Cover
Title Page
Copyright
Dedication
Introduction: A Risky Business
1. Notes
Acknowledgments
About the Author
Chapter 1: The Historical Context
1. Notes
Chapter 2: The Rogue Trader
1. Who Is the Rogue Trader?
2. The Crime of Rogue Trading
3. Tools of the Rogue Trader's Trade
4. How Rogue Traders Succeed
5. Can the Rogue Trader Be Stopped?
6. Notes
Chapter 3: Genius Traders: Who They Are and How to Catch Them
1. Characteristics of the Genius Trader
2. How to Manage Genius Risk
3. Notes
Chapter 4: Insider Trading
1. What Is Insider Trading
2. The Industry of Insider Trading
3. Trading Floors and Chinese Walls
4. Raising the Bar
5. Notes
Chapter 5: Price Manipulation Risk: The Big Unknown
1. Price Manipulation
2. Earnings Restatements
3. LIBOR
4. Foreign Exchange
5. Collusion
6. Emphasis on Surveillance
7. Notes
Chapter 6: The Mortgage Mess
1. Mortgage Securitization
2. Indicators of Risk
3. The Aftermath
4. Notes
Chapter 7: Ponzi Schemes and Snake Oil Salesmen
1. Ponzi Schemes
2. Regulators and Fraud
3. Bribery and Corruption
4. Notes
Chapter 8: Rogue Computer
1. History of Technology in Public Markets and Increasing Risk
2. Flash Crash 2010
3. Knight Capital 2012
4. Facebook and BATS
5. How Problems Occur
6. Key Controls
7. Notes
Chapter 9: Funding the Bad Guys—Winning the AML Battle
1. Modern Practices of Money Launderers and Undetected Cash Movers
2. Money Launderers and Terrorists
3. Legislature and Regulations
4. Impact of Regulations
5. An Effective AML Program
6. Mitigating the Risk
7. Notes
Chapter 10: Litigation and Big Data Risk
1. What Is the Risk?
2. Systemic Risks from Big Data
3. Notes
Chapter 11: Twitter Risk and Fake News Risk
1. Note
Chapter 12: Spreadsheet Risk: Should We Ban Excel?
1. Mitigating the Risk
2. Notes
Chapter 13: Acts of God Risk
1. Note
Chapter 14: Cybersecurity—The Threat from Outside and Inside the Firewall
1. External Cyberthreats
2. Insider Threats
3. Taking Cybersecurity Controls to the Next Level
4. Notes
Chapter 15: Turning the Tables on Risk
Chapter 16: Building the Right Culture: Values, Organization, and Culture
1. Seeing the Value of Your Contribution
2. Fixing the Organization
3. Breaking Down Organizational Barriers to Change
4. An Ethical Culture
5. Notes
Chapter 17: The 360‐Degree Risk Management Function
1. Tone from the Top: Assess Risks as Well as Goals
2. Connecting Risk to the Rest of the Firm
3. Connecting Risk Managers to Each Other
4. Hooking up the Operational Risk Department
5. Notes
Chapter 18: What We Talk about When We Talk about Risk
1. Business Goals
2. Business Process
3. Risk Dictionary
4. Top Risk Identification
5. Control Dictionary
6. Finally…
7. Notes
Chapter 19: The Future Is Unknowable, the Present Burdensome; Only the Past Can Be Understood
1. Internal Loss Incidents
2. External Incidents
3. Scenario Planning
4. Risk and Control Assessment
5. Notes
Chapter 20: The New Tools of the Trade
1. Putting People to Good Use and Avoiding Rabbit Holes
2. Putting Data to Good Use
3. Putting Psychological Insight to Use
4. Notes
Chapter 21: Cognitive Technologies
1. Trade Surveillance
2. Regulatory Compliance Management
3. Taking Proactive Steps
4. Notes
Chapter 22: The Role of Government and Regulators in Managing Risk
1. Regulating the Markets: The SEC and the CFTC
2. Regulating Risk Taking: The Federal Reserve and the Treasury
3. Regulatory Reform since the 2008 Financial Crisis
4. Notes
Chapter 23: Case Studies and Guiding Principles in Planning for Disaster
1. First Guiding Principle: Develop Multiple Scenarios and Optionality
2. Second Guiding Principle: Develop Strategies to Match the Scenarios
3. Third Guiding Principle: Understand How the World Is Changing
4. Fourth Guiding Principle: Build Political Will to Resource the Chosen Strategy
5. Notes
Chapter 24: The Risk Management Society and Its Friends
1. Attribute 1: A Shared Passion
2. Attribute 2: Shared Ethical Values
3. Attribute 3: Willingness to Debate Issues—The Open Society
4. Attribute 4: Education
5. Attribute 5: Interconnectedness
6. Notes
Chapter 25: Conclusion: Seven Traits for Successfully Managing Cognitive Risk
1. Mature Governance Structure
2. Top‐to‐Bottom Risk Culture
3. An Open Mind about Regulation
4. Understanding the Firm's Unique Risk Profile
5. Not Just Throwing Money at the Problem
6. Innovation and Technology
7. Constant Self‐Analysis
Index
End User License Agreement

