dancing in the dark - fstech
TRANSCRIPT
Technology & Financial Risk Management Roundtable
R O U N D T A B L E : R I S K M A N A G E M E N TFS
T S
EP
TE
MB
ER
/O
CTO
BE
R 2
00
9 P
AG
E37
Attendees:Chariman: John Whiteman (JW) previously chief investmentofficer and the chief risk officer for a hedge fund.John Collins (JC) risk partner at Rule Financial, previously atSwiss Re, Morgan Stanley and Citi.Simon Calvert (SC) head of risk IT for Rabobank Financial.Graham Cobb (GC) works for IBM Cognos, and formally atBarclays Bank for 27 years.Jo Taylor (JT) from Rabobank, and previously at Chemical
Bank, Chase, Merrill Lynch, NatWest Markets.Greg Stevens (GS) from the Group Market Risk of BarclaysBank, previously at Barcap and JP Morgan working mostly incash equities and derivatives.Jean Birkin (JB) from a large American bank.David Goucher (DG) previously from Abbey Santander, andformerly the Royal Bank of Scotland's trading business head ofrisk management.Roger Hodgson (RH) from a large US bank.
Dancing in the Dark
JW We're in the dark guys. We are inthe dark because although we have somepretty sophisticated mathematics and wehave some pretty sophisticatedtechnology, we goofed and we got itwrong. Any ideas as to why?
JC There was a complacency across thelandscape. There're a group of people ondesks who only ever traded at bids.There were a lot of people in riskmanagement departments who becamefocussed on the things that wereinteresting rather than the things thatwere important. We collectively lostsight of what the real challenges were.
GS Is it possible for the seniormanagement of a large modern firm toget a view of all the risks they arerunning given the complexity of thecurrent businesses? If it is I would say it'sprobably more in the culture of theorganisation than in the technology.
DG There's always been a disconnectbetween the executive managementteam and what I call risk professions. Inthe older days, or indeed in the ‘hedgefund days’, the people who had a capital
investment in the business absolutelyknew the risks their business was taking.We have put risk in a box, we have riskprofessionals that deal with risk and weproduce sanitised risk reports that go upto executive committees and that's howthe committee interprets the world.
GS But I don't believe the riskmanager's job is to reduce risk. It's tohave an educated debate about it. Allyou can ask is if you are going to getrewarded enough for the risk you'retaking. I think one of our failures in therisk industry right now is that we fail tocommunicate that this is the role of therisk manager.
JB I think that is a very good way ofputting it, because you don't want to beseen as a business prevention officer –which is how some of the risk managersare being referred to.
JT True – however if you take moremoney for a trade, you've got to monitorit, and if you can't monitor it then howcan big organisations actually knowwhere their risks are sitting? Can thesystems keep up? Can IT keep up with
what the business is actually doing, or isthe business moving too quickly?
Darkness on the Edge of TownJW But look where the conversation isgoing? It's really interesting. We start offwith a conversation that said we're in thedark. Could it have been otherwise andGreg said, "Well hang on a minute. Youcan't be a ‘Dr No’ in this. You've got to goin there saying are we being rightlypriced". But at what point in thisconversation have we become complicitin the production of the disaster we'vejust lived through? Not doing our jobsand not putting our hand up and sayinghang on, there's a really big problemhere?
SC I think it seems clear to me that asbusiness became more complex and wewere all making lots and lots of money,we allowed the systems and the riskmanagement to slip way behind the newbusiness and we could never underpinthe calculations of some of the morecomplex structured transactions withsufficient quality market data even tounderstand what was in the portfolio. Idon't think you can say that risk
FST took a panel of war weary agents battling to keep risk at bay whilst still allowing businesses to do business and asked themabout the current market, their responsibilities and where systems fit in. (With apologies to Bruce Springsteen for the titling.)
risk_roundTable.qxd 05/10/2009 16:58 Page 2
R O U N D T A B L E : R I S K M A N A G E M E N T
managers were complicit in that, becausewhenever they said no they were bulliedinto approving it or they were moved into a different role.
DG So whose responsibility is riskmanagement in the bank?
SC It should be everybody's.
JT But you have got a conflict ofinterest – if I'm a trader here to makemoney – and that's my role, I see an opportunity and would want to take it. The risk manager on the otherhand is saying “well, we want you to make money but my role is toreduce/manage the risk,” then on top of that you've got the system saying “well actually we need to monitor that risk. There's no pointagreeing to something if we then can'tmonitor it”.
