Infrastructure

11:07 AM
Matt Samelson
Matt Samelson
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Why Banks Don't Listen to their Risk Managers -- and Risk Losing Billions

While details are thin, the announcement last week of an unprecedented $2 billion equity trading loss by UBS in London, and the arrest on criminal fraud charges of the alleged 31-year-old rogue trader have attracted global attention.

While details are thin, the announcement last week of an unprecedented $2 billion equity trading loss by UBS in London, and the arrest on criminal fraud charges of the alleged 31-year-old rogue trader have attracted global attention. This would be the third-largest trading loss of its kind in banking history.

Onlookers are scratching their heads asking - once again - how one person, trading basic instruments, could accrue such eye-popping losses under the supposedly watchful eyes of experienced management.

The problem is decades old and rampant in financial services. Strong risk management oversight in financial institutions is perceived as hindering production and eroding profit potential, and is often underfunded and overruled. Senior managers must face their responsibilities and run - not walk - to adequately fund, develop, and support enhanced risk management. Otherwise they are gambling (like UBS) with firm capital and shareholder interests and risk failure of the entire enterprise - and make no mistake, the failures will be those of management, not of so-called "rogue traders."

Need for Controls: Enterprise-wide risk management has been an industry best practice since the Barings Bank failure in 1995. Infamous "rogue trader" Nick Leeson was able to sink Barings thanks to substantial oversight and control deficiencies; these enabled him to trade AND oversee settlement operations in the firm's Singapore office. Leeson lost roughly $1.3 billion due to speculative investing, primarily in futures contracts.

Since then, virtually all substantial financial services entities have implemented risk management functions that are fully independent of business development groups. Risk managers quantify and aggregate risk, develop controls, and create oversight plans. Their role is perceived as essential. Publicly, senior management and line managers praise and support risk managers.

  • The Old School Rogue Trader
    As UBS reels from news of a trader gone rogue, we remember this isn't the first time a trader has gone off the rails. Advanced Trading interviewed Nick Leeson in 2008. Here's how he almost got away with it and what has changed since his forays in the 1990s - and what has not.
  • How to Spot a Rogue Trader
    Advanced Trading spoke with James Heinzman, managing director of Global Compliance Solutions, to discuss how firms can better detect rogue traders.

While senior management is often publicly pleased to have risk groups measure consolidated market, credit, and operational risks, they can be considerably less pleased when risk managers attempt to block transactions that generate considerable outright revenue. It is not uncommon for management to overrule risk managers in these instances. Such actions can belittle the risk managers' role - and place a firm at risk.

Conflicts of Interest: There has always been an inherent conflict between risk management and revenue generation in financial services. Risk managers put the brakes on business units. On the margin, they stop traders from doing transactions that are either too risky outright for the firm's established guidelines, or where potential returns may not be commensurate with risk.

Conversely, both firm performance and individuals' compensation packages are often based on metrics related to outright revenue production. This can provide dangerous incentives to bring in revenue, whatever the risks. Traders and line management also believe they understand the risks associated with marginal transactions better than risk managers, creating inherent tension.

Risk management, as a control function, is sometimes relegated to second-class status when attempting to stop a large, revenue-generating transaction that does not make sense on a risk-adjusted basis or fall outside of the firm's risk guidelines. As cost centers, risk management groups also frequently become second-class at budget time. Despite platitudes from senior management - themselves former revenue producers, in almost every case - risk managers often are perceived as a direct drag on revenue and profitability. They thus may be forced to do more with fewer resources, particularly in lean times.

Accounting Practices: Traditional performance measures such as return-on-equity (ROE) have their basis in outright, "dollar-for-dollar" accounting. Revenue and expense realized in an accounting period passes through a firm's income statement at full (dollar-for-dollar) value. In financial services, revenue booked for accounting purposes for all transactions, "risky" as well as comparatively safe, pass through the firm's financials on an equally weighted basis. There is no differentiation for risk. Transactions providing the greatest revenue therefore have the most value. Expenses pass through financials in the same way.

Risk-adjusted performance measures, unlike traditional ones, take into account the possibility of future loss. Webster's Dictionary defines risk as the possibility of loss. How that possibility is quantified can have a very real impact on required revenue and profitability that, in a competitive financial services environment, may result in a transaction not being done or going to a competitor. If losing a deal or failing to do a transaction results in a hit to performance and compensation, traders are likely to take it very personally.

Therein lies the rub. Quantifying or modeling risk is statistically-based and always subject to interpretation. Interpreting profitability more generously, questioning the risk model, emphasizing uncertainty, and focusing on transaction revenue can make compelling arguments to those at the helm to take significant - even unwarranted - risks. Such action is essentially a gamble.

While performance measurement and line unit compensation is usually based on outright revenue generation and related metrics, in financial services, the more telling performance measures are risk-adjusted metrics. Managers and traders live in a world of revenue; risk managers focus on risk-adjustments. This represents an obvious conflict, and revenue generators usually win.

