The Price of Looking Backward: Mortgaging the Future to Settle the Past

The Instinct

When an issue surfaces inside a financial institution, the response follows a familiar pattern. Classify it. Rate its severity. Assign a remediation timeline. Escalate if required. Document everything. The framework exists to demonstrate that the organization took the problem seriously. Seriousness, in this context, is measured in effort and process completion, not in whether the problem actually got fixed.

Severity ratings are anchored to past damage. How many customers were affected. What the financial loss was. Whether a regulator was involved. These are not irrelevant considerations. But they are backward-looking ones. They tell you how much pain the issue caused. They tell you very little about how hard it will be to fix, whether it is likely to recur, or what it reveals about the system that produced it.

A significant issue that can be resolved quickly and a low-severity recurring issue that nobody can seem to eliminate will often be treated as though they are the same kind of problem, or worse, as though the first is more serious because the damage number is larger. The first is painful. The second is systemic. The current framework rarely makes that distinction with any precision.

The methodology is not wrong in its intent. It is wrong in what it optimizes for.

The Gap

Issue management frameworks are essentially punitive by design. An issue is a finding. A finding has a rating. A rating drives a remediation timeline. Remediation appears on a scorecard. And the measure of whether the organization responded appropriately is whether it completed the required steps within the required timeframe. The process becomes the objective. The fix becomes secondary.

This creates a particular kind of misalignment. An organization that could resolve a significant issue quickly may still be required to work through twenty steps before it can act, because the methodology demands demonstration of effort regardless of whether that effort is necessary. The institution is not being asked to fix the problem. It is being asked to prove it took the problem seriously. Those are not always the same thing, and in practice they are frequently in tension.

The punitive framework also consumes the one resource that cannot be manufactured on demand. Remediation capacity is finite. The people responsible for closing last year's issues are the same people who need to be managing this year's risks. Every hour spent on backward-looking accountability is an hour not available for forward-looking resilience. The organization keeps its eyes on the rearview mirror while the road ahead requires attention.

There is an ownership problem underneath this as well. The function that identifies and classifies an issue is rarely the function that has to fix it. Severity ratings get set by people who do not feel the full cost of getting them wrong. Remediation timelines get assigned without full visibility into the capacity of the teams that have to meet them. The issue moves through a framework designed around documentation and escalation, and somewhere in that process the question of what it will actually take to resolve it gets lost.

And the incentive structure around all of this points in a direction that should give any institution pause. Functions are rewarded for closing issues, not for preventing them. Speed of closure becomes a metric. Whether the underlying condition has actually changed is harder to measure and therefore less likely to be measured at all. The organization that closes fifty issues this quarter while the conditions producing them remain intact has not improved its risk profile. It has improved its issue log.

The Better Question

Consider how financial institutions approach complaint handling. In many, the metrics are familiar: volumes received, response times, closure rates. The complaint was logged. The clock was stopped. The box was checked. Whether or how the customer's problem was actually resolved, and solved in the first interaction, is a different and less commonly asked question.

But the institutions that have pushed further know that first contact resolution is the right primary metric. Fix the problem for the customer in front of you, right now, with whatever it takes. Root cause analysis, systemic review, and process improvement follow. They should not precede readily-apparent resolution. The complaint handling framework, at its best, is resolution-first.

In many institutions, issue management has not made that leap, even in institutions where complaint handling has. The framework remains anchored in documentation, classification, and remediation methodology, all of which serve the institution's need to demonstrate accountability rather than the more fundamental goal of fixing the problem and preventing recurrence. The customer gets first contact resolution. The institution's own issues get twenty steps and a closure date.

A better framework starts with different questions. Not how bad was this, but can this be fixed and how quickly. Not what is the damage, but what does this tell us about the system that produced it and how hard will it be to change. Severity should reflect correctability and the effort required to prevent recurrence, not just the harm already done. An issue that is catastrophic but isolated and straightforwardly fixable is a different kind of problem than one that is modest in its individual impact but persistent, recurring, and rooted in something structural. The framework should be able to tell the difference.

Remediation methodology should be calibrated to resolution, not demonstration. Process steps that exist to create an audit trail serve a legitimate purpose. Process steps that exist to prove seriousness at the expense of actually achieving it do not. The organization that completes twenty steps and never turns the key has not managed its issues well. It has managed its documentation well. Those are not the same thing.

The capacity question is ultimately a strategic one. Finite remediation resources spent looking backward are resources not available for what is coming next. An organization that is perpetually catching up to its past is not building resilience for its future. The price of looking backward is paid not in the remediation itself but in what the organization cannot do while it is remediating. That cost rarely appears in any report. It accumulates in the gap between the risks being managed and the risks developing unattended.

The instinct is to settle the past completely before turning to face the future. The better question is whether that instinct is serving the organization, or whether it is simply serving the framework.

The root of the next problem is already growing. The question is whether anyone is looking in the right direction to see it.