Capital Mispricing and Structural Risk
Architectural coupling produces regulatory exposure: a change requiring three days of code takes four months because it propagates across nine teams. Once reconciliation is available at negligible cost, the absence of reconciliation becomes a discoverable governance choice.
A European insurer receives notice of a regulatory change: all policies with an annual premium above € 25,000 must observe a mandatory 48-hour cooling-off period before activation. During the window, payment may be collected, the policy may be cancelled without penalty, claims are not valid, and risk exposure must not be recognised on the balance sheet.
It is a fundamental change to the policy lifecycle, not a feature request. With five hundred services in the estate, “activation” is not one system but five: quoting, payments, the policy record, claims eligibility, and broker commissions, each feeding dozens of others; the policy record alone is consumed by fifty-seven other services. Adding the cooling-off state means every system that assumed a policy was either active or inactive must now account for a third state, with updates across five systems and their dependants, handling for in-flight policies, testing across financial reporting, and coordinated releases across nine teams.
The actual code change takes three days; the dependency negotiation takes four months. When the regulator asks how long the change will take, the CTO says six months, and is asked why. The honest answer, that the organisation cannot change a single business rule without negotiating across nine teams because its systems do not reflect its business processes, is not something he will say, so he offers “integration testing and risk validation” instead: accurate enough to be unchallengeable, vague enough to be unexamined. The CTO knew the real answer and chose not to say it. The critical moment is not the coupling itself but the point at which coupling forces dishonesty into a regulator's question. Organisations absorb internal costs for years; external exposure begins when the absorption requires a lie of omission. The board's exposure here is not only institutional: a director who governs through untested representations, when verification is cheap and has been presented to the board, occupies a different position from the director who lacked the tools.
In a system decomposed around business processes, a regulatory change is contained within the unit that owns the affected state: it modifies its logic, updates its contracts, and deploys. In a system decomposed around technical convenience, the same change propagates across every system that touches the state, and the coordination makes the timeline unpredictable. For a board, the implication is direct: the time to respond to a regulatory change is determined not by the complexity of the regulation but by the degree of coupling in the system, and the symptom is a change that should take weeks taking months, with no one able to explain why without describing the architecture. A board can measure this directly. Take a recent regulatory change and compare the time spent on code to the time spent on coordination. Call it the coordination overhead ratio. In the vignette it is roughly 1:40: three days of code, four months of coordination.
Coupling also creates incidents whose costs are distributed across the organisation and never aggregated, as the € 2.1 million dispersed across departments in Chapter 6 illustrates at internal scale. At external scale, the same distribution prevents the board from seeing operational exposure accumulate: each deferred investment and unresolved dependency is a source of future incidents whose costs are attributed to quality and never connected to the structural decision that caused them.
The speed at which undetected divergence converts to cost has a documented ceiling. On 1 August 2012, Knight Capital deployed new trading code to seven of its eight production servers; the eighth silently ran a dormant routine the deployment was meant to retire. In forty-five minutes the firm sent millions of erroneous orders, produced more than four million executions and billions of dollars in unintended positions, and realised a pre-tax loss of approximately 440 million dollars, the figure in its own securities filing; the SEC order that followed put the loss higher still and documented the deployment failure in detail. No artefact existed against which the firm's intended behaviour could be reconciled with what it had deployed, and Knight did not survive as an independent company. It is the limiting case: the gap between representation and system, priced by the market, in under an hour.
...
Continue reading in the interactive reader
Read this chapterSee also: Full contents · Preview chapters · Illusions of Work