September 23, 2009
Utilizing Technology to improve TARP and Financial Oversight
Below is the written testimony that I gave last week for the hearing before the House House Financial Services
Subcommittee on Oversight & Investigations regarding the role of technology in improving TARP and Financial Oversight. I focused on the idea that the absence of technology and analytics in financial oversight is more a function of awareness and will than of the suitability and maturity of technology itself. What's more, I argued that the very targets of oversight, the large financial institutions, are themselves enthusiastic users of such technology. Government has much to gain by learning from the private sector in this regard.
For transcripts of the other fascinating testimonials at the hearing, please see here.
Chairman Moore, Ranking Member Biggert, and members of the Subcommittee, my name is Dilip Krishna representing Teradata Corporation. Thank you for the invitation to offer testimony today before your Subcommittee.
Before I begin, I would like to also thank Congresswoman Maloney for her leadership in introducing H.R 1242, a bill to amend the Emergency Economic Stabilization Act of 2008 to provide for additional monitoring and accountability of the TARP. Teradata Corporation endorses H.R. 1242 without reservation or qualification and encourages the Congress to pass this legislation as expeditiously as possible.
Teradata, the company I represent, is among the world’s largest companies focused solely on data analytics and data warehousing. Our technology allows business and government to leverage detail‐level data for both tactical decision making and strategic insight, to recognize emerging trends and respond quickly. As an example, many of Teradata’s customers apply data warehousing techniques to detect and respond in seconds to fraudulent activity, allowing them to save millions of dollars per year.
Our government customers include the Centers for Medicare and Medicaid Services, the U.S. Air Force, the US Transportation Command, the US Postal Service, the USDA Risk Management Agency and the States of California, Minnesota, New Jersey, Ohio, and Texas to name a few. Over 50% of the world’s largest financial institutions use Teradata for strategic purposes including risk management, fraud detection and customer management. A Teradata database has been implemented in more than 900 major corporations in every business sector so that on any given business day in almost every industry throughout the world, well over a million users access a Teradata warehouse as they make decisions.
Teradata’s Position – Using Technology for Financial Oversight
Given the economic crisis that we have experienced in the past two years, the problem of comprehensive governmental oversight has become immensely more urgent and important. If the experience of the last two years has taught us anything, it is that our financial institutions are a national asset – the mismanagement or abuse of which can lead to serious, long‐term and detrimental effects to the well‐being of every American. Through this experience, we have learned that money does indeed, make the world go around.
Thorough and effective oversight of the financial system is critical to our success. At the same time, we all want efficient government as well. And critically, we need to ensure that the system of oversight continues to allow the financial sector to provide the high level of innovation and leadership that has propelled the prosperity of our market‐based system for over two centuries.
This is where information technology must take its place in the process. All around us, we see evidence that the proper use of technology can generate immensely valuable results while at the same time improving efficiency and reducing costs. Now is the time to apply technology to address this most important issue.
The good news is that a vast amount of work has already been done with technology in finance. Technology has advanced to the point where the oversight of large, complex financial enterprises is now feasible. In fact, large organizations around the globe routinely use technology for financial risk management. One of the key areas in this regard is in the management of risk data and analytics.
Use of Data and Analytics in Financial Institutions
Financial institutions have been using information technology to improve the efficiency of their operations for quite some time. Information technology makes it possible for companies to collect, merge and analyze very large amounts of customer data in real time to better and more efficiently serve their customers, leading to competitive advantage. Technology has also made it possible for financial firms to manage their risks effectively while managing substantial growth and consolidation in their business lines. For example, banks are able to serve a significant growth in customers even as they keep a tight control on fraud through the use of advanced, real‐time information technology that utilizes data related to current activity and provides insight into and comparisons with historic trends and behaviors. Other banks have developed systems that give them a view to their firm‐wide risk exposure on a frequent basis.
It may well be asked why, with all these advanced systems, these financial institutions experienced such unprecedented losses during the economic crisis. The answer is simply that technology can only be useful if it is employed properly ‐ it was not properly employed to deal with the types of toxic assets that caused these catastrophic losses.
Transparency and Financial Oversight
Transparency is the cornerstone of financial oversight. While it is not desirable for the public at large to have complete transparency into the operations of financial institutions, it is important that transparency is preserved for regulators charged with oversight responsibilities, without undermining consumer privacy. Put in the context of financial information, transparency can be understood as that quality that gives all stakeholders full confidence in the veracity of that information.
It is important to realize that trust lies at the heart of transparency. It is only in unusual circumstances, or at very high cost, that financial information can be demonstrated to be completely authentic. There are numerous areas where users of such information (e.g. shareholders, banking customers, regulators, etc.) simply have to believe that its preparers have performed according to expectations. While this may seem like a tall order, examples of relative transparency are all around us. Every day financial analysts and ordinary investors rely on financial reports issued by companies. An even more practical example is the implicit belief we all have that the account statements we receive from our bank accurately reflect the balance of all our transactions.
