Eat All You Want, Bite More Than You Can Chew

People sometimes forget that managing risk is about managing the future, not about managing what happened in the past. And even those who think of the future can be shaky about details. When we manage the future, how far ahead do we look? To the end of the quarter? To the end of the year? Two years ahead? Ten years ahead? I have often seen risk reports tell me the probability of something happening, without stating the relevant timeframe. Imagine the scenario…

Risk Manager: There is a low probability of our being hit by an earthquake.

Skeptic: What do you mean by low probability?

Risk Manager: If you look at our group standards, it means between 0 and 20 percent.

Skeptic: The probability is less than 20 percent. Is that for this year? Might there be a 100 percent chance we’ll be hit by an earthquake within the next 5 years?

Risk Manager: Errmmm….

Skeptic: How does the probability vary according to the scale of the earthquake?

Risk Manager: Ummm….

Skeptic: What are the chances of an earthquake before the end of today? And how well would we cope if there was one?

Risk Manager: Ahhh…. let me go away and do some more work.

Skeptic: You want to do some more work? But now you’re prioritizing work on a risk with low probability…

Risk Manager: Yes, but…

Skeptic: And your work won’t do us much good if there is an earthquake before the end of today, will it?

Risk Manager: Now you’re just being mean. I’m doing the best I can.

Skeptic: How do you know it’s the best work, if you don’t know what timeframe to use, when measuring if the results were optimal?

Risk Manager: Errr…

Skeptic: Because your boss has never debated the period to use when measuring risk performance, has she? So it could be 100 years, because this company expects to still be around in the 22nd Century. Or it could be until the end of the year, because your boss intends to retire then.

Risk Manager: I’ve been screwed, haven’t I?

Skeptic: Probably.

Take a long view, and you realize how bad telcos are at managing risk. Consider the USD100mn fine that the FCC wants to levy on AT&T for throttling unlimited data plans. In 2007, AT&T thought it was a great idea to make money by exclusively supporting the iPhone in the US market. They offered a deal that was revolutionary at the time.

The iPhone experience starts with using iTunes to sign up for a two-year wireless plan from AT&T, the exclusive carrier in the United States. Service starts at $59.99 a month for 450 anytime minutes, unlimited data and 200 text messages — equal to or cheaper than deals from other carriers.

Unlimited data! What a great idea. The customers flocked to it… but what happens when you are straddled with the costs of servicing unlimited data, for customers who want to use more and more and more each year… The answer, if you are AT&T, is that you let them have as much data as they like, but make it slower. That seems like a cheat to me, even though AT&T insists they notified customers of what they were doing. It seems like a cheat because, all things being equal, making the service slower means limiting how much data traffic can be enjoyed over a period of time. And the FCC, the American comms regulator, agrees with my point of view, which is why they are fining AT&T.

As the FCC’s statement points out, even if customers were notified that they would be throttled, it seems pretty unfair to deliver less than was promised whilst customers were also…

…locked into a long-term AT&T contract, subject to early termination fees, for an unlimited data plan that wasn’t actually unlimited.

AT&T will appeal against the fine, but even if they have to pay, perhaps it was worth it. Maybe, when they made their offer in 2007, AT&T would have thought an additional USD100mn to be a tolerable cost, in exchange for all the customers gained and revenue generated by their deal. I wonder if anybody did a risk assessment back in 2007, analyzing the dangers of spiraling data consumption, rising costs in supplying bandwidth, and the probability of being fined if throttling was used to manage capacity limitations. That is what risk managers should be doing, but note all the difficulties involved. The risk manager has to estimate: how customers will respond to a new service; how network costs will compare to revenues over time; whether costs and revenues will go up or down because of factors outside of the company’s control; and how some people employed by a regulator will perceive the telco’s behavior. The risk manager might even want to factor in the chances of winning an appeal against a regulatory fine! And all of that comes before I mention reputation, and the damage done to businesses if customers feel they are cheated.

FCC Chairman Tom Wheeler was strident in his choice of words:

Consumers deserve to get what they pay for. Broadband providers must be upfront and transparent about the services they provide. The FCC will not stand idly by while consumers are deceived by misleading marketing materials and insufficient disclosure.

So AT&T has taken a smack in the face, and that has to hurt. And when regulators start fining, it usually means customers are already fuming. Telcos want none of these things, which is why they manage risks. On the other hand, these long-range risks are difficult to ponder, subject to lots of argument, and complicated to evaluate, which makes it easier to just not bother trying to manage them. But that is the greatest risk of all – to abandon hope of managing risks, because they are so hard to manage. But the harder it is to manage a risk, the more it should be managed.