About Cubillas Ding

Another year of stress

Another year of stress
Global banks are facing another year where there will be two regulatory stress testing exercises through the course of 2016 – namely the two big ones, US CCAR and EU stress tests. These exercises have been executed over the past few years with great trepidation and strain. However, despite the progress made to date by institutions, regulatory standards continue to evolve towards “tests” becoming more difficult each year, with higher expectations around the process and its sub-components. The underlying paradigm is one of “looking under the hood” of the stress testing machinery to ensure that its underpinnings are sound. My latest report points to strategic considerations and recommendations for the future of stress testing operating models and the solutions. However, I would like to also point out a number of separate (but related) observations from another industry report. In the most recent BCBS progress report for the adoption of the Principles for effective risk data aggregation and risk reporting (BCBS239), the most significant challenges involves the following, where:
  • 57% of banks surveyed in their compliance progress are materially non-compliant with Principle 2, which requires data architecture and IT infrastructure to fully support risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis.
  • 50% of banks reported themselves to be materially non-compliant with Principle 3, which is in their ability to generate accurate and reliable risk data – aggregated on a largely automated basis so as to minimize the probability of errors – to meet normal and stress/crisis reporting accuracy requirements.
  • 43% of the banks are materially non-compliant with Principle 6, to generate aggregate risk data to meet a broad range of on-demand, adhoc risk management reporting requests, including requests during stress/crisis situations, requests due to changing internal needs and requests to meet supervisory queries.
The numbers above are telling and symptomatic of how the industry is coordinating various strands of regulation, and the architectural strategies that underpin the delivery of these initiatives. In our report, one of the points we underline is the need for stress testing data governance and management practices to be reconciled (better yet, commonly shared) with data/outputs from other related initiatives; for risk data aggregation and reporting (BCBS239), but also to cover emerging regulations like Fundamental Review of the Trading Book (FRTB) and accounting for loss provisions (IFRS9). Net net: If architecture around data and applications are not fundamentally (re)designed and IT change programmes are not executed to actively address interdependencies between various strands of regulations, banks will face an uphill battle for future regulatory compliance, and efforts to develop more sophisticated capabilities will yield diminishing returns. The ‘what’ and ‘where’ of these pain points are perhaps more straightforward to identify, but the ‘how’ of solving it is more elusive. That will be the focus on our upcoming studies e.g. stress testing vendor solutions, risk appetite management initiatives, and risk technology strategies. Watch this space.

Lehman Anniversary Musings and Wish Lists

Lehman Anniversary Musings and Wish Lists
There are a multitude of Lehman Brothers anniversary stories going around, and perspectives can get lost. Hence, I decided to let a week pass before I commented on the fifth anniversary of the infamous collapse of Lehman. I promise to make these points short (and hopefully sweet). What have we really learned from Lehman and the last crisis? Apparently the financial industry is unable to regulate itself, so is it really a surprise that it now needs to be externally regulated? We have opened Pandora’s Box. Virtually every sector within financial services is facing heavy regulations. But the problem I have is that the current paradigm of external regulation is expensive for everyone (expect perhaps regulators, lawyers, and consultants), compared to a scenario where the industry can learn to govern itself appropriately. So, what can we take from five years ago? Many lessons have been identified around short-term funding concentrations, leverage, mispricing of risk, misaligned incentives, lack of governance at both board and industry levels, complexities in the valuation of “hard to value” assets, and the potentially fatal interplay of various risks.   Will we have another crisis? Despite the changes the industry has made, one gets a sense that the consequences — the unpalatable prospect of capital and liquidity shortages, negative impact to the cost of funding for banks, corporates, and small businesses; and the ongoing threat of counterparty failures — all linger in various guises today. By that token, you could say that we have treated the symptoms but not the causes. The “virus” of inappropriate culture, failing to govern (e.g., treating risk management as a formality), and not using the right information to make risk-adjusted business decisions are still in the blood of the industry. A new crisis may emerge before we know it. Some observations: In the last year, corporate earnings have failed to track recent market rises. Yet US equities are up 30% over the past 18 months, while earnings have only risen 6%. Has the investment community become trigger-happy to trade while ignoring fundamentals? How soon did significant operational risk failures and conduct incidences happen after the firms, regulators, and governments supposedly “learnt the lessons” of 2007/2008? Unfortunately, not long after. We are still seeing market trading failures (Knight, Nasdaq), whale trading losses, LIBOR rigging, and product mis-selling.  We have observed (and here, regulators and policymakers are not exempt) how L/ZIRP (low or zero interest rate policy) created a bubble in commodities (which has burst). It created a bubble in emerging markets (which has deflated), and it is creating a bubble in bond markets — all of which may pose a major risk in the event of rise in rates or aggressive QE tapering. The boom and bust dynamic seems to be rearing its ugly head again. Old habits die hard.   What does the Holy Grail of risk management look like? I will answer in terms of outcomes I would like to see, rather than how the mechanics of risk management need to look like. I will know that the Holy Grail has been found when: 1. Regulators and firms embrace the right rules and the right tools to spot future financial bubbles. 2. Frontline personnel that pursue risks (and rewards) within organizations are directly compensated (based on both soft and hard incentives) according to the risks they are taking. 3. We have resolved the “too big to fail” problem, and taxpayers no longer need to bail out firms they are not responsible for.   For me, the longer-term questions are: Has the industry taken the right medicine? We know that there were bitter pills prescribed, but were they the right ones? Are we still taking the medication, or have we forgotten? We need to follow through; if the lessons of the last crisis do not improve our ways to anticipate, prevent, or manage the next crisis, then what have we really achieved? Undeniably, stringent capital, collateral and liquidity requirements are some mechanisms that can preserve stability and mitigate risks during crisis scenarios, but these are not necessarily preventive in nature. In the end, perhaps cultural astuteness about risk-taking within financial firms and a better understanding of the collective behavior of capital markets globally are the most effective medicines to avert systemic failures. For now, my advice would still be: Buyer beware!

