The Anthropology, Sociology, and Epistemology of Risk

Background - I went along to my first PRMIA event in Stamford, CT last night, with the rather grandiose title of "The Anthropology, Sociology, and Epistemology of Risk". Stamford is about 30 miles north of Manhattan and is the home to major offices of a number of financial markets companies such as Thomson Reuters, RBS and UBS (who apparently have the largest column-less trading floor in the world at their Stamford headquarters - particularly useful piece of trivia for you there...). It also happens to be about 5 minutes drive/train journey away from where I now live, so easy for me to get to (thanks for another useful piece of information I hear you say...). Enough background, more on the event which was a good one with five risk managers involved in an interesting and sometimes philosophical discussion on fundamentally what "risk management" is all about.

Introduction - Marc Groz who heads the Stamford Chapter of PRMIA introduced the evening and started by thanking Barry Schwimmer for allowing PRMIA to use the Stamford Innovation Centre (the Old Town Hall) for the meeting. Henrik Neuhaus moderated the panel, and started by outlining the main elements of the event title as a framework for the discussion:

• Anthropology - risk management is to what purpose?
• Sociology - how does risk management work?
• Epistemology - what knowledge is really contained within risk management?

Henrik started by taking a passage about anthropology and replacing human "development" with "risk management" which seemed to fit ok, although the angle I was expecting was much more about human behaviour in risk management than where Henrik started. Henrik asked the panel what results they had seen from risk management and what did that imply about risk management? The panelists seemed a little confused or daunted by the question prompting one of them to ask "Is that the question?".

Business Model and Risk Culture - Elliot Noma dived in by responding that the purpose of risk management obviously depended very much on what are the institutional goals of the organization. He said that it was as much about what you are forced to do and what you try to do in risk management. Elliot said that the sell-side view of risk management was very regulatory and capital focused, whereas mutual funds are looking more at risk relative to benchmarks and performance attribution. He add that in the alternatives (hedge-fund) space then there were no benchmarks and the focus was more about liquidity and event risk.

Steve Greiner said that it was down to the investment philosophy and how risk is defined and measured. He praised some asset managers where the risk managers sit across from the portfolio managers and are very much involved in the decision making process.

Henrik asked the panel whether any of the panel had ever defined a “mission statement” for risk management. Marc Groz chipped in that he remember that he had once defined one, and that it was very different from what others in the institution were expecting and indeed very different from the risk management that he and his department subsequently undertook.

Mark Szycher (of GM Pension Fund) said that risk management split into two areas for him, the first being the symmetrical risks where you need to work out the range of scenarios for a particular trade or decision being taken. The second was the more asymmetrical risks (i.e. downside only) such as those found in operational risk where you are focused on how best to avoid them happening.

Micro Risk Done Well - Santa Federico said that he had experience of some of the major problems experienced at institutions such as Merrill Lynch, Salomen Brothers and MF Global, and that he thought risk management was much more of a cultural problem than a technical one. Santa said he thought that the industry was actually quite good at the micro (trade, portfolio) risk management level, but obviously less effective at the large systematic/economic level. Mark asked Santa what was the nature of the failures he had experienced. Santa said that the risks were well modeled, but maybe the assumptions around macro variables such as the housing market proved to be extremely poor.

Keep Dancing? - Henrik asked the panel what might be done better? Elliot made the point that some risks are just in the nature of the business. If a risk manager did not like placing a complex illiquid trade and the institution was based around trading in illiquid markets then what is a risk manager to do? He quote the Citi executive who said “ whilst the music is still playing we have to dance”. Again he came back to the point that the business model of the institution drives its cultural and the emphasis of risk management (I guess I see what Elliot was saying but taken one way it implied that regardless of what was going on risk management needs to fit in with it, whereas I am sure that he meant that risk managers must fit in with the business model mandated to shareholders).

Risk Attitudes in the USA - Mark said that risk managers need to recognize that the improbable is maybe not so improbable and should be more prepared for the worst rather than risk management under “normal” market and institutional behavior. Steven thought that a cultural shift was happening, where not losing money was becoming as important to an organization as gaining money. He said that in his view, Europe and Asia had a stronger risk culture than in the United States, with much more consensus, involvement and even control over the trading decisions taken. Put another way, the USA has more of a culture of risk taking than Europe. (I have my own theories on this. Firstly I think that the people are generally much more risk takers in the USA than in UK/Europe, possibly influenced in part by the relative lack of underlying social safety net – whilst this is not for everyone, I think it produces a very dynamic economy as a result. Secondly, I do not think that cultural desire in the USA for the much admired “presidential” leader necessarily is the best environment for sound, consensus based risk management. I would also like to acknowledge that neither of my two points above seem to have protected Europe much from the worst of the financial crisis, so it is obviously a complex issue!).

Slaves to Data? - Henrik asked whether the panel thought that risk managers were slaves to data? He expanded upon this by asking what kinds of firms encourage qualitative risk management and not just risk management based on Excel spreadsheets? Santa said that this kind of qualitative risk management occurred at a business level and less so at a firm wide level. In particular he thought this kind of culture was in place at many hedge funds, and less so at banks. He cited one example from his banking career in the 1980's, where his immediate boss was shouted off the trading floor by the head of desk, saying that he should never enter the trading floor again (oh those were the days...). 

Sociology and Credibility - Henrik took a passage on the historic development of women's rights and replaced the word "women" with "risk management" to illustrate the challenges risk management is facing with trying to get more say and involvement at financial institutions. He asked who should the CRO report to? A CEO? A CIO? Or a board member? Elliot responded by saying this was really a issue around credibility with the business for risk managers and risk management in general. He made the point that often Excel and numbers were used to establish credibility with the business. Elliot added that risk managers with trading experience obviously had more credibility, and to some extent where the CRO reported to was dependent upon the credibility of risk management with the business. 

Trading and Risk Management Mindsets - Elliot expanded on his previous point by saying that the risk management mindset thinks more in terms of unconditional distributions and tries to learn from history. He contrasted this with a the "conditional mindset' of a trader, where the time horizon forwards (and backwards) is rarely longer than a few days and the belief is strong that a trade will work today given it worked yesterday is high. Elliot added that in assisting the trader, the biggest contribution risk managers can make is more to be challenging/helpful on the qualitative side rather than just quantitative.

Compensation and Transactions - Most of the panel seemed to agree that compensation package structure was a huge influencer in the risk culture of an organisation. Mark touched upon a pet topic of mine, which is that it very hard for a risk manager to gain credibility (and compensation) when what risk management is about is what could happen as opposed to what did happen. A risk manager blocking a trade due to some potentially very damaging outcomes will not gain any credibility with the business if the trading outcome for the suggested trade just happened to come out positive. There seemed to be concensus here that some of the traditional compensation models that were based on short-term transactional frequency and size were ill-formed (given the limited downside for the individual), and whilst the panel reserved judgement on the effectiveness of recent regulation moves towards longer-term compensation were to be welcome from a risk perspective.

MF Global and Busines Models - Santa described some of his experiences at MF Global, where Corzine moved what was essentially a broker into taking positions in European Sovereign Bonds. Santa said that the risk management culture and capabilities were not present to be robust against senior management for such a business model move. Elliot mentioned that he had been courted for trades by MF Global and had been concerned that they did not offer electronic execution and told him that doing trades through a human was always best. Mark said that in the area of pension fund management there was much greater fidiciary responsibility (i.e. behave badly and you will go to jail) and maybe that kind of responsibility had more of a place in financial markets too. Coming back to the question of who a CRO should report to, Mark also said that questions should be asked to seek out those who are 1) less likely to suffer from the "agency" problem of conflicts of interest and on a related note those who are 2) less likely to have personal biases towards particular behaviours or decisions.

Santa said that in his opinion hedge funds in general had a better culture where risk management opinions were heard and advice taken. Mark said that risk managers who could get the business to accept moral persuasion were in a much stronger position to add value to the business rather than simply being able to "block" particular trades. Elliot cited one experience he had where the traders under his watch noticed that a particular type of trade (basis trades) did not increase their reported risk levels, and so became more focussed on gaming the risk controls to achieve high returns without (reported) risk. The panel seemed to be in general agreement that risk managers with trading experience were more credible with the business but also more aware of the trader mindset and behaviors. 

