Risk Management, PRMIA

Systems Risk

"Systems Risk" is in the position that Operational Risk was a decade ago (pre Basel II) in that everyone knows that Information Technology is a major issue in Financial Services but the industry has not found satisfactory ways of analysing and measuring the associated risks. Many business surveys point to IT being of vital interest to Boards and senior management, but we (the IT profession) keep screwing up - I would argue because, in part, neither the IT function nor business has yet learned how to manage risk.

August 19, 2008

The Slippery Slope

Like skiers on a Giant Slalom, European banking regulators appear to be engaged in a frantic race to the bottom - of regulatory competence that is.

Continue reading "The Slippery Slope"

Posted by Patrick McConnell at 04:07 AM | Comments (0)

August 15, 2008

Losses! Wot Losses?

Lost: One Moral Compass. Hardly ever used. If found, please return to Wall Street.

Continue reading "Losses! Wot Losses?"

Posted by Patrick McConnell at 03:41 PM | Comments (1)

July 07, 2008

La Grande Bouffe

The French are past masters of the art of Farce and the French Banking Commission are determined to uphold this great tradition.

Continue reading "La Grande Bouffe"

Posted by Patrick McConnell at 05:51 PM | Comments (2)

June 12, 2008

Basel II or Babel II?

And so it came to pass!
[Genesis 11:1-9] 'And the whole earth was of one language, and of one speech' and they said 'Go to, let us build us a city and a tower, whose top may reach unto heaven.'

Continue reading "Basel II or Babel II?"

Posted by Patrick McConnell at 04:26 PM | Comments (3)

June 02, 2008

SG + PWC = MIA

Societe Generale's report into the Kerviel 'affaire' is a whitewash!

While this is not entirely surprising, it is perplexing that, after so much criticism of large audit firms in previous scandals, PriceWaterhouseCoopers (PWC) has allowed its good name to be used to bolster such an obvious snow job.

Continue reading "SG + PWC = MIA"

Posted by Patrick McConnell at 04:35 PM | Comments (4)

May 10, 2008

Risk Management - It's all in the numbers

Sometime in the next 18 months, the International Standards Organization (ISO) will produce its long awaited 'standard' on risk management - ISO 31000. When published, the risk management profession will go into one of its periodic paroxysms of navel gazing on the efficacy of risk management standards.

Continue reading "Risk Management - It's all in the numbers"

Posted by Patrick McConnell at 01:55 PM | Comments (2)

April 08, 2008

Sex in the City (of London)

A recent experiment in neuroscience found that young men made bad financial decisions when thinking about sex - who would ever have believed that? The implications of the study for risk management are intriguing.

Continue reading "Sex in the City (of London)"

Posted by Patrick McConnell at 05:05 AM | Comments (0)

March 31, 2008

Fiasco at Heathrow Airport - a case of People Risk

It may be foolish to do a post-mortem on a patient who is still alive - but, here goes anyway. The opening of the new Terminal 5 at Heathrow Airport London is simultaneously both a risk management triumph and a PR disaster. How come? One word: people - pesky, unpredictable people!

Continue reading "Fiasco at Heathrow Airport - a case of People Risk"

Posted by Patrick McConnell at 05:08 AM | Comments (1)

March 11, 2008

Foundations Crumbling?

At the height of the subprime crisis, the Bank for International Settlements (BIS) published a research paper, which concluded that "undue reliance on [credit] ratings, therefore, can lead to mispriced and mismanaged risk exposures as well as unfavourable market dynamics if these exposures have to be unwound."

The BIS researchers did not, however, go one small step further to observe that, if correct, their findings appear also to undermine one of the core foundations of Basel II, namely the calculation of Credit Risk capital for securitised assets under Pillar 1.

Continue reading "Foundations Crumbling?"

Posted by Patrick McConnell at 12:11 AM | Comments (0)

March 04, 2008

4 Scenes from a Scandal

Another city. Another opening night. The lights dim, the audience goes quiet and the curtains open on a new production of the hit series, "Scenes from a Financial Scandal".

