PRMIA - Operational Risk, Big Data and Human Behaviour

I attended Challenges and Innovations in Operational Risk Management event last night which was surprisingly interesting. I say surprising since I must admit to some prejudice against learning about operational risk, which has for me the unfortunate historical reputation of being on the dull side.

Definition of Operational Risk

Michael Duffy (IBM GRC Strategy Leader, Ex-CEO of OpenPages) was asked by the moderator to define Operational Risk. Michael answered that he assumed that most folks attending already knew the definition (fair comment, the auditorium was full of risk managers...), but he sees it in practice as the definition of policy, the controls to enforce the policies and ongoing monitoring of the performance of the controls. Michael suggestion that many where looking to move the scope and remit of Operational Risk into business performance improvement, but clients are not there yet on this more advanced aspect.

Vick Panwar (Financial Services Industry Lead, SAS) added that Operational Risk was there to mitigate the risks for those unexpected future events (getting into the territory of Dick Cheney's Unknown Unknowns which I never tire of, particularly after a glass of wine).

Rajeev Lakra (Director Operational Risk Management, GE Treasury) took his definition from Basel II of Operational Risk as risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Coming from GE, he said that he thought of best practice Operational Risk as similar to another GE initiative in the use of Six Sigma for improving process management. Raj said that his operational risks were mainly concerned with trade execution so covering data quality/errors, human error and settlement errors.

Beyond Box Ticking for Operational Risk

Raj said that Operational Risk is treated seriously at GE with the Head of Operational Risk reporting into the CRO and leaders of Operational Risk in each business division.

Michael suggested that the "regulators force us to do it" motive for Operational Risk had reduced given some of the operational failures during the financial crisis and recent "rogue trader" events, with the majority of institutions post-2008 having created risk committees at the "C" level and being so much more aware of tail events and the reputational damage that can damage shareholder value.

Vik said that Operational Risk is concerned primarily with "tail events" which by definition are not limited in size and therefore should be treated seriously. Pragmatically, he suggested that "the regulators need it" should be used as an excuse if there was no other way to get people to pay attention, but getting them to understand the importance of it was far more powerful.

The "What's in it for you" Approach to Operational Risk

Raj emphasised that it was possible to emphasise the benefits of operational risk to people in their everyday jobs, explaining to operators/managers that if they get frustated with failures/problems in the working day, then wouldn't it be great if these problems/losses were recorded so that they could justify a process change to senior management. He emphasised that this was a big cultural challange at GE.

Michael suggested that his clients in financial markets had gone through risk assessment, controls and recording of losses, but had not yet progressed to the use of Operational Risk to improve business performance.

Duplication of Effort

A key thing that all the panelists discussed was the overlap at many organisations between Operational Risk, Audit and Compliance. The said that the testing of the controls used for each had much in overlap, but was not based on a common nomenclature nor on common systems. For instance Vik pointed out that many of the tests on controls in Sarbanes-Oxley compliance were re-usable in an Operational Risk context, but that this was not yet happening. Vik said that this pointed to the need for comprehensive GRC platform rather than many siloed platforms.

Michael said that regulators want an integrated view, but no institution has an integrated nomenclature as yet. He recounted that one client sent 12 different control tests to branches that needed to be filled in for head office, which was a waste of resources and confusing/demotivating for staff. Raj said that the integration of Audit and Operational Risk at GE had proved to be a very difficult process. All agreed that senior management need to get involved and that a 5 year vision of how things should be incrementally integrated needs to be put in place.

Audience Questions:

Is business process risk different to business product risk? Michael said that Operational Risk certainly does and should cover both internal process and also the risks produced by the introduction of a new financial product for instance (is it well understood for instance, do clients understand what they are being sold?). He added that Operational Risk encompassed both the quantitative (statistical number of failures for instance) and the qualitative for which statistics were either not available (or not relevant to the risk).

Are there any surrogate measures for Operational Risk? Here a member of the audience was relaying senior management comments and frustration over the stereotyped red/amber/green traffic lights approach to reporting on operational risk. Michael mentioned the Operational Riskdata eXchange Association (ORX) where a number of financial institutions anonymously share operational risk loss data with a view to using this data to build better models and measures of operational risk. Apparently this has been going on since 2003 and the participants already have a shared taxonomy for Operational Risk. (my only comment on having a single measure for "operational riskiness" is that do you really want a "single number" approach to make things simple for C-level managers to understand, or should the C-levels be willing to understand more of the detail behind the number?)

Is "Rogue Trading" Operational Risk? Michael said that it definitely was, and that obviously each institution must control and monitor its trading policies to ensure they were being followed. The panel proposed that Operational Risk applied to trading activity could be a good application of "Big Data" (much hyped by industry journalists lately) to understand typical trading patterns and understand unusual trading patterns and behaviours. (Outside of bulk tick-data analysis this is one of the first sensible applications of Big Data so far that I have heard suggested so far given how much journalists seem to be in love with the "bigness" of it all without any business context to why you actually would invest in it...sorry, mini-rant there for a moment...)

Summary

Good event with an interesting panel, the GE speaker had lots of practical insight and the vendor speakers were knowledgeable without towing the marketing line too much. Operational Risk seems to be growing up in its linkage into and across market, credit and liquidity risk. The panel agreed however that it was very early days for the discipline and a lot more needs to be done.

Given the role of human behaviour in all aspects of the recent financial crisis, then in my view Operational Risk has a lot to offer but also a lot to learn, not least in that I think it should market itself more agressively along the lines of being the field of risk management that encompasses the study and understanding of human behaviour. Maybe there is a new career path looming for anthropologists in financial risk management...

 

 

 

 

 

 

The Volcker Rule - aka one man's trade is another man's hedge

One of the PRMIA folks in New York kindly recommended this paper on the Volcker Rule, in which Darrell Duffie criticises the proposed this new US regulation design to drastically reduce proprietary ("own account") trading at banks.