Do we know what we know? - Henrik moved to his third and final subsection of the evening, asking the panel whether risk managers really know what they think they know. Elliot said that traders and risk managers speak a different language, with traders living in the now, thinking only of the implications of possible events such as those we have seen with Cyprus or the fiscal cliff, where the risk management view was much less conditioned and more historical. Steven re-emphasised the earlier point that risk management at this micro trading level was fine but this was not what caused events such as the collapse of MF Global.

Rational argument isn't communication - Santa said that most risk managers come from a quant (physics, maths, engineering) background and like structured arguments based upon well understood rational foundations. He said that this way of thinking was alien to many traders and as such it was a communication challenge for risk managers to explain things in a way that traders would actually put some time to considering. On the modelling side of things, Santa said that sometimes traders dismissed models as being "too quant" and sometimes traders followed models all too blindly without questioning or understanding the simplifying assumptions they are based on. Santa summarised by saying that risk management needs to intuitive for traders and not just academically based. Mark added that a quantitative focus can sometimes become too narrow (modeler's manifesto anyone?) and made the very profound point that unfortunately precision often wins over relevance in the creation and use of many models. Steven added that traders often deal with absolutes, so as knowing the spread between two bonds to the nearest basis point, whereas a risk manager approaching them with a VaR number really means that this is the estimated VaR which really should be thought to be within a range of values. This is alien to the way traders think and hence harder to explain.

Unanticipated Risk - An audience member asked whether risk management should focus mainly on unanticipated risks rather than "normal' risks. Elliot said that in his trading he was always thinking and checking whether the markets were changing or continuing with their recent near-term behaviour patterns. Steven said that history was useful to risk management when markets were "normal", but in times of regime shifts this was not the case and cited the example of the change in markets when Mario Dragi announced that the ECB would stand behind the Euro and its member nations. 

Risky Achievements - Henrik closed the panel by asking each member what they thought was there own greatest achievement in risk management. Elliot cited a time when he identified that a particular hedge fund had a relatively inconspicuous position/trade that he identified as potentially extremely dangerous and was proved correct when the fund closed down due to this. Steven said he was proud of some good work he and his team did on stress testing involving Greek bonds and Eurozone. Santa said that some of the work he had done on portfolio "risk overlays" was good. Mark ended the panel by saying that he thought his biggest achievement was when the traders and portfolio managers started to come to the risk management department to ask opinions before placing key trades. Henrik and the audience thanked the panel for their input and time.

An Insured View - After the panel closed I spoke with an actuary who said that he had greatly enjoyed the panel discussions but was surprised that when talking of how best to support the risk management function in being independent and giving "bad" news to the business, the role of auditors were not mentioned. He said he felt that auditors were a key support to insurers in ensuring any issues were allowed to come to light. So food for thought there as to whether financial markets can learn from other industry sectors.

Summary - great evening of discussion, only downside being the absence of wine once the panel had closed!

 

Spreadsheet control and contagion

Just caught saw a reference on LinkedIn to this FT article "Finance groups lack spreadsheet controls". Started to write a quick response and given it is one of my major hobby-horses, I ended up doing a bit of an essay, so I decided to post it here too:

"As many people have pointed out elsewhere, much of the problem with spreadsheet usage is that they are not treated as a corporate and IT asset, and as such things like testing, peer review and general QA are not applied (mind you, maybe more of that should still be applied to many mainstream software systems in financial markets...). 

Ralph and the guys at Cluster Seven do a great job in helping institutions to manage and monitor spreadsheet usage (I like Ralph's "we are CCTV for spreadsheets" analogy), but I think a fundamental (and often overlooked) consideration is to ask yourself why did the business users involved decide that they needed spreadsheets to manage trading and risk in the first place? It is a bit like trying to address the symptoms of a illness without ever considering how we got the illness in the first place. 

Excel is a great tool, but to quote Spider-Man "with great power comes great responsibility" and I guess we can all see the consequences of not taking the usage of spreadsheets seriously and responsibly. So next time the trader or risk manager says "we've just built this really great model in Excel" ask them why they built it in Excel, and why they didn't build upon the existing corporate IT solutions and tools. In these cost- and risk- conscious times, I think the answers would be interesting..."

 

Analytics Strategy from Numerix

Good post from Jim Jockle over at Numerix - main theme is around having an "analytics" strategy in place in addition to (and probably as part of) a "Big Data" strategy. Fits strongly around Xenomorph's ideas on having both data management and analytics management in place (a few posts on this in the past, try this one from a few years back) - analytics generate the most valuable data of all, yet the data generated by analytics and the input data that supports analytics is largely ignored as being too business focussed for many data management vendors to deal with, and too low level for many of the risk management system vendors to deal with. Into this gap in functionality falls the risk manager (supported by many spreadsheets!), who has to spend too much time organizing and validating data, and too little time on risk management itself.

Within risk management, I think it comes down to having the appropriate technical layers in place of data management, analytics/pricing management and risk model management. Ok it is a greatly simplified representation of the architecture needed (apologies to any techies reading this), but the majority of financial institutions do not have these distinct layers in place, with each of these layers providing easy "business user" access to allow risk managers to get to the "detail" of the data when regulators, auditors and clients demand it. Regulators are finally waking up to the data issue (see Basel on data aggregation for instance) but more work is needed to pull analytics into the technical architecture/strategy conversation, and not just confine regulatory discussions of pricing analytics to model risk. 

Big Data – What is its Value to Risk Management?

A little late on these notes from this PRMIA Event on Big Data in Risk Management that I helped to organize last month at the Harmonie Club in New York. Big thank you to my PRMIA colleagues for taking the notes and for helping me pull this write-up together, plus thanks to Microsoft and all who helped out on the night.

Introduction: Navin Sharma (of Western Asset Management and Co-Regional Director of PRMIA NYC) introduced the event and began by thanking Microsoft for its support in sponsoring the evening. Navin outlined how he thought the advent of “Big Data” technologies was very exciting for risk management, opening up opportunities to address risk and regulatory problems that previously might have been considered out of reach.

Navin defined Big Data as the structured or unstructured in receive at high volumes and requiring very large data storage. Its characteristics include a high velocity of record creation, extreme volumes, a wide variety of data formats, variable latencies, and complexity of data types. Additionally, he noted that relative to other industries, in the past financial services has created perhaps the largest historical sets of data and continually creates enormous amount of data on a daily or moment-by-moment basis. Examples include options data, high frequency trading, and unstructured data such as via social media.  Its usage provides potential competitive advantages in a trading and investment management. Also, by using Big Data it is possible to have faster and more accurate recognition of potential risks via seemingly disparate data - leading to timelier and more complete risk management of investments and firms’ assets. Finally, the use of Big Data technologies is in part being driven by regulatory pressures from Dodd-Frank, Basel III, Solvency II, Markets for Financial Instruments Directives (1 & 2) as well as Markets for Financial Instruments Regulation.

Navin also noted that we will seek to answer questions such as:

• What is the impact of big data on asset management?
• How can Big Data’s impact enhance risk management?
• How is big data used to enhance operational risk?

Presentation 1: Big Data: What Is It and Where Did It Come From?: The first presentation was given by Michael Di Stefano (of Blinksis Technologies), and was titled “Big Data. What is it and where did it come from?”.  You can find a copy of Michael’s presentation here. In summary Michael started with saying that there are many definitions of Big Data, mainly defined as technology that deals with data problems that are either too large, too fast or too complex for conventional database technology. Michael briefly touched upon the many different technologies within Big Data such as Hadoop, MapReduce and databases such as Cassandra and MongoDB etc. He described some of the origins of Big Data technology in internet search, social networks and other fields. Michael described the “4 V’s” of Big Data: Volume, Velocity, Variety and a key point from Michael was “time to Value” in terms of what you are using Big Data for. Michael concluded his talk with some business examples around use of sentiment analysis in financial markets and the application of Big Data to real-time trading surveillance.

Presentation 2: Big Data Strategies for Risk Management: The second presentation “Big Data Strategies for Risk Management” was introduced by Colleen Healy of Microsoft (presentation here). Colleen started by saying expectations of risk management are rising, and that prior to 2008 not many institutions had a good handle on the risks they were taking. Risk analysis needs to be done across multiple asset types, more frequently and at ever greater granularity. Pressure is coming from everywhere including company boards, regulators, shareholders, customers, counterparties and society in general. Colleen used to head investor relations at Microsoft and put forward a number of points:

• A long line of sight of one risk factor does not mean that we have a line of sight on other risks around.
• Good risk management should be based on simple questions.
• Reliance on 3^rd parties for understanding risk should be minimized.
• Understand not just the asset, but also at the correlated asset level.
• The world is full of fast markets driving even more need for risk control
• Intraday and real-time risk now becoming necessary for line of sight and dealing with the regulators
• Now need to look at risk management at a most granular level.