List of Tables

Chapter 2
1. Table 2‐1 Infamous Rogue Traders
Chapter 3
1. Table 3‐1 Trading Losses
Chapter 5
1. Table 5‐1 Losses from Price Manipulation
Chapter 7
1. Table 7‐1 Losses from Recent Ponzi Schemes
Chapter 8
1. Table 8‐1 Losses from IT Failures
Chapter 9
1. Table 9‐1 Largest Fines Imposed for AML Failures
Chapter 10
1. Table 10‐1 Largest Settlements with Shareholders' Lawsuits
Chapter 15
1. Table 15‐1 Repeat Operational Risk Incidents
Chapter 18
1. Table 18‐1 Risk Taxonomy
2. Table 18‐2 Financial Risk Impact Method
3. Table 18‐3 Financial Risk Impact Assessment
4. Table 18‐4 Reputation Risk Impact Method
5. Table 18‐5 Media Exposure Impact Method
6. Table 18‐6 Reputational Impact Assessment
7. Table 18‐7 Control Assessment
Chapter 19
1. Table 19‐1 Incident Capture Systems: Basic Information about Each Incident Is Captured
2. Table 19‐2 Internal Loss Incidents
3. Table 19‐3 External Loss Incidents
4. Table 19‐4 Operational Risk Scenarios
5. Table 19‐5 Risk and Control Assessment

List of Illustrations

Chapter 2
1. Figure 2-1: Indicators of Rogue Trader risk
Chapter 3
1. Figure 3-1: Indicators of genius risk
Chapter 4
1. Figure 4-1: Indicators of insider trading risk
Chapter 5
1. Figure 5-1: Areas of focus to identify risk of price manipulation
Chapter 6
1. Figure 6-1: Indicators of product risk
Chapter 7
1. Figure 7-1: Ponzi risk factor analysis
Chapter 15
1. Figure 15-1: Threats—Internal and external
Chapter 17
1. Figure 17-1: All functions collaborate in identifying and managing risks
2. Figure 17-2: All risk functions collaborate closely for best results
3. Figure 17-3: Forums for discussing key risks across key business areas
Chapter 19
1. Figure 19-1: Understand the past to mitigate the future
Chapter 21
1. Figure 21‐1: Example of trade surveillance visualization analytics—show changes in emotional temperature
2. Figure 21‐2: Example of visualization techniques to illustrate relationships between employees

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750–8400, fax (978) 646–8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748–6011, fax (201) 748–6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: IBM, the IBM Press logo, and IBM Watson. A current list of IBM trademarks is available on the web at “copyright and trademark information” as www.ibm.com/legal/copytrade.shtml.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Cataloging-in-Publication Data is available