Continue reading "4 Scenes from a Scandal"

Posted by Patrick McConnell at 04:45 AM | Comments (0)

February 29, 2008

Shut that Stable Door!

On 28th February, MF Global announced a $141.5 million bad debt provision as a result of losses incurred by unauthorized trading activities in the wheat futures market, by one of its employees - Evan Dooley.

The CEO of the company blamed the losses on "a failure in one of the company's retail order entry systems [which] permitted [Dooley] to establish significant positions in his own account".

DOH - the "system failed"!

More likely is that, yet again, a trader has found away to hide authorized trading because of deficiencies (not failures) in a firm's systems?

Continue reading "Shut that Stable Door!"

Posted by Patrick McConnell at 12:01 AM | Comments (2)

February 13, 2008

Ghosts of New Year's Past

As the ball drops in Times Square and fireworks explode around the world, New Year's Eve is a time of hope for the future and an opportunity to reflect upon the past. For IT professionals, one particular New Year's Eve will be remembered for a very long time.

At midnight on the 31st December 1999, nothing happened!

After spending many billions of dollars on the so-called Y2K problem, there was, initially at least, relief that the sky had not fallen in after all. Charitably, it could be claimed that all of the money, time and effort spent by businesses on replacing computer systems to fix the "Millennium Bug" had averted a major catastrophe.

As time passes, however, most experts (and the man in the street) would argue that the money had largely been wasted. Uncharitably, Y2K was a gigantic fraud perpetrated by the IT community on business and the general public.

Continue reading "Ghosts of New Year's Past"

Posted by Patrick McConnell at 01:38 AM | Comments (0)

February 12, 2008

All that Glisters is not Gold

As banks, around the world, battle with the adverse impact of the subprime crisis, there is at least one very faint, very fine lining of silver within the swelling dark clouds.

As their income declines some firms will, surprisingly, become eligible for relief on their Operational Capital charge under Basel II. In fact, if they manage to run twelve consecutive quarters of losses, then their Operational Risk charge will drop to zero, i.e. they will be deemed to have no Operational Risk, but unfortunately will be bankrupt.

Given that subprime losses appear to be as much due to Operational Risk as Credit or Market risk: with lax lending practices, misselling of complex, little understood derivative securities (e.g. sub prime CDOs) and model misspecification by, among others, rating agencies - how could this make sense?

The answer of course is that, for those firms subject to the most basic capital calculation approaches of Basel II[1], Operational Risk Capital is deemed to related to Gross Income (GI), by a simple factor - C times GI.
[Note that C varies by approach but is a constant between 12% and 18%.]

Intuitively, the "frequency" of Operational Risk "loss events", should be tied, in some way, to the size of the firm, since there are many more opportunities to "screw up" in large firms, with lots of people, systems and diverse businesses around the world.

There is no reason to believe, however, that the "severity", or magnitude, of operational losses is tied to firm size, but more likely linked to the quality of the firms risk management controls. In any case, there is no evidence that, for Operational Risk, Income is a good proxy for firm size nor that, even if defensible, that there would be a simple linear relationship between Income and Operational Risk Capital. It is also unlikely that a decrease in Income would automatically indicate an improvement in Operational Risk Management.

A recent paper by Andreas Jobst [2], highlights the anomaly that, if another 9/11 event were to occur to US commercial banks, the losses would amount to less that 5% of their Gross Income under Basel rules, much less than the 15% specified in Basel II.

How did we arrive at such an Alice in Wonderland situation?
One reason is that the Basel II development process was fundamentally flawed. Basel II was a decade-long gabfest that produced little in the way of evidence-based agreement on how to quantify operational risks. Evidence was replaced by proclamations, from on high, on what banks were expected to quantify, and little more than pious generalizations, or dubious formulae, on how they were supposed to going about quantifying it [3].

The precise rules for calculating Operational Risk Capital emerged, opaquely, from a series of Quantitative Impact Studies (QIS), which analyzed small, unrepresentative samples of inconsistently classified operational loss data from banks around the world. The work of Jobst, and others, illustrates just how, in hindsight, unrepresentative that data turned out to be.

