message mapping and pre-written scripts, is inexcusable.  The lack of cogent communications – or as Giuliani said “[Their] statement is a rather useless statement. It means nothing. It’s gobbledygook. Crisis management 101 — you give out specific information as soon as you can. … They must know something.”

So what did NYSE senior management do wrong and what can you learn?

1.    All computer system conversions, of any magnitude, carry a degree of risk.  This business risk needs to be ameliorated; most system conversions are performed during slow periods and tested prior to roll out.  Business Crisis-Risk™ and the Business Crisis Predictive Diagnostic Model™ provides a way to measure and manage any business risk, including computer conversions and cyber breach.

2.    When a crisis occurs, your plan designates a General and a Spokesperson.  Visibility, clear messaging and a commitment to clear and honest communication are to be the touchstone.  Remember, half of everything you learn in the beginning of a crisis is wrong.  In fraud investigations, we ‘work from what we know to what we don’t know.’ In a crisis it’s OK to say ‘you don’t know all the facts’, clarifying that when all facts are known, they will be communicated.

3.     When you’re communicating, don’t play favorites!  The stakeholders — media, customers, suppliers, and bankers have long memories.  By granting only selected interviews, getting out a common message was made more difficult for the NYSE, and this approach strained relationships to many of the groups who pay NYSE for their data.  When you have a business crisis, the Board of Directors, lenders, and others impacted must be kept informed.  Holding back all information ‘until all facts are known’ will not serve you well in the long run.

4.    The Business Crisis Predictive Diagnostic Model™ tells us that Business Crisis-Risks™ can cascade into additional and more complicated and urgent risks. The system conversion failure highlighted the flaws in the Market Specialists model; the business model of humans executing trades at the NYSE was brought into question.  Competing markets will use this crisis against the NYSE and exploit it in new listings competition.  Had the NYSE contained the messaging of the system conversion failure, noted that stocks were still trading, and announced a review of the system conversion process, the media would have moved on more quickly. In a business crisis, speed is quality. You can only achieve speed if you have a Business Crisis-Risk™ plan which has been drafted and tested.  We have conducted table-top exercises for cyber breach, product recall, executive ‘bad acts’ (fraud/ sexual harassment) and many more, and in each case, new insights were gained into plan improvement.

5.    Sometimes customers (rightly) think, if you can’t handle something small, how will you handle something big? The operational Business Crisis-Risk™ of the NYSE’s failed systems conversion and poor response lead many to ask: What would they have done if this was a cyber-breach event? If your company can’t do the little things well, your customers will never entrust more business to you.  That is why tackling operational, functional and structural risks — when they are minimal — is so important. Most executives fall into what I call “compliance compliancy” whereby a checklist or delegation to others mitigates the risk in the eyes of management.  It is only when there is a plan in place ‘just in case we’re wrong’ that the risk is truly mitigated.

The NYSE taught us several lessons: for the NYSE and their owners The Intercontinental Exchange, Inc., the lessons will be on-going.  If your company has not performed a Business Crisis-Risk™ assessment using the tools of the Business Crisis Predictive Diagnostic Model™ in addition to any Enterprise Risk Management assessments, you are susceptible to the same failures.  The resulting Comprehensive Business Crisis Incident Response and Management Plan will be the road map for you and your Board of Directors when tomorrows crisis becomes today’s.

Share Your Thoughts: Facebooktwittergoogle_pluslinkedin

HOW CAN WE HELP YOU?