Colleen explained some of the reasons why good risk management remains a work in progress, and that data is a key foundation for better risk management. However data has been hard to access, analyze, visualize and understand, and used this to link to the next part of the presentation by Denny Yu of Numerix.

Denny explained that new regulations involving measures such as Potential Future Exposure (PFE) and Credit Value Adjustment (CVA) were moving the number of calculations needed in risk management to a level well above that required by methodologies such as Value at Risk (VaR). Denny illustrated how the a typical VaR calculation on a reasonable sized portfolio might need 2,500,000 instrument valuations and how PFE might require as many as 2,000,000,000. He then explain more of the architecture he would see as optimal for such a process and illustrated some of the analysis he had done using Excel spreadsheets linked to Microsoft’s high performance computing technology.

Presentation 3: Big Data in Practice: Unintentional Portfolio Risk: Kevin Chen of Opera Solutions gave the third presentation, titled “Unintentional Risk via Large-Scale Risk Clustering”. You can find a copy of the presentation here. In summary, the presentation was quite visual and illustrating how large-scale empirical analysis of portfolio data could produce some interesting insights into portfolio risk and how risks become “clustered”. In many ways the analysis was reminiscent of an empirical form of principal component analysis i.e. where you can see and understand more about your portfolio’s risk without actually being able to relate the main factors directly to any traditional factor analysis. 

Panel Discussion: Brian Sentance of Xenomorph and the PRMIA NYC Steering Committee then moderated a panel discussion. The first question was directed at Michael “Is the relational database dead?” – Michael replied that in his view relational databases were not dead and indeed for dealing with problems well-suited to relational representation were still and would continue to be very good. Michael said that NoSQL/Big Data technologies were complimentary to relational databases, dealing with new types of data and new sizes of problem that relational databases are not well designed for. Brian asked Michael whether the advent of these new database technologies would drive the relational database vendors to extend the capabilities and performance of their offerings? Michael replied that he thought this was highly likely but only time would tell whether this approach will be successful given the innovation in the market at the moment. Colleen Healy added that the advent of Big Data did not mean the throwing out of established technology, but rather an integration of established technology with the new such as with Microsoft SQL Server working with the Hadoop framework.

Brian asked the panel whether they thought visualization would make a big impact within Big Data? Ken Akoundi said that the front end applications used to make the data/analysis more useful will evolve very quickly. Brian asked whether this would be reminiscent of the days when VaR first appeared, when a single number arguably became a false proxy for risk measurement and management? Ken replied that the size of the data problem had increased massively from when VaR was first used in 1994, and that visualization and other automated techniques were very much needed if the headache of capturing, cleansing and understanding data was to be addressed.

Brian asked whether Big Data would address the data integration issue of siloed trading systems? Colleen replied that Big Data needs to work across all the silos found in many financial organizations, or it isn’t “Big Data”. There was general consensus from the panel that legacy systems and people politics were also behind some of the issues found in addressing the data silo issue.

Brian asked if the panel thought the skills needed in risk management would change due to Big Data? Colleen replied that effective Big Data solutions require all kinds of people, with skills across a broad range of specific disciplines such as visualization. Generally the panel thought that data and data analysis would play an increasingly important part for risk management. Ken put forward his view all Big Data problems should start with a business problem, with not just a technology focus. For example are there any better ways to predict stock market movements based on the consumption of larger and more diverse sources of information. In terms of risk management skills, Denny said that risk management of 15 years ago was based on relatively simply econometrics. Fast forward to today, and risk calculations such as CVA are statistically and computationally very heavy, and trading is increasingly automated across all asset classes. As a result, Denny suggested that even the PRMIA PRM syllabus should change to focus more on data and data technology given the importance of data to risk management.

Asked how best to should Big Data be applied?, then Denny replied that echoed Ken in saying that understanding the business problem first was vital, but that obviously Big Data opened up the capability to aggregate and work with larger datasets than ever before. Brian then asked what advice would the panel give to risk managers faced with an IT department about to embark upon using Big Data technologies? Assuming that the business problem is well understood, then Michael said that the business needed some familiarity with the broad concepts of Big Data, what it can and cannot do and how it fits with more mainstream technologies. Colleen said that there are some problems that only Big Data can solve, so understanding the technical need is a first checkpoint. Obviously IT people like working with new technologies and this needs to be monitored, but so long as the business problem is defined and valid for Big Data, people should be encouraged to learn new technologies and new skills. Kevin also took a very positive view that IT departments should  be encouraged to experiment with these new technologies and understand what is possible, but that projects should have well-defined assessment/cut-off points as with any good project management to decide if the project is progressing well. Ken put forward that many IT staff were new to the scale of the problems being addressed with Big Data, and that his own company Opera Solutions had an advantage in its deep expertise of large-scale data integration to deliver quicker on project timelines.

Audience Questions: There then followed a number of audience questions. The first few related to other ideas/kinds of problems that could be analyzed using the kind of modeling that Opera had demonstrated. Ken said that there were obvious extensions that Opera had not got around to doing just yet. One audience member asked how well could all the Big Data analysis be aggregated/presented to make it understandable and usable to humans? Denny suggested that it was vital that such analysis was made accessible to the user, and there general consensus across the panel that man vs. machine was an interesting issue to develop in considering what is possible with Big Data. The next audience question was around whether all of this data analysis was affordable from a practical point of view. Brian pointed out that there was a lot of waste in current practices in the industry, with wasteful duplication of ticker plants and other data types across many financial institutions, large and small. This duplication is driven primarily by the perceived need to implement each institution’s proprietary analysis techniques, and that this kind of customization was not yet available from the major data vendors, but will become more possible as cloud technology such as Microsoft’s Azure develops further. There was a lot of audience interest in whether Big Data could lead to better understanding of causal relationships in markets rather than simply correlations. The panel responded that causal relationships were harder to understand, particularly in a dynamic market with dynamic relationships, but that insight into correlation was at the very least useful and could lead to better understanding of the drivers as more datasets are analyzed.

 

Chartis Research - Data Management for Risk White Paper

New whitepaper on data management for risk from the analysts Chartis Research, including a section on how Xenomorph's TimeScape solution addresses some of the key issues identified.

The Missing Data Gap

Getting to the heart of "Data Management for Risk", PRMIA held an event entitled "Missing Data for Risk Management Stress Testing" at Bloomberg's New York HQ last night. For those of you who are unfamiliar with the topic of "Data Management for Risk", then the following diagram may help to further explain how the topic is to do with all the data sets feeding the VaR and scenario engines.

I have a vested interest in saying this (and please forgive the product placement in the diagram above, but hey this is what we do...), but the topic of data management for risk seems to fall into a functionality gap between: i) the risk system vendors who typically seem to assume that the world of data is perfect and that the topic is too low level to concern them and ii) the traditional data management vendors who seem to regard things like correlations, curves, spreads, implied volatilities and model parameters as too business domain focussed (see previous post on this topic) As a result, the risk manager is typically left with ad-hoc tools like spreadsheets and other analytical packages to perform data validation and filling of any missing data found. These ad-hoc tools are fine until the data universe grows larger, leading to the regulators becoming concerned about just how much data is being managed "out of system" (see past post for some previous thoughts on spreadsheets).

The Crisis and Data Issues. Anyway enough background above and on to some of the issues raised at the event. Navin Sharma of Western Asset Management started the evening by saying that pre-crisis people had a false sense of security around Value at Risk, and that crisis showed that data is not reliably smooth in nature. Post-crisis, then questions obviously arise around how much data to use, how far back and whether you include or exclude extreme periods like the crisis. Navin also suggested that the boards of many financial institutions were now much more open to reviewing scenarios put forward by the risk management function, whereas pre-crisis their attention span was much more limited.

Presentation. Don Wesnofske did a great presentation on the main issues around data and data governance in risk (which I am hoping to link to here shortly...)

Issues with Sourcing Data for Risk and Regulation. Adam Litke of Bloomberg asked the panel what new data sourcing challenges were resulting from the current raft of regulation being implemented. Barry Schachter cited a number of Basel-related examples. He said that the costs of rolling up loss data across all operations was prohibitative, and hence there were data truncation issues to be faced when assessing operational risk. Barry mentioned that liquidity calculations were new and presenting data challenges. Non centrally cleared OTC derivatives also presented data challenges, with initial margin calculations based on stressed VaR. Whilst on the subject of stressed VaR, Barry said that there were a number of missing data challenges including the challenge of obtaining past histories and of modelling current instruments that did not exist in past stress periods. He said that it was telling on this subject that the Fed had decided to exclude tier 2 banks from stressed VaR calculations on the basis that they did not think these institutions were in a position to be able to calculate these numbers given the data and systems that they had in place.