As with all complex systems like financial markets, the more prescriptive the regulations become the harder it is "lock down" the principles that were originally intended. In this case the rules (due July 2012) make an exception to the proprietary trading ban where the bank is involved in "market-making", but Darrell suggests that the basis for what types of trades are "market-making" and what types of trades are more pure "proprietary trading" are problematic in this case, as there will always be trades that are part of "market-making" process (i.e. providing immediacy of execution to customers) that are not directly and immediately associated with actual customer trading requests.

He suggests that the consequences of the Volcker Rule as it is currently drafted will be higher bid-offer spreads, higher financing costs and reduced liquidity in the short-term, and a movement of liquidity to unregulated entities in the medium term possibly further increasing systemic risk rather than reducing it. Seems like another example of "one man's trade is another man's hedge" combined with "the law of unintended consequences". The latter law doesn't give me a lot of confidence about the Dodd-Frank regulations (of which the Volcker Rule forms part), 2319 pages of regulation probably have a lot more unintended consequences to come.

 

In quiet praise of introverts

Corporate (and social) America does lots of things very well - positiveness, enthusiam and lack of (English?) cynicism being some of the best attributes in my view - but other things are not so good such as long "townhall" conference calls with 30 people on the call and only 3 people taking part, and the seeming need to continue talking when it is already evident to you and many listening that you don't know what you are talking about. With these things in mind, I think this article "The Rise of the New Groupthink" in the New York Times is worth a read, as it challenges some of the mainstream practices on corporate collaboration and teaming, and comes out in quiet praise of the creative power of introverts. Seems like Dilbert's cubicle still has its merits in these days of open plan offices and desk sharing.

The financial crisis and Andrew Lo's reading list

I spotted this in the FT recently - for those of you diligent enough to want to read more about the possible causes and possible solutions to the (ongoing) financial crisis, then Andrew Lo may have saved us all a lot of time in his 21-book review of the financial crisis. Andrew reviews 10 books by academics, 10 by journalists and one by former Treasury Secretary Henry Paulson.

Andrew finds a wide range of opinions on the causes and solutions to the crisis, which I guess in part reflects that regardless of the economic/technical causes, human nature is both at the heart of the crisis and evidently also at the heart of its analysis. He regards the differences in opinion quite healthy in that they will be a catalyst for more research and investigation. I also like the way Andrew starts his review with a description of how people's view of the same events they have lived through can be entirely different, something that I have always found interesting (and difficult!).

A quote from Napolean (that I am in danger of over-using) seems appropriate to Andrew's review: "History is the version of past events that people have decided to agree upon" but maybe Churchill wins in this context with: "History will be kind to me for I intend to write it.". Maybe we should all get writing now before it is too late...

Latest from the EDM Council

Click here for an executive summary of what the EDM Council is up to on regulation, LEI and the Semantics Repository etc. Due credit to the Council for getting Bloomberg on board - sounds increasingly like Bloomberg may have decided to treat the topic seriously as opposed to assuming having a terminal solves everything.

Pandit on Comparing Apples and Risk

For someone who has been criticised a lot over recent years, Vikram Pandit CEO of Citigroup, seems to have come up with an interesting risk management idea in his latest article in the FT. Vikram proposes that regulators put together an standard, multi-asset "benchmark" portfolio that all financial institutions would have to provide risk numbers on, enabling regulators to understand more of the risk management capabilities of each institution and avoiding any detailed disclosure of the portfolio actually held by each firm.

I guess a key thing would be that such numbers would have to be disclosed to the regulator away from public view, since we all know that otherwise the numbers would converge and all the banks would be doing the same thing (or at least copying each other's numbers?). Reminds me of a great talk at the RiskMinds event a few years back, praising diversity of approach and criticising regulators for effectively forcing everyone to do the same thing.

FaceBank

Thought-provoking post by Alex Bray on finextra.com, about how internet banking sites are becoming outdated just like physical "branches" of banks did, and how they need to integrate more tightly with social networking sites (what doesn't these days?). The power of the network continues to rise, and it seems like FaceBank is becoming a reality (see the first part of my "tongue in cheek" Wilmott article from a few years back).

Tax makes you richer? It will never happen (unfortunately).

Despite all of the world's economic woes at the moment, it is great to see that there a few people who are still able to  "think different" on ways to get out of the mess we are in. For example, I came across Hassan Heikal's article in the FT recently, in which he suggests a one-off ten percent plus wealth tax on all those individuals world-wide with wealth above $10million.

This windfall tax would then be used to address the global government debt crisis in one fell swoop. Not necessarily the most obviously innovative idea you will have ever heard, until you consider that as a result of stabilising the crisis that the remaining 90% of the assets still held by the wealthy individuals would post-crisis jump in market value, and most likely become worth significantly more than the value of the 100% pre-crisis.

So everybody wins and nobody looses, so long as they all do it. Which, being individuals, they won't. Unfortunately. I guess it is a reminder that we shouldn't look further than ourselves and good old human behaviour for how we got into this mess, and indeed how we are going to get out of it too.

Best wishes for a great holiday break, a great family Christmas for those of you that celebrate it, and here's to an austerity-breaking 2012 (we all need to keep the faith...).

PRMIA - From Risk Measurement to Risk Management by Samuel Won

I attended the PRMIA event last night "Risk Year in Review" at Moody's New York offices. It was a good event, but by far the most interesting topic of the evening for me was from Samuel Won, who gave a talk about some of the best and most innovative risk management techniques being used in the market today. Sam said that he was inspired to do this after reading the book "The Information" by James Gleik about the history of information and its current exponential growth. Below are some of the notes I took on Sam's talk, please accept my apologies in advance for any errors but hopefully the main themes are accurate.

Early '80s ALM - Sam gave some context to risk management as a profession through his own personal experiences. He started work in the early 80's at a supra-regional bank, managing interest rate risk on a long portfolio of mortgages. These were the days before the role of "risk manager" was formally defined, and really revolved around Asset and Liability Management (ALM).

Savings and Loans Crisis - Sam then changed roles and had some first hand experience in sorting out the Savings and Loans crisis of the mid '80s. In this role he become more experienced with products such as mortgage backed securities, and more familiar with some of the more data intensive processes needed to manage such products in order to account for such factors such as prepayment risk, convexity and cashflow mapping.