ISBN 9781119380146 (Hardcover)
ISBN 9781119380177 (ePDF)
ISBN 9781119380153 (ePub)

Cover Design: Wiley
Cover Image: © Photo by.Ignacio Ayestaran/Getty Images

Introduction: A Risky Business

The managing director for risk fixed him with skeptical blue eyes, “you are probably the most dangerous person at this Bank”. I was incredulous. She wasn’t talking to a swaggering trader. She was talking to her supposedly close colleague, the Head of the Global Policy Office at the Bank. The discussion for the last hour had been about the need to strengthen global compliance policies for Sales and Trading in the aftermath of the 2008 Financial Crisis. Surely, I thought, the danger must lie elsewhere.

Why do I open with this story? In many ways it’s symptomatic of what was wrong at banks before and after the 2008 Financial Crisis. There were traders losing money hand over fist, in some cases, to the point of taking their banks over the edge during The Crisis, yet the MD perceived the greater threat as stemming from the Global Policy Office. Really? The pre-Crisis view was that traders should be left more or less alone by Risk and Compliance to work their magic. This did not work out so well in retrospect. After The Crisis a new belief took hold, almost as pervasive and erroneous as the “let traders be traders” view. The new belief was that rigorous enforcement of new policies and procedures would lead almost magically to prevention of wrongdoing. The MD, perfectly cognizant of this, was afraid that risk managers would retreat behind a bureaucrat’s desk rather than engaging with day-to-day activity on the trading floor and that the effects would be just as bad as previously. Sadly, in her defense, to a significant extent it’s my view that this is what has gone wrong after the crisis.

The evidence presented in this book suggests that both these factors have been at play in the years since the Financial Crisis. The strengthened regulatory and compliance regime imposed since the 2008 Financial Crisis this has not yet resulted in a corresponding reduction in operational risk events and failures.¹ Even a cursory reading of newspaper headlines in 2016 provides sufficient evidence of that point: Ponzi schemes, fictitious bank accounts, and cybersecurity failures are still common occurrences. The book’s objective is, however, not to offer a critique of these rules and regulations or to argue that they are not needed.² The main objective of this book, rather, is to hold up a mirror to events caused by the Rogues of Wall Street—to analyze and understand them and then describe ways and techniques for identifying, mitigating, or preventing them in the future.

This past decade has been an exceedingly turbulent one for banks and the financial services industry. So many losses have been paid out to investors, regulators, and clients as either straightforward financial losses or penalties paid out for accepted wrongdoing. The trade date for many of these losses was the financial crisis of 2007–2008. Settlement date was often later—in some cases, as late as 2016—before the penalty was paid. Even in 2017, regulators are still announcing the settlement of cases with banks that go back to 2007 to 2008.³

I worked in operations and risk management at several large banks in the 2000’s. As such, I participated in what are called “scenario planning workshops.” The goal of these workshops was (and is) to estimate the size of potential losses in the worst of circumstances, black swan type events. I have to admit, however, that during these discussions, we hardly conceived of losses at the levels they have since reached. With multi-billion penalties incurred in some cases, it is now evident that banks failed to price these types of risks properly.

It is also apparent that financial crises hold special trepidation for banks and other financial institutions. This is largely because unknown operational risks⁴ that, banks and other financial institutions hold on their books, are suddenly and ruthlessly exposed at such times. In 2008, bank losses suddenly ballooned from areas as disparate as credit default swaps, debt offerings, mortgage securities, money market funds, Ponzi schemes (Madoff), rogue trading, hedge fund positions and so on. Some institutions were pushed over the edge—Bear Stearns, Lehman Brothers for instance—while many others barely survived. This was no coincidence. Rogue trading positions, Ponzi schemes, even losses on mortgage securities, can be smoothed over, hidden by high profits, during the good times, but not during the bad times. Madoff’s scheme, for instance, finally came to light in December 2008 after years of successful concealment. Driven by sudden cash needs, brought on by the Financial Crisis, multiple investors asked for their money at the same time. The demand for cash could not be met by Madoff’s cash on hand and the harsh reality was suddenly exposed. This same dynamic played out across multiple venues, markets and positions. While it may have appeared then, that defenses were suddenly breached during the Financial Crisis, it was actually in the run up to the Crisis, that banks and other institutions were opened up, by and to, inside and outside threats.

