I am a (soon to be retired) IT architect for a company in the financial services industry and I will say that the issue of legacy technologies has pushed many companies to a critical decision point. I don’t know Vanguard specifically but these are common issues many companies are struggling with. A very interesting article though.
A few comments based on the article:
I don’t consider being off by 10,000%percent and over $13.3 million in one account a minor error, so I immediately informed Vanguard, sending them an image similar to the one above. In fact, I sent the images to three different people at Vanguard and it still took well over two weeks to correct.
I am going to guess that the actual number in the back-end (probably legacy) system was correct. So this was not a matter of someone being able to go into the system and correct the numbers in some database. Those were probably right. What is more likely to have happened was that somewhere in the interface between the mobile app and the legacy system, some logic error occurred, leading to an incorrect amount being displayed. It takes time to correct these types of errors. Resources have to be assigned, the root problem has to be identified and corrected and then tested (to be sure the change doesn’t break something else) and then deployed to the live environment - usually on some type of schedule. So two weeks is actually not bad considering all of that.
I am not the first to express such concern. Erin Arvedlund of the Philadelphia Inquirer stated the following in the book “The Bogle Effect,” by Eric Balchunas:
Vanguard has a ton of legacy computer systems. I talked to some IT guys who had recently retired and it is keeping some of these legacy systems together with bailing wire. It doesn’t have the money that Fidelity, Schwab, and Robinhood have to upgrade. Or it may have it, but it isn’t going to spend it. And it has a lot of technical problems.
At some point, Vanguard is going to have to crack open the wallet and invest in upgrading their environment. They may have underinvested to keep costs down and that may be starting to negatively impact their service and capabilities. It will become a business threat / risk if it has not already become one.
I don’t know a lot about Schwab but it is a relatively newer firm so their legacy problem may be relatively smaller. I know a little about Fidelity; their annual IT spend is very very significant; a “wow” amount.
My original hypothesis was that Vanguard’s legacy systems made it more vulnerable to cybersecurity threats. While possible, one IT expert told me that those may actually be safer, as hackers may not know the legacy programming languages they were written in
Actually the legacy systems are probably less vulnerable because they are mostly “walled off” from the outside world. A significant challenge is that these legacy systems were not built for a world of 24/7 access from your phone or web browser anywhere in the world. There are ways to open them up to the outside world, but it is messy and complicated (hence the bailing wire) and you’ve got to be really really careful about security of opening these systems up to something they were never designed for. At some point, you just can’t do all of the things you want and need to do with these legacy systems. They just can’t support it.
Though I give Vanguard a lot of credit for admitting there is a problem, it has done so for years, and I see them falling further and further behind competitors. I think systems need a higher prioritization.
These legacy modernizations are hard. Really hard. And expensive. There has been years of functionality built into these systems and they are likely tightly integrated with other systems in the environment. Pulling it all apart and replacing it is very difficult. Often the new system has to be rolled out in stages, which means it takes awhile before the new system can even do everything the old system did. These old systems are functionally ok but technically deficient, so modernization can take years, not months.