JC I think many of us have worked atorganisations and may still be atorganisations which arguably are too bigto risk manage effectively and in thoseorganisations it is difficult to get theright information in a timely manner tomake informed decisions for managingrisk. This has a significant impact uponour ability to function effectively as riskmanagers.
JW The technology was caught out?
GS Also the regulators are saying“Well actually, if you're going to be abank in the ‘too-big-to-fail’ category thenyou're not going to be allowed to takethat level of risk and we're going to movethe goal posts and make it prohibitivelyexpensive in capital terms”.
JW Greg, that brings us back to thesame old problem, because even if wehad the technology and the informationright, and even if we knew there werebad things being stored up, then the wewould be in the same situation where wecan't afford to be Dr Nos and say "don'tdo it".
GS I think there are examples where,with the right information, you couldeasily have convinced senior managersthat “ok, we are pricing this at a stupidlevel and we're going to stop right now”.If you look at the hedge funds that madethe most money in '07 they did it bybasically working nights and weekendspulling apart the zip codes of the sub-prime universe to find out where thoseweak mortgages sat and which bondsthey were sitting in and shorting thosebonds. They made billions off it and hatsoff to them.
RH But that was mismanagementrather than the business themselves.
JT If I have the information I can makeeducated decisions. Do I want to makemore money and take that risk oractually say no, and stop at that point?
GS Clearly UBS's senior managementdidn't have the technology or themanagement information system – Ithink very few of us had that level oftechnology at that time. If they hadappreciated the concentrations ofexposure from so many areas I thinkthey would have rapidly said "Uh oh.We're well over our boots here".
DG Have we professionalised riskmanagement so it’s run separately?Unless risk management has the abilityto say no and actually take decisions, it'sobviously not risk managing.
Brilliant DisguiseJW But I'm really interested in whatGreg and Joanna are saying becauseyou're actually saying that had we hadthe right information; had we been ableto make the right call on priceconcentrations that it wouldn't havehappened on our watch. So, acid tests inyour organisations are what are youactually going to do going forward? Arebudgets actually increasing?
SC Absolutely! We are investing a lotin the systems infrastructure at
Rabobank. Rabobank is of a size whereyou can implement global systems, youcan have a global consolidated view andthat goes back to your original question.I think a company of our size, you havethe capability to implement globalconsolidated systems. I think converselyif you're a Deutsche Bank, an RBS, a UBSor a Citi, it's very, very difficult to do thatand even if you start to implement athree year strategy towards buildingthose global consolidating warehouses,the chances are that some time aroundthat three year path you'll merge oryou'll be taken over and you throw thatstrategy up in the air and you start allover again. I actually think it'simpossible for the Top 10 to implementsuch a completely integrated structurebecause they silo their exposures.
JT I've been through a merger and youend up just bolting together the oldsystems; just bolt it on and piece ittogether with some tape. That's hardenough to deal with, let alone if you say‘let's scrap it and restart something new’and I think that adds to the pressure andthe problems that are faced. You've gothuge businesses with different systems.They don't all talk to each other and youhave to keep going forward at the same time.
JB The complexity of the businesskeeps changing, so you have to try andkeep track of it. For example, if you lookat the collateral requirements that theregulators are coming up with and thekind of collateral reporting that we nowneed to produce, what extra pressures isthat going to put on the business? Andthen what value does that reporting add to the business? Moreover, if you'rea hedge fund and if I'm providing youfinancing, the cost of financing has gone up because of all the systems and everything I need to put in place,and I'm going to pass those through toyou. So you are going to want to passthose through to your client, and it'sreally just the man on the street that will suffer?
PA
GE
38
F
ST S
EP
TE
MB
ER
/O
CTO
BE
R 2
00
9
risk_roundTable.qxd 05/10/2009 17:00 Page 3
R O U N D T A B L E : R I S K M A N A G E M E N T
GC One thing that strikes me is thatwe've sort of strayed a little bit from this risk professional responsibility, andthe other thing was talking through thepoint that you made before which was"Who is responsible for this?", andbasically everyone should be across theorganisation. So from my perspectivehow are you actually making thatelement happen? Because that's thecultural change that needs to happenusing enterprise BI to drive ownershiprather than this should be the sole personploughing at the furrow desperatelytrying to get people to listen. How areorganisations trying to change thatgame?
