As in the Sherlock Holmes mystery, Silver Blaze, where the key clue was a dog that didn't bark, when we look back at some of the key risk incidents in 2014, the year is interesting for what didn't happen, as well as what did.
First, there wasn't a significant rogue trading incident (or at least one that was publicly reported) in 2014. Perhaps an indication that controls have tightened in this area, or, maybe banks just got lucky. It is, however, not time to relax yet, and banks should continue to invest in developing their controls, refining incentive structures and the analytical tools used to identify potential offenders in this space.
Second, another area where incidents have been seen in recent years but not in 2014, was large-scale trading algorithmic market incidents, such as the Flash Crash in 2010 and the failure of Knight Capital in 2012. Again, perhaps controls have improved in this space due to the increasing focus of regulators and controls imposed on high frequency trading firms. However, firms should continue to be vigilant in this area. The ever increasing speed of change and the increasing use of mobile trading platforms will continue to add new threats.
So what did happen in 2014?
First, cyber security was again at the top of the risk list. Unfortunately, even the damage done by some of the more high-profile incidents this year are likely to be a drop in the ocean of what damage could be caused by cyber security threats in 2015. As the cyber threats grow in sophistication and verve, companies' and society's defenses need to improve to meet those threats.
Second, what the FX! The fall-out from the FX scandals, including the significant fines and penalties imposed upon offenders, reminded industry watchers and stakeholders that banks are still working through the consequences of outdated cultures and incentive structures. Is 2015 the year when the new culture will begin to emerge and banks will put such scandals behind them?
Third, anti-money laundering. If the large fines imposed in 2014 upon banks for flouting anti-money laundering laws are any indication, then this issue is nowhere near resolved. A more nuanced view, however, indicates that fixing this issue is not so simple. First, as with cyber threats, terrorists and drug cartels are increasingly sophisticated in their tools and operations and so increasingly hard to identify. Tools deployed by banks to identify them need to get a similar upgrade.
Fourth, capital requirements and data governance. Banks continue to have difficulties in meeting federal requirements in measuring and defining their capital capacity. Several banks' capital plans were rejected by the FRB in 2014 and many banks continue to have challenges in ensuring the accuracy of data involved in calculating capital requirements and associated stress test models. The complexity of global banks' transactions and businesses, as well as the vast amounts of data they generate and have to provide to regulators, is creating ever greater challenges to banks in their ability to govern and manage the quality of their data.
Fifth, insider trading. 2014 is likely to become more known for who was not prosecuted than for who was. In addition, the overturning of guilty verdicts on Dec. 10, 2014 by a federal appeals court in two key insider-trading cases has again highlighted some of the grey areas in this area of law.
Lastly, when 10 banks reached a settlement on Dec. 11 with FINRA over allegedly allowing analysts to solicit investment-banking business and offer favorable research coverage, one might have been forgiven for thinking it was 2002 all over again. 2002 was the year, in case you forgot, that WorldCom filed for bankruptcy which ultimately led to multi-billion dollar lawsuits and multiple regulatory fines for this very type of issue. The regulatory changes that were imposed following that incident, including complex Chinese walls imposed between analysts and bankers, were intended to prevent this type of thing from ever happening again. So the fact that this settlement was reached, should at least lead to some review of the causes and changes to current controls that are in place.
Andrew Waxman writes on operational risk in capital markets and financial services. Andrew is a consultant in IBM's US financial risk services and compliance group. The views expressed her are those of his own. As an operational risk manager, Andrew has worked at some of the ... View Full Bio