On September 28th, 2003 there was a power failure in large parts of Italy as a result of the interruption of only two power lines. The primarily local blackout led to failures in the central information and communication network which manages the electricity network. These errors led to shutdowns of other power stations which in turn resulted in the switch-off of communication nodes until finally the main part of the Italian power supply collapsed. In analogy to the dependency between electricity network and information and communication network, the financial crisis demonstrated the cross-industry interdependencies that exist between the highly networked banking industry and the value network of the real economy. In contrast to the blackout limited to Italy, the effects of the financial crisis were global.

In both examples it appears that not only individual networks (e.g., electricity networks) are very susceptible to external effects, but that just in case of interdependencies with other networks (information and communication) unexpected effects are possible. In particular, the cascade of errors resulting from these interdependencies may have massive impacts on the participating networks.

In the globally networked economy each individual company is part of a larger network, consisting of a large number of such “interdependent networks”. In the following, we therefore consider a company as part of a “risk network”. Such networks involve very large opportunities, but the companies are also exposed to a corresponding “systemic risk”. In the current discussion, this notion is mainly used in relation to the financial services industry and regulatory interventions. As the starting example indicated, however, its scope can and must be expanded: In our understanding, “systemic risk is at hand if an event that has an influence on an element of a system can have a negative impact on the system as a whole as a result of the dynamic interdependencies between the elements of the system, or if – as a result of the interdependencies between the elements – the impact of several events that influence individual elements overlap in a way that they can have a negative impact on the system as a whole” (Romeike and Hager 2009; translated).

In some industries (e.g., pharmaceutics, aerospace) regulating authorities have taken on comprehensive control and try to identify and prevent systemic risk. In case of the less or – still – inadequately regulated industries (e.g., financial services) and particularly in unregulated industries, which generate the largest part of our gross domestic product, it is necessary for every single company to identify systemic risk on their own and develop appropriate hedging strategies based on that. In order to enable companies to do so, however, it is necessary to create the informational basis for a targeted handling of systemic risk. On the one hand, this refers to the modeling of the risk network. On the other hand, it refers to concepts for the standardized exchange and the presentation of information on the risk and dependence structure within the network. By consciously dealing with dependencies in and between interdependent networks, each company may contribute to the stabilization of the overall risk network.

Now, the question arises which contribution business and information systems engineering (BISE) can make in this context for the stabilization of the entire risk network. To answer this question we must first realize what patterns lead to the occurrence of systemic risk and the resulting crises in the past.

Ultimately, all networks that are prone to systemic risk can be mainly characterized by the following four properties:

  1. 1.

    The networks are complex and not transparent as a result of their product and/or process structures.

  2. 2.

    The actions of central actors in such structures lead to external (domino) effects which may result in damage for third parties – although these are not involved in the actual event.

  3. 3.

    The system is destabilized through strong individual incentives and the use of asymmetric information for individual benefit.

  4. 4.

    Supervision and regulation do not exist, have shortcomings, or are subject to restrictions that prevent effective intervention.

The current financial crisis offers an excellent basis to study how a future occurrence of these four conditions can be identified earlier and how we can respond in an appropriate manner. Therefore, we will discuss and generalize some of the points below using the example of the financial crisis and also address the (possible) role of BISE.

1 Networks Are Complex and not Transparent

Only a few decades ago, the vast majority of financial services was limited to just three roles: investors, debtors, and the bank as an intermediary. This system worked quite well for many decades and was largely stable. Meanwhile, the bank has been replaced by a whole chain of successive financial intermediaries: the lending bank gives loans to another institution which bundles them to securities with those of other banks. This second intermediary passes them over to a third actor who carves the packages of securities and repackages them, probably finances the acquisition through new credits, passes on the emerging securities to a fourth intermediary, etc. until finally the end products arrive at a placing bank and/or their customers. As a result of the described fragmentation, the final products can hardly longer be understood in terms of return, cost, and risk impact. The information has been gradually lost in the multi-stage process.

The solution can only be to create significantly higher transparency. Also in the financial services industry we need transparent product structures in terms of parts lists based on standard taxonomies, i.e., global standards. If a product is passed on to the next actor, it must be accompanied by a standard description of parts lists, which eventually becomes the substructure in a new and more complex product.

The role of BISE here is twofold. On the one hand, IT was involved in the emergence of the problem. Without information technology the fragmentation of the value chain of the financial services industry would not have been possible. On the other hand, BISE is the key to realize an improved, i.e. more transparent representation of products and processes not only in the financial services industry. While more regulated industries with high risk, such as pharmaceuticals and aircraft manufacturers, have already implemented some of these requirements, the large remainder of the economy should follow in its own interest: For example, also the manufacturing sector possibly depends on raw materials or resources over several levels of the value chain, which might become a systemic risk due to an uncertain supply in the future. This also partly requires significant changes to operational product and transaction systems.

2 Actions of Key Actors Result in External (Domino) Effects, Leading to Damage for Third Parties

Network structures are unproblematic and may even reduce risk as long as individual players do not achieve a dominant position. In certain areas of the financial services industry, however, individual actors have attracted so much business that they became indispensable for the stability of the network. A familiar example is the U.S. market for credit default swaps (CDS), in which five actors cover more than 90% of the total business. The failure of one actor leads to such high losses on the opposite sides that these too would tilt like dominoes. This condition is commonly referred to as “system-relevant” or “too big to fail” as (state) interventions in case of failure are usually inevitable.