Barry also mentioned the challenges of Solvency II for insurers (and their asset managers) and said that this was a huge exercise in data collection. He said that there were obvious difficulties in modelling hedge fund and private equity investments, and that the regulation penalised the use of proxy instruments where there was limited "see-through" to the underlying investments. Moving on to UCITS IV, Barry said that the regulation required VaR calculations to be regularly reviewed on an ongoing basis, and he pointed out one issue with much of the current regulation in that it uses ambiguous terms such as models of "high accuracy" (I guess the point being that accuracy is always arguable/subjective for an illiquid security).

Sandhya Persad of Bloomberg said that there were many practical issues to consider such as exchanges that close at different times and the resultant misalignment of closing data, problems dealing with holiday data across different exchanges and countries, and sourcing of factor data for risk models from analysts. Navin expanded more on his theme of which periods of data to use. Don took a different tack, and emphasised the importance of getting the fundamental data of client-contract-product in place, and suggested that this was a big challenge still at many institutions. Adam closed the question by pointing out the data issues in everyday mortgage insurance as an example of how prevalant data problems are.

What Missing Data Techniques Are There? Sandhya explained a few of the issues her and her team face working at Bloomberg in making decisions about what data to fill. She mentioned the obvious issue of distance between missing data points and the preceding data used to fill it. Sandhya mentioned that one approach to missing data is to reduce factor weights down to zero for factors without data, but this gave rise to a data truncation issue. She said that there were a variety of statistical techniques that could be used, she mentioned adaptive learning techniques and then described some of the work that one of her colleagues had been doing on maximum-likehood estimation, whereby in addition to achieving consistency with the covariance matrix of "near" neighbours, that the estimation also had greater consistency with the historical behaviour of the factor or instrument over time.

Navin commented that fixed income markets were not as easy to deal with as equity markets in terms of data, and that at sub-investment grade there is very little data available. He said that heuristic models where often needed, and suggested that there was a need for "best practice" to be established for fixed income, particularly in light of guidelines from regulators that are at best ambiguous.

I think Barry then made some great comments about data and data quality in saying that risk managers need to understand more about the effects (or lack of) that input data has on the headline reports produced. The reason I say great is that I think there is often a disconnect or lack of knowledge around the effects that input data quality can have on the output numbers produced. Whilst regulators increasingly want data "drill-down" and justfication on any data used to calculate risk, it is still worth understanding more about whether output results are greatly sensitive to the input numbers, or whether maybe related aspects such as data consistency ought to have more emphasis than say absolute price accuracy. For example, data quality was being discussed at a recent market data conference I attended and only about 25% of the audience said that they had ever investigated the quality of the data they use. Barry also suggested that you need to understand to what purpose the numbers are being used and what effect the numbers had on the decisions you take. I think here the distinction was around usage in risk where changes/deltas might be of more important, whereas in calculating valuations or returns then price accuracy might receieve more emphasis. 

How Extensive is the Problem? General consensus from the panel was that the issues importance needed to be understood more (I guess my experience is that the regulators can make data quality important for a bank if they say that input data issues are the main reason for blocking approval of an internal model for regulatory capital calculations). Don said that any risk manager needed to be able to justify why particular data points were used and there was further criticism from the panel around regulators asking for high quality without specifying what this means or what needs to be done.

Summary - My main conclusions:

• Risk managers should know more of how and in what ways input data quality affects output reports
• Be aware of how your approach to data can affect the decisions you take
• Be aware of the context of how the data is used
• Regulators set the "high quality" agenda for data but don't specify what "high quality" actually is
• Risk managers should not simply accept regulatory definitions of data quality and should join in the debate

Great drinks and food afterwards (thanks Bloomberg!) and a good evening was had by all, with a topic that needs further discussion and development.

 

 

We Can’t Upgrade, the Data Model’s Changed!

New article with some of my thoughts on data models, interfaces and software upgrades has just gone up on the Waters Inside Reference Data site.

 

Charting, Heatmaps and Reports for TimeScape, plus new Query Explorer

We have a great new software release out today for TimeScape, Xenomorph's analytics and data management solution, more details of which you can find here. For some additional background to this release then please take a read below.

For many users of Xenomorph's TimeScape, our Excel interface to TimeScape has been a great way of extending and expanding the data analysis capabilities of Excel through moving the burden of both the data and the calculation out of each spreadsheet and into TimeScape. As I have mentioned before, spreadsheets are fantastic end-user tools for ad-hoc reporting and analysis, but problems arise when their very usefulness and ease of use cause people to use them as standalone desktop-based databases. The four-hundred or so functions available in TimeScape for Excel, plus Excel access to our TimeScape QL+ Query Language have enabled much simpler and more powerful spreadsheets to be built, simply because Excel is used as a presentation layer with the hard work being done centrally in TimeScape.

Many people like using spreadsheets, however many users equally do not and prefer more application based functionality. Taking this feedback on board has previously driven us to look at innovative ways of extending data management, such as embedding spreadsheet-like calculations inside TimeScape and taking them out of spreadsheets with our SpreadSheet Inside technology. With this latest release of TimeScape, we are providing much of the ease of use, analysis and reporting power of spreadsheets but doing so in a more consistent and centralised manner. Charts can now be set up as default views on data so that you can quickly eyeball different properties and data sources for issues. New Heatmaps allow users to view large colour-coded datasets and zoom in quickly on areas of interest for more analysis. Plus our enhanced Reporting functionality allows greater ease of use and customisation when wanting to share data analysis with other users and departments.

Additionally, the new Query Explorer front really shows off what is possible with TimeScape QL+, in allowing users to build and test queries in the context of easily configurable data rules for things such as data source preferences, missing data and proxy instruments. The new auto-complete feature is also very useful when building queries, and automatically displays all properties and methods available at each point in the query, even including user-defined analytics and calculations. It also displays complex and folded data in an easy manner, enabling faster understanding and analysis of more complex data sets such as historical volatility surfaces. 

Front to back office data management

Some recent thoughts in Advanced Trading on turning data management on its head, and how to extend data management initiatives from the back office into both risk management and the front office.

Paris Financial Information Summit 2012

I attended the Financial Information Summit event on Tuesday, organized in Paris by Inside Market Data and Inside Reference Data.

Unsurprisingly, most of the topics discussed during the panels focused on reducing data costs, managing the vendor relationship strategically, LEI and building sound data management strategies.

Here is a (very) brief summary of the key points touched which generated a good debate from both panellists and audience:

Lowering data costs and cost containment panels

• Make end-users aware of how much they pay for that data so that they will have a different perspective when deciding if the data is really needed or a "nice to have"
• Build a strong relationship with the data vendor: you work for the same aim and share the same industry issues
• Evaluate niche data providers who are often more flexible and willing to assist while still providing high quality data
• Strategic vendor management is needed within financial institutions: this should be an on-going process aimed to improve contract mgmt for data licenses
• A centralized data management strategy and consolidation of processes and data feeds allow cost containment (something that Xenomorph have long been advocating)
• Accuracy and timeliness of data is essential: make sure your vendor understands your needs
• Negotiate redistribution costs to downstream systems

One good point was made by David Berry, IPUG-Cossiom, on the acquisition of data management software vendors by the same data providers (referring to the Markit-Cadis and PolarLake-Bloomberg deals) and stating that it will be tricky to see how the two business units will be managed "separately" (if kept separated...I know what you are thinking!).

There were also interesting case studies and examples supporting the points above. Many panellists pointed out how difficult can be to obtain high quality data from vendors and that only regulation can actually improve the standards. Despite the concerns, I must recognize that many firms are now pro-actively approaching the issue and trying to deal with the problem in a strategic manner. For example, Hand Henrik Hovmand, Market Data Manager, Danske Bank, explained how Danske Bank are in the process of adopting a strategic vendor system made of 4 steps: assessing vendor, classifying vendor, deciding what to do with the vendor and creating a business plan. Vendors are classified as strategic, tactical, legacy or emerging. Based on this classification, then the "bad" vendors are evaluated to verify if they are enhancing data quality. This vendor landscape is used both internally and externally during negotiation and Hovmand was confident it will help Danske Bank to contain costs and get more for the same price.