This book suggests ways for banks and financial institutions to strengthen their defenses during the good times to better protect themselves during the storms that will inevitably hit from time to time. The acquisition of risk management capabilities linked to what I call the “Cognitive Era” are going to be required.

The Cognitive Era is referenced in the title of this book for two important reasons. First, the field of cognitive psychology pioneered by Daniel Kahne-man and Amos Tversky, is in many ways a gift to modern risk managers. By leveraging some of this thinking (we will study some examples in the latter half of the book) risk management errors of the past can be avoided. Second, the era of “cognitive computing”, that has been recently heralded by IBM and other proponents of Artificial Intelligence, presents new opportunities for risk managers.

Partly due to the availability of ever-increasing computing hardware and network power and also due to the availability of new AI (artificial intelligence) technologies, corporations now have cognitive digital platforms at their disposal to improve their ability to manage a wide range of tasks. These platforms encompass machine learning, reasoning, natural language processing, speech and vision, human-computer interaction, dialog and narrative generation, and more—systems that learn at scale, reason with purpose, and interact with humans naturally. We explore some specific applications in the field of surveillance and regulatory management that can support the ability of banks to prevent and mitigate operational risks more effectively in the future. Some of these techniques are already being explored and implemented in the field.

The first part of this book, Chapters 2 through 14, takes the reader through a “Rogue Gallery of Wall Street”—the characters and events behind the losses and failures at storied investment houses and securities firms in the past several years. We look at some of the factors behind the events, the causes, and some of the things that can be done to prevent their reoccurrence in the future.

The Rogue Trader, naturally enough, is the first character we come across in this Rogue Gallery. Typical of this archetype was the trading incident at UBS that occurred in late 2011 that resulted in a loss of over $2 billion for that bank. This incident was similar in many respects to the Rogue Trader incident at Societe Generale⁵ only four years earlier that resulted in a loss of around $7 million. We will look at these characters and incidents in more detail in Chapter 2.

Rogue Traders, however, are not the only type of bad actor that investment banks have had to deal with in the past few years. The Genius Trader is the second character we meet, and, of course, is not always bad to know. As the name suggests, this character is very smart, perhaps too smart, and his colleagues and bosses give him more latitude to trade than other traders. The trades he executes and the positions he accumulates are very complex and not necessarily understood by his bosses or by the risk managers whose job it is to protect the bank from taking on too much risk. The losses that can result from these trading decisions and miscalculations can be very, very large, leading in some cases to the fall of a major financial institution.⁶ We will look at the many lessons for risk management from this and other episodes in Chapter 3.

Insider trading has also been front and center in the past few years. Many of those convicted of insider trading have been traders at hedge funds. One of the consequences of banking regulations has been the multiplying of hedge funds established by traders dissatisfied by the resulting conditions at the large banks. The spate of insider trading charges at hedge funds, some of which may lack sufficiently strong and independent compliance oversight and surveillance functions, has perhaps been the logical consequence of that. The issues here and potential remedies are looked at in Chapter 4.

Banks also need to be aware that there may be price manipulators in their ranks. Traders at several banks were charged in 2012 with the crime of manipulating LIBOR rates, rates that are set by a group of specifically appointed banks. The foreign exchange rate manipulation debacle followed soon after that.⁷ Wide-ranging investigations following both these scandals resulted in dismissals and even criminal charges levelled at several major banks. One may wonder justifiably why all the compliance and pricing infrastructure and policies and procedures that banks have put in place failed to identify these issues. We will look at these issues in more detail in Chapter 5.