The Front Office of the '90s - In the '90s he worked in the front office at a couple of tier one investment banks, where the role was more of optimal allocation of available balance sheet rather than "risk management" in the traditional sense. In order to do this better, Sam approached the head of trading for budget to improve and systemise this balance sheet allocation but was questioned as to why he needed budget when the central Risk Control department had a large staff and large budget already.

Eventually, he successfully argued the case that Risk Control were involved in risk measurement and control, whereas what he wanted to implement was active decision support to improve P&L and reduce risk. He was given a total budget of just $5M (small for a big bank) and told to get on with it. These two themes of implementing active decision support (not just risk measurement) and have a profit motive driving better risk management ran through the rest of his talk.

A Datawarehouse for End-Users Too - With a small team and a small budget, Sam made use of postgraduate students to leverage what his team could develop. They had seen that (at the time) getting systems talking to each other was costly and unproductive, and decided as a result to implement a datawarehouse for the front office, implementing data normalisation and data scrubbing, with data dashboard over the top that was easy enough for business users to do data mining. Sam made the point that useability was key in allowing the business people to extract full value from the solution.

Sam said that the techniques used by his team and the developers were not necessarily that new, things like regression and correlation analysis were used at first. These were used to establish key variables/factors, with a view to establish key risk and investment triggers in as near to real-time as possible. The expense of all of this development work was justified through its effects on P&L which given its success resulting in more funding from the business.

Poor Sell-Side Risk Innovation - Sam has seen the most innovative risk techniques being used on the buy-side and was disappointed by the lack of innovation in risk management at the banks. He listed the following sell-side problems for risk innovation:

• politically driven requirements, not economically driven
• arbitrary increases in capital levels required is not a rigorous approach
• no need for decision analysis with risk processes
• just passing a test mentality
• just do the marginal work needed to meet the new rules
• no P&L justification driving risk management

Features of Innovative Approaches - Sam said that he had noted a few key features of some of the initiatives he admired at some of the asset managers:

1. Based on a sophisticated data warehouse (not usually Oracle or Sybase, but Microsoft and other databases used - maybe driven by ease of use or cost maybe?)
2. Traders/Portfolio Managers are the people using the system and implementing it, not the technical staff.
3. Dedicated teams within the trading division to support this, so not relying on central data team.

A Forward-Looking Risk Model Example - The typical output from such decision analysis systems he found was in the form of scenarios for users to consider. A specific example was a portfolio manager involved in event-driven long-short equity strategies around mergers and acquisitions. The manager is interested in the risk that a particular deal breaks, and in this case techniques such as Value at Risk (VaR) do not work, since the arbitrage usually requires going long the company being acquired and short the acquiror (VaR would indicate little risk in this long-short case). The manager implemented a forward looking model that was based on information relevant to the deal in question plus information from similar historic deals. The probabilities used in the model where gathered from a range of sources, and techniques such as triangulation where used to verify the probabilities. Sam views that forward-looking models to assist in decision support are real risk management, as opposed to the backward-looking risk measurement models implemented at banks to support regulatory reporting.

Summary - Sam was a great speaker, and for a change it was refreshing to not have presentation slides backing up what the speaker was saying. His thoughts on forward looking models being true risk management and moving away from risk measurement seem to echo those of Ricardo Rebanato of a few years back at RiskMinds (see post). I think his thoughts on P&L motivation being the only way that risk management advances are correct, although I think there is a lot of risk innovation at the banks but at a trading desk level and not at the firm-wide level which is caught up in regulation - the trading desks know that capital is scarce and are wanting to use it better. I think this siloed risk management flies in the face of much of the firm-wide risk management and indeed firm-wide data management talked about in the industry, and potentially still shows that we have a long way to go in getting innovation and forward looking risk management at a firm level, particularly when it is dominated by regulatory requirements. However, having a truly integrated risk data platform is something of a hobby-horse for me, I think it is the foundation for answering all of the regulatory and risk requirementst to come, whatever their form. Finally, I could not agree more easy analysis for end-users is a vital part of data management for risk, allowing business users to do risk management better. Too many times IT is focussed on systems that require more IT involvement, when the IT investment and focus should be on systems that enable business users (trading, risk, compliance) to do more for themselves. Data management for risk is key area for improvement in the industry, where many risk management sytem vendors assume that the world of data they require is perfect. Ask any risk manager - the world of data is not perfect and manual data validation continues to be a task that takes time away from actually doing risk management.

A-Team event – Data Management for Risk, Analytics and Valuations

My colleagues Joanna Tydeman and Matthew Skinner attended the A-Team Group's Data Management for Risk, Analytics and Valuations event today in London. Here are some of Joanna's notes from the day:

Introductory discussion

Andrew Delaney, Amir Halton (Oracle)

Drivers of the data management problem – regulation and performance.

Key challenges that are faced – the complexity of the instruments is growing, managing data across different geographies, increase in M&As because of volatile market, broader distribution of data and analytics required etc. It’s a work in progress but there is appetite for change. A lot of emphasis is now on OTC derivatives (this was echoed at a CityIQ event earlier this month as well).

Having an LEI is becoming standard, but has its problems (e.g. China has already said it wants its own LEI which defeats the object). This was picked up as one of the main topics by a number of people in discussions after the event, seeming to justify some of the journalistic over-exposure to LEI as the "silver bullet" to solve everyone's counterparty risk problems.

Expressed the need for real time data warehousing and integrated analytics (a familiar topic for Xenomorph!) – analytics now need to reflect reality and to be updated as the data is running - coined as ‘analytics at the speed of thought’ by Amir. Hadoop was mentioned quite a lot during the conference, also NoSQL which is unsurprising from Oracle given their recent move into this tech (see post - a very interesting move given Oracle's relational foundations and history)

Impact of regulations on Enterprise Data Management requirements

Virginie O’Shea, Selwyn Blair-Ford (FRS Global), Matthew Cox (BNY Melon), Irving Henry (BBA), Chris Johnson (HSBC SS)

Discussed the new regulations, how there is now a need to change practice as regulators want to see your positions immediately. Pricing accuracy was mentioned as very important so that valuations are accurate.

