It was the dirtiest look that Derrick had ever seen. As he stood in the foyer, paralyzed by his wife’s dagger-like glare, his mind rushed through all the things he could have possibly done wrong. Did I forget to pick up the kids? Was it someone’s birthday? Crap, it isn’t our anniversary, is it? After a few-second-long silence that lasted an eternity, Derrick nervously stammered a greeting. “Uhh, hi… honey… I’m home?”

She clenched her jaw as her eyes tensed with anger. Without abating her piercing glaze, Derrick’s wife slowly raised her right hand to eye level. Her tight fist gripped a several-page document bearing the unmistakable logo of Scarlet Financial. Derrick grimaced, realizing exactly how much trouble he was in.

Taking a Step Back

Eight months earlier, Joe Judge started his first day as a Web Systems Developer at Scarlet Financial (as I’ll call them). Though he had worked at a handful of financial services firms in the past, Scarlet was a bit different in that they catered specifically to very high net worth individuals. If you didn’t have at least ten million dollars in manageable assets, then you’d have to stick with Charles Schwab, Vanguard, Fidelity, or whatever else the hoi polloi use; Scarlet certainly wasn’t for you.

In the years prior, the internet-savvy demographic within Scarlet’s client base had grown from zero to a large enough number that might leave if they didn’t have any online financial services. So, being the client-focused company that they were, Scarlet set out to build a website that would allow clients to view their positions and manage their account.

At first, the website wasn’t really self-serve; it simply merely managed requests and communication between clients and their financial consultant. But as clients became more internet-savvy, they wanted more interactivity and more features. In a short few years, Scarlet’s basic website turned into a full-fledged financial portal.

When Joe started, the big feature that everyone was working on was called Extended Access Management. The idea of “Extended Access” is commonplace in many high-end financial services firms. Often times, an individual with a complex portfolio of different financial products will need to provide others with limited access to their accounts.

A business partner, for example, may want to monitor his partner’s personal financial records to ensure that there’s enough assets and liquidity to cover their joint guarantees; insurance underwriters, on the other hand, will want continuously verify that their umbrella policies are appropriately coordinated with other insurance policies; and bankers always want to be certain of their borrowers’ solvency, especially when it comes to large, complex loans.

Most of us would solve these “access issues” by simply copying our account statements, redacting unnecessary and sensitive information, and then mailing out the statements to whoever requested them. However, since the usage of Xerox machines, Whiteout, and postage stamps are below Scarlet’s clients, Scarlet developed an internal, extended access system that automatically mailed the appropriate statements with the appropriate level of detail to the appropriate parties at the appropriate times. Joe’s job – along with the rest of the development team – was to externalize this system and allow clients to directly manage extended access through their financial portal.

The extended access system wasn’t terribly complicated. Each client had a “master account” that had full access all of the client’s financial products. The master account could also manage sub-accounts that would have various privileges (full, transactional read-only, summary read-only, etc) on various financial products. Each sub-account could also be assigned statement mailings, so that the sub-account holder would receive the financial information periodically.

A Minor Bug

However, somewhere along the development process – perhaps in a data migration script – a minor bug slipped through. Master accounts that were setup to receive a Master Account Statement – i.e. the document that showed detailed information about all financial products – defaulted to using the master account holder’s mailing address. With so many sub-accounts and statement mailings in the mix, no one seemed to notice the discrepancy. And besides, why would a master account holder not want the master account statement going to his mailing address, anyway?

As it turned out, there was a good reason why. Certain individuals had worked with their Scarlet advisor to create a sub-account for themselves. The master account statement would be sent to some other address – the office, a post box – while the sub-account statement would be sent home. This enabled the deceitful to easily hide assets from their family – namely, their spouses – without going to the trouble of creating an entirely new account.

Which brings us back to Derrick. Like of many other Scarlet clients, Derrick had a “family” sub-account that didn’t quite represent his entire financial portfolio. And like some of the even more unscrupulous clients, he had a charge card account for his certain, “private” purchases.

Clients' Consequences

With his pulse pounding and his heart quickly ascending to his throat, Derrick knew exactly what had turned his wife into a furious tiger, ready to tear him limb from limb. A million thoughts poured into his head as he tried to recall everything he had charged in the past month, and how he might explain it.

1-800-Flowers – uh... uh… employee… mother passed away! The Ritz – um… err… drinks with a client at the hotel bar! Saks Fifth Avenue – eee… aaa… early Christmas shopping! The Ritz, again – ahh… more drinks with clients! Tiffany's – ooo… secretary appreciation day! The Ritz, yet again – um… yee… accidental charge!

It was a pointless thought exercise. The accidently-mailed master account statement that his wife clenched detailed charge after charge of adulterous activities, many of which were local but occurred while he was “away on business.” And that’s not to mention the “secret” savings account (which had $9,000 deposited in that month alone) that was undoubtedly Derrick’s “start a new life” fund.

While the following month wasn’t quite as painful for Scarlet as it was for some of it clients, they did end up losing several high-profile clients and nearly $450 million in managed assets. Word has it that divorce lawyers, however, made out with quite a pretty penny.