I also enjoyed the panel on Building a sound management strategy where Alain Robert- Dauton, Sycomore Asset Management, was speaking. He highlighted how asset managers, in particular smaller firms, are now feeling the pressure of regulators but at the same time are less prepared to deal with compliance than larger investment banks. He recognized that asset managers need to invest in a sound risk data management strategy and supporting technology, with regulators demanding more details, reports and high quality data.

For a summary on what was said on LEI, then seems like most financial institutions are still unprepared on how it should be implemented, due to uncertainty around it but I refer you to an article from Nicholas Hamilton in Inside Reference Data for a clear picture of what was discussed during the panel.

Looking forward, the panellists agreed that the main challenge is and will be managing the increasing volume of data. Though, as Tom Dalglish affirmed, the market is still not ready for the cloud, given than not much has been done in terms of legislation. Watch out!

The full agenda of the event is available here.

PRMIA - Operational Risk, Big Data and Human Behaviour

I attended Challenges and Innovations in Operational Risk Management event last night which was surprisingly interesting. I say surprising since I must admit to some prejudice against learning about operational risk, which has for me the unfortunate historical reputation of being on the dull side.

Definition of Operational Risk

Michael Duffy (IBM GRC Strategy Leader, Ex-CEO of OpenPages) was asked by the moderator to define Operational Risk. Michael answered that he assumed that most folks attending already knew the definition (fair comment, the auditorium was full of risk managers...), but he sees it in practice as the definition of policy, the controls to enforce the policies and ongoing monitoring of the performance of the controls. Michael suggestion that many where looking to move the scope and remit of Operational Risk into business performance improvement, but clients are not there yet on this more advanced aspect.

Vick Panwar (Financial Services Industry Lead, SAS) added that Operational Risk was there to mitigate the risks for those unexpected future events (getting into the territory of Dick Cheney's Unknown Unknowns which I never tire of, particularly after a glass of wine).

Rajeev Lakra (Director Operational Risk Management, GE Treasury) took his definition from Basel II of Operational Risk as risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Coming from GE, he said that he thought of best practice Operational Risk as similar to another GE initiative in the use of Six Sigma for improving process management. Raj said that his operational risks were mainly concerned with trade execution so covering data quality/errors, human error and settlement errors.

Beyond Box Ticking for Operational Risk

Raj said that Operational Risk is treated seriously at GE with the Head of Operational Risk reporting into the CRO and leaders of Operational Risk in each business division.

Michael suggested that the "regulators force us to do it" motive for Operational Risk had reduced given some of the operational failures during the financial crisis and recent "rogue trader" events, with the majority of institutions post-2008 having created risk committees at the "C" level and being so much more aware of tail events and the reputational damage that can damage shareholder value.

Vik said that Operational Risk is concerned primarily with "tail events" which by definition are not limited in size and therefore should be treated seriously. Pragmatically, he suggested that "the regulators need it" should be used as an excuse if there was no other way to get people to pay attention, but getting them to understand the importance of it was far more powerful.

The "What's in it for you" Approach to Operational Risk

Raj emphasised that it was possible to emphasise the benefits of operational risk to people in their everyday jobs, explaining to operators/managers that if they get frustated with failures/problems in the working day, then wouldn't it be great if these problems/losses were recorded so that they could justify a process change to senior management. He emphasised that this was a big cultural challange at GE.

Michael suggested that his clients in financial markets had gone through risk assessment, controls and recording of losses, but had not yet progressed to the use of Operational Risk to improve business performance.

Duplication of Effort

A key thing that all the panelists discussed was the overlap at many organisations between Operational Risk, Audit and Compliance. The said that the testing of the controls used for each had much in overlap, but was not based on a common nomenclature nor on common systems. For instance Vik pointed out that many of the tests on controls in Sarbanes-Oxley compliance were re-usable in an Operational Risk context, but that this was not yet happening. Vik said that this pointed to the need for comprehensive GRC platform rather than many siloed platforms.

Michael said that regulators want an integrated view, but no institution has an integrated nomenclature as yet. He recounted that one client sent 12 different control tests to branches that needed to be filled in for head office, which was a waste of resources and confusing/demotivating for staff. Raj said that the integration of Audit and Operational Risk at GE had proved to be a very difficult process. All agreed that senior management need to get involved and that a 5 year vision of how things should be incrementally integrated needs to be put in place.

Audience Questions:

Is business process risk different to business product risk? Michael said that Operational Risk certainly does and should cover both internal process and also the risks produced by the introduction of a new financial product for instance (is it well understood for instance, do clients understand what they are being sold?). He added that Operational Risk encompassed both the quantitative (statistical number of failures for instance) and the qualitative for which statistics were either not available (or not relevant to the risk).

Are there any surrogate measures for Operational Risk? Here a member of the audience was relaying senior management comments and frustration over the stereotyped red/amber/green traffic lights approach to reporting on operational risk. Michael mentioned the Operational Riskdata eXchange Association (ORX) where a number of financial institutions anonymously share operational risk loss data with a view to using this data to build better models and measures of operational risk. Apparently this has been going on since 2003 and the participants already have a shared taxonomy for Operational Risk. (my only comment on having a single measure for "operational riskiness" is that do you really want a "single number" approach to make things simple for C-level managers to understand, or should the C-levels be willing to understand more of the detail behind the number?)

Is "Rogue Trading" Operational Risk? Michael said that it definitely was, and that obviously each institution must control and monitor its trading policies to ensure they were being followed. The panel proposed that Operational Risk applied to trading activity could be a good application of "Big Data" (much hyped by industry journalists lately) to understand typical trading patterns and understand unusual trading patterns and behaviours. (Outside of bulk tick-data analysis this is one of the first sensible applications of Big Data so far that I have heard suggested so far given how much journalists seem to be in love with the "bigness" of it all without any business context to why you actually would invest in it...sorry, mini-rant there for a moment...)

Summary

Good event with an interesting panel, the GE speaker had lots of practical insight and the vendor speakers were knowledgeable without towing the marketing line too much. Operational Risk seems to be growing up in its linkage into and across market, credit and liquidity risk. The panel agreed however that it was very early days for the discipline and a lot more needs to be done.

Given the role of human behaviour in all aspects of the recent financial crisis, then in my view Operational Risk has a lot to offer but also a lot to learn, not least in that I think it should market itself more agressively along the lines of being the field of risk management that encompasses the study and understanding of human behaviour. Maybe there is a new career path looming for anthropologists in financial risk management...

 

 

 

 

 

 

PRMIA - From Risk Measurement to Risk Management by Samuel Won

I attended the PRMIA event last night "Risk Year in Review" at Moody's New York offices. It was a good event, but by far the most interesting topic of the evening for me was from Samuel Won, who gave a talk about some of the best and most innovative risk management techniques being used in the market today. Sam said that he was inspired to do this after reading the book "The Information" by James Gleik about the history of information and its current exponential growth. Below are some of the notes I took on Sam's talk, please accept my apologies in advance for any errors but hopefully the main themes are accurate.

Early '80s ALM - Sam gave some context to risk management as a profession through his own personal experiences. He started work in the early 80's at a supra-regional bank, managing interest rate risk on a long portfolio of mortgages. These were the days before the role of "risk manager" was formally defined, and really revolved around Asset and Liability Management (ALM).

Savings and Loans Crisis - Sam then changed roles and had some first hand experience in sorting out the Savings and Loans crisis of the mid '80s. In this role he become more experienced with products such as mortgage backed securities, and more familiar with some of the more data intensive processes needed to manage such products in order to account for such factors such as prepayment risk, convexity and cashflow mapping.

The Front Office of the '90s - In the '90s he worked in the front office at a couple of tier one investment banks, where the role was more of optimal allocation of available balance sheet rather than "risk management" in the traditional sense. In order to do this better, Sam approached the head of trading for budget to improve and systemise this balance sheet allocation but was questioned as to why he needed budget when the central Risk Control department had a large staff and large budget already.

Eventually, he successfully argued the case that Risk Control were involved in risk measurement and control, whereas what he wanted to implement was active decision support to improve P&L and reduce risk. He was given a total budget of just $5M (small for a big bank) and told to get on with it. These two themes of implementing active decision support (not just risk measurement) and have a profit motive driving better risk management ran through the rest of his talk.