Uh Oh Moments: What’s coming next?

Uh Oh Moments: What’s coming next?
In line with the market’s deliberations around systemic risk, central clearing, and its subsequent impact to demand/supply dynamics around collateral assets, BIS Committee on the Global Financial System recently released a paper on Asset encumbrance, financial reform and the demand for collateral assets on 27th May. As I poured through the pages of this well-constructed report, there were a couple of “Uh Oh” moments in my head as I examined the paper’s key policy (and eventually, market) implications. Here’s what caught my eye:   1) Disclosures on asset encumbrances: “Market discipline can be enhanced by requiring banks to provide regular, standardised public disclosures on asset encumbrance… Such disclosures would include information on unencumbered assets relative to unsecured liabilities, on overcollateralisation levels, and on received collateral that can be rehypothecated… Supervisors, in turn, should receive more detailed and granular data, as required, including the amounts and types of unencumbered assets.”

Uh Oh #1: More granular regulatory reporting and requirements around the level of “free” assets on an institution’s balance sheet look to be coming. There are profound implications for how financial firms manage and inventorize the components of their assets, liabilities and shareholders’ equity at any given time (including collateral).

  2) Risk-sensitive deposit insurance: “… deposit insurance schemes could be made risk-based (e.g. through the inclusion of a dedicated risk premium in deposit guarantee pricing), taking into account the funding structure of insured institutions in normal times. The pricing could differ depending on… resolution rules.”

Uh Oh #2: “Pricing in asset encumbrance in deposit insurance schemes” seems to imply regulatory capital/RWA increases, through Basel IV or sooner through Basel III.5??

  3) Expansion in scope of stress testing: “…banks should be asked to perform regular stress tests that evaluate encumbrance levels under adverse market conditions.”

Uh Oh #3:  Expansion of dimensions to stress test – in this case, related to asset encumbrance levels, funding scenarios and collateral frameworks. Institutions need to ensure stress testing practices are sustainably repeatable and sufficiently automated.

  4) Oversight and possible regulation of the currently unregulated: “Central banks and prudential authorities need to closely monitor and oversee market responses to increased collateral demand and their effects on interconnectedness… in securities financing markets [e.g. securities lending, repo] and for shadow banking activities.”

Uh Oh #4: There seems to be an undertone that anything “unregulated” is “bad” and risky. We anticipated this trajectory in our recent “Shadow Banking Products in Europe and North America” report and highlight how different products are used, risk management implications and technology advancement opportunities that various products may represent in the coming years. What’s coming could include the possible central clearing of securities lending and repo activities, more position/exposure reporting, restrictions on re-hypothecation of assets and other forms of transparency reporting, etc.

