March 31, 2008
Fiasco at Heathrow Airport - a case of People Risk
It may be foolish to do a post-mortem on a patient who is still alive - but, here goes anyway. The opening of the new Terminal 5 at Heathrow Airport London is simultaneously both a risk management triumph and a PR disaster. How come? One word: people - pesky, unpredictable people!
The Acronyms
The BAA is the British Airports Authority, owner of some of the UK's largest airports, and BA is British Airways, one of the world's premier airlines. Unfortunately, BAA + BA does not quite add up to A+. T5 is the new fifth terminal at Heathrow Airport London, one of the world's busiest airports. In this case, BAA can be considered as the architect and builder of a new house (T5) for a homeowner (BA) - from experience many of us are bitterly aware of the strains that can occur in such a relationship.
Heathrow Terminal 5
T5 is an engineering and architectural marvel. Costing some $8.5 billion, it was the largest construction project in Europe in the early 21st century. Building this new terminal meant constructing new roads, new subway lines, and new facilities to handle the next generation of super-sized aircraft, in the middle of, and without disrupting, one of the busiest airports in the world. The new terminal is considered 'state of the art', with the IT component alone costing some $500 million.
T5 Risk Management
From the outset, BAA was very aware of the risks that they were running with such a huge project. Before starting planning for the project they analyzed several 'big project' disasters and came to an unusual but bold conclusion - BAA could not afford to outsource risk management to its contractors!
To meet this challenge, BAA developed what has become known as T5 Planning. This basically means that BAA would manage the risks in all of the T5 project activities and its contractors would deliver their assigned components to the highest quality that they could, without adding any 'risk buffer'. In order to implement this distinctive approach, BAA developed a unique 'T5 Agreement' for its contractors which basically delved into the underlying cost structures of their approved contractors, paying them cost + a standard profit margin plus a bonus for delivering exceptional quality. Contractors were not allowed to price risk into their quotations.
The T5 Planning approach worked. The new terminal, with all of its complex component parts, was delivered on time and on budget, with an industry leading safety record, even though thousands of sub-contractors were involved.
If this is a risk management triumph, what went wrong on Day One!
Before discussing what went wrong, it is worth standing back for a little theory.
Queuing Theory
One of the major reasons for building T5 is that Heathrow is full, and is often claimed to be running at 100% capacity. BA's implementation plan for T5 was, in a so-called 'soft-launch', to move some 50% of its existing operations from its other two terminals on the first day progressively consolidating all of its operations into the new terminal over a number of months. In effect, BA had split its workforce at a critical stage in its implementation. A BA spokesperson has been quoted as saying that the initial target for T5 was to run at 87% capacity (measured in passenger arrivals and departures).
Anyone with a rudimentary knowledge of queuing theory knows that capacity utilization rates of over 85% are unsustainable in the long term because customer waiting times grow exponentially beyond that point. In real life, people queuing in the supermarket get very annoyed if there is a slow trainee on their till - they have to wait much longer. For T5, staff were, reportedly, allocated only 4 'familiarization days' with the new systems and layout.
Utilization rates of over 85% are achievable for short periods, provided that everything goes well, i.e. service staff can cope. However, if something goes wrong the system can quickly go to 'hell in a handbag' [or in this case in a missing suitcase].
And things did go wrong on the first day of T5's operation!
Bright and Early
The first flight was scheduled to arrive at the new terminal around 4:45 am on Thursday 20 March 2008. However, the first 'problem' appeared earlier around 4 am when the new car park opened - security staff couldn't find their parking spaces in the new facilities [I guess car parking was a skill that had not been in the T5 training plan?].
As a result, security in the main building was undermanned for the first shift, which meant that baggage handlers (queuing for new security checking procedures and probably also having difficulty parking their cars) were late arriving to man the brand new, shiny, state of the art baggage system. By this stage, flights were landing and baggage was building up on the carousels - soon too many bags to off-load with minimal staff. At some point, the new 'intelligent' baggage system decided 'enough was enough' and shut itself down to protect itself. After that, the deluge.
To compound the problem at T5, new procedures were being used to ferry baggage from BA's existing terminals for passengers in transit. Since this baggage could not be loaded into the system, problems started to back up, planes had to be cancelled due to the knock-on effect and passengers began to get very annoyed. With mobile phones, irate passengers were contacting news outlets with tales of chaos and the first day quickly became a PR disaster. Passengers were forced to travel without their baggage, or to find a room in nearby hotels rapidly filling up to capacity. At this stage the first of many PR snafus occurred when BA began to place limits on compensation for overnight delays: creating even more irate passengers!
