That lack of integration was ironic. The Gramm-Leach-Bliley Act of 1999, which removed the Depression-era prohibition against financial institutions conducting banking, investment banking, and insurance services under one roof, often takes the rap for enabling the mortgage-backed securities disaster that brought the world financial system to its knees. In truth, as huge companies like Citicorp raced to embrace this profitable triple threat, they never really integrated their operations, so the supersized risks of their new, supersized business avoided radar detection.
"The financial giants were particularly vulnerable," says Skip, "because their scale made it impossible to understand their own risk. I'm not saying that greed was not apparent. But had those kinds of black-and-white risks been irrefutable, things might have gone very differently."
According to Skip, Citicorp had multiple, nonintegrated risk management systems and multiple general ledgers that did not roll up neatly to one reporting engine at any level of detail. It was easy to ignore risk at the macro level because the bank's portfolio could not be aggregated into a single data federation or warehouse. Skip speculates that if company executives had recognized their exposure to a fast decline in the value of retail mortgages, they might have shed some of those assets prior to the meltdown -- or at the least, Citigroup's contribution to the meltdown would have been significantly smaller.
According to Skip, a number of architects saw the risk, very likely before anyone else did. "Maybe architects are supposed to be the canary in the coal mine. It's their job to solve the impedance mismatch between business and technology. Many knew that, hey, this isn't as good as it should be."
It's part of an architect's job to talk to all kinds of people who administer business-critical systems. In January, Skip got advance warning into how bad the situation at Citicorp had gotten. "I was talking to a guy in the commercial bank and he told me point blank: 'We have not sold a mortgage since August.' Car loans were down by half. I knew then this much bigger than I'd realized." The writing was on the wall. Skip got out before the mass layoffs.
Today, Skip has made the transition from SOA advocate to cloud service provider, a business idea inspired by the health care IT challenges he encountered as vice president for technology architecture at Kaiser Permanente. HIPAA Box tackles a complex problem: backing up medical data for providers of all sizes, from clinics to hospital networks, while maintaining strong security and privacy protection. Under the hood, HIPAA Box is pretty sophisticated stuff, with agents that run on customer servers to enable a rule-based, federated backup that links distributed data and keeps it coherent.
The value proposition for health care providers, though, is simple: peace of mind that -- in relation to their data, at least -- HIPAA compliance is under control.
In the future, let's all hope the financial services industry seeks a similar sense of equanimity rather than blindly inflating another bubble. If they have any questions about that, they should talk to their architects.