Friends & Colleagues,
Happy Thanksgiving. Hopefully everyone had a relaxing and enjoyable day on Thursday. We walked downtown for the parade — floats, bands and clowns. Enjoy the normal sized weekend that remains after Thanksgiving and hopefully everyone is getting in the Christmas spirit. Meredith, Tess and I are excited to be in Detroit and feeling more and more at home each day. Hope all is well with you and yours. Less than 30 days till Christmas.
This week we look at:
- Cybersecurity and vendor management (Of Interest)
- Trump and tech community (A Look Ahead)
- Upcoming HUD Appointment (Got Me Thinking)
Of Interest: In the same week that a regulator announced action against Lincoln Financial for cybersecurity and vendor management failures, HUD announced a breach of its own.
According to reports, HUD exposed private data for almost 500,000 consumers. The two breaches occurred in August and September of this year. It appears to be a minor issue (last name, last 4 digits of SSN and housing address) without any use of the exposed data yet.
We are all familiar with these stories by now and the HUD story barely made headlines. The reason I thought it was important to include the SEC order against Lincoln Financial is that the language of the order is textbook vendor management and cybersecurity. In other words, how SEC determined Lincoln Financial should have acted between 2011–2015 is exactly the expectation CFPB has for all financial services firms today. Firms must conduct robust vendor management particularly in the area of cybersecurity. What’s interesting here is Lincoln Financial had a vendor establishing firewalls & other protections but did not require the ability to select/approve the firewall or oversee the ongoing upkeep. Just asking for a firewall was not enough (admittedly, in part because a breach did ultimately occur), the firm must understand the different types of oversee the selection and execution of getting one up and running.
It’s something you’ve heard me write and speak about before. The growing risk to all companies is that as the threats become increasingly sophisticated and successful no amount of preparation will save us from a regulatory lookback. The fact is that the breach itself is a sign to regulators of a deficiency even if they themselves cannot protect against it. Once the breach occurs, it is almost certain that an order will follow even if all the proper policies, procedures and tests matched the firm’s activities. This is just a reality and underscores the value of cybersecurity spending and planning because we can protect against headline risk and mitigate (but not eliminate) regulatory costs should anything ever happen.
Takeaway: Even though regulators acknowledge that vendors are necessary in today’s complex world, there is still a lack of specific standards around what safe harbor, if any, exists when establishing a vendor management program. CFPB continues to issue policy-type statements which deserve our attention, but no one feels confident in the standard compliance life cycle — risk assessment, policy, procedure, implementation, monitoring, and auditing — when it comes to cybersecurity and vendors.
Have You Heard?: Lenders are now using phone usage and social media patterns to assist the underwriting decision. I wrote last week about the series of websites visited as mimicking an online footprint or fingerprint. It only makes sense that phone data would tell lenders a good bit about a person’s repayment risk. Reframing repayment risk with more than credit score has always been a fascination of mine. Lately, though, I’ve been even more interested in targeting leaders or potential consumers based on the combination of links. For example, searching paint colors, visiting Home Depot, and visiting Angie’s List could prove a valuable lead for home renovation or home equity leads. Depending on the nature of the traffic, you could be looking at someone moving out/selling their home. You get the idea. That’s the algorithm that would be extremely valuable. Amazon provides my searches to Facebook or visa versa for targets ads but only for things I’ve already searched. I’m looking for the platform that can predict my upcoming purchases. I’m sure someone is on this but if you have any ideas let me know. Until then I’ll go on seeing the ads for the gifts I just bought my family for Christmas.
A Look Ahead: I continue to watch how the tech community is responding to the election of Donald Trump. Unfortunately after I suggested that Peter Thiel might have a beneficial role in the administration, more news came out that he might be having trouble finding folks who want to join him. I have thought a lot about what the next 4 years may look like and how technology can influence policy decisions. For instance, just as technology has eliminate certain manual labor jobs, particularly in manufacturing, over the last 25 years, the knowledge economy has the power to leverage technology to address much of what government has been doing. Perhaps the next 25 years will be how technology eliminated social services or other government services. One author gave the tech community 5 ways to make a difference in the world regardless of who is in Washington and I thought it worth your time. The two I focused on were #2 and #5 — look to companies not government for solutions and companies should partner with government to ensure forward looking results. It is a challenge that private industry has had dating back to before the Internet, yes, shocking I know.
