Friday, September 19, 2014

This Week in Bank Failures

Among the major players feeling politically bruised after the Scotland referendum are two of the largest banks in Scotland, Royal Bank of Scotland (RBS) and Lloyds Bank. During the lead-up to the referendum, both banks told the world that they weren’t really Scottish and would be pulling operations out of Scotland if the result of the referendum was a Yes vote for independence for Scotland. It was perhaps not the most tactful thing to say to their Scottish customers. Now after the No vote, as the two banks brace themselves for the inevitable backlash along with further political adjustments that London has not worked out yet, neither bank has been willing to commit to continuing any of its operations in Scotland. This wishy-washy behavior is not living up to the image of stability that people usually expect from banks. Indeed, Scottish consumers and businesses now have a growing list of reasons to doubt the sincerity of the two banks, ranging from their dubious balance sheets to the now very real chance that they might leave Scotland altogether. But if customers cannot trust the banks, that gives the banks all the more reason not to trust the customers. It’s a vicious circle that in the end might force the banks to close in Scotland, regardless of what their other analysis might eventually conclude.

One of the reasons the Scotland independence question was rejected was the lack of a banking system in Scotland. Strike out the London banks that operate in Scotland and there is essentially nothing left. With no real banking system to back it up, the Scotland independence concept lacked credibility among voters, particularly among retirees. The government of Scotland also needs a bank it can rely on for its own operations. It is a situation that seems to call for one major home-grown Scottish bank, though it is an open question how such a bank can be formed and funded.

In the United States, a Royal Bank of Scotland subsidiary is preparing for its IPO. Citizens Bank (until recently, RBS Citizens Bank) hopes to raise $4 billion in the IPO next week, allowing RBS to eventually sell off its U.S. operations entirely for $14 billion. It’s money the parent bank needs to shore up its balance sheet.

Home Depot estimates that 56 million credit card numbers used by customers for in-store purchases in the United States and Canada were leaked by sophisticated malware installed on the store’s internal network. That makes the scale of the data loss comparable to that of the December incident at Target. Home Depot had the same software flaw that Target had, of sending unencrypted transaction data around its internal network, as if merely having an internal network was security enough. In some ways Home Depot’s response might be considered worse than that of Target, as Home Depot continued this high-risk practice even after seeing the damage that it had caused at Target. I imagine there must be other retail chains that are continuing to do the exact same thing, putting their customers’ cards similarly at risk. In a few more months we will find out who some of these other retailers are when their own data leaks, which for all we know are already underway, are disclosed. It is a sign of how close to the edge the transaction-processing industry is that these problems are considered too expensive to fix until after actual harm has been done.