The solution is to internalize such external effects which emanate from actors that are too big or too networked. This first requires modeling and quantifying the external effects that may become dangerous. On this basis, collaterals of each actor are to be determined (in the financial services industry this may include capital needs, in the power grid these may be possible over- or undercapacities) depending on the extent of potential damage, i.e. ultimately depending on the size and the level of interconnectedness in the defined network.

In addition it is possible to optimize a network: In the power grid, this is done by an already existing overarching control authority (which is, however, not immune to systemic risk as described above). In the financial sector a central counterparty should be established for CDS so that the collapse of a single actor can be buffered.

The tasks of BISE can be derived inversely. First, complex models have to be implemented in the IT systems. This requires appropriate algorithms as well as the infrastructure for the procurement, management, and consolidation of extensive volumes of data. Here, the decision between “realistic enough” and “still manageable” constitutes a balancing act. Second, the calculation of the risk position of a single actor (in the financial services industry, this is the capital need of an individual institution) based on cross-linked risk models will become even more sophisticated than today. Third, new central control instances require high levels of investment in appropriate IT solutions.

3 People Act According to Individual Incentives and Use Asymmetric Information to Their Own Benefit

Employees and managers in customer services and commercial departments of banks partly have substantial variable salary components, which often depend on the generated business volume or the expected margin. This may make them urge customers to conclude a transaction which runs counter to their interests. This danger particularly exists if bonuses paid to consultants and dealers do not depend on the realized long-term success of the customer, but on the anticipated short-term success of the financial services provider. Similarly, a financial services provider may keep options in the books for which the counterparty is its own customer. Then incentives for holding back information and for speculation against the customer arise. Also the owners and shareholders of financial services providers had to face an asymmetric incentive structure in the past: In good times, a dividend is paid out and the market value increases. In bad times, however, there is only a very limited risk of loss since the government will intervene in case of difficulties. On the part of the financial services provider, this leads to incentives to reduce equity and thus increase the risk.

Not only in the financial services industry the consequence of such incentives is that the parties involved force their risk network more and more to the extreme and thus destabilize it. Therefore, the heart of all attempts at a solutions is information: Incentive structures need to be synchronized with the interests of all actors concerned in a noticeable way.

In the financial services industry this may, for example, be achieved by introducing fees for consulting services instead of commissions, by higher fixed and lower variable incomes, by variable incomes depending on realized instead of anticipated profits, or through disbursement of profits in the products generated by the dealer. Proposals to regulatorily separate investment banking and commercial banking are going even further. Regarding the equity investors the same applies as discussed above: Financial actors must no longer be “too big to fail”, the capital of such institutions should be increased accordingly.

The role of BISE in the implementation of new incentives within a company is the provision of new or enhanced dispositive systems. The change from commission to fee consulting, for example, requires new structures of control. All bonus formulas and capital calculations as well as all necessary data need to be included in the IT. In cross-company settings, the synchronization of incentive systems constitutes a special challenge for BISE: In order to avoid systemic risk and yet not to publish any information relevant for competition, new methods for the aggregation and anonymization of risk information with trusted third parties or for secure multi-party computation are required.

4 Supervision and Regulation Do not Exist, Have Shortcomings, or Are Subject to Restrictions

The risks described above are not only known since the current financial crisis. Hence, financial markets are monitored more intensively than many other markets, but apparently not intensively enough. The financial supervision had no mandate to control non-banks in the chain between investors and borrowers, i.e. special purpose vehicles, conduits, and hedge funds. Moreover, it had only a very limited view of the international dependencies. Central banks were under pressure to cut interest rates further and to facilitate budget deficits in order to (supposedly) stimulate growth in the short term. The European Central Bank with its independent position and with its clear mandate for currency stability was able to withstand the pressure without larger problems. For other central banks this was more difficult, especially when the mandate for currency stability was mixed with mandates for economic growth and employment. The fiscal authorities have resorted to deficit financing to an unacceptable level, whether for increased expenditures of the state or for the stimulation of private expenditures, such as home loan financing. Finally, this real economic activator is a key driver of the current financial crisis. For the financial services industry, the necessary solutions are obvious. The legislative body must award a sufficiently broad and deep mandate to the financial market authority. Central banks must focus on the task of stabilizing the monetary value and must not be abused for short-term (assumed) growth interests. Fiscal authorities must be slowed significantly in debt financing.

However, increased supervision and regulation is not appropriate for every industry and certainly is not the only instrument. In addition or as an alternative, a cross-company data exchange within the risk network must ensure that each individual company is able to identify systemic risk without forcing every individual market participant to immediately reveal competitive information.

To address these tasks, BISE with its interdisciplinary nature plays a prominent role. BISE can provide the framework to make the complexity of a risk network recognizable and manageable. With its modeling competence, BISE is particularly well suited to develop methods and concepts for modeling a risk network and for identifying system-relevant threatening scenarios. Here, BISE can resort to established methods of network theory and behavioral finance. Moreover, it is only possible to create the informational foundation by means of the appropriate design and control of the information flow and standardized data exchange formats in order to develop suitable hedging strategies across companies. Hence, one future task of BISE might be the creation of information architecture for the detection of and verification architecture for the avoidance of systemic risks in interdependent networks. Here, the experience from past systemic crises, such as the current financial and economic crisis, can be applied to other industries and other types of dependencies.

If BISE can achieve to equip companies with the information necessary for the detection and prevention of systemic risk, then these companies will stabilize not only themselves in a future crisis but our economy as a whole.Footnote 1

Hans Ulrich Buhl

Hans-Gert Penzel