Again, said how important it is to establish which areas need to be worked on and make the changes. Firms are still working on a micro level, need a macro level. It was discussed that good reasons are required to persuade management to allocate a budget for infrastructure change. This takes preparation and involving the right people.

Items that panellists considered should be on the priority list for next year were:

· Reporting – needs to be reliable and meaningful

· Long term forecasts – organisations should look ahead and anticipate where future problems could crop up.

· Engage more closely with Europe (I guess we all want the sovereign crisis behind us!)

· Commitment of firm to put enough resource into data access and reporting including on an ad hoc basis (the need for ad hoc was mentioned in another session as well).

Technology challenges of building an enterprise management infrastructure

Virginie O’Shea, Colin Gibson (RBS), Sally Hinds (Reuters), Chris Thompson (Mizuho), Victoria Stahley (RBC)

Coverage and reporting were mentioned as the biggest challenges.

Front office used to be more real time, back office used to handle the reference data, now the two must meet. There is a real requirement for consistency, front office and risk need the same data so that they arrive to the same conclusions.

Money needs to be spent in the right way and fims need to build for the future. There is real pressure for cost efficiency and for doing more for less. Discussed that timelines should perhaps be longer so that a good job can be done, but there should be shorter milestones to keep business happy.

Panellists described the next pain points/challenges that firms are likely to face as:

· Consistency of data including transaction data.

· Data coverage.

· Bringing together data silos, knowing where data is from and how to fix it.

· Getting someone to manage the project and uncover problems (which may be a bit scary, but problems are required in order to get funding).

· Don’t underestimate the challenges of using new systems.

Better business agility through data-driven analytics

Stuart Grant, Sybase

Discussed Event Stream Processing, that now analytics need to be carried out whilst data is running, not when it is standing still. This was also mentioned during other sessions, so seems to be a hot topic.

Mentioned that the buy side’s challenge is that their core competency is not IT. Now with cloud computing they are more easily able to outsource. He mentioned that buy side shouldn’t necessarily build in order to come up with a different, original solution.

Data collection, normalisation and orchestration for risk management

Andrew Delaney, Valerie Bannert-Thurner (FTEN), Michael Coleman (Hyper Rig), David Priestley (CubeLogic), Simon Tweddle (Mizuho)

Complexity of the problem is the main hindrance. When problems are small, it is hard for them to get budget so they have to wait for problems to get big – which is obviously not the best place to start from.

There is now a change in behaviour of senior front office management – now they want reports, they want a global view. Front office do in fact care about risk because they don’t want to lose money. Now we need an open dialogue between front office and risk as to what is required.

Integrating data for high compute enterprise analytics

Andrew Delaney, Stuart Grant (Sybase), Paul Johnstone (independent), Colin Rickard (DataFlux)

The need for granularity and transparency are only just being recognised by regulators. The amount of data is an overwhelming problem for regulators, not just financial institutions.

Discussed how OTCs should be treated more like exchange-traded instruments – need to look at them as structured data.

Internal model approval, risk management and regulatory compliance

Achieving regulatory approval can be challenging if we consider that regulators are concerned about both the risk calculation methodology in place but also the quality, consistency and auditability of the data feeding the risk systems used for regulatory reporting.

The data management project at LBBW (Landesbank Baden-Württemberg), for example, was initiated to support LBBW’s internal model for market risk calculations, combined with the additional aim of enabling risk, back office and accountancy departments to have transparent access to high quality and consistent data.

This required a consolidated approach to the management of data in order to support future business plans and successful growth and we worked with LBBW to provide a centralised analytics and data management platform which could enhance risk management, deliver validated market data based upon consistent validation processes and ensure regulatory compliance.

More information on the joint project at LBBW can be found in the case study, available on our website. Any questions, drop us a line!

 

 

 

Data Unification - just when you thought it was safe to go back in the water...

Sitting by the sea, you have just finished your MATLAB reading and now are wondering what to read next?

No worries! 

We have just published our "TimeScape Data Unification" white paper. Not a pocket edition I am afraid, but some of you may find it interesting.

It describes how - post-crisis - a key business and technical challenge for many large financial institutions is to knit together their many disparate data sources, databases and systems into one consistent framework than can meet the ongoing demands of the business, its clients and regulators. It then analyses the approaches that financial institutions have adopted to respond to this issue, such as implementing a ETL-type infrastructure or a traditional golden copy data management solution. 

Taking on from their effectiveness and constraints, it then shows how companies looking to satisfy the need for business-user access to data across multyple systems should consider a "distributed golden copy" approach. This federated approach deals with disparate and distributed sources of data and should also provide easy and end-user interactivity whilst maintaining data quality and auditability. 

The white paper is available here if you want to take a look and if you have any feedback or questions, drop us a line!

 

MATLAB - The perfect read for the beach...

For those who are wondering what summer reading to take on holiday, we have just published our white paper "TimeScape and MATLAB", a pocket edition which outlines how TimeScape and MATLAB can be combined to provide enhanced data analysis and visualisation tools to financial organisations.

Whilst swimming in the blue ocean, walking in the countryside or enjoying a new country, take a break and find out how TimeScape's best of breed data capture and storage can be combined with the analytical capabilities of MATLAB to produce compelling solutions to real-world problems encountered within financial services. 

Ok, ok, kidding here. Just go on holiday and enjoy your time off from complex financial problems!

But when you are back or if you are very interested (or sadly not going on holiday soon), please take a look at our white paper. It details how:

• TimeScape data and analytics can be accessed from MATLAB
• MATLAB computational and visualization tools can be used to manipulate and analyse TimeScape data
• Complex data sets generated in MATLAB can be saved back to TimeScape for persisted storage
• MATLAB components can be called from TimeScape to enrich TimeScape hosted functionality

and much more. 

Feel also free to suggest this summer reading to your friends (or enemies!). 

PRMIA on Data and Analytics

Final presentation at the PRMIA event yesterday was by Clifford Rossi and was entitled "The Brave New World of Data & Analytics Following the Crisis: A Risk Manager's Perspective".