One wonders if regulators are now stepping into the territory of choking economic activity. Do we really need to fix what is not really broken? Is transparency for transparency’s sake necessarily beneficial to the way markets operate?

  5) Extend of collateral rehypothecation permitted: “A particular aspect that has received considerable scrutiny in the policy debate on securities financing markets is the extent to which rehypothecation activities should be permitted. The recent crisis experience suggests that greater reliance on rehypothecation in financial intermediaries’ balance sheets will increase interconnectedness and make them more vulnerable to financial shocks. Rehypothecation of client assets can also delay the recovery of assets or even impose losses on beneficial owners.”

Uh Oh #5: “Interconnectness” of the financial system is a concern, but it is also inevitable given the manner capital, derivative market reforms and collateralization rules are implemented. Instead of working to stop this interconnectedness from happening, regulators could do well to put in place “in-time circuit breakers” in the financial system to only “trip” when stress scenarios and adverse market conditions bubble up (pardon the pun).

  Whilst the above points remain “thinking points” and nothing is concrete, it does provide us with a possible glimpse of what is coming. If we think that regulatory burdens in the financial industry are onerous now, regulators are only getting started! Keep your strategy nimble and technology sufficiently flexible – built not just for current requirements, but for future changes. These changes may come sooner than you think! ————– For more detailed perspectives, please see the following: Maximizing Collateral Advantage: A Survey of Buy Side Business and Operational Strategies Shadow Banking Products in Europe and North America Equipping the Front Office for the New Risk Environment Cracking the Trillion Dollar Collateral Optimization Question Strength Under Fire in Risk Management

Advances in technology, but how do we achieve the right results?

Advances in technology, but how do we achieve the right results?
I am working on a series of future oriented research related to the future of risk management and speaking to a number of firms: from financial institutions stakeholders at the forefront of risk management challenges; to new risk technology startups, as well as  investment and private equity firms interested in opportunities that the evolution in risk management is bringing. When speaking with firms, the challenges of (what I term as) operational orchestration often comes up in one form or another. Here, one critical factor for success in achieving the right degree of orchestration entails developing and implementing the technology and operational infrastructure to deliver and embed requirements in day-to-day workflows. Nevertheless, in our experience, this area is where risk appetite and strategic objectives/measures get lost in translation, and where big picture ambitions are misaligned with the right execution in front line functions. The conundrums are typically characterized as follows, in particular:
  • Ensuring proactive and timely capture, monitoring and escalation of risk before they inflict material damage. There is a need to “right speed” latency of risk information delivery, in accordance with the velocity of risk in different parts of the firm’s portfolio and under different market conditions (e.g., lending/ banking book transactions may require significantly less latency compared to the trading book; normal vs. stressed conditions will exhibit different risk characteristics).
  • Accelerating go-to-market time for risk management initiatives, yet reducing project risks associated with the pace and pressures of regulatory driven risk projects. For example, we observe forward-thinking firms actively expanding the use of quality management, rapid development methodologies and tools which enable IT architects, business analysts and testing teams to better achieve the precise mapping and modeling of changes within the firm. Here, as the financial industry evolves to become what I term as “ultra regulated” (for instance, akin to the utilities and nuclear industry where critical risk incidents result in significant catastrophes and loss of lives), IT planning and delivery functions will need to raise their game (note: not only to the expectations of regulators).
  • Finding cost effective ways of delivering risk technology capabilities. In a situation where changes are fast-paced, complex and expensive to execute, firms would be wise to explore answers to the following questions: How can we maintain strategic flexibility and explore alternative technology options to go-to-market faster e.g. open source analytics, cloud deployments, joint R&D arrangements, venture capital, etc.? What technology ‘bets’ should a firm be placing, and when? How much should you wager? What is the right mix of short-term and long-term ‘bets’?
  As an analyst, I am perhaps fortunate to be sitting at the intersection of end users, solution providers and the financial facilitators of future changes in how risk management is architected and executed. Between this nexus of supply, demand and facilitation, I believe the financial industry is at an “inflection point” where the pieces of technology required to achieve the above-mentioned capabilities are available and reaching a fair degree of maturity. For example, there are a broad spectrum of technologies available to “right speed” risk detection and apply braking mechanisms – through the use of event-driven architectures/messaging, in-memory databases and analytics and other low latency infrastructures, etc.   The key is how intelligently it is deployed. There are opportunities for real change if firms are smart in the exploitation of emerging next generation technologies. The rest of the puzzle, however, is related to the non-technology factors – for example, the political will (and the willingness) of firms to address long-haul organizational, compensation and data quality challenges to make the management of risk deliver the level of efficacy that it should, at a time when uncertainty is at an all-time high. Therein lies the rub.  