Penalties imposed by regulators following mortgage-related litigation has been a significant drain on banks since the 2008 Financial Crisis. We identify the key risk indicators and lessons learned from these events in Chapter 6.

Meanwhile, threats inside banks and hedge funds posed by Rogue Traders and others are matched by threats posed by those from outside. Wall Street also needs to do a better job of protecting itself and society from these external threats: money launderers (drug gangs, terrorists, etc.), Ponzi schemers, cyberterrorists, social media, rogue technology, spreadsheets, and Acts of God. We will look at each of these risks and episodes in some detail and draw out what can be done going forward in respect of each one in Chapters 7 to 14.

Where the first part of this book catalogs some of the major risk incidents that have taken place in the last few years, the second part of the book, starting with Chapter 16, looks at the overarching tools that financial institutions have to work with to create an environment that can prevent and mitigate catastrophic events in the future.

The tools that banks have at their disposal to address these risks are first and foremost their employees. Whether or not employees are successfully enlisted in the battle is very much dependent on the culture that they collectively create. Chapter 17 describes a risk management culture that emphasizes the role of each employee and imbues in each a sense of mutual responsibility to the bank and to one another. Is there a sense of right andwrong that is asmuch a part of the bank as the financial language they speak? We will discuss the 360-degree risk culture at some length and look at examples and tools for making that happen.

In Chapter 18, will then proceed to discuss the importance of a common understanding and language to discuss and remediate the key types of risks facing banks today. What we are talking about when we talk about risk is something that each employee needs to understand from the top to the bottom. If one employee thinks of risk as one thing and his colleague thinks of it as another, then they will look past one another and fail to come together.

Chapters 19 and 20 discuss the classic paradigm of operational risk management—summed up by the words of the historian, Geoffrey Elton: “The future is dark, the present burdensome; only the past, dead and finished, bears contemplation.”⁸ Risk management has always placed great emphasis on studying the past. If one can determine the risk events and losses in the past, one can learn how much capital to set aside for future losses. If one can understand how much market losses there were in the prior period, one can identify the scope of potential losses in the future. While this approach may have been adequate in the past and does provide an effective measurement baseline, it is not sufficient for the future and so in later chapters we turn to explore newer, more modern approaches and techniques. It is not just financial loss that is at stake but the loss of reputation with clients and the broader community, as recent scandals have shown. A more ambitious goal set by the most innovative risk managers today is to understand the past, not just to measure it but also to prevent it from recurring in the future.

In Chapter 20, we turn to new tools of risk management that involve advanced cognitive understanding of human behaviors and motivations. The use of psychological insight and data analytics are tools that can create incentives and programs to prevent risky behaviors and drive employees toward improved outcomes in the field.

It is no exaggeration to say that proper and appropriate trade surveillance could have helped to avert or reduce the impact of many of the events that banks have been paying for in the past few years. In Chapter 21, we explore new cognitive AI tools that can complement the current trade surveillance activities to identify risky behaviors before they result in losses and reputational damage.

Finally, we discuss external factors, in particular, the role of external stakeholders, from regulators to society at large. The level of interdependency between institutions was shown for all to see in 2008 and needs to be studied to understand how a reoccurrence of those types of events can be prevented. This may be critical in helping our banks and society to avoid a repeat of the 2008 Financial Crisis in the near future.

CHAPTER 1
The Historical Context

Wall Street has changed immeasurably in the past several decades. Key changes that have occurred include computerization of trading, the growth of universal banks (and hedge funds), and the development of financial engineering. Each of these changes enabled major revolutions to take place in our larger society. Banks are not what they used to be, but while they were agents in enabling change in society—changes that brought major benefits—with these benefits also came major costs.