In these cases, transparency relies on at least two principles:
1. The goals of information disclosure are well understood: In the case of our bank accounts, we want to understand, in as timely a manner as possible, the accurate financial state of our accounts. In the case of financial reporting by companies, the goal is to give as full a picture of the company’s performance as possible. In both cases, we understand what action (or non‐action) is needed as a result of the information being timely and accurate.
2. The information assembly line is robust: Data needs to be complete and detailed while it is transformed into useful information as it moves from the transaction systems to the point of disclosure. Confidence in the reported information can only be gained when there is confidence in the robustness of the assembly line (for example, via knowledge that all changes during the process of creating the information are fully audited and controlled).
The following comments will focus on the subject of the information assembly line.
Information Needs of Financial Oversight
Financial oversight depends critically on a deep understanding of the situation at hand at all times. There are two broad aspects to be addressed – monitoring and predictive analysis.
First, there must be an efficient system for monitoring known risks. If the monitoring system does identify warnings, there must be an efficient, quick way to analyze the situation to get to the root cause of the problem. But just monitoring known risks is not enough. It is critical for an oversight mechanism to also constantly be on the lookout, via predictive analysis, for risks that are not known. A robust and efficient information assembly line is critical to both functions.
A monitoring system expects to see the same data within pre‐defined periods of time such as every day, every month or every quarter. The mathematical models that are run on this data must necessarily be the same every period, so that periodic comparisons can be done. Unexpected deviations in the output of these models act as warning indicators. Once warnings are seen the system must allow the ability for rapid, flexible research into the root cause of the problem so proactive steps may be taken. Data used must be “industrial‐strength” – it must be prepared to standards of high‐quality and timeliness.
The parallel track of predictive risk analysis can be likened to scientific research, which requires a system with immense flexibility. Economists and regulators looking for new problems use a “test‐and‐learn” process. That is to say, they first have a hunch of what can go wrong. Then they use information to either confirm or invalidate their hypothesis. The information system must therefore be able to answer their questions “at the speed of thought”. Furthermore, the system must serve up this information without having a pre‐conceived notion of what they will want to know about. The system must also be able to incorporate information from new sources on demand.
The two drivers of oversight therefore have conflicting needs – industrial‐strength robustness vs. lab‐environment flexibility. What is exciting about today’s information technology capabilities is that both of these needs are being satisfied by the same analytic system, to at once support a complete, robust oversight environment that is also cost‐effective. For example, some leading financial companies are using such systems to stop fraud in real‐time (via monitoring) as well as enabling users (via predictive analysis) to develop newer, more effective models to stop the next‐generation of fraudsters, both tasks being performed on the same system.
The Information Assembly Line
Information is knowledge derived from raw data. Data collected from across the financial sector for the purposes of oversight must be interpreted before it is useful. A series of steps is required to cleanse data before it can be used and interpreted. It is only after data is conformed in this manner that it can be analyzed in ways consistent with the goals of financial oversight.
The process is similar to that within a factory assembly line. The raw material is data that is collected from across the financial landscape. This includes not only information from financial firms but also relevant market and statistical data from a number of sources. Data then needs to be cleansed and otherwise modified so that data from all sources are brought into parity. This can be likened to a manufacturing process where raw material is processed to deliver finished goods – in this case the output is information. One departure from this analogy is that the “raw material” of input data is still available after processing, allowing one to isolate inputs to further confirm hypotheses.
The finished goods must be stored in a warehouse before being distributed – the Data Warehouse. The data warehouse then serves to distribute information both for monitoring and predictive analysis. Statistical analysis software, for example, is used to reduce large amounts of data to easily interpretable figures. Financial models are being developed and run periodically against data in the warehouse – the results of these models are critical to the monitoring process and, once validated, can eventually become part of the monitoring system. Finally, information must be distributed to regulatory authorities and other information consumers. This specialty is called Data Visualization. Data is aggregated and presented in ways that can bring to life trends and patterns so they are easily understood. A key issue in data distribution is that of data privacy, which has been a focus of effort for most firms in the industry.
This data assembly line just described is becoming accepted as a common way of creating processed information from multiple sources of data. Large technology firms from across the industry espouse essentially the same vision, and their customers in every industry are responding by implementing this vision in their enterprises.
Leveraging Information Technology for Financial Oversight
Chairman Moore and members of the Subcommittee, this is very good news for consumers of such technology. Having a preponderance of firms marching towards a
common vision results in various parts of this assembly line being perfected at the same time. For example, there are a number of high‐performance offerings that deal with the quality of raw data. Technology for data warehousing has developed to the extent that it is not uncommon to see systems where firms are able to react in seconds to customer activity, yielding huge returns on the investment in technology. Finally, analytics and visualization technologies have also advanced significantly so that complex calculations can be completed and presented extremely rapidly for quick response. In line with what may be expected of technology advances in general, not only are the capabilities improving at a tremendous rate, but costs are also dropping precipitously. Simply put, the time has never been better for leveraging information technology to create a strong system of financial oversight – it is proven and successful and can be implemented today.