The next few days were not much better; insufficient staff to clear the backlog meant that normal operations were overloaded and so more days of chaos ensued. Over the weekend, BA finally brought in hundreds of staff to clear the backlog and claimed by Monday to be winning the battle - we wait to see.
The Fall Out
Following the mid-week defeat of the national soccer team, and with Paris Hilton missing in action, the British media (not noted for its sobriety) went into one of its periodic bouts of self-flagellation, declaring T5 the final proof of the end of the British Empire.
While not playing down what appears to be an extremely bad example of project implementation, there is a need for some sense of proportion. For example, over the first five days of operation of T5, some 360 planes had to be cancelled, whereas during the storm of early February 2008, 900 planes had to be cancelled in a single day at Chicago O'Hare airport. We all (staff, passengers and air traffic controllers) know what to do when there is a major storm, we just don't know what to do at a new airport!
People Risk
Basel II defines Operational Risk as "the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk but not strategic or reputational risk."
In the case of the T5 opening, while there were some apparently minor problems with systems and processes, the major risk appears to have been 'people'. Note this is true also in financial services where 'rogue traders, such as Jerome Kerviel of Societe Generale, can cause massive losses AND severe damage to a firm's reputation.
People are infuriating. At the same time, they can be very clever and very dumb [how many Mathematicians does it take to change a light-bulb - an 'irrational' number]. They can be both very flexible and extremely obdurate. The staff prepared to work over the weekend to save T5 reflects exactly what happened during Hurricane Katrina and the 9/11 attack in New York. People will go to extraordinary lengths to help in a real disaster. Yet media reports suggest that not all working practices in T5 had been agreed beforehand with obstinate union members.
People tend not to react well in unfamiliar situations, they will probably do the right thing eventually but it will take longer - this is the so-called 'learning curve'. A service environment that is already under strain cannot afford too many people learning on the job at the same time. There is a lesson here for new products in the financial services area?
As a result, from a risk management perspective, it is very difficult to measure people risk, since performance can vary wildly over individuals and over time - the 'variance' is large. Maybe measuring people risk is a minor problem; managing it is the real skill.
Lessons to be learned
It is probably too early to draw too many lessons from the T5 fiasco, as the patient is still recovering and an analysis, stripped of emotion, has not yet been completed.
However, it is already obvious that no matter how much a complex system has been tested, no matter how detailed the planning has been, no matter how much training is undertaken, people are often the weakest link in any project.
In a few months' time, as staff and passengers become familiar with the new systems and procedures, T5 will, hopefully, be appreciated for the success that it deserves to be. The opening will be remembered as a major blunder, heads will have rolled and the media will have moved on.
For risk managers, however, T5 should become a classic case study on that most elusive of risks - people risk. And it should also become a case study on how NOT to manage a crisis!
Posted by pjmcconnell at 05:08 AM
| Comments (1)
March 11, 2008
Foundations Crumbling?
At the height of the subprime crisis, the Bank for International Settlements (BIS) published a research paper, which concluded that "undue reliance on [credit] ratings, therefore, can lead to mispriced and mismanaged risk exposures as well as unfavourable market dynamics if these exposures have to be unwound."
The BIS researchers did not, however, go one small step further to observe that, if correct, their findings appear also to undermine one of the core foundations of Basel II, namely the calculation of Credit Risk capital for securitised assets under Pillar 1.
Confirming what firms are already experiencing in the CDO (Collateralized Debt Obligations) markets, the BIS researchers [1] concluded, "ratings are not an appropriate metric [my emphasis] to fully capture and summarise the risks embodied in structured instruments."
[Note the authors do not single out only CDOs!].
Furthermore the authors conclude, "While this may be obvious for risk factors that are not covered by ratings (such as liquidity), investors need to appreciate that this [inappropriateness of ratings] also applies to default risk in that EL [Expected Loss] and PD [Probability of Default] do not give an indication of the higher moments of the loss distribution."
During the tortuous process that give birth to the Basel II regulations, there was one piece of solid ground that was undisputed: rating agencies (such as Standard and Poor's or Moody's) were the 'gold standard' for credit ratings of borrowers and issuers of securities. And, therefore, it could be reasonably assumed that credit risk capital could reasonably be based on these ratings.
In Basel-speak, rating agencies are not 'rating agencies' but ECAIs (External Credit Assessment Institutions)[2]. To be 'eligible' as an ECAI, Basel II insists that such agencies must be Objective, Independent, Credible, Transparent, Open and Skilled [it is rumored that Motherhood and Apple-Pie were removed as eligibility criteria late in the deliberations]. The subprime crisis has raised questions about such stringent eligibility criteria for the leading rating agencies, in particular independence and objectivity.