Clifford got his presentation going with a humorous and self-depricating start by suggesting that his past employment history could in fact be the missing "leading indicator" for predicting orgnisations in crisis, having worked at CitiGroup, WaMu, Countrywide, Freddie Mac and Fannie Mae. One of the other professors present said that he didn't do the same to academia (University of Maryland beware maybe!).

Clifford said that the crisis had laid bare the inadequacy and underinvestment in data and risk technology in the financial services sector. He suggested that the OFR had the potential to be a game changer in correcting this issue and in helping the role of CRO to gain in stature.

He gave an example of a project at one of the GSEs he had worked at called "Project Enterprise" which was to replace 40 year old mainframe based systems (systems that for instance only had 3 digits to identify a transaction). He said that he noted that this project had recently been killed, having cost around $500M. With history like this, it is not surprising that enterpring risk data warehousing capabilities were viewed as black holes without much payoff prior to the crisis. In fact it was only due to Basel that data management projects in risk received any attention from senior management in his view.

During the recent stress test process (SCAP) the regulators found just how woeful these systems were as the banks struggled to produce the scenario results in a timely manner. Clifford said that many banks struggled to produce a consistent view of risk even for one asset type, and that in many cases, corporate acquisitions had exascerbated this lack of consistency in obtaining accurate, timely exposure data. He said that the mortgage processing fiasco showed the inadequacy of these types of systems (echoing something I heard at another event about mortgage tagging information being completely "free-fromat", without even designated fields for "City" and "State" for instance)

Data integrity was another key issue that Clifford discussed, here talking about the lack of historical performance data leading to myopia in dealing with new products and poor defintions of product leading to risk assessments based on the originator rather than on the characteristics of the product. (side note: I remember prior to the crisis the credit derivatives department at one UK bank requisitioning all new server hardware to price new CDO squared deals given it was supposedly so profitable, it was at that point that maybe I should have known something was brewing...) Clifford also outlined some further data challenges, such as the changing statistical relationship between Debt to Income ratio and mortgage defaults once incomes were self-declared on mortgages.

Moving on to consider analytics and models, Clifford outlined a lot of the concerns covered by the Modeller's Manifesto, such as the lack of qualitative judgement and over-reliance on the quantitative, efficiency and automation superceding risk management, limited capability to stress test on a regular basis, regime change, poor model validation, and cognitive biases reinforced by backward-looking statistical analysis. He made the additional point that in relation to the OFR, they should concentrate on getting good data in place before spending resource on building models.

In terms of focus going forward, Clifford said the liquidity, counterparty and credit risk management were not well understood. Possibly echoing Ricardo Rebonato's ideas, he suggested that leading indicators need to be integrated into risk modelling to provide the early warning systems we need. He advocated that the was more to do on integrating risk views across lines of business, counterparties and between the banking and trading book.

Whilst being a proponent of the OFRs potential to mandate better Analytics and data management, he warned (sensibly in my view) that we should not think that the solution to future crises is simply to set up a massive data collection and Modelling entity (see earlier post on the proposed ECB data utility)

Clifford thinks that Dodd-Frank has the potential to do for the CRO role what Sarbanes-Oxley did in elevating the CFO role. He wants risk managers to take the opportunity presented in this post-crisis period to lead the way in promoting good judgement based on sound management of data and Analytics. He warned that senior management buy-in to risk management was essential and could be forced through by regulatory edict.

This last and closing point is where I think where the role of risk management (as opposed to risk reporting) faces it's biggest challenge, in that how can a risk manager be supported in preventing a senior business manager from seeking a overly risky new business opportunity based on what "might" happen in the future - we human beings don't think about uncertainty very clearly and the lack of a resulting negative outcome will be seen by many to invalidate the concerns put forward before a decision was made. Risk management will become known as the "business prevention" department and not regarded as the key role it should be.

SIFMA declines...

I almost forgot to mention that I went along to the SIFMA event (previously known as the SIA show) last week to take a look around. For those of you not familiar with the SIFMA/SIA event, then it was the biggest financial services technology event I had ever attended/exhibited, taking up 5 massive floors at the Hilton NY. Everyone used to go there, and indeed that was one of the reasons (the only reason?) to go along. Now the event seems to dying a slow death, something I was going to write about but Adam Honore of Aite and Melanie Rodier beat me to it.

PRMIA on Systemic Risk Part #2 - plus the OFR

Lewis Alexander (ex-US Treasury) carried on the theme of systemic risk at the PRMIA seminar "Risk, Regulation and Financial Technology & Identifying the Next Crisis". He started by saying that whilst systemic risk was a risk to the economy and industry as a whole, systemic risk was also relevant to the risks (such as market or credit) that a risk manager at an individual institution needs to assess.

Lewis said that there had really only been three systemic crises over the past century or so (1907, 1933 and 2008) with obviously many more disruptions in markets that should not be described at systemic. As such this is one problem of assessing systemic risk which is that crises are rare events so there is little data to analyse. He also warned that the way the system responds to small shocks should not be taken as a proxy for how it responds to large ones, that the relationship between asset prices and systemic risk is a complex one, and that reporting (mainly accounting but also in risk) had not kept up with financial markets innovation.

Lewis said that "stress test" methods can help to identify vunerable institutions but that this method of looking at systemic risk does not deal with the propogation of risk from one institution to another. He said that network analysis can help to assess propogation but the weakness with these methods was the lack of counterparty data. Liquidity methods also suffer from a lack of data. He said that "Leading Indicators" (see past post on Bubble Indices) tell us little of what creates systemic risk.

He mentioned the use of CoVaR (based on VaR) for systemic risk, using CDS pricing to theoretically "insure" the industry against crisis and a "Merton Model" approach to estimate potential losses due to default for a group of banks. He said that all of these models were good comparators, but not good as indicators.