How can private companies be allowed to push the boundaries, experiment and innovate while still working with the government to ensure the best ideas reach everyone. For the most part, industry outpacing regulators and policy makers is not new but what each generation does struggle with is how much risk the economy or consumers bear for the ambitious ideas of private companies. Today, I think many people are ready for the new moonshot. Obama had used that language to promote the government’s efforts to beat cancer. Elon Musk has taken moonshot to new literal levels with SpaceX. Perhaps as Thiel and others like the author linked to above become more involved and aware of how private money can drive public advancement, we could see massive changes that save the country time and money. If you remember how the initial dotcom surge resulted in unexpected budget surpluses, with a little planning the next jump could be intentional and 100x more productive.
Got Me Thinking: To what degree are Trump’s promises in conflict? For example, Trump’s pro-growth, pro-jobs spending is at odds with the fiscal balancing act that he promised to bring to Washington. Likewise, if corporations succeed and the economy grows, cost of living including mortgage interest rates increase. Reduce regulations could spur corporate growth and lower prices (or just corporate growth). More specifically, elimination of housing finance regulation and elimination of Fannie Mae and Freddie Mac (as some Republicans in Congress want) could slow housing growth and homeownership.
Tangentially, Dr. Ben Carson turned down a nomination for HHS Secretary but is being considered for HUD Secretary (and considering it!). On the spectrum of “social services organization,” the appointment of Dr. Carson would be farther toward the social services aspect than the housing policy but I honestly could not gauge the longer term impact. And rest assured, “he loves people.” Eyes remain on the cabinet nominations in the coming weeks. Even though many of these positions won’t be up and running till the Summer, it sets a tone and establishes a theme for the administration.
Sidenote: Herein lies the problem. The New York Times did an autopsy of how fake news whips up into a frenzy, is spread throughout the intrawebs, is investigated and debunked, but the correction is never published or mentioned. This is the concern for a Presidential administration that is not disciplined in sharing facts and information. I’m thinking specifically within financial markets. For all the checks and balances in other areas, the President can influence financial and global markets simply with speeches, decisions and policy statements. If these things are treated merely as the opening salvo in an on-going negotiation with the media and public opinion, as opposed to serious statements from our leadership, the markets will respond according to the old rules and old algorithms (at least for a time). The problem with a period where the President is playing by new rules and the markets are still playing by the old rules is that we do not know what the consequences of that will be. Perhaps nothing. Perhaps it will be a positive development. But anyone who claims to know how to predict the next few months and years is wrong.
(Not-So) Quick Hit: Power of will. An interesting blog post in Harvard Business Review suggested that willpower is an emotion not a limited resource like energy. Years of understanding that as energy depletes so does willpower which is why it is easier to say no to the gym after a long day at work. Treating willpower as an emotion that can be influenced will change how we conquer that workout or write that book; it can also change how we incentivize our organizations for success. Here’s the excerpt that caught my attention: “However, when I find a topic that piques my curiosity or is in line with a cause I believe in, I get into a zone where time flies and words flow. I no longer need to force myself to write. I want to write. After a day of working on tasks requiring no willpower, I don’t feel drained; I feel energized.”
Presented without Comment: Note to let Fannie and Freddie retain earnings instead of handing them over to the Treasury.
Today’s Thought: Don’t underestimate the value of a minute in the hallway. In the 80’s there was a book called One-Minute Manager that built on the idea of stopping by each team member individually for at least a minute a day. Whether or not you take that idea literally, I think it is really important to make the most of every minute you can at the office and at home. Our CEO, Bill Emerson, does not talk about work-life balance because it implies separate lives. Instead, we talk about one life and how you spend your time. It is all about quality time. Spending random, unproductive time with your team or your kids is a waste. (Unstructured time is fine cause it promotes creativity and imagination. Here it applies to both employees and kids). Choosing to provide encouragement and feedback in a 2 minute hallway conversation is much more valuable than maintaining a weekly one-on-one meeting with subordinates without a defined purpose or agenda. In my experience most leaders are comfortable cancelling those when not needed that week. That’s a good thing. But an easy way to be efficient and maintain the important connection with your team is the quick, meaningful connection whenever you can achieve it — even in a hallway — a couple times a week.
Quote: “As we express our gratitude, we must never forget that the highest appreciation is not to utter the words, but to live by them.” — President John F. Kennedy