JW At the hedge fund, the job of the risk manager is to hold out a P&L mirror to the trader. Everything'sexpressed in P&L terms so that you canactually see the damage that's about to be caused. All the stress tests are live.I like that because we're recalculatingevery second. Now I like that intimaterelationship. We refer to it in the firm as'an entangled relationship' – rather thancalculating beautiful technical numbersthat haven't any meaning whatsoever.We are one of the funds that did comethrough. It probably was luck but I thinkthere was some skill in it and I think,quite specifically, there was some riskskill in it.
SC But is that a scaleable model tobigger banks? I’m not sure it is.
JC It comes back to those questions onwhether certain institutions are too bigto risk manage. Perhaps the answer tothat is yes. Whether one can constrainthe size of an institution because thebrain power within the institution isimportant too. I think people wouldargue that most tier one investmentbanks are risk managed, but someinstitutions with 24,000 people might betoo big to risk manage.
GS I think you can get to a stage whereif you can get enough smart people in an
organisation with the right culturesaying we're going to make sure the rightinformation flows up the channel. I thinkit's possible.
SC I think it’s the stress test that'simportant, and the ability to have user-defined or extreme stress tests created onthe fly as the market collapses aroundyou is a key element of what your risksystems should be able to supply to you.
GS The stress tests being run two yearsago were clearly too benign. A numberof institutions have gone under, so thosestress tests were wrong because theywere basically limited. They were under-estimating the size of market moves,particularly the size of correlations andthe swap/treasury spread breakout –things that people had never seen beforehappened and that's why those stresstests are now seen as flawed. A reversestress test is saying “okay – let's assumeyou are in an absolute mess and you areout of liquidity and confidence and youare about to go under. You're in thatstate. Now describe a scenario that gotyou there and now describe the plan thatwould stop you getting there and getyou out of it”.
JC It's a test to the point of destructionor from the point of destruction. It's a bigfavourite of the regulators at themoment, but like a lot of regulation itwill then just become a science ofavoidance in some ways. I guess theproblem with any stress test is that it justbecomes formulaic. How manyinvestment banks run off 100 stress testsevery day? To all intents and purposesthey're meaningless because they don'tapply at that moment in time. I think thestress test is more the ability to flex aportfolio. Can you see the creaks in timeand can you act upon them? That's thereal stress.
SC To talk a little bit about ourexperience from a systems point of view:18 months ago we were in a position ifwe wanted to run stress tests across all
our portfolio, IT would have to beinvolved. It would probably take todefine a new stress test I mean, theywould have to be scripted in to severaldifferent systems, and that might take aweek – it might take longer, but nowwe've invested a lot in that piece of ourjigsaw puzzle over the last 12-18 months.We're now in a position where a riskmanager can define his or her own stresstests and run them across the entireportfolio within the same day, which isas good as we need to be really.
Human TouchJW To what extent do people at thetable feel that technology andinformation adds the flexibility thatSimon is describing? Do you think you'dstill end up with the same old problemsof a risk manager being partly complicitin the risk-taking culture?
JC At the end of the day we have thesame clients, we trade the sameproducts. You know, we fly in the sameairplanes; we sleep in the same hotels.The only differentiator are the peopleand the technology. I think certainevolutions in technology recently havefundamentally changed the game, andour ability to respond to services-basedtechnology with the expansion ofmemory technology which made realtime manipulation of data possible.
JT It's all about having the technologyand knowing how to use it and interpretdata because if you interpret the datawrongly you're no better off just becauseyou've got a good system that gives yougreat figures. You have to be able toknow what it is you're asking it and whatit's telling you and then what you'regoing to do with that data.
GS But there's a huge amount of devilin the detail, if you start havingdiscussions about some of theassumptions you are making just toreach base camp. For example, if youactually talk to anybody about putting aswaptions portfolio out to Markit
FS
T S
EP
TE
MB
ER
/O
CTO
BE
R 2
00
9 P
AG
E3
9
risk_roundTable.qxd 05/10/2009 17:02 Page 4
R O U N D T A B L E : R I S K M A N A G E M E N TP
AG
E4
0
FS
T S
EP
TE
MB
ER
/O
CTO
BE
R 2
00
9
Partners every month, there are manyassumptions required to make that feed.Institutions have thought their modelswere telling them certain things andactually they were calibrated to tell themnothing of the sort. I think we've gotenormous amounts of computing powernow and we can throw incredibleamounts of data at it. But if the data's notright then you're not going to get theright answers, even if the maths is quitecredible.