Under the so-called "Standardised Approach" for calculating Credit Risk capital under Pillar 1 of Basel II, the 'risk weights' that are to be applied to credit claims against banks, securities firms and corporate borrowers should be directly tied to published credit ratings (e.g. 'AAA'). These risk weights are then used to compute the capital required to hold against such credit risks.
Under the more complex, but more 'risk sensitive', Internal Ratings Based (IRB) approach of Basel II, firms are required to derive their own internal assessments or 'grades' for borrowers, issuers and trading counterparties, to calculate a 'Probability of Default' or PD. This makes sense as many, if not most, of the entities, or individuals, to which a bank extends credit are 'un-rated'. For some assets, however, such as securitisations and Asset Backed Commercial Paper (ABCP) programs, Basel II requires that 'external risk assessments' of PDs must be from eligible ECAIs. These instruments, of course, are precisely the risk shifting and liquidity instruments that are under scrutiny in the subprime crisis.
If a rating agency, staffed by expert analysts, with large databases of historical information on credit behaviour and banks of supercomputers on which to run sophisticated credit models, cannot compute a reliable credit rating, what chance does a medium sized, or even large, bank have in calculating rates of default on the same securities?
Basel has recognized that there may be circumstances where rating agencies might not satisfy their strict eligibility criteria, such as a
"temporary market change or exogenous shock [where] supervisors would be expected to monitor the ECAIs' assessments to ensure that the higher default experience is not the result of a loosening of credit risk assessment standards".
The subprime crisis would appear to be just such an 'exogenous shock'!
Unfortunately, other than adjusting risk weightings (undoubtedly upwards), there is little clue as to what banking supervisors would do in such circumstances; there is little evidence of a Plan B if agency ratings cannot be relied upon.
The question must be asked: Why was research into the potential problems of rating complex structured finance instruments, not conducted before the final Basel II rules were issued?
The BIS researchers point out that it is the process of packaging securities into separately rated 'tranches' that "results in a nonlinear relationship between the credit quality of underlying assets and that of tranched products [i.e. the resulting securities]." But the process of 'tranching' is not unique to CDOs and is fundamental all securitisation! What other highly-rated securities have the same potential flaws?
Obviously much more research is needed into the securitisation process to identify the sources of (and hopefully the solutions to) rating problems. When the subprime dust settles, the obvious will become apparent again; rating agencies are, after all, commercial organizations, subject to market pressures as any other listed company and are, therefore, ill suited to being 'surrogate' regulators. In the meantime, calculations of credit risk capital must be viewed as being somewhat speculative, since the components with 'non-linear' risks cannot easily be separated from other assets in a securitised pool.
But is the industry about to make the same mistake again?
The Solvency II regulations on Insurance are moving towards using essentially the same approach as Basel II for developing 'Internal Models' for the calculation of risk capital. In looking at the capital to cover counterparty and investment risks in such internal models, regulators propose to tie capital to the 'grade' of the issuer/ borrower. For example, in a recently released consultative prudential standard [3], the lead Australian regulator (APRA) ties these grades directly to ratings issued by the four major rating agencies and then aligns these grades with "Investment Capital Factors". Nowhere does there appear to be an indication as to how such credit risks may be evaluated without agency ratings!
As the subprime crisis is showing, Basel II is an experiment in financial services regulation that is still unfolding. We can but hope that the increasingly shaky foundations upon which Basel II is standing does not turn into a not-so-bargain basement for insurers.
References
[1] Fender I, Tarashev N & Zhu H, "Credit fundamentals, ratings and value-at-risk: CDOs versus corporate exposures", March 2008, Bank for International Settlements www.bis.org
[2] Under US securities laws, rating agencies are also known as "Nationally Recognized Statistical Rating Organizations" or NRSROs.
[3] "GPS 114 Capital Adequacy: Investment Risk Capital Charge", DRAFT, December 2007, APRA www.apra.gov.au
Posted by pjmcconnell at 12:11 AM
| Comments (0)
March 04, 2008
4 Scenes from a Scandal
Another city. Another opening night. The lights dim, the audience goes quiet and the curtains open on a new production of the hit series, "Scenes from a Financial Scandal".
Scene 1 - A News Conference
Ashen-faced and uncharacteristically humble, the Chairman announces:
"It is with the greatest regret that I have to inform our shareholders that we have suffered severe financial losses because of the actions of one of our staff".
