Knight Capital fined a measly $12M for a software bug that cost $460M

Astoundingly poor code and operational management by Knight Capital allowed near-disastrous programmed trading

How worried you are about bugs in your code is mostly related to how financially exposed a bug could make you.

The First "Computer Bug" Moth found trapped between points at Relay #70, Panel F,

of the Mark II Aiken Relay Calculator while it was being tested at Harvard University,

9 September 1947.

Of course, if you're selling, say, homemade candles online your exposure is probably minimal but if you're a large financial institution ... say, Knight Capital Americas LLC ... then your downside is probably quite a bit higher. Actually, there's nothing "quite a bit" about it ... according to the SEC (the highlights are mine):

On August 1, 2012, Knight Capital Americas LLC ("Knight") experienced a significant error in the operation of its automated routing system for equity orders, known as SMARS. While processing 212 small retail orders that Knight had received from its customers, SMARS routed millions of orders into the market over a 45-minute period, and obtained over 4 million executions in 154 stocks for more than 397 million shares. By the time that Knight stopped sending the orders, Knight had assumed a net long position in 80 stocks of approximately $3.5 billion and a net short position in 74 stocks of approximately $3.15 billion. Ultimately, Knight lost over $460 million from these unwanted positions. 

The above is from UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION In the Matter of Knight Capital Americas LLC Respondent.

The bottom line is that Knight monumentally fouled up a software update and "Knight did not have supervisory procedures to guide its relevant personnel when significant issues developed." In other words, not only was Knight's code management inadequate but their human management processes were just as awful.

As the blog python sweetness points out in a post titled How to lose $172,222 a second for 45 minutes, the code that caused the problem was due to a "huge, unmaintained, bitrotten codebase" that hadn't been used for 12 years! 

The SEC Administrative Proceedings document notes (again, my highlighting):

Solely for the purpose of these proceedings and any other proceedings by or on behalf of the Commission, or to which the Commission is a party, and without admitting or denying the findings herein, except as to the Commission's jurisdiction over it and the subject matter of these proceedings, which are admitted, Respondent consents to the entry of this Order Instituting Administrative and Cease-and-Desist Proceedings ... and Imposing Remedial Sanctions and a Cease-and-Desist Order ...

So, given the monumental ... nay, biblical ... scale of the mess Knight got themselves into all of which could have had a far greater impact then it did, how much has Knight been fined? $12 million. Yep. That's all. 

As my friend, Alan Wexelblat, who worked in the financial industry for eight years commented:

That Knight gets away with only a $12 million fine is a freaking travesty [it] doesn't even amount to a wrist-slap ... I suspect the SEC got all the cooperation it wanted and if it hits Knight too hard then future targets will be less likely to cooperate, reasoning that they're going to get smacked no matter what, so why be cooperative?

If Knight wasn't a huge finanical machine I wonder how much greater the fine would have been. And if your code base were to cause as staggeringly gignatic cock-up as Knight's did, how much would your business suffer?

Vent your outrage below or at then follow me on, and Facebook.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10