The current financial crisis started when investment firms ignored their risk managers and risk tools. Can sober risk analytics save today's humbled banks and help them conquer tomorrow? By Will Rankin
Whatever the factors that sparked the current financial meltdown-human arrogance and greed, lax oversight, feeble warnings, sleepy regulators, or what one observer called the "irrational exuberance" of free market economies-one thing is clear: The financial sector will be reeling from its effects for a long time to come. For example, in terms of the post-mortem of banks like Lehman Brothers, some observers estimate that the unwinding of deals and relationships will take a decade.
Clearly, technology will play a role in the recovery-as it did in the meltdown-but to what extent could IT have averted or at least mitigated the current situation? Furthermore, can it stop a similar situation happening again? Waters spoke with seasoned veterans in the financial services industry to get their take on what caused the situation, and what needs to be done to help firms navigate through this roiling crisis.
Ciaran Henry, a veteran financial technologist, with a career spanning such firms as Merrill Lynch, JPMorgan Chase, Credit Suisse First Boston, Lehman Brothers and Salomon Brothers, says the US housing boom was the spark that lit the fuse. "As property values around the US soared, mortgage lenders loosened lending standards in the belief that homes would always appreciate. Property developers had access to cheap money and began to build and believed the property itself would encourage demand. Small banks saw an opportunity to lend to developers and ignored the concentration risk. Homeowners used their equity and borrowed against it. Regional banks cashed in on the new affluence any way they could by providing property loans, auto loans and home equity loans without considering the overall risk," he says.
Instead of seeing a teetering house of cards, Wall Street saw opportunity. "Some firms acquired lenders directly, which we now know had sub-prime loans without documented income. They came up with the idea of a 'vertical real estate strategy' where they would originate, service and ultimately securitize loans as pools of debt to sell to the capital markets," Henry says. In the rush to make money, Wall Street lost its way as a wholesale investment banking industry, and instead took on more and more consumer level risk. "Some firms even co-invested with the property developers themselves. Now they are stuck with chunks of unfinished real estate developments and defaulted loans that are extremely hard to unload," he adds.
Dave Shone, senior architect, global financial services industry at Sun Microsystems, has a no-nonsense take on what caused the meltdown. "The short answer is crude techniques and inadequate data for risk calculations, followed by poor interpretation," he says.
Jim Leman, a former senior technologist at HSBC and principal at US technology consultancy Westwater Corp., says he believes that the problems arose because "the potential pool of buyers for various mortgage assets was over-estimated, or their ongoing appetite was over-estimated," he says. "The banks were blinded by the returns they were achieving that over-ruled risk management warnings."
Fast forward to the Crash of 2008 and its aftermath. Most of the experts Waters interviewed feel that better use of available technologies and less confidence in mistaken beliefs could have avoided the meltdown. Jerry Luftman, executive director and distinguished professor at the Stevens Institute of Technology's Howe School of Technology Management in Hoboken, NJ, and vice president, academic affairs at the Society for Information Management in Chicago, says he concurs. "In terms of risk management you can't blame the technology; technology is just a tool, or a vehicle to help make decisions. There are always ways to ignore or fool the tool," he says.
Luftman says firms must add more human intervention and explicit governance guidelines. "Part of the problem is that no one thought that the housing market would go south. Taking a risk in giving out mortgages was not considered a risk. They made an assumption that house prices would continue to rise and they showed over-confidence. All the models were saying don't give them the money."
It is now clear that in many cases risk managers alerted management to potential exposure, but only a handful held enough corporate power to influence change and act on the risk potential. According to Henry: "Some experienced business heads with strong risk management discipline were fired for resisting what they knew would be an extremely risky strategy."
Some go further, suggesting that the meltdown is partly due to failure on the part of risk managers, and their level of understanding and the tools at their disposal. "I suspect that the warnings weren't there in many cases, because of shortcomings in datA. Furthermore, dangers were probably hidden in the tails of the value-at-risk (VaR) distribution that risk managers don't see or don't understand," says Shone.
Jeff Hong, global capital markets manager at Sun Microsystems, agrees: "In a few cases, managers failed to act in the correct manner either due to lack of comprehension of the warnings or failure to fulfill their obligations as managers." Hong cites the case of rogue trader Jérôme Kerviel inside Société Générale who cost the firm $7 billion. "I believe Kerviel's manager went back to him and asked for an explanation. This action by his manager appears to be an inappropriate discharge of managerial duties."
While most say the technology exists to avert risk-based disaster, there is clearly a dichotomy between the "haves" and the "have nots." According to Henry: "There are firms that invested heavily and have the capability to look at exposures by term, industry sector, by credit rating and then run scenarios modeling a particular market event and see the results in real time. There are also many that rely on much older technology, which can only process risk in overnight batches and deliver information the day after with no easy way to run scenario analysis or slice and dice a portfolio."
