How spreadsheets (nearly) conquered and killed the financial industry

Would you trust millions on an Excel formula?


In my first job out of college I worked at a timesharing firm. For those of you who don’t know, timesharing, whose heyday was in the late 1970s, allowed companies to use large mainframe-based systems without themselves having to purchase these huge computers and hire an army of support staff.

Once signed up, a company shares a multitasking mainframe machine with hundreds of other customers, giving each user, seated at a dumb terminal, the illusion of being connected to his or her own personal mainframe.

For this, customers would pay towards development and support costs for the systems and, more importantly, cough up for usage costs based on the number of processor minutes they clocked each month. This was a very profitable business — until the advent of the PC and desktop computing.

The eventual fate of my employer became clear to me after one colleague left the company: he ported the huge, wildly complicated accounting system that cost one of our clients tens of thousands of dollars a month in usage and maintenance costs to ... a VisiCalc spreadsheet running on an Apple II.

To our former customer, this meant instant savings of a good half-million dollars a year. Mainframes, even for companies that owned their own, became dinosaurs almost overnight. They were massively big, expensive, lumbering machines that despite their size still couldn’t do many of the things a PC could.

The advent of the client-server model (to run systems that were too large for a desktop machine, or had to support many users) meant a tiny step back in the direction of the terminal, but desktop computing had nevertheless firmly taken hold. In the investment banking business where I worked, the spreadsheet was a magical thing whose arrival happened to coincide with the rise of super-sophisticated financial products.

VisiCalc: Those were the days...

With VisiCalc (and later Lotus 1-2-3, and later still Excel), traders could bang out prices and work through complex scenarios whenever the mood hit them, and without any assistance from developers. By the 1990s, spreadsheets were as important a part of traders’ lives as desk calculators had been a couple of decades earlier. Today, it’s inconceivable for a trader, especially someone on a derivatives desk, not to have advanced knowledge of Excel. Some traders go much deeper than that, to the point of having Visual Basic skills on par with a mid-level developer.

While the most difficult spreadsheets are now built by dedicated development and quantitative analyst teams, trading desks are more or less in charge when it comes to the daily management of their Excel libraries. Having direct control over the “calculators” they use means traders don’t need to put in a formal request for every minor formula-tweak they need implemented, or every slight change to the scenarios they want to run, and then wait for someone else to implement it — a process that would make much of their day-to-day work impossible given the speed of market movements.

A well-designed spreadsheet leaves plenty of room for users to fine tune it on their own as new kinds of deals are negotiated and trading conditions shift. And of course, many spreadsheets are built and maintained by traders with no assistance at all. Still, there will always be times when a requirement is complex enough that it calls for a change to the underlying code by a full-time quant or tech team. However, considering that speed is of the essence even when traders can’t implement sheet changes themselves, the rules for formal “change management” are generally far more lax for spreadsheet work.

The bad old days of change management

Anyone who has worked for even a medium-sized financial firm knows that pushing through changes to a production system at these companies can be enough to send you over the edge. In the worst case I’ve seen, the process entailed, at a minimum, filling out a web-based form, submitting your change request to a long line of managers (every one of whom had to approve it, in turn), and sitting in on a conference call to discuss the change and get it cleared by the production-support team. If your change had to go live on a Friday evening, it had to be approved on the previous Wednesday’s conference call.

This process was mandatory for all changes, no matter how trivial. The web form was literally the most complex I’ve ever come across, so filled with arcane codes and cross-references that I never saw anyone go through the process from scratch; standard practice was to take the form you’d submitted on some previous occasion and update the relevant fields to reflect this week’s change.

That previous change form was based on an earlier one, and so on back to some primordial request page that an unknown, intrepid developer had filled out in the distant past. Requiring your change to go through the full chain of approving managers was semi-pointless, since many of them were so senior they had no idea what the change was about, or worked in an entirely different area of the firm, and as a result automatically pushed the APPROVE button.

Nevertheless, these managers had to be chased down if they’d been too lazy or busy to approve your change as the deadline approached. Then there was the chance that one of them was on holiday, or that you’d missed filling in one of the form’s forty fields, or any number of other problems.

Similar topics


Other stories you might like

  • Will this be one of the world's first RISC-V laptops?
    A sneak peek at a notebook that could be revealed this year

    Pic As Apple and Qualcomm push for more Arm adoption in the notebook space, we have come across a photo of what could become one of the world's first laptops to use the open-source RISC-V instruction set architecture.

    In an interview with The Register, Calista Redmond, CEO of RISC-V International, signaled we will see a RISC-V laptop revealed sometime this year as the ISA's governing body works to garner more financial and development support from large companies.

    It turns out Philipp Tomsich, chair of RISC-V International's software committee, dangled a photo of what could likely be the laptop in question earlier this month in front of RISC-V Week attendees in Paris.

    Continue reading
  • Did ID.me hoodwink Americans with IRS facial-recognition tech, senators ask
    Biz tells us: Won't someone please think of the ... fraud we've stopped

    Democrat senators want the FTC to investigate "evidence of deceptive statements" made by ID.me regarding the facial-recognition technology it controversially built for Uncle Sam.

    ID.me made headlines this year when the IRS said US taxpayers would have to enroll in the startup's facial-recognition system to access their tax records in the future. After a public backlash, the IRS reconsidered its plans, and said taxpayers could choose non-biometric methods to verify their identity with the agency online.

    Just before the IRS controversy, ID.me said it uses one-to-one face comparisons. "Our one-to-one face match is comparable to taking a selfie to unlock a smartphone. ID.me does not use one-to-many facial recognition, which is more complex and problematic. Further, privacy is core to our mission and we do not sell the personal information of our users," it said in January.

    Continue reading
  • Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
    Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

    Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.

    In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February after the crooks publicly sided with Russia during the illegal invasion of Ukraine.

    What Prodaft found was a gang sitting on assets worth hundreds of millions of dollars funneled from multiple sophisticated malware variants. Wizard Spider, we're told, runs as a business with a complex network of subgroups and teams that target specific types of software, and has associations with other well-known miscreants, including those behind REvil and Qbot (also known as Qakbot or Pinkslipbot).

    Continue reading

Biting the hand that feeds IT © 1998–2022