Given the previous talk on systemic risk, Lewis switched his focus to what can done with the main focus for him being data where we need:

• Robust data on both asset and counterparty exposures
• Data on leverage through the system
• Data on the depth of liquidity to assess the vunerability of assets to fire sales

A final few points from his talk:

• Dodd-Frank will help given new reporting mandates e.g. swap data repositories being invaluable sources of data for regulators
• Could we use the payments/settlement system to provide yet more insight into what is going on by sensibly tagging transactional flows (DTCC take note apparently!)
• SEC registration of a new financial product could help to enforce what is reported, how and to act as a limit on what products can be sold
• Lewis said that up to 5,000 attributes are needed to describe any financial transaction so it can be done
• As he became involved in the FSOC and the formation of the OFR he thought initially that collecting all the data needed was impossible, but his view has changed on this with modern technology and processing power.
• The above said, he thought that until standards were in place (such as LEI) then it did not make sense for the OFR to start collecting data
• A member of the audience suggested that if data could be published in a standard form, it would "Google to the rescue" in terms of doing aggregation across the industry without centralising the data in one store. (maybe Google plans to usurp Microsoft Excel as the defacto trading and risk management system for the industry?)

Lewis gave a very good and interesting talk. I think some of his ideas on the OFR were good, but given the state of the data infrastructure that I have observed at many large institutions I would be worried that he is being optimistic on how quickly the industry is able to pull all the data together, however standardised. I think the industry will get there (particularly if mandated), but given the legacy of past systems and infrastructure it will take some good time to achieve yet.  

PRMIA on Systemic Risk Part #1

I attend a PRMIA seminar this morning at the offices of Ernst & Young with the rather long title of "Risk, Regulation and Financial Technology & Identifying the Next Crisis".

First up was Matthew Richardson of NYU Stern with a presentation entitled "Identifying the Next Crisis". The focus of his presentation was on systemic risk, which he defined as the risk that financial institutions lose the ability to intermediate (i.e. continue to provide services) due to an aggregate capital shortfall. He presented a precise definition of the systemic risk of a firm as:

        Expected real social costs in a crisis per dollar of capital shortage
    x  Expected capital shortfall of the firm in a crisis

Matthew explained that there are three approaches to estimating systemic risk contribution:

1. Statistical approach based on public data
2. Stress tests
3. Market approach based on insurance against capital losses in a crisis

He explained that the methods his team have used have had some statistical success against data from the past crisis in showing those organisations in crisis early. I found his presentation reasonably dry (more regression analysis etc) but I thought the following where worth a mention:

• Crisis Insurance - Approach 3 on getting firms to insure themselves against capital shortfalls in a crisis sounded interesting but ended up with the insurer being the regulator (not enough capital to insure privately) and the beneficiary being the regulator. So effectively this was a tax on the systemically significant institutions, where the involvement of the private insurers was mainly to do with price discovery (i.e. setting the right level of premium (i.e. tax) for each institution)
• Short-term Indicators - Many of the approaches we have currently (VaR etc) are short term indicators and so in good times do not inhibit market behaviour as would be desired by the regulators. A good illustration was given of how short term volatility was very much lower than long term prior to the crisis and how these merged to similar levels once the crisis hit.
• Regulatory Loopholes - He put forward that this crisis was as a result not of monetary policy but of large complex financial institutions exploiting loopholes in regulation. The AIG Quarterly Filings of Feb 2008 showed that $379Billion of the $527Billion of CDS were with clients that were explicitly seeking regulatory capital relief (i.e. get the CDS in place and your capital requirement dropped to zero). He also explained how Fannie Mae and Freddie Mac were used by banks to simply "rubber stamp" mortgage pools and magically reduce the capital required down from 4% to 1.6%.
• Where to look - He said that "like water flows downhill, capital flows to its most levered point". He said to look for which parts of the financial sector are treated different under Dodd-Frank, Basel III etc and that the key candidates were 1) shadow banking and 2) government guarantees. Also you should look for those asset classes that get preferred risk weights for a given level of risk.

As often seems to be the case, I found the side comments more interesting than the main body of the presentation, but Matthew's presentation showed that a lot of work is being done on systemic risk identification and measurement in academia.

 

 

A glass of red and contrary ideas on Triple-A risk

I enjoyed myself at the drinks reception after the NYU-Poly event. Nothing new in that I guess for those of you that know me well and like me find it difficult to resist a glass or two of red wine. Whilst attempting to circulate (I am almost 2 metres tall, so rather than "circulate" I think a more appropriate word might unfortunately be "intimidate"), I struck up a conversation with an interesting gentleman by the name of Per Kurowski.

Per is a former director of the World Bank and has some contrary and interesting ideas on the financial crisis and our current methods of regulation. His first that financial crises rarely start with assets that are perceived as "risky", which I think is a pretty self-evident point but not one that I had not previously registered. His second line of argument is that our current regulation biasses our banks away from "riskier" assets and hence away from just the kinds of organisations that are a) needed for employment creation and b) do not cause crises.

Per argues that many of the big institutions are near triple-A rated and hence benefit from being able to leverage up cheaply (at low-interest rates, since they are triple-A) and are then biased by lower capital requirements to use this leveraged funding to invest in yet more triple-A assets (SPVs/other institutions such as themselves). Hence you get the double-whammy of cheap funding and biased capital requirements which naturally leads to potential distortions in anything perceived as triple-A, and a bias away from riskier assets and the risk-takers that the world economy needs.

Per expands upon these arguments in his blog and on YouTube.

Removing the punchbowl at NYU-Poly

A few of choice quotes from the rest of the day at NYU-Poly:

• "The difference between economists and meteorologists is that meteorologists can at least agree on what happended yesterday"
• "A bubble can only be identified from a trend when the bubble bursts"
• "Capital flows from strange places to strange destinations in today's financial markets"
• "In a Basel III world, the stock price of Morgan Stanley would rise if its investment banking division were sold off"
• "Basel III is a good attempt at managing systemic risk"
• "Hedge Funds are the risk takers of the future"
• "Hedge Funds have the partnership mentality that the commercial banks have lost and should regain"
• "CCPs should not compete on risk management"
• "Economists are trained to predict everything except the future"
• "Dodd Frank was a missed opportunity to consolidate the many regulators in the United States"
• "Washing D.C. is all about turf and theatre"
• "Insolvency and liquidity risk are not clearly separable"
• "Beware the Golden Rule. He who makes the Gold makes the Rule"
• "Systemic risk is not the sum of individual institutional risk"
• "As Chuck Prince said "As long as the music is playing, you’ve got to get up and dance""
• "Systemic risk management only works when we all stop dancing"
• "Regulation should remove the punchbowl just when the party is getting started"

Regulation - Putting out the fire once you know where the fire is - NYU-Poly

The first panel session at NYU-Poly after Nassim Taleb concerned itself with the increasing competition between banks and insurers, which I didn't think reached any great conclusions as to where things are heading but did give background for why banks and insurers are increasingly offering the same services (disintermediation, regulation and industry structural changes being the main reasons). One of the presenters also said that acturial methods may provide a useful framework for unhedgeable risks taken by banks. I must acknowledge that my attention span was also challenged during this session by a very early start (up pre-6am) and a distinct lack of caffeine (later rectified many times over).