First, computerization of trading has helped to facilitate the growth of a shareholder society. The casual, retail investor now has access to trading tools that provide access to very liquid and fast‐moving markets with the ability to execute shorts, options, swaps, foreign exchange (FX), and other complex transactions from their PC or smart phone. The cost of participating in such trading activities has declined dramatically and, as a result, millions more people¹ own shares today than in the past. This has been in large part due to the creation of new trading and computer technologies and resulting cost reduction. Such gains are not achieved without risk, however. Some of the operational risk incidents we will review in the coming chapters stem from the technical challenges that are posed by such technological advances.

Second, the growth of universal banks² with massive capital resources and services aimed at every customer segment has helped achieve major efficiencies in the promotion of new capital structures and investment vehicles. The availability of credit to greater numbers of people and the provision of new types of financial innovation to every type of corporate entity has enabled the creation and expansion of new productive capacity in the United States. These advantages were particularly clear during the expansion years of the 1990s and early 2000s. However, these benefits also brought problems in their wake.

The sheer size of these universal banks and the stitching together of different legacy systems and bank cultures has created patchworks of manual process and controls that became too complex to manage. The risk of great and complex failures inherent in such unwieldy structures has, in the eyes of many analysts, grown, rather than retreated since the Financial Crisis of 2008. Most recently, Neel Kashkari, chief of the Federal Reserve Bank of Minneapolis, has argued for further controls to be put in place against banks that are so called “too big to fail.”³

To his point, managing multiple businesses and multiple country branches brings a level of complexity that makes it much more difficult to monitor activities across an entire organization. Additionally, privacy laws that have multiplied in different countries have further exacerbated this issue. This can and has led to failures to assert centralized controls and unified lines of defense against suspicious trading activity and the like.⁴

Third, the growth of financial engineering took place in the context of relatively light regulation and planning. Credit default swaps, for example, started as a relatively obscure product in an obscure trading group within investment banks. While investment banks and broker/dealers are required to oversee new product development in a careful way, new products have a habit of getting through with relatively little scrutiny and planning. This lack of planning is, in part, a reasonable response to the nature of the trading market. Many products are thought up in the twinkle of a trader's eye and many of them fail to take hold. In the case of credit default swaps,⁵ however, within a very short time frame, billions of them were being written to cover bondholders and non–bondholders. Expansion in areas like this brought much greater profits to the banks, at least for a time. It also brought much greater complexity to the business. Obscure products like credit default swaps can thus grow from a relative backwater status to a major profit center in a short space of time in a way that is hard to predict or plan for. The ability to manage the resulting complexity, however, does not tend to keep up. The rash of scandals, penalties, and significant operational losses in the case of mortgage‐securitized products are one indicator of that.

The rapid change at investment banks as a result of these particular areas of innovation has made it hard for regulators to keep up in their ability to understand and monitor these changes. Yet the role of regulators has never been more important. In some ways, the battle over regulation that took place in the years after the 2008 Financial Crisis, and in particular, the battle to introduce the Dodd‐Frank legislation was similar to that played out in the original battles fought by Washington and the SEC to establish US securities laws and the SEC in the 1930s. This will be discussed further in Chapter 22.

The battle fought by the regulators since 2008 has also been to arm themselves for battle more effectively, by adding to their ranks people with the expertise and experience to be able to identify, monitor, and manage the risks as they unfold at their charges' houses of operations. Unfortunately, it may always be the case that regulators, like the French generals of the 1930s who built the Maginot Line of Defense, are doomed to be forever fighting the previous war.

The example that perhaps best illustrates this is the case of Wells Fargo that hit the headlines in 2016.⁶ This was different from what had gone before in three important respects. First, relative to the mortgage and other scandals, which led to billions of dollars in lost wealth, the churning of unauthorized bank and other accounts involved sums that were relatively small. Second, instead of a few relatively high level traders being involved, as in, for example, the mortgage, FX and LIBOR scandals, this scandal involved thousands of fairly low level employees. Third, those involved in the scandal did not possess any special financial engineering skills, rather, they applied routine customer facing banking skills to set up and self‐authorize fake bank and credit card accounts. It is apparent that investment banks, faced with increasing regulation in the investment banking sphere, have been turning to retail and private banking as alternative sources of revenue. Even Goldman Sachs has established a unit for online personal banking so it may be that this Wells Fargo incident is the first of a new emerging class of risk. It is clear at least that the regulations and procedures put in place by compliance and risk management were not adequate to address this risk at Wells Fargo.