Risk decisions that matter: What financial firms can learn

Risk decisions that matter: What financial firms can learn
Recently, at a seminar I was presenting at, I had the privilege to hear from a person, for which risk management is likely to be the most important aspect of his livelihood. The person is Sir Ranulph Fiennes, the British adventurer described by The Guinness Book of Records as “the world’s greatest living explorer” – not to be confused with Ralph Fiennes, the actor – who is a cousin of his. The title of Sir Ranulph’s talk was “Risk Management in Life and Death Situations”, and it centers on the lessons learned in pushing himself to the limits, and examines his life-and-death risk decisions. I have summarized (in certain cases, paraphrased) the risk management dimensions which I gleaned from his witty, humourous and sometimes, soul cringing presentation. The principles are as follows:

1. Know your team up members close and personal. For big life and death expeditions, although the motivation and incentives of the team are important, these are not sufficient elements in order to reach your end goals. You need to discern and understand the character of the individual members of the team, or face the risks of failure, or worse endanger the team’s lives if there are serious weaknesses in a team member’s character. Hence select your sojourners very carefully.

2. Be of “one mind” – The team who are going to take the risks, is the same team who assesses the risks, is the same team who reaps the rewards – you need to plan, operate and execute with “one mind”

3. Assess your routes and research the terrain you are trying to conquer very carefully, especially the danger zones, pitfalls and hidden crevices

4. Ensure you have the proper tools suitable for the terrain

5. Face (and expect) adverse conditions, resistance and ‘boring waiting periods’ by maintaining discipline and endurance, with a unrelentless focus towards the end goal

6. Adaptibility and innovation is required (without compromising point 5)

7. Big picture plans and detailed tactical steps are equally important to execute towards the goal – don’t underestimate either

8. Use political levers to get past road blocks, rough terrains or to cut journey time (without compromising point 5)

9. Ensure timely monitoring mechanisms to gauge progress, safety checks to measure critical (team and personal) healh indicators, and landmarks to determine closeness to target destinations

10. Plan against big risks: Try to avoid or go around these altogether rather than face it

  … if there is one place risk management matters, this is it: when your life and death depends on it!   How much can financial instiutions learn from these principles? I believe, a lot. And for some organizations, its life and death may indeed depend on executing to these principles in the coming years ahead.  

Safe heavens and investment hells

Safe heavens and investment hells
Reported through the Wall Street Journal yesterday, the Germans have issued a bond (a German treasury note known as Schatz) with a zero coupon. This is unprecedented in some ways. What it says is that investors are so desperate that they are willing to forfeit any yield for the privilege of parking their funds for two years in what they see as safe assets, as the escalating debt crisis in the euro zone continue to play out in contagious and unpredictable ways. What’s driving demand? Between insurance companies and pension funds that offer products with ‘guaranteed returns’ or conservative fund portfolios that place an emphasis on value preservation; financial institutions hunting for sources of liquid, high quality collateral for regulatory purposes, repo and OTC derivative markets; and CCPs demanding more stringent margin requirements, one can expect this race to compete for a share of acceptable safe assets to grow. Investors that have been burned over the past few years are saying capital preservation remains a paramount objective for them. For me, financial markets are so dislocated at the moment that perceived “safe havens” are elevated to “safe heavens” by investors in their flight to safety, whilst distressed entities/sovereigns are condemned to investment hell (so to speak). However, such polarization between the two extremes of ‘elevated heavens’ and “investment hells” perhaps point to me that the market is running out of options for safe assets. It also begs the question of whether this is an illusion that is too good to be true. At the moment, not even favored safe haven assets such as gold, investment grade government and corporate debt, and covered bonds are necessarily immune to the shaking that is rippling through the markets. In this instance of German treasuries, zero yields in theory means that it is completely ‘risk free’, for which there is no such thing, not in terms of absolute safety anyway. Germany may be the strongest economy in the Eurozone but contagion effects are difficult to predict. There are a few points of caution here: First, the growing concentration of capital flows into these perceived safe assets is in itself a risk and (arguably) creates a bubble effect. Secondly, the polarization dynamic between the haves and have nots create large imbalances that will amplify structural volatility. Thirdly, current (and emerging) regulatory regimes like Basel 3, Solvency 2 and Dodd Frank/central clearing are almost, in tandem, sucking in and ‘consuming’ safe assets. It creates a backdrop for these effects to continue. Is this an unintended consequence that we do not want or need in the longer term?