Second panel session up was entitled "The Future of Financial Regulation" and proved a lot more interesting to me given that I think I learned a few new things. Main presenter was Allen Ferell from Harvard Law School. Main point I took away from this presentation was that regulation should focus more on the resolution of financial distress after (ex-post) it has occurred at an institution rather than rules and regulations to prevent it before it happens.

I found this argument quite appealing since to a large degree it avoids provisioning for the "unknown unknowns" through more and more rules and increases in capital. The reduction in pre (ex-ante) rules would also reduce the gaming of the rules that enevitability would occur, and shareholders knowing that they would be penalised and penalised quickly following financial distress would encourage them to become more interested in the levels of risk being taken on their behalf. I guess one of the main issues for the above is how such a level of financial distress would be defined and enforced in order to act as a trigger for say automatic conversion of debt to equity. Anyway, on with what Allen Ferrell had to say:

Allen said that if a financial institution had had the foresight to see the financial crisis coming, then looking across the industry there would have been a great variation in the amount of capital needed to survive the crisis. I guess here the implication here was that higher levels of capital across the industry will help, but they are unlikely to be enough for some organisations in the crisis to come.

After the crisis had hit, he said that financing from the repo market dried up as repo haircuts exploded, and he said that this was like the modern day equivalent of a bank run (where a solvent bank faced difficulty due to having to sell good assets cheaply to satisfy demands for returning of cash deposits).

Allen said that leverage and "debt overhang" made it much less likely that a financial institution would get in more equity capital following the crisis since it implied a transfer of wealth from the stockholders to bondholders. More of this important point later.

He put forward that it was not yet clear whether the 2007-8 crisis was mainly due to insolvency or due to a bank run. He argued that it was some combination of both, and referred back to the recent re-assessment of the Great Depression being caused not by a run on (solvent) banks but rather by flight of retail investors away from insolvent banks.

He concluded that much of the action for any future crisis will have to take place after any new crisis hits (ex-post), partly due to his assessment of the disconnect between equity capital needed (the current focus of things like Basel III) prior to a crisis and an institution's financial health following a crisis.

Allen suggested that contingent capital, i.e. debt capital that automatically converted in equity based on some market trigger might be very helpful in dealing with a financial crisis. Such a conversion would happen early than if an institution agreed to it earlier and would automatically dilute existing stockholders. Overall this was a thought provoking talk and the panel discussion afterwards was interesting too. One of the panelists commented that he looked for a high leverage and high ratios of CEO to CRO compensation as his measure of where to look for the next set of risky institutions. The panel also seemed to agree that with the benefit of hindsight, allowing Lehmans to fail and the resultant drying up of the money markets was a mistake, and more consistency was needed in bankruptcy and distress resolution.

Taleb and Model Fragility - NYU-Poly

I went along to spend a day in Brooklyn yesterday at NYU-Poly, now the engineering school of NYU containing the Department of Finance and Risk Engineering. The event was called the "The Post Crisis World of Finance" was sponsored by Capco.

First up was Nassim Taleb (he of Black Swan fame). His presentation was entitled "A Simple Heuristic to Assess Tail Exposure and Model Error". First time I had seen Nassim talk and like many of us he was an interesting mix of seeming nervousness and confidence whilst presenting. He started by saying that given the success and apparent accessibility to the public of his Black Swan book, he had a deficit to make up in unreadability in this presentation and his future books.

Nassim recommenced his on-going battle with proponents of Value at Risk (see earlier posts on VaR) and economists in general. He said that economics continues to be marred by the lack of any stochastic component within the models that most economists use and develop. He restated his view that economists change the world to fit their choice of model, rather than the other way round. He mentioned "The Bed of Procrustes" from Greek mythology in which a man who made his visitors fit his bed to perfection by either stretching them or cutting their limbs (good analogy but also good plug for his latest book too I guess)

He categorized the most common errors in economic models as follows:

1. Linear risks/errors - these were rare but show themselves early in testing
2. Missing variables - rare and usually gave rise to small effects (as an aside he mentioned that good models should not have too many variables)
3. Missing 2nd order effects - very common, harder to detect and potentially very harmful

He gave a few real-life examples of 3 above such as a 10% increase in traffic on the roads could result in doubling journey times whilst a 10% reduction would deliver very little benefit. He targeted Heathrow airport in London, saying that landing there was an exercise in understanding a convex function in which you never arrive 2 hours early, but arriving 2 hours later than scheduled was relatively common.

He described the effects of convexity firstly in "English" (his words):

"Don't try to cross a river that is on average 4ft deep"

and secondly in "French" (again his words - maybe a dig at Anglo-Saxon mathematical comprehension or in praise of French mathematics/mathematicians? Probably both?):

"A convex function of an average is not the average of a convex function"

Nassim then progressed to show the fragility of VaR models and their sensitivity to estimates of volatility. He showed that a 10% estimate error in volatility could produce a massive error in VaR level calculated. His arguments here on model fragility reflected a lot of what he had proposed a while back on the conversion of debt to equity in order to reduce the fragility of the world's economy (see post).

His heuristic measure mentioned in the title was then described which is to peturb some input variable such as volatility by say 15%, 20% and 25%. If the 20% result is much worse than the average of the 15 and 25 ones then you have a fragile system and should be very wary of the results and conclusions you draw from your model. He acknowledged that this was only a heuristic but said that with complex systems/models a simple heuristic like this was both pragmatic and insightful. Overall he gave a very entertaining talk with something of practical value at the end.

