The recent, well documented troubles at Knight Capital stemming from a computer error on August 1st cost the company millions of dollars. The incident demonstrated that the consequences arising from operational risk can undermine a company faster than the people responsible for managing the risk can reign it in.
The real-life scenario resembles a simulated scenario that was part of the Quantum Dawn exercise conducted by Cyber Strategies nine months before the Knight Capital incident. In the Knight incident, trading software flooded markets by multiplying trades by 1000 times at the opening bell on August 1st. In the Quantum Dawn simulation, an institutional investor lost control of its order management system, resulting in a flood of “suspicious” trades that passed through multiple brokers and exchanges. Participants in the exercise became aware of the suspicious trading, and had to make difficult decisions in real time. Brokers had to choose between executing trades that might later be cancelled or refusing large numbers of orders because some of them might be corrupted.
Whether caused by malicious attack or inadvertent software errors, the risks of operational incidents go well beyond our ability to imagine the consequences. And while we look to improve software and systems involved in trade execution, clearing, and settlement, it is the human response to future incidents that will determine which companies survive. Exercising the decision makers responsible for handling these inevitable incidents may prove to be as important as investing in software testing.