Behavioral Biases: A loss may or may not happen. Plainly speaking, if risk is introduced into performance measurement, future returns may - but not necessarily will - be reduced. The potential for loss, regardless of the degree of math involved in determination, is subject to interpretation. In the abstract, if one chooses to believe that a low probability of loss means that a loss will not happen, that may turn out to be correct.

Behavioral scientists study aspects of psychology pertaining to hindsight bias and planning bias. Without going too deeply into either topic, humans tend to overstate their success in predicting the outcome of events in the past. Humans also tend to be overconfident in their abilities to successfully apply past experience to future events. These biases are highly relevant to decisions made to override risk management decisions.

In financial institutions, risk is managed daily by people charged with generating business. A proprietary trader evaluates the potential return of a strategy, transaction, or series of transactions against perceived risk. A bank lending officer evaluates a company for creditworthiness and charges an interest rate on a loan or line of credit commensurate with the perceived risk. A competent trader would never enter into a strategy guaranteed to lose, nor would a lending officer extend credit to a company certain to fail.

Yet proximity can compromise judgment. A trader may believe that his or her particular skills uniquely provide for a profitable outcome to a particular trading strategy. A loan officer may believe that his or her particular insight into the borrower ensures that the borrower will not fail. If these two individuals have been successful in the past and not experienced substantial losses, they may be overconfident in their respective abilities to evaluate and manage excessive risk. The incentive for each to take excessive risks may be amplified if each is compensated on the basis of outright revenue generation.

Management is Not Immune:Senior managers view firm operations from a different, higher-level perspective. In most cases, they are far removed from day-to-day operations. They deal with press, analysts, regulators, legislators and a host of other matters related to strategic direction. While most rose through the ranks and generally understand risk, in their executive roles they usually remain tied to traditional (non-risk adjusted) performance measurement - the metrics used by analysts to value the company and compare performance among competitors. For this reason, senior management may have the same biases as line traders when it comes to revenue, returns and perceived risk.

This quagmire puts risk managers between the proverbial rock and a hard place. They are charged with the responsibility to protect a firm from loss. They view risk impartially. Still, they are subject to the same bias from above as they are from below.

How does this play out? Traders unabashedly will seek approval from senior management to incur substantial risk for the potential of outsized returns, even over the stringent objections of a risk manager. The senior manager will focus on the revenue projections while diminishing the associated risk, and approve the transaction. If no loss is incurred, the trader most likely will be empowered to repeat the exercise; the senior manager will be further empowered to approve such exceptions, thanks largely to his or her "superior insight." The risk manager will be left out in the cold - and not missed.

Back to UBS: Since details remain thin at this time, no one is sure of anything. However, it appears that UBS permitted unauthorized and excessive risk taking on the part of at least one individual. Time will tell how involved senior managers were in this case. From the early reports the whole incident is symptomatic of a major failure in UBS's enterprise-wide risk management framework. It is likely attributable to inadequate risk assessment budgeting and resources, since in recent times financial services companies have been quick to cut expenses in cost centers - risk management among them.

Conclusions: The effective management of risk and return is essential for successful enterprise management in financial services. Conflicts abound, however, many of them rooted in deep behavior biases. Even traders and managers acting in the best faith may make sub-optimal decisions based on a range of pressures and influences.

In light of these realities, senior management must take decisive (if difficult) steps to adequately build, fund, and trust their risk management operations. Only by taking such overt steps can the integrity of equity capital be truly protected, shareholder value preserved. Without them the "rogue trader" losses at UBS will be the latest - but certainly not the last.

Matt Samelson is Principal at Woodbine Associates, a Stamford CT-based capital markets research and consulting firm staffed by former mid- and senior-level industry practitioners. A former program trader with experience at Lehman Brothers, ITG, and Liquidnet, Samelson focuses on strategic, business, regulatory, microstructure, and technology issues that drive the equity markets.

Matt Samelson is a Principal at Woodbine Associates, Inc. focusing on strategic, business, regulatory, market structure and technology issues that impact firms active in and supporting the global equity markets. He brings to the firm a wealth of experience in U.S. and ... View Full Bio
Comment  | 
Print  | 
More Insights
More Commentary
One Size Fits Nobody in End User Services
How building profiles from employees' roles and behaviors can help optimize your end user services.
'Enlightened' Non-IT Execs More Likely To Run Secure Organization
Do senior executives understand their role in data security? On the whole, unsurprisingly, no.
No Screwups, Please, We’re Banks
Changing a bank's culture is not going to happen overnight, but having the right tools and levers in house will surely make a big difference over time.
You’re Doing BYOD Wrong: These Numbers Prove It
Almost 40% of users who connect personal mobile devices to corporate networks have no lock-screen mechanism set in place.
Citibank Brazil Deploys Award-Winning BPM Solution: Now What?
Citibank Brazil automated commercial customer onboarding and reduced cycle time by 70%. But how can a global organization harness the successes of its islands of solutions?
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.