At the same time, it is also the case that banks have been able to put in place many sensible and effective controls to mitigate risks that they do run from their sheer size and complexity. Some of this has come about from the pressure that they have been put under by regulators. A friend of mine is an MD who works in an area called model risk at one of the major investment banks on Wall Street.⁷ Under the constant prodding of regulators and internal audit, he has constructed a complex set of controls over the various models used by the bank to value every single complex position that is traded there. If a trader is ever tempted to modify the way a position he is trading is valued, to perhaps help it reflect a profit to his greater advantage, it will be known straight away by those monitoring the valuation models. However, the separation of controls put in place most likely means that the trader, who in prior years would have been able to easily do such a thing, is now not able to do so. While this makes the bank safer than it was, there may be diminishing returns and unintended consequences from further nit picking by regulators with what has been accomplished.

Added regulations and administration has meant the need for banks to add significant resources to meet these regulatory requirements while hamstringing them in other ways. The ban or severe restriction on proprietary trading, the Volcker Rule⁸ for example, arguably has already had some negative consequences, even though the ban has only recently come into effect. One unintended consequence is that as banks have been adding to the ranks of staff engaged in compliance matters while they have been losing and shedding the trading talent that has been the long‐term source of their competitive advantage. Traders and risk managers have been leaving to join hedge funds, asset managers, and even insurance companies in droves. This drain on talent, has only added to the difficulties banks face in managing their trading risks effectively.

This is some of the context for the operational threats faced by the Banking and financial services industry today. Some of these are posed from the outside, some from the inside. What the banking industry cannot do is afford to let these threats subsist alongside their business model. Rather they have to address the issues head on. We will explore in the succeeding chapters how some of the changes described here have led to these threats and some of the tools that firms can leverage to address them successfully. We now turn our attention to some of these major events and losses.

Notes

4. JP Morgan Chase agreed to pay $1.7 billion as part of a deferred prosecution agreement reached with the US Attorney's office for the Southern District of New York in January 2014 on charges that its failure to maintain an effective anti‐money laundering program helped to facilitate the multi‐billion‐dollar Ponzi scheme orchestrated by Bernard Madoff. The crux of the complaint by federal prosecutors was that the bank maintained the relationship despite internal concerns and red flags. These red flags were actually raised by the London Branch with the UK's Serious Organized Crime Agency but were not shared with the AML Compliance team in the United States. Whether that was because of misplaced concerns over potential noncompliance with data privacy laws in the UK if such client concerns were raised in another country is a troubling possibility. Be that as it may, much work has been done since then, to improve the AML program at JP Morgan Chase, including significant investment in systems and expertise. Information on these charges was reported widely and a good analysis can be found at the link to a DealBook NY Times article: https://dealbook.nytimes.com/2014/01/07/jpmorgan‐settles‐with‐federal‐authorities‐in‐madoff‐case/.

5. A credit default swap (CDS) is a financial swap agreement that the seller of the CDS will compensate the buyer (usually the creditor of the reference loan) in the event of a loan default (by the debtor) or other credit event. This is to say that the seller of the CDS insures the buyer against some reference loan defaulting. The buyer of the CDS makes a series of payments (the CDS “fee” or “spread”) to the seller and, in exchange, receives a payoff if the loan defaults. It was invented by Blythe Masters from JP Morgan in 1994. By the end of 2007, the outstanding CDS amount was $62.2 trillion, falling to $26.3 trillion by mid‐year 2010 and reportedly $25.5 trillion in early 2012. CDSs are not traded on an exchange and there is no required reporting of transactions to a government agency.

How to Manage Risk in the Cognitive Era

Notes

Notes