SC Do you think if you've got holes inyour market data – an incorrectlyproxied market data – the impact onyour exposures is huge?
JB The liquidity crisis is sort of a bigindication of how difficult it was to pricesome of these assets and if you couldn'tprice them you can't really risk managethem. If you look from a practical pointof view, people just didn't know whatthe values of these things were, whichthen leaves you exposed. If you don'thave the data, you can't price them.
DG Shouldn't someone be holding their hand up in the organisation andsay "Actually we shouldn't be doing this stuff?"
JB But if they have it on the booksalready, what are you to do?
DG Then someone should say "Let's getrid of it at the best possible price and get out."
JB I think that's what they all tried todo!
JC If they were airline pilots theycouldn't say they almost hit the runway!
JW Now you guys are firmly in thekind of qualitative camp on this ideawhich is you're saying we can producelots of qualitative models as they can betechnically based, but in the end ahuman mind has to apply commonsense.
JB I think someone asked the questionabout the balance of power between risk managers and the CEO who are the business heads that are making themoney. As long as the money was beingmade for organisations and as long asrisk managers within an organisationdidn't have the power they needed orthe significance of what they were doing wasn't acknowledged by theboard or by senior management, it was avery brave risk manager – even if he orshe foresaw what was happening to put their hand up and say "This is the Titanic – we're heading towards theiceberg!" I'm sure as organisations do the investigation into what went wrong, part of that should be to assessthe risk management function. Therewill be more stress tests and regulatorsno doubt will be taking a keener look into how risk management is actuallyperformed at different levels. But stillfundamentally I think it comes down tothe balance of the people who could seehow the good times were going. Part ofit was also to do with the ratingsagencies because how much do theyknow about what's really happeninginside the banks?
DG Is that good enough? Should riskmanagers have actually stood up inthose organisations or, if they werelistened to, left? That's the only thingyou can do. If you have a view that thebank's doing the wrong thing or istaking the wrong risks, not beinglistened to then…
RH Perhaps there's an element ofshooting the messenger because thereare business managers who do want towork with risk management andappreciate what risk management bringsthem in terms of being a devil'sadvocate, and there are those peoplewho are so focussed on making moneyand regard risk managers as businessprevention officers.
JT It's learning from the past. I notethat one of the questions was: "Is it a
good thing that's happened or not?" Oneway you can look at it is it's a new wayof looking at things. It's opened eyes tolook at other ways at what you can lookat to give you the indicators.
DG I think it's terribly important. I'mgoing to take a look at a completelydifferent example of the same thing. Inthe SME market one of the corporatelending models has been set to 'lend' forthe last ten years and are now set to'don't lend'. The quality of the middlethat says actually, we like this particularcompany because of its managementstrength and the way its financed andsome of its other things, even though wedon't like that particular sector, we willgo in to that line – that quality bit doesn'texist because it's been replaced.
JC It's old-school risk management isn'tit? You know what's in your portfolio andyou know the risk you're taking.
Blinded by the LightJB There is a good story thatsomebody tells in the US where theyactually sat down with Mr Madoff a fewmonths before the whole thing blew up,and he wanted to try and broker a dealwith JP Morgan. He couldn't answer allof the questions and because of the gutfeel instinct the risk manager walked outand said "I don't feel comfortable withthis" and that comes back to this wholething of you do need that qualitativeinput because even though the numberson paper look fine…
RH With Madoff there were a lot ofpeople who went in to do the duediligence and they weren't getting theright answers. They thought well it'sMadoff so we'll do it anyway.
JW I can add an anecdote to that whichis that in my own firm when traderscome under stress the first signs are notactually on their screens and they're notactually within the numbers – they're intheir bodies! Their physical behaviourchanges – they go to the loo more often,
risk_roundTable.qxd 05/10/2009 17:04 Page 5
R O U N D T A B L E : R I S K M A N A G E M E N TFS
T S
EP
TE
MB
ER
/O
CTO
BE
R 2
00
9 P
AG
E4
1
for example, because they don't want tobe in front of their desks.
