IT Clan Chat: When Risk Management Fails

Thanks indeed.

Thanks Mary, and thanks all!

I can agree wtih that, MJ!

I'm headed into the stratosphere.

Thanks to everyone for joining us!

Yeah, I'd say so.

I keep typing USB.

I think steady as you go is the message for UBS :)

So, can we agree that UBS should get its act together?

Then again, if it's part of your business, it's your business to know all about it, eh?

This is pretty esoteric financial stuff.

After all, Delta One desks -- the kind of trading done by the UBS and SocGen rogue traders -- are tough to oversee.

There also seem to be questions about whether UBS should have allowed this kind of trading to the extent that it did.

@Awilliams: Yes, that's my understanding of the situation at UBS as well. Nobody was really minding the store.

Is this breach within the scope of IBM's fraud detection software?

@Mary of course it would, but where was the manager? If I understand it correctly the account(s?) being used were in a kind of digitial noman's land with no oversight assigned to it

@awilliams, it is all about the amount of risk you're willing to accept. How much is too much? $2b, $5b? I'm sure if you were to ask the former management team at Barings if they wish they'd have checked up on Nick Leeson, I bet they would all say yes.

@Awilliams: So you don't think any management oversight would have prevented the UBS situation?

I'm not saying the way finance is good by any stretch, but I know enough people working in it (including at UBS) to know how it works on the inside

@Nicole: Oh really? O.K will do. 

@Paul, read Joe Stanganelli's ThinkerNet blog before you give Netflix too much credit.

But FYI, Paul, the SEC does regulate this kind of activity in US markets. It's just that investigating the UBS thing needs to be done where it occurred and where UBS is headquartered, I think.

@Nicole: Not to take away d discussion of RMS, it's good to learn when a corpoate body is humbled 

http://blog.netflix.com/2011/09/explanation-and-some-reflections.html

@Kenton It's an insitutional change. It would require a complete revamping of the finance paradigm and likely cause you to be so inefficent you'd lose in the market.

@Mary: O.K 

Are the banks relying too much on these systems now? Should humans be involved more often to vet large high-risk trades?

@Paul: I don't think that's it. It's that it isn't in the US financial jurisdiction.

@Mary: so a $ 2 billion loss is not a significant loss to warrant ny Federal invetsigation?

Actually, I read that The Financial Services Authority and the Swiss Financial Market Supervisory Authority are investigating

It's an interesting solution, @kenton. Based on what @Awilliams is saying it would be a sweeping change, though.

@Paul: No, the US feds are not investigating, I believe UBS is investigating with help from external board members

@jwallace; I think the systems have to be programmed to pick up all kinds of weird activity, not just more obvious stuff. In other words, the risk system has to be brought in line with specific risks.

Good point, Awilliams.

@awilliams, that doesn't mean it's the right way to do it. We've seen this historically, the problem is that banks are willing accept huge losses. How many $2b losses do you take before you take some action?

@jwallace.  I must be missing something because it's surely no rocket science to have trades of a certain size or positions of a certain riskiness automatically trigger a check by whoever is managing the desk.  I really thought traders were already subject to those controls.

even if you have coders and traders, the coders are always trying to pick up a good tip on a trade to make their money, and the traders are always looking to code up their personal model to get the big bucks.

@Mary: are the Feds looking into this?

@kenton that's easy enough to say, but everyone I know in finance does both. That's just how it works

how can this be prevented in the future?

Interesting, @kenton.

Sorry, had to step away for a few minutes.

I would say if there is a high enough risk that traders who've had access to the back-end system will always take advantage the solution is simple. If you code, you don't trade; separation of duties is a pretty basic risk mitigation technique.

@Mary: Lol

One couldn't blame the risk management/security vendors to stepping in like gangbusters.

@Paul a lot of the finanical companies develop in house and augment with other products

@Paul, yes, the security software vendors will be taking advantage of this big time.

@Paul: Not sure UBS was using any single vendor. A trading floor that big, they're likely using a bit of everything. And you can't lay the blame on the vendors.

I was thinking the same thing Paul Whyte.

@smk I'm not making excuses for them, and ultimately it's themselves they hurt. If they start asking for bailouts then I'm gonna be pretty ticked tho

@Mary: so onw would expect the risk management software vendors wold cash on this latest breach. So whose risk management tools was UBS using?

I agree, Kim.