Replacing the poster child of failure?

Replacing the poster child of failure?
Yesterday, the Bank of International Settlements released consultative document sets out a revised market risk framework that proposes a number of specific measures to improve trading book capital requirements. (BIS Fundamental Review of the Trading Book) Amongst the points to consult on is whether to replace the “poster child of failure” in the 2008 financial crisis – the value-at-risk (VaR) measure, with expected shortfall (aka CVaR), a risk measure that better reflects “black swan” events. Is this really news? One could argue not in certain respects. Academic research (from at least a decade back) has showed CVaR to hold advantages compared to VAR from a mathematical standpoint. Also, many financial institutions have already incorporated expected shortfall as part of their internal dashboard of risk measures. So what is the issue?
  • For one, good or bad, because expected shortfall also measures highly improbable risks, it opens up the door to a greater degree of ambiguity related to modeling assumptions.
  • Secondly, the metric is also sensitive to rare “tail risk” events that are many practitioners consider low probability. Some consider that these events should be determined by a firm’s view of the world and not be imposed through regulatory mechanisms for every firm.
  • With expected shortfall, this is likely to increase regulatory capital required (in addition to what is currently already on the table to be met by banks)
  In a time where there is a drought of liquidity and capital in the banking industry, most bankers will be hoping (and arguably lobbying hard) that the proposals in this consultation should be carefully weighted out rather than hastily imposed. Let the debates begin!

Stressing all the way to the starting line

Stressing all the way to the starting line
The US Federal Reserve last week announced summary results of the latest round of bank stress tests, which show that the majority of the largest U.S. banks would continue to meet supervisory expectations for capital adequacy despite large projected losses in an extremely adverse hypothetical economic scenario. This is essentially a report card of how 19 of the largest US banks would fare under ‘worst case’ scenarios around unemployment, house price crashes, equity market drops and bank collapses, taking into account that institutions could (or need to ) pursue capital related actions such as issuance of capital, dividend payments, and share repurchases through stressed market conditions. For more details, see US Federal Reserve Stress Tests March 2012.  
I will offer up a few observations here:
    1. First, it provides interesting insights and food for throught into the business mix of these institutions, the quality of their assets and where the largest vulnerabilities lie – not merely for regulators, but also for equity investors, bondholders and business counterparties. For example, financial institutions with asset servicing, transaction banking and retail credit businesses are impacted less under these tests, compared to those that are heavily skewed towards SME and wholesale banking
    2. Investment banks and broker/dealers with large trading positions would contribute >94% of all trading/counterparty losses in the system. These numbers are also a reflection of the size of fixed income and credit assets and derivative agreements in their portfolios. Most retail and commercial banks would incur minimal or no trading/CVA losses.
    3. Some pundits in the industry are lauding these results, saying that the financial crisis that has swept through Wall street is “over”; and that these stress tests draw a line over the pain of the past few years. Whereas in actual fact, this is likely to be the first step into a new world – where the financial sector and broader global economy faces further challenges ahead, for instance in the Eurozone, as well as the stability of emerging market financial systems. Global financial linkages will impact developed market institutions and these will be the real check and balance to the resiliency of these regulatory “stress and health check” mechanisms.
    4. Finally, in addressing risks, faith cannot, and must not, rest on the analytical tools and models, no matter how sophisticated they are, nor can it rest in the enforcement of financial regulation. The old adage of sound judgment and common sense, supported by data, analytics, and robust processes, still stands. For example, could the Fed’s assumption of