GS I worked for a guy a few years agoand he was the senior operationsmanager at Salomons and he didn't have any of the risk analytics in any ofthe operations to detect his trouble spots. What he did have though was anHR database that every month could tellhim the overtime figures round theworld. He's looked at these and workedout who was working the hardestbecause they were booking the mostovertime and he would call up themanagers wherever they were andwhatever department they were in andasked them what was going on. Thesewere the trouble spots bubbling up andthere were people working very hard totry and keep the lid on.
JT I remember when I was at NatWestMarkets the FX traders breached theirlimit and we had to get approval, at thetime I was in Front Office CreditManagement and thinking what a bighoo-ha, but it’s only as time goes on andthings happen that you realise the riskmanager's there for a reason.Precautions are there because if thingsdo go wrong you have to be aware andyou have to be alert.
GC I think the profile of a risk managerwill benefit hugely from the currentclimate. The important thing is, as thingssettle down and things start to turn backthe other way, how they keep it.
JW What are people thinking anddoing about liquidity risk at themoment. Implicitly a lot of theconversation has been about credit riskand market risk, but actually it was theliquidity risk that ran us all over.
JC I've spoken to a number of clientsabout liquidity and I think there's been aregulatory response to liquidity risk andthere's a lot of liquidity regulation –CPO822, 0824s are a response, in a way,and so I see a number of big banks in
particular are taking a regulatoryresponse to liquidity risk management so they're dressing up liquidityregulatory compliance as liquidity riskmanagement, but I don't see an awful lotof real liquidity risk management – theliquidity on the asset side of the balancesheet – the liquidity on the liability sideof the balance sheet or an attempt to lookat the liquidity across the balance sheet.What I do see is that the banks who hadstrong liquidity positions who weresitting on a lot of cash continue to do so,and have done relatively well and otherbanks are seeking to emulate that.
JW In terms of liquidity risk are we stilla little bit in the Dark Ages in terms ofbeing able to measure it, being able todefine it, to build systems for it.
GS I think it's actually a vast topic. Buildfor what? Northern Rock didn't get killedby anyone under 30 – it got killed bypensioners who've got the time to queueall day to get their money out. So the FSAand all the other regulators are going tosay “if you want to be able to run a retailbank you've got to know how old yourdepositors are. And have technology todo it”. Now that's got nothing to do withhedge funds and leverage and liquidity,but I think on the investment banktrading side, people have learnt the hardway. So many markets went through aliquidity crisis with no-one to trade thatproduct with and whether you liked it ornot it was staying on your balance sheet,but I'm sure there must be a lot of tradingheads saying you've got to be able tomonitor systemically the liquidity assome measure of daily trading volumeson anything. For something like the OTCmarkets, to the extent they will survivethe regulatory attempts that are clearlycrowding in on them, I think that peoplewill say: "Well, I want to know thatyou've still got liquidity". In my time I'veseen futures just disappear and leave thebook with mechanism for hedging. Youhave to develop proxies, but too fewtraders have the experience of suchevents (until recently).
JW But you're right – there is aknowledge gap. We don't know theliquidity risk in the way that we know,let's say, credit risk. We can measuredistances to the default of the customer –quite sophisticated even though we'vemisused it, we've got some quitesophisticated understandings of creditrisks. What we find in our organisationis that everyone knows what it is but no-one can quite define it, yet everyone'squite confident about it.
JB I think probably one of the mostinteresting conversations I had recentlywas with a compliance manager whowas asked to write the risk managementmodule process for his wholeorganisation – a very large asset manager, and the CEO made the decision that he had to have a riskmanagement process in place that wouldfirst tick the regulatory boxes beforeactually ticking the risk boxes of thefirm, and I think that's where a lot ofregulators need to be aware of whatthey're asking for. If you have acompliance manager at the top of thatorganisation being asked to write the riskmanagement process, and that just raiseda few questions in my mind as to how wego forward and deal with that.
JC I'd like to offer a closing comment.Whether the crash was a good thing or abad thing, I think it was an inevitablething and a good thing in the sense thatwe've learnt from it. The crash was asinevitable as night follows day, whetheryou're looking at tulip bulbs, theMississippi, South Sea or the Roaring‘20s, Japanese property – you know,you've got this endless cycle of boomand bust.
JW But John Maynard Keynes said thatbankers are smart because they take riskstogether and they fail collectively, so youcan't point fingers at them very easily.Risk managers, however, are supposedto be individuals – so it doesn't reallyhelp us to hide in the crowd does it? Theyare to some extent still in the dark.
risk_roundTable.qxd 05/10/2009 17:06 Page 6