A Datawarehouse for End-Users Too - With a small team and a small budget, Sam made use of postgraduate students to leverage what his team could develop. They had seen that (at the time) getting systems talking to each other was costly and unproductive, and decided as a result to implement a datawarehouse for the front office, implementing data normalisation and data scrubbing, with data dashboard over the top that was easy enough for business users to do data mining. Sam made the point that useability was key in allowing the business people to extract full value from the solution.

Sam said that the techniques used by his team and the developers were not necessarily that new, things like regression and correlation analysis were used at first. These were used to establish key variables/factors, with a view to establish key risk and investment triggers in as near to real-time as possible. The expense of all of this development work was justified through its effects on P&L which given its success resulting in more funding from the business.

Poor Sell-Side Risk Innovation - Sam has seen the most innovative risk techniques being used on the buy-side and was disappointed by the lack of innovation in risk management at the banks. He listed the following sell-side problems for risk innovation:

• politically driven requirements, not economically driven
• arbitrary increases in capital levels required is not a rigorous approach
• no need for decision analysis with risk processes
• just passing a test mentality
• just do the marginal work needed to meet the new rules
• no P&L justification driving risk management

Features of Innovative Approaches - Sam said that he had noted a few key features of some of the initiatives he admired at some of the asset managers:

1. Based on a sophisticated data warehouse (not usually Oracle or Sybase, but Microsoft and other databases used - maybe driven by ease of use or cost maybe?)
2. Traders/Portfolio Managers are the people using the system and implementing it, not the technical staff.
3. Dedicated teams within the trading division to support this, so not relying on central data team.

A Forward-Looking Risk Model Example - The typical output from such decision analysis systems he found was in the form of scenarios for users to consider. A specific example was a portfolio manager involved in event-driven long-short equity strategies around mergers and acquisitions. The manager is interested in the risk that a particular deal breaks, and in this case techniques such as Value at Risk (VaR) do not work, since the arbitrage usually requires going long the company being acquired and short the acquiror (VaR would indicate little risk in this long-short case). The manager implemented a forward looking model that was based on information relevant to the deal in question plus information from similar historic deals. The probabilities used in the model where gathered from a range of sources, and techniques such as triangulation where used to verify the probabilities. Sam views that forward-looking models to assist in decision support are real risk management, as opposed to the backward-looking risk measurement models implemented at banks to support regulatory reporting.

Summary - Sam was a great speaker, and for a change it was refreshing to not have presentation slides backing up what the speaker was saying. His thoughts on forward looking models being true risk management and moving away from risk measurement seem to echo those of Ricardo Rebanato of a few years back at RiskMinds (see post). I think his thoughts on P&L motivation being the only way that risk management advances are correct, although I think there is a lot of risk innovation at the banks but at a trading desk level and not at the firm-wide level which is caught up in regulation - the trading desks know that capital is scarce and are wanting to use it better. I think this siloed risk management flies in the face of much of the firm-wide risk management and indeed firm-wide data management talked about in the industry, and potentially still shows that we have a long way to go in getting innovation and forward looking risk management at a firm level, particularly when it is dominated by regulatory requirements. However, having a truly integrated risk data platform is something of a hobby-horse for me, I think it is the foundation for answering all of the regulatory and risk requirementst to come, whatever their form. Finally, I could not agree more easy analysis for end-users is a vital part of data management for risk, allowing business users to do risk management better. Too many times IT is focussed on systems that require more IT involvement, when the IT investment and focus should be on systems that enable business users (trading, risk, compliance) to do more for themselves. Data management for risk is key area for improvement in the industry, where many risk management sytem vendors assume that the world of data they require is perfect. Ask any risk manager - the world of data is not perfect and manual data validation continues to be a task that takes time away from actually doing risk management.

Data Unification - just when you thought it was safe to go back in the water...

Sitting by the sea, you have just finished your MATLAB reading and now are wondering what to read next?

No worries! 

We have just published our "TimeScape Data Unification" white paper. Not a pocket edition I am afraid, but some of you may find it interesting.

It describes how - post-crisis - a key business and technical challenge for many large financial institutions is to knit together their many disparate data sources, databases and systems into one consistent framework than can meet the ongoing demands of the business, its clients and regulators. It then analyses the approaches that financial institutions have adopted to respond to this issue, such as implementing a ETL-type infrastructure or a traditional golden copy data management solution. 

Taking on from their effectiveness and constraints, it then shows how companies looking to satisfy the need for business-user access to data across multyple systems should consider a "distributed golden copy" approach. This federated approach deals with disparate and distributed sources of data and should also provide easy and end-user interactivity whilst maintaining data quality and auditability. 

The white paper is available here if you want to take a look and if you have any feedback or questions, drop us a line!

 

More formal management of instrument valuation needed

Xenomorph has today released its white paper “Instrument Valuation Management: management of derivative and fixed income valuations in a multi-asset, multi-model, multi-datasource and multi-timeframe environment”.

The white paper expands on the “Rates, Curves and Surfaces – Golden Copy Management of Complex Datasets” white paper Xenomorph published recently (see earlier post) and describes how, despite the increasing importance of instrument valuation to investment, trading and risk management decisions, valuation management is not yet formally and fully addressed within data management strategies and remains a big concern for financial institutions.

Too often, says Xenomorph, valuations (and the analytics used to process input and calculate output data) fall between traditional data management providers and pricing model vendors. This leads to the over–use of tactical desktop spreadsheets where data “escapes” the control of the data management system, leading to an increased operational risk.

Whilst instrument valuation is certainly not the primary cause of the recent financial crisis, the lack of high quality, transparent valuations of many complex securities resulted in market uncertainty and in the failure of many risk models fed by untrustworthy valuations.

“A deeper understanding of financial products reduces operational risk and promotes quality, consistency and auditability, ensuring regulatory compliance”, says Brian Sentance, CEO Xenomorph. “Clients’ requirements have evolved and portfolio managers, traders and risk managers recognize that it is no longer sufficient to treat valuation as an external, black-box process offered by pricing service providers”, he adds.

Nowadays, regulators, auditors, clients and investors demand even more drill-down to the underlying details of an instrument’s valuation. It is therefore important to implement an integrated, consistent analytics and data management strategy which cuts across different departments and glues together reference and market data, pricing and analytics models, for transparent, high quality, independent valuation management.

“Our TimeScape solution provides a valuation environment which offers rapid and timely support for even the most complex instruments, allowing our clients to check easily the external valuation numbers, based on their choice of model and data providers”, says Sentance. “Otherwise, what is the point of good data management if the valuations and the analytics used are not based on the same data management infrastructure principles?”

For those who are interested, the white paper is available here.

 

The Humans Between Risk and Data

Some of my thoughts on risk management, data management and human behaviour, are to be found on page 20 of the Inside Reference Data Special Report "Managing Risk"

"Cut and Paste" Valuation Services

You can talk about more robust modelling, more stringent scenario testing and even moving everything onto an exchange, but unless we move the principles of good data management (in my view: consistency, security and quality of all types of data) into the front office then we will continue to get front-office mis-marking as described in this article in the FT.

Thanks to Ralph Baxter from Cluster7 for highlighting this article for me and those of you interested in this topic of operational risk and spreadsheet mis-use should maybe go along to EuSpRiG this year, and maybe take a look at a paper Xenomorph presented at a previous conference.