And by "do this sort of thing" I mean "their homework/set up systems"

The CEO's excuse is palpable nonsense too.  Oh, we forgot to lock the door when we left for the weekend, but what can you when there are thieves around?

@Awilliams -- the thing is, shouldn't big business do this sort of thing, especially when it's in their own best interests?  It's why I get mad at Microsoft -- it's not so much because theyr'e doing something wrong as much as they can afford to do it right.

@Awilliams: Agreed. And as the CEO said, there will always be dishonesty in the ranks when it comes to financial jobs.

UBS is one of the largest financial institutions in the world.  If it doesn't have the resources to run its business while monitoring compliance, heads should roll.  That's a non-starter.

One thing about traders: the CEO of UBS in Switzerland said last week that he won't resign because "If someone acts with criminal intent, you can’t do anything. That will always exist in our job. If you ask me whether I feel guilty, then I say no.”

@Mary I was refering to smk's comment about allowing traders access to the backend. There could be plenty of cases where you'd want to allow some access (a lot of these guys at UBS are trader/coders)

I hope not, Paul.

@Mary: so does it have to cost us another $ 2 billion to wake us up fater 2008 banking collapse?

@Paul, right I understand it's speculation. It just seems to me that's a convenient place to point fingers. But, really, we were "too busy to take care of security because the big bad government gave us too much to do" doesn't fly. Sort of obnoxious, actually.

@Awilliams, not sure what you mean.

@Paul: Hopefully, many big firms will increase their risk management systems as a result of the problem at UBS.

@Mary:" The UBS breach may help some IT pros get management support they may have lacked." So is this a case of doing evil that good may come?

If you can't trust your traders, it's very easy to assume they will not have the available turn around time to get things done in the microsecond based world markets of today. A bit of a catch-22

And UBS management is loudly promising better risk controls.

Well, one thing: Most financial observers think UBS was clearly in the wrong.

@smk and that would be the basis of claculating the risk of exposure, and determining what system is worth putting in

@Nicole: well it's all speculation for now. No one really knows for sure what happens. It's a case of throwing answers here and there

@Nicole: Yes, that was just speculation about why this happened at UBS. I tihnk the bank simply didn't do its homework.

That certainly won't wash.

@smk unlikely that it is every trader who will use such info for personal gain.....but its all about probabilities. I would always assume a 50 percent probability to begin with. Unless something else is proved

@SMK: Well, some say that a good system could have spotted the deepening crisis. But there was also a management problem. Adoboli apparently had expressed to his bosses that he was in a panic about his situation.

Really Mary? I don't know. That sounds a bit too convenient of an excuse to me...

@Paul, actually, some have speculated that UBS was so caught up in trying to get compliant with regulations that it didn't have time or resources to oversee the situation.

Right, Kicheko.

While it seems obvious in hindsight, let's look at the flipside of things:  Should we assume every trader who's had access to the backend is going to use it for personal gain?  What measures are needed regardless?

And @Kim, there is an outcry that if Amex and other financial firms can track our activity, it's possible for IT-based systems to do so for other financial situations.

And probably was a good actuary as well himself....much like a good hacker

Haha Paul. Always eager to go there. ;)

@Mary: so what does this tells us about the regulatory oversight that have been formed since the banking system collapse of 2008?

So Adoboli truly did understand the system he was working with. That is how he could game it.

In other words, he worked behind the scenes in support of the trading he later did himself.

@kenton: Adoboli was very technical and had worked on the trading systems in the "back end" before going out on the floor as a trader.

@jwallace: It has to do with the kind of trading that was involved. These trades should not logically have resulted in big gains, because the funds pertaining to them were losing money.

Do we know how much knowledge of the systems this trader had? Is it another case of a person who had more access than he should have had?

Banks have no problem automatically preventing me from exceeding my overdraft or suspending my ATM card if fraud is suspected.  Why can't they stop a trader from losing billions of dollars?

@Mary: how expensive are risk management tools/softwares?

@Mary: so it does matter how sophitcated the risk management tools are, if there is no shift in corporate culture within the financila sector, then we are doom

Is it really impossible to have some kind of dead man's switch automatically kick in if a trader gets out of hand?

UBS being forced to report that the losses totalled about $2.3 billion is really problematic.

why would UBS not notice until the cash rolled in?

Thanks @Mary and @Paul, when your whole business model is based on risk, you tend to be willing to accept a lot of it if the profits keep rising.