"This individual, so fiendishly clever that even the great Sherlock Holmes could not have detected his wrongdoing, has lost several years 'profits speculating on the markets."
"We have engaged a firm of private investigators to get to the bottom of this and will report their findings to you soon."
In answer to reporters' questions, the CEO provides the suspect's name and reports that "he was really only a minor figure in the organization, his activities have been reported to the authorities and his employment has been terminated. His direct supervisors have been suspended until investigations are complete."
As the CFO monotones about capital adequacy ratios and write-down impact after taxes, the reporters rush from the room to file their copy and to locate the latest 'rogue trader'.
Scene 2 - A substantial but understated house in a leafy suburb.
A gaggle of reporters are comparing notes outside the front gate:
"Are we sure we have the right guy - everyone in the street said he is a nice polite family man, churchgoer, pillar of the community and so on?"
"His work colleagues all say that he is quiet and hard-working, never took a holiday, good but not spectacular profit-maker."
"His family is very proud of him, middle class kid from the provinces doing very well indeed in the big city."
"His old professor could not remember very much about him but said he was not spectacular, and could not believe he is a criminal mastermind".
"His picture looks cute, there is a rumor that he is to be played by Brad Pitt in the movie".
To one side, a TV crew is interviewing Nick Leeson. Nick was the star of the very first production and has been guaranteed a talk-on part on all subsequent revivals.
Just then the front door opens and a thin, pale man emerges, surrounded by several policemen. He is bundled into a waiting car and whisked away.
The waiting reporters turn to a small, well-dressed man who turns out to be the man's lawyer and is happy to answer questions.
"My client is innocent. He has not stolen any money from the firm. His bosses encouraged his actions to make money and when it went wrong he was cut adrift. We look forward to our day in court".
Scene 3 - A crowded interview room in police headquarters.
There are several simultaneous interviews in progress. The dialog cuts backwards and forwards rapidly between the interviewers.
"You say that the company was warned several months ago that something was wrong?"
"The suspect was due a large bonus next month - did you say?"
"The limit reports were ignored - how often!"
"The local banking regulator did what - sent a warning but the board did not follow up?"
"The audit department warned the CEO but he did not tell the Board?"
"The audit committee signed off an adverse audit report in ten minutes because they were too busy?"
As the interviewees left the room, the detectives shake their collective head.
"What a shambles, I reckon we have the wrong guy but he is going to go down anyway." "I must move my savings to another bank."
Scene 4 - Final - An Annual General Meeting
The faces are different - a new Chairman, CEO and CFO. The new chairman opens proceedings.
"Shareholders, as you are well aware, we have had a bad year, announcing losses for the first time in over two decades."
"But the good news is that we are well on the road to recovery. The new board has endorsed plans to 'return to our core business' and has agreed with a European bank to acquire our overseas subsidiaries for what is, regrettably, a purely nominal price."
"Our overall position is strong, however, following the injection of significant capital from an impeccable source." He nods in the direction of two men of vaguely foreign appearance, sitting silently at the end of the top table.
"With the assistance of our regulator [nodding to a somber-suited gentleman at the other end of the table] we look forward to returning to profitability this financial year and thank you for staying as investors although the journey has been rough".
"Refreshments in the lobby."
The curtains close, to lukewarm applause.
The critics, as usual, are perplexed. Is this tale a tragedy or comedy? The plot would be unbelievable were it not frequent in reality. The reviewers reluctantly agree that it is in fact a farce.
In 1995 the original trading scandal, Barings, came a shock to the financial industry and its regulators. At that time the losses of $1.4 billion, resulting from 'rogue trading' by Nick lesson, were mind-boggling and used as a prime argument for new banking regulations covering Operational Risk (in Basel II).
Thirteen years on, the number of scandals has increased not only in number but also in scale. Recent losses of some $6 billion and $7 billion, by Brian Hunter (Amaranth 2006) and Jerome Kerviel (Societe Generale 2007) respectively, are bigger than the annual GDP of some small Pacific and African countries.
As the Basel II rules on Operational Risk have been widely discussed and dissected by the industry and subject to intense regulatory scrutiny in individual institutions, it is disappointing that scandals, such as these, continue to happen.
A more disturbing question is whether, now that Basel II is up and running, the new rules will act a brake on such losses? The jury is out.
While there probably is 'no business like show business', financial markets too can be entertaining. As Robert W. Sarnoff, the TV pioneer, once remarked, "Finance is the art of passing money from hand to hand until it finally disappears", which should be the motto of all rogue traders?
Posted by pjmcconnell at 04:45 AM
| Comments (0)