Not every firm has invested enough in technology, and some have allowed their systems to age to the point of presenting operational risk. "Humans need to be prepared to employ better techniques, demand more data and then make more sophisticated interpretation of the results. This will demand better and different algorithms, more reliable data and more careful interpretation of results," says Shone.
Steps for survival
Risk management is clearly a critical area that is ripe for investment, even among those firms that are struggling. Henry says he has already seen investment firms ramping up their efforts-even as markets remain shaky and credit largely frozen-to invest in improving the completeness, timeliness and analytical sophistication of their credit and market risk infrastructure.
Sun's Shone suggests that over the next six to 12 months it will be more a case of evolution than revolution. Already he is seeing moves "including operational risk as well as market and credit risk. This across-the-board change points to liquidity risk as the fundamental issue-but this is no surprise."
Westwater's Leman says the hard lessons learned will now be added to models, "since data and related events are observable." He says more entities will enhance their existing risk systems to incorporate earlier warning indicators for intra-day moves and for ongoing position assessment. "Reducing leverage and proprietary trading oversight by management will have an immediate and large impact," he says.
The consensus seems to be that the surviving firms will consolidate and upgrade their existing risk systems, but also purchase brand new risk systems. As Hong sees it, where the investment goes will depend on merger and acquisition activity in the next year. "Many firms will conduct an enterprise audit and look for issues. Then it will be a beauty contest and a consideration of who bought whom," he says.
While it's clear many large firms already have comprehensive risk measurement infrastructures in place, these will likely need to be modified to capture more trading activity in real time. "It must include structured products modeled in a sophisticated way as opposed to being transformed into what the system understands and simplistic models with fixed scenarios applied," says Henry.
The investment in upgrading and rebuilding risk analysis software will inevitably lead to a need for upgrades in hardware, too. If the technology purchased has been developed to deal with the increasing complexity of the markets, then it follows that that greater complexity will require greater computing horsepower.
Henry sees a "geometric growth in the amount of data; on-demand risk, instead of overnight; and more mathematically sophisticated solutions," which will drive many firms to large-scale grids with virtualization technology that is flexible, powerful and scaleable enough for the task. He suggests that in some cases, the extra processing power needed could be harvested from a defunct business or from idle processors.
Shone sees more horsepower on the horizon. "The narrowing windows between one market closing and another opening has already driven the requirement for more hardware. In the evolutionary approach with more reliable data, the volume of computation will scale with that. As more sophisticated calculations are employed and different models are used simultaneously, this will scale the computational requirements even further."
Over the next few months observers say we will also see an increased hunger for real-time risk analysis. While this level of analysis is already available, there is a greater need for more aggregate exposure. "True real-time risk calculation will require computation of market risk, and even credit risk for, each and every trade," Shone says.
Leman adds that market volatility will cause more intra-day evaluation by managers and risk managers. "However, hedging activity may pick up and there, the need for more complex strategy management will call for real-time risk and policy establishment," he says.
Along with greater auditing, industry watchers predict a slowing down of a firm's ability to react to new opportunities. "First-to-market may not be king anymore; rather, it will be who comes in with the best controls and processes and can go the distance," says Henry.
Sun's Hong says it's all about adaptability. "No doubt Wall Street and City professionals are already looking to create new products to take the place of asset-backed securities (ABSes) and collateralized debt obligations (CDOs) and their ilk. As soon as these products launch, you better believe that the next-generation risk measurement and reporting systems need to support them," he says.
Monitoring real-time risk and ensuring there isn't a slowdown can be handled by high-performance computing, which is available today. Sun's Shone highlights his company's "powerful armory," from scaleable multi-core systems, through "cluster grids," which bring hundreds of CPU cores together to perform vast calculations that exceed the capacity of a single box, to new storage technologies that allow database-scale volumes of data to be accesses in microseconds.
A new regulatory framework?
Most agree that there is a need for new, tighter regulation. Sun's Shone says that the implementation of Sarbanes-Oxley (SOX), for example, has been slow, without a clear approach. "I believe that the regulation that will arise from the current crisis should be used to improve upon, and replace, SOX," he says.
Meanwhile, Hong believes we will see "regulations, regulations and regulations."
Henry agrees: "I believe Sarbanes-Oxley in particular has been an expensive but ineffective piece of legislation. I would also say some regulatory bodies did little to enforce laws when there was an opportunity to do so. I think SOX needs to be either enforced or replaced. It's made a lot of money for accounting firms but failed to prevent the bankruptcies, hundreds of billions in losses and credit crisis we are now suffering."
Luftman says regulation is part of the problem. "Regulations should be overseen by the legal department, not the IT department. They should work together, work with the business to change the processes," he says. "We have known this for 40 years."
Luftman says he is keen to ensure that technology, business processes and current risk models are all carefully examined. "Put simply, if something isn't done, this problem will continue. There's a need to change the processes as well as the technology. There will always be some need for human intervention but we are very much the inhibitors to making technology much more viable. Technology isn't the problem," he concludes.
-->