@Mary: yes

@Paul: You mean that tech CANNOT replace cutures, right? Absolutely true.

@Awilliams: Apparently so. Still, there's big trouble when the shortfall or loss is discovered.

@Kenton: " If that is true, then can any system really "protect" a bank from itself? what a question! It just tells me further that technological hellp can' replace institutional cultures

@Paul ok , and probably to minimize exposure as well where deliberate acts of sabotage may be occuring. By intimidating the possible offenders with a checking system.

@Kenton: I seems the trader was defrauding the bank by fiddling the transactions. It wasn't a case of legal transactions producing loss.

On a ship as large as UBS it's suprisingly easy for a couple billion to just go missing if it's not your problem

@Paul: Not sure I would make a blanet statement about risk spending overall. But at UBS, it was surely lacking.

Meaning either it gets caught more often so it's more newsworthy when it doesn't, or it's just not getting caught.

As has been mentioned, are banks just too high on the profits? Is this a case of a trader who's losses were just too big and so the bank decided to classify it as a "rogue trader" so it didn't have to accept the losses? If that is true, then can any system really "protect" a bank from itself?

@Nicole, no; the thing is, the trades should have been spotted as a trend over time.

@Mary: so reading thru your blog, one can infer that investment is risk amanegemnt solutions is still not to a significant level

@Kim -- My thoughts are this either happens a lot less or a lot more than we think.

Ah so real-time surveillance wouldn't have solved the problem here regardless then.

It really is just astonishingly inept isn't it?  How do these corporations manage to do business at all?

@Kicheko: risk management itself is not an exact science. I am sure we are bound to have the occassional breaches here and there. It's just a meter of trying hard to minimize the damage.

So really, UBS didn't need real-time surveillance or analytics to capture that something was amiss. It didn't seem to have the risk built into the system it did have.

@Kicheko: True, but the trades seems to actually have taken place over time. So a system should have been able to capture the trend.

@Kim Davis: Yes, UBS has one of the largest automated trading floors in the world.

@Mary: one accusation that has been levy against financial institutions is that they seems to have move away from focus from risk management in favor of growth and profitability. Is that true in this case

These "Delta One" trading desks are seen as low risk, ironically.

I'm thinking real time surveillance is a good way to go because this could well be a planned "oversight" that happened. For a breach to be big enough to threaten a third quarter loss and nobody noticed

Automated real-time surveillance is indeed available.  Should be able to spot unusual activity without having human eyeballs on the network all the time.  Don't tell me USB can't afford it.

But there seems to be consensus that in UBS's case, the system should have been set up to flag the enormous returns that went with this kind of trade, even as the exchanges that were being traded against were tanking.

I wonder why that is.

@Nicole: I'm not sure, actually. The availability of real-time analytics seems to be scarcer than one would imagine from the vendor hype.

@Mary: saying the cause can both be attributed to compoacency and inadeqaucy sounds to me like a guessing game

In other words, this kind of trading is risky to start with, and apparently UBS had been giving traders too long a leash.

Just reading thru a June 2011 report which statde that: "A report conducted by the Economist Intelligence Unit and released this week by SAS, the big business analytics software firm, warns that financial institutions, particularly in the U.S., are “feeling too comfortable” about their risk management systems and suggests they may be unprepared for the next crisis."

Mary in your story you referenced real-time IT surveillance. I was wondering how widely used that technology is.

@Kim -- that's a scary statement but seems to be the case doesn't it?

@Paul: Actually, folk seem to be saying that the UBS breach was both complacency and inadequacy.

Hi paul

I think this just highlights the seemingly broadly accepted notion in "High" finace that it's OK to gamble

@Paul -- that's a really good question.

I just have a general sense that banks don't really know what they're doing most of the time.

Thank you Nicole!

Hey there all!

Thanks for the great intro, MJ.

Hi Kicheko

Hi Kicheko! Good to see you here!

@MARY: Was this breach a case of complacency on the part of the financial institution or the inadequacy of the rsik management tools employ?

Hi people!

Hi Smk and Awilliams

Hello Awilliams! The gang's all here. :)

Hi smk, Nicole, and Paul!

Welcome Paulie Paul.

Hi Paul!

Yes I'm looking forward to it. Glad you could be here today!

Hello

Hi Nicole.  This should be an interesting chat, all things considered.

Pong!

Ping!