With its long-delayed roll-out in 2008, Basel II has picked up a head of steam and looks likely to continue to ignore all impediments in its tracks for some time yet, before its internal contradictions should eventually bring it to a stop - in Basel III(?).

There is little point, therefore, in railing against the new regulations, save that the industry is shaping up to make the same mistakes all over again.

The Solvency II regulations on Insurance, driven by the European Union but accepted in principle by global insurance regulators, has recommended the same overall structure as Basel II, with similar Pillars. It is as if CEIOPS, the lead European insurance regulator, has been seduced into believing that Basel II is a stunning success rather than, as the subprime crisis is demonstrating, an experiment in financial services regulation that is still unfolding. We can but hope that the standardized approaches proposed in Pillar 1 of Solvency II will make more economic sense than Basel.

Shakespeare's speech from the Merchant of Venice, which includes the observation that "all that glisters is not gold", also contains a warning that "gilded tombs do worms enfold". There is, of course, no suggestion here that the honey-colored headquarters of the Basel Committee in Aeschenplatz Basel, is a "gilded tomb", or that Basel II is "a can of worms".

References:
[1] Basel II identifies three "approaches" to calculating Operational Risk Capital, the Basic Indicator Approach (BIA), The Standardized Approach (TSA) and the Advanced Measurement Approach (AMA). Of these, the BIA and TSA are tied to average annual "Gross Income" (GI) whereas, the AMA allows firms to use their "own model" to estimate OR capital. Some jurisdictions have also identified an Alternative Standardized Approach (ASA), which employs Asset size for some business lines as a proxy for Gross Income. The precise definition of GI and Asset size varies by country regulator. http://www.bis.org/ and http://www.apra.gov.au

[2] Jobst, Andreas A., "Constraints of Consistent Operational Risk Measurement and Regulation: Data Collection and Loss Reporting". Journal of Financial Regulation and Compliance, 2007

[3] Note here I am referring to the so-called Pillar 1 rules of Basel II on the quantification of Operational Risk Capital. On the other hand, it must be admitted that, the regulations surrounding the other more qualitative "pillars" are much more specific about best practices in developing Operational Risk Management (ORM) processes, and hence much more useful in practice.

Posted by Patrick McConnell at 01:13 AM | Comments (0)

January 29, 2008

About Pat McConnell

Dr. Patrick McConnell
>> Has over 30 years experience in the development and management of complex banking systems working for major banking and insurance companies in the US, Europe and Australia, including:
>> Bankers Trust, Barclays, JP Morgan, Lehman, ABN Amro, Sydney Futures Exchange, Commonwealth Bank, Westpac, Colonial Bank, Credit Suisse, Commerzbank and others

>> He holds quantitative degrees in Mathematics and Operational Research and a Doctorate of Business Administration.

>> Is a Visiting Fellow at Macquarie University Applied Finance Centre (MAFC) in Sydney, where he teaches Masters level courses on Operational Risk, Systems Risk and Enterprise Risk Management.

>> Has published many articles on Risk Management and IT in academic and practitioner journals and is the author of the definitive book on Digital Dealing Room Technology.

>> Affiliations: he is a:
>> Fellow of the British Computer Society;
>> CITP (Certified IT Professional);
>> C.Eng. (Chartered Engineer);
>> Member of PRMIA and the IEEE and Australian Computer Societies;
>> Six-Sigma Black Belt;
He may be reached at pjmcconnell@computer.org

Posted by Patrick McConnell at 11:44 AM | Comments (0)

• Contact Me
• About Me

Categories

Archives

• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008

Recent Entries

• The Slippery Slope
• Losses! Wot Losses?
• La Grande Bouffe
• Basel II or Babel II?
• SG + PWC = MIA
• Risk Management - It's all in the numbers
• Sex in the City (of London)
• Fiasco at Heathrow Airport - a case of People Risk
• Foundations Crumbling?
• 4 Scenes from a Scandal

Syndicate this site (XML)