Again, thank you for the opportunity to testify this morning. I look forward to answering your questions.
Posted by dkrishna at 01:50 PM
| Comments (1)
September 09, 2009
Splendid Solitudes
It's been a while since I wrote a post on the blog - an omission that's as inexplicable as it is unforgivable. It will be my endeavor going forward to avoid long absences.
I was thinking the other day about the evolving nature of risk management sophistication and it's impact on system architecture. It is now conventional wisdom (driven by the events of the past couple of years) that simply looking at traditional measures of risk (such as Var) is highly inadequate. I refer here not to esoteric arguments about the inadequacies of specific models. Rather, it's becoming clear to me that at some macro level all these risk measures depended in a subtle way on the argument that the proverbial Black Swan (i.e. an extremely rare but not impossible, and cataclysmic, event) did not exist. To put it more precisely, there was a vague acknowledgment that one should be watching out for a black swan, but since we did not really believed that it existed, we need to only apply some crude multiplier factor to gross calculations as a "comfort factor" that we'd addressed the occurrence of an exceedingly rare but disastrous event. In other words, most people did not take the probability of stress events occurring very seriously. And if they did, it was certainly not reflected in the risk systems of most organizations. How this happened, and the human dynamics that made this all possible will be left for others to ponder.
A lot has changed in the past two years. The world has seen what stress events can do to hitherto fine, upstanding companies like Bear Stearns, Lehman, AIG et al (to take only the US example). Stress tests are all the rage, whether mandated by the government or by newly energized corporate governance advocates, board members and senior management of financial corporations. At the same time, financial companies also seem to be getting "risk-aware" in their day-to-day business. There is increased interest in ensuring that risk-based pricing be done right. Of course, the flip side of this coin - ensuring that employee compensation is properly risk-adjusted - has generated a lot of interest as well.
What does all this have to do with technology? A lot, as it turns out. Let's take a look at the sample loss-distribution below.
We see three distinct areas: risks that are covered by pricing, those that are addressed by capital and those risks (that are above some predetermined level of probability - in the example 99%) that are quantified by stress scenarios. It's an interesting exercise to map these to risk systems commonly found in banks. The left-most risks are usually embedded into pricing mechanisms. The integration of these mechanisms into systems depends on the products that are being priced. Large corporate loans credit pricing systems take expected risks as direct inputs into the pricing algorithm for each customer, while for mass retail products (such as credit cards) such risks are priced into the product via behavioral scores. An element of capital is often embedded into the pricing as well - the popular RAROC hurdle rate measure is an example of such a mechanism. Of course such capital must take into account all risks associated with the products - not only the obvious credit risks but also operational risks such as fraud.
What's interesting is the assumption that the risks on the right-hand side - those covered by capital and the extreme risks (that should also be covered) are assumed to be priced in as well. Those products that are covered by a measure such as RAROC have at least considered the possibility of prices being adjusted for capital consumption. But even for these products the question is - have extreme risks been truly factored in? In other words, is the capital attributed to the deal a true reflection of the capital required to secure the deal? In the past FIs (and regulators) made vague assumptions that these outsized risks could be addressed via a multiplier on the calculated capital. This assumption has now been proven a fallacy, so more needs to be done to actually quantify the risks.
The systems implications of these changes are interesting. Every self-respecting bank attempts to do a reasonable job calculating capital of the existing portfolio of the firm (though far too many, it seems, take undefensible shortcuts). In the case of pricing there are two additional challenges however. First, firm-capital must be parsed into the capital for a specific deal and customer. This is itself a non-trivial task given the sorry state of customer files, reference data on hierarchies, inaccurate exposure information and unclear data semantics that one finds in most financial firms. But pricing needs to take it one step further and analyze what the capital would be for the deal if it were added to the portfolio. It's clear that the current crude averaging techniques will not pass muster in the future; capital calculation systems will need to be much more coupled with front-office pricing systems.
Stress testing (the right-most region in the image above) adds another wrinkle. New deals could cause increase in stress numbers either on an individual basis or more commonly by adding to the concentration of existing risks (such as geographical or asset-class concentration). The question for deals that generate high stress risks is a) should these deals be done at all? and b) if so, at what price? Considering that comprehensive stress testing is a only just a developing art, it's easy to see how there is a gap in integrating this discipline into deal-making systems. As stress systems develop into production-ready environments in their own right, one would hope that they provide the kind of software interfaces that would allow easy access to generated information.
To sum up, a good way to look at risk management systems in a financial institution is to consider a typical loss-distribution curve. The current landscape shows systems efforts in three distinct clusters, which are typically not designed to talk to each other. Going forward, it seems clear to me that a major challenge in risk system design will be to break down these solitudes to form one integrated platform.
Posted by dkrishna at 12:21 AM
| Comments (3)