RiskMinds - The Failure of Risk Models

Avinash Persaud of Intelligence Capital gave the opening talk of the morning at RiskMinds (see first of set of posts from last year here) and put forward a lot of the very good ideas that he has contributed to in the recent Warwick Commission Report. Main points that Avinash made:

• Regulators were admirably quick in working out where past regulation had gone wrong in focussing too much on micro (individual institution) rather than macro (whole market)/systematic risk.
• The regulators then came out with promising papers on counter cyclical regulation and other positive ideas.
• These new ideas do not win votes however and do not satisfy the public's desire to punish someone - Avinash called this the "Bad Apple" policy, with "bad bankers, bad products, bad jurisdictions" being the perceived guilty parties.
• All past crises have resulted in demands for three things: i) more risk management; ii) more regulation; and iii) more transparency.
• These are fine as demands but evidently do not prevent financial crises.
• Avinash recalled his work back at JPMorgan in the early 90's when the 4:15 report was produced for Sam Weill, which eventually led to VAR reporting becoming widespread.
• He then fast forwarded to the Asian crisis of 97 where he saw the failings of VAR (or rather its widespread use) first hand with all players using VAR which when volatility increased caused an increase in VAR causing JPM (and all) to sell causing markets to fall, increasing vol causing more selling, increasing correlation and leading to what is called the "loss spiral".
• In light of the recent crisis, Avinash said the public perception is that bankers created a load of toxic bombs (products), through them at an unsuspecting public and ran away...
• ...and in his opinion the reality is that banks created a load of toxic bombs and ran straight towards them i.e. this was a failure of risk management where bankers did not understand the risks they were buying and selling.
• He then took us back to the 1950's and the formation of modern portfolio theory with Markowitz and Danzig working at the RAND Corporation.
• At that time banks and insurers were still separate, with FX and capital controls still in place meaning that not only could the "efficient frontier" of investment portfolios be observed but it could also be acted upon.
• Now everyone has the same information everyone can observe the efficient frontier of investment opportunities but cannot exploit or act upon it, since usually everyone moves in (the "herd") and the value observed is changed by this crowded participation in the market. Here he seems to be echoing a lot of what Bob Litterman said at QuantInvest last week over the "crowded trade" and that the barriers to market knowledge and our ability to act on this knowledge have been lowered forever.
• Avinash put forward that many of the models we use today assume the statistical independence of decision making process whereas the reality is that the market is homogenous (everyone is thinking/acting the same) and hence these models are invalid in this "crowded" context.
• In light of this, the problem of risk management is not about exogenous risk (risks from outside the market, from Black Swan events to normal distributions) but more about endogenous risk i.e. peoples behaviours upon seeing opportunities cause strategic risks. (Interesting given Jean-Phillippe Bouchard at QuantInvest commenting on what makes prices move). Put another way, behaviour is the issue not the financial instruments themselves.
• Avinash proposes that risk capacity (the ability of an institution to absorb a particular type of risk) shoudl be thought through more fully, with for example insurance and pension institutions with long-term liabilities having a much greater capacity to absorb liquidity risk than banks, and banks with short term funding being a better position to manage a loan book.
• He pointed out that regulation that uses market prices to protect us against movements in market prices is doomed to failure before it starts.
• Booms occur due to some perceived "paradigm shift" technolgy leading to dramatically improved risk/return ratios - he cited things such as cars, electricity, rail, dotcom and the mantra from those involved that "This time it is different..." (see "bubble" post from last year)
• Avinash thinks the regulators are significantly to blame for the last crisis since they themselves said the latest financial innovations in credit derivatives were making us safer through sharing out risk in the system.
• He said that there is no theory for making a complex system "safe" as a whole and that the regulators did not/do not "get" this idea.
• Diversity of approach and risks in a large systems (macro financial markets) is our only current defence and regulatory "best practice" has driven conformity not diversity in the market, making systemic risks higher not lower.
• So the regulators are themselves creating a homogenised market.
• In terms of solutions, he proposes that risk and audit committees need separating so that risk management does not become a "tick box" exercise.
• He further proposes that the risk management function is given some capital so that it can place hedges at a macro level for institution (i.e. looking at the resulting risk when divisional risks have been aggregated) - here is proposing moving to risk "management" as opposed to the much more common risk "reporting" found in many institutions.
• One risk management indicator idea he proposed was to put a portfolio management model together that was linked to VAR in order to see where the "herd" is moving to (e.g. low vol, high return Asian markets of the past etc) and to move or hedge against this.
• He is concerned that applying Basel II regulation to the Insurance industry with Solvency II will mean that all players will be dancing to same VAR tune which will introduce more risk as more institutions are forced to react in the same way to market movements and volatility.
• On the same lines, Credit Rating Agency regulation will create barriers to changes in ratings methodology in response to endogenous market risk, again meaning that everyone will be forced to behave and act in the same ways.
• He summarised that "endogenous risk" (movements in the market caused by the market) and not statistical distributions that are the key issue and diversity is the only solution.

Entertaining speaker with some interesting ideas that fly in the face of much of what is being done by the regulators today, and generally well received by many of the risk managers present. Behavioural finance and the "crowded trade" (i.e. everyone doing the same thing in the market causing movements within the market) seem to be key themes occuring in a lot of what academics and practitioners have said on risk management recently. Now what to do about it? Not sure that less (not more) regulation will find many fans at the moment...answers on a postcard please!

Views on Fair Value...

Busy week last week for events in London, this time over at the Goodacre / Six Telekurs on Thursday morning. Guy Sears of the IMA was chair of the event, and the event did have a "buy-side" focus to it. Richard Newbury of Six Telekurs started the event and made the following points on the current state of regulation:

• UCITS IV - Richard cited the stats that there are around 37,500 funds in the EU with average value of approximately $180M each as compared to only 8,000 funds in the US with average value over $1B. Richard said that such a proliferation of funds was costly and the more EU could standardise funds and their ability to be transacted everywhere in the EU the better.
• Reg NMS - Richard took a little humorous dig at US regulators when he reminded us that Congress authorised the SEC to form a "National Markets System" in 1975 and so this had taken around 30 years to implement. Whilst Reg NMS is often compared to MiFID, he said that Reg NMS had led to consolidation in the US while obviously MiFID has led to fragmentation in the EU.
• Hedge Funds - Both EU and US regulators are looking at the hedge fund industry. He mentioned the battle the UK was having with some of the (misguided?) regulation that the EU is trying to introduce with over 30,000 HF related jobs in London. The new regulation is likely to increase reporting requirements leading to more need for regular, standardised fair value reporting.
• Credit Rating Agencies - Richard mentioned how there will be more ratings and more ratings types, and the regulation introduced to ensure the CRA do not fall into the conflict of interest trap.
• Data Management - He mentioned the importance of data management within what is happening in the industry and noted how the profile of data management was on the increase.

Mike Jenkins of Ernst & Young tried his best to make the accountancy treatment of derivatives interesting and didn't do too bad an effort but I only took the following few notes from his talk:

• Unlike US GAAP with FAS 157 there is no single standard Fair Value (FV) definition in IFRS, and unsurprisingly IASB are addressing this.
• Mike spent some time mentioning Level 1(quoted), Level 2 (observable) and Level 3 (unobservable) pricing inputs for securites, taken from the IASB exposure draft ED/2009/5 (also see Rowe in earlier post)

Matthew Cox of BoNY Mellon Security Services then gave his presentation on the difficulties/challenges of providing a valuation service to their asset management clients:

• His division often have a "2 hour" window to produce valuations for NAV reporting, often for a 12 midday valuation
• Data exceptions for investigation went through the roof this year due to increased volatility (comment: didn't get chance to ask whether the validations set were "normalised" for market volatility i.e. a price movement threshold would not be fixed but rather be multiplied by a factor relating to recent volatility levels)
• Matthew was very complimentary about the efforts his team put in to cope with this increase in data exceptions.
• He mentioned how many of his clients of established "Fair Value Committees" over the past couple of years, comprised of staff from compliance, risk management, portfolio management etc.
• Matthew mentioned the importance of time zones in valuation and the timeliness of data, with the availability of intraday CDS prices contrasting with bonds who price only from the evening close of the day before.

The panel debate was moderated by Guy Sears, and included the above speakers plus Nigel Reynolds from TD Waterhouse):

• Matthew said that his division sometimes shared the "consensus" price from other clients when one client is looking for some guidance.
• He mentioned that a key timeframe in establishing FV was establishing what is a "reasonable" time frame for sale of a security.
• Nigel Cox said that "suspended stocks" had been a real issue over the past year, where the client "context" (position, situation etc) would very much determine what value a client would want assigned to a holding.
• Guy Sears suggested that valuations should be provided with a confidence interval and not just as a single price
• Mike of E&Y said that this is what full disclosure now requires, other memberrs of the panel suggested this was realistic but not what clients (humans?) expect to receive - they want a single number.
• Guy wondered whether it was an issue that one entity might value an asset at a value X whilst another would value the liability at Y (not equal to X)
• Mike of E&Y pointed out that this was an issue in that current accountancy rules allow a security to be reclassified from "fair value" pricing to "historic cost" basis - this discretion is being removed in future rule implementations
• One member of the audience pointed out that Bloomberg, Reuters and Markit were all trying to extract more revenue from data used for valuation purposes.
• Matthew advocated that the market needed more competition between niche data vendors such as Markit and SuperDerivatives to ensure innovation in service and more competitive pricing.
• The audience asked Guy of the IMA whether the association should have offered more guidance on fair valuation process and best practice.
• Guy said they have provided some, but he advocated that trade associations should not have opinions, since it was not healthy to have the asset management industry collectively herding towards the same valuations.