IKEA and Market Risk Management – Choice is a worrying thing!

Risk management and data control remain at the top of the agenda at many financial institutions. Many have said that the recent crisis highlighted the need for more consistent, transparent, high quality data management, which I totally agree with (but working for Xenomorph, I would I guess!). Although the crisis started in 2007, it would seem that many organizations still do not have the data management infrastructure in place to achieve better risk management.

I moved apartment last week and had to face the terrifying prospect of visiting IKEA to buy some new furniture. On walking through the endless corridors of furniture ideas I wondered whether the people at major financial institutions feel as I did: I knew I needed two wardrobes, I knew the dimensions of the rooms, I knew how many drawers I wanted. Then I got to the wardrobes showroom, sat in front of the “Create your own wardrobe” IKEA software and the nightmare started. How many solutions are there to solve your problems? And how many solutions, once you get to know of their existence, make you aware of a problem you didn’t know you had? That’s how I spent 2 days at IKEA choosing my furniture and still I wonder whether in the end I got the right solution for my needs.

Coming back to risk management, I imagine the same dilemma may be faced by financial institutions looking to implement a data management solution. How many software providers are out there? What data model do they use? Are they flexible enough to satisfy evolving requirements? How can we achieve an integrated data management approach? Will they support all kind of asset classes, even the most complex? 

In these times of new regulations where time goes fast and budget is tight, selection processes have become more scrupulous. 

As often happens in life, when we need a plumber for example, or a new dentist, we look for positive recommendations, people willing to endorse the efficiency and reliability of the service. So, with this in mind, please take a look at the case study we put together with Rabobank International, who have been using our TimeScape analytics and data management system at their risk department since 2002 for consolidated data management. More client stories are also available on our website here: www.xenomorph.com/casestudies. 

I hope that many of you will benefit from reading the case study and for any questions (on IKEA wardrobes too!), please get in touch...

 

More formal management of instrument valuation needed

Xenomorph has today released its white paper “Instrument Valuation Management: management of derivative and fixed income valuations in a multi-asset, multi-model, multi-datasource and multi-timeframe environment”.

The white paper expands on the “Rates, Curves and Surfaces – Golden Copy Management of Complex Datasets” white paper Xenomorph published recently (see earlier post) and describes how, despite the increasing importance of instrument valuation to investment, trading and risk management decisions, valuation management is not yet formally and fully addressed within data management strategies and remains a big concern for financial institutions.

Too often, says Xenomorph, valuations (and the analytics used to process input and calculate output data) fall between traditional data management providers and pricing model vendors. This leads to the over–use of tactical desktop spreadsheets where data “escapes” the control of the data management system, leading to an increased operational risk.

Whilst instrument valuation is certainly not the primary cause of the recent financial crisis, the lack of high quality, transparent valuations of many complex securities resulted in market uncertainty and in the failure of many risk models fed by untrustworthy valuations.

“A deeper understanding of financial products reduces operational risk and promotes quality, consistency and auditability, ensuring regulatory compliance”, says Brian Sentance, CEO Xenomorph. “Clients’ requirements have evolved and portfolio managers, traders and risk managers recognize that it is no longer sufficient to treat valuation as an external, black-box process offered by pricing service providers”, he adds.

Nowadays, regulators, auditors, clients and investors demand even more drill-down to the underlying details of an instrument’s valuation. It is therefore important to implement an integrated, consistent analytics and data management strategy which cuts across different departments and glues together reference and market data, pricing and analytics models, for transparent, high quality, independent valuation management.

“Our TimeScape solution provides a valuation environment which offers rapid and timely support for even the most complex instruments, allowing our clients to check easily the external valuation numbers, based on their choice of model and data providers”, says Sentance. “Otherwise, what is the point of good data management if the valuations and the analytics used are not based on the same data management infrastructure principles?”

For those who are interested, the white paper is available here.

 

Investment risk not rewarded

Interesting article from the FT, Reward for risk seems to be a chimera, effectively saying that more risky (volatile) equities do not necessarily provide higher returns than less risky equities. I like the suggestion that the reason for this is that "hope springs eternal" and investors buy more volatile stocks (pushing up price) in the hope of higher returns. However, as yet another illustration of the law of unintended consequences, the article goes on to suggest that choosing a benchmark index to outperform and limitations on borrowing imposed by investment mandates may both be driving this effect, are interesting and challenging ideas for investment managers.

 

Rates, curves and derived data management remains a neglected area following the crisis

Xenomorph has released its white paper 'Rates, Curves and Surfaces – Golden Copy Management of Complex Datasets'. The white paper describes how, despite the increasing interest in risk management and tighter regulations following the crisis, the management of complex datasets – such as prices, rates, curves and surfaces - remains an underrated issue in the industry. One that can undermine the effectiveness of an enterprise-wide data management strategy.

In the wake of the crisis, siloed data management, poor data quality, lack of audit trail and transparency have become some of the most talked about topics in financial markets. People have started looking at new approaches to tackle the data quality issue that found many companies unprepared after Lehman Brothers' collapse. Regulators – both nationally and internationally – strive hard to dictate parameters and guidelines.

In light of this, there seems to be a general consensus on the need for financial institutions to implement data management projects that are able to integrate both market and reference data. However, whilst having a good data management strategy in place is vital, the industry also needs to recognize the importance of model and derived data management.

Rates, curves and derived data management is too often a neglected function within financial institutions. What is the point of having an excellent data management infrastructure for reference and market data if ultimately instrument valuations and risk reports are run off spreadsheets using ad-hoc sources of data?

In this evolving environment, financial institutions are becoming aware of the implications of a poor risk management strategy but are still finding it difficult to overcome the political resistance across departments to implementing centralised standard datasets for valuations and risk.

The principles of data quality, consistency and auditability found in traditional data management functions need to be applied to the management of model and derived data too. If financial institutions do not address this issue, how will they be able to deal with the ever-increasing requests from regulators, auditors and clients to explain how a value or risk report was arrived at?

For those who are interested, the white paper is available here.