Well attended event with some good speakers, particularly Guy Sears as host was funny, knowledgeable and kept the other speakers on their toes. I would say the most interesting point was still that "opinions" form prices, opinions formed in the investment/funding "context" of the party with an interest in valuing a security - conceptually this seem to make the asset servicing companies a little uncomfortable since what they are contracted to do is to provide the "right" set of numbers by their clients. Human beings feel more comfortable fixating on a single number than a range of possible outcomes/results it would seem!...

Integrated Data and Analytics Management

Xenomorph was one of the sponsors on the “Integrated Data Management” webcast last week, hosted by Inside Reference Data (audio recording available here). There were a number of interesting questions that arose from the Webinar.

One fundamental although somewhat academic question was "What is Integrated Data Management?". Certainly everyone seemed convinced that there would be less "Enterprise Data Management" (EDM) projects in future, given the expense, scope and scale of such projects. The concensus was that whilst the need for data management was better under stood across all financial institutions, data management projects would be bitten off in more manageable chunks by asset type, business function or division (so are silos back in fashion I ask myself?!). Coming back to the original question, I guess my slant on Integrated Data Management is that we are seeing more and more data management projects that have an integrated reference data and market data elements to them, primarily driven by the need to sort out data quality/completeness/depth for use within risk management (in light of the financial crisis).

Related to risk management, a topic I pushed was that given the origins of data management for STP/back office, and given the interest in low latency tick data management/analyis in the front office, there seems to be a market gap (particularly in the US?) on how to manage data such as IR/credit curves, volatility surfaces and other derived data sets. These data sets seem to fall into the gap between what is thought of as market data (primarily just prices) and what is reference data (IDs and terms & conditions). This is another area where a more integrated approach to data management would be beneficial, particularly in making all these datasets available for risk management.

Coming back to a "hobby-horse" of mine, then I also raised the issue that whilst it is fine to be doing great data management (high quality, complete datasets etc) what is the point if all of your data is ignored by the front office and Excel is used to download the data traders and risk managers need from Open Bloomberg. I think the management of unstructured data (spreadsheets, word docs etc) needs to be elevated as an issue since this (unfortunately?) is where most data resides currently, despite what we data management professionals like to think.

I also think that the principles of good data management (centralisation, quality and transparency) could apply to other things and not just raw "data", but what about centralised pricing and valuation, centralised curves and centralised scenarios for risk? Again what is the point of doing good data management if the ultimate "information" (e.g. a valuation) is done using poor quality data, with a complete lack of transparency over the data and model used.

A good question was asked about models, which was that given pricing models and their weaknesses have formed some part of the recent crisis, do we need more complex models. On having a few conversations about this and thought about it some more, then some would say it is complexity that got us into the crisis so this is the last thing we need. My view is that we do not necessarily need more complex pricing models and valuation techniques, but we certainly need more robust ones which does not necessarily imply more complexity. Coming back to a point raised by David Rowe previously, then I think all quants and risk managers should think about a "second means of valuation" for all the theoretical models they use, and that hedgeability (see recent post on pricing model validation) seems to be the common theme in producing more robust pricing models.

High Performance Spreadsheets

Another article about the operational risk generated by the usage of spreadsheets within the financial markets (see earlier posts), appeared in the April issue of Waters Magazine.
 
The articles highlights how spreadsheets are largely used within financial institutions and suggests that the current regulation requirements for more transparency and ad-hoc risk management might push the proliferation of spreadsheets even further. The articles also refers to the progress and improvements made by Microsoft in recent versions of Excel to increase the security of spreadsheets.
 
Xenomorph has worked closely with Microsoft on hosting its time series database within SQL Server 2008. The case study we have written together describes how SQL Server 2008 offers integration within Office Excel 2007 so that whilst the spreadsheet is still the end-user viewing tool, operational risk is reduced by engaging Excel 2007 as an analytics and reporting tool and not as a mean of storing data.
 
Our TimeScape solution offers more than 700 easy to use add-in functions to Office Excel 2007 and we are currently working on the use of Excel Services, part of Microsoft Office Share Point Server 2007, to further enhance the centralized approach to spreadsheet.
 
If you are interested in how Xenomorph solves the problem of spreadsheet management, then take a look at our (newly updated) website. Here we explain how to solve the problem and how Xenomorph Spreadsheet Inside technology can bring unstructured spreadsheet data and complex calculation within a centralized data management system, increasing transparency and reducing operational risk.

Data management, derivative analytics and the spreadsheet

Interesting article out doing the rounds on the newswires announcing a forthcoming report called "The Enterprise Spreadsheet: Pushing towards Transparency" by the analyst firm the Tabb Group. It is great to see an analyst firm acknowledging the importance of spreadsheets within the markets, particularly in the area of combining data and analytics together in OTC derivatives management (see earlier post).

Adam Sussman of the Tabb Group reckons that despite its shortcomings, Excel is a valuable tool: “Spreadsheets, either alone or in conjunction with other components, can meet the same requirements as a business application.” In this he seems to be agreeing with the UK Regulator the FSA, who have been recently advocating that spreadsheets and spreadsheet data needs actively managing as an institutional resource. The findings of the Tabb Group on management also seem to echo a recent report called "Buy-Side Data Management in a Changing Landscape" done by Lepus for Asset Control (registered link to report here).

Spreadsheets are a great tool and fulfil a real need in the market to pull together pricing models and data quickly, easily and with a timeframe that is meaningful to the business (see earlier post for some work by Xenomorph in this area). Spreadsheets are a big problem to manage, but they are also the symptom of failings in core systems that are not able to rapidly support new instrument types and pricing models. An institution that ignores analytics, spreadsheets and spreadsheet data within any EDM transparency initiative has already failed before it begins, and so to paraphrase the author Aldous Huxley:

"Spreadsheets do not cease to contain data because they are ignored."

Happy Birthday Spreadsheet!

Article on PCMag saying that the spreadsheet is 30 years old. Whilst wishing it a happy birthday, the author, John C. Dvorak, has a good rant about how spreadsheets have been the major weapon in the rise to power of the accountant in business.

Good job he did not spend too much time looking at their usage in financial markets or else his rant would have been much longer, given past issues with spreadsheets in financial markets. The spreadsheet (which means Excel at the moment) is a great tool that is:

• a calculator;
• a report writer;
• a database

In my view it is the latter usage of desktop spreadsheets to store data where the problems mainly reside, not its usage as an analysis tool. Faced with inflexible trading and risk management systems that do not allow instrument and trade data to be represented quickly or correctly, it is unsurprising that traders, portfolio managers and risk managers resort to spreadsheets as the "pressure relief valve" for their business activities.

Delivering systems that can support both complex and non-standard instruments and trades in a transparent manner should be a focus in a world where that the lack of transparency over credit derivative pricing has been such an issue. The inappropriate usage of spreadsheets is a very small part of the current problems we are experiencing in the markets, but addressing this would be a positive step in creating a data management foundation that encompasses all data used by a financial institution, not just that data that is easy for software vendors to represent in their systems.

Anyway, enough of my spreadsheet hobby-horse, for some light relief and to celebrate 30 years of summing rows and columns, take a look at the Eusprig web site for a list of the most notable spreadsheet failures.

Unstructured Data Management Anyone?

Good example on Finextra this week of another spreadsheet debacle, this time involving Barclays and Lehmans (see article).

Not sure when the financial markets will get serious about managing unstructured data and spreadsheet usage. We can all apply Enterprise Data Management until the cows come home, but if the "real" business is being managed in spreadsheets then really why bother with grand aims like EDM?

Even the regulators are not totally against the usage of spreadsheets (see presentation), then simply want unstructured data to be managed properly as part of an institution's formal processes and not ignored until the inevitable problems arise...

Spreadsheet meets database at Cornel's Arxiv...

The paper I presented at a "spreadsheet-risk" conference a while back has now been approved and entered at Cornel's Arxiv academic archive, see:

http://arxiv.org/abs/0802.2932

The paper details some of the work that Xenomorph's product development team have done on combining spreadsheet ease of use with database consistency and centralisation. We call this tech "SpreadSheet Inside" and a more detailed whitepaper on it can be found at http://www.xenomorph.com/downloads/whitepapers/spreadsheet-inside/. Clients are using it to centralise and control access to spreadsheet calculations and also using it within (extremely!) complex reports for risk management and trading.

Many thanks to Grenville Croll at Eusprig (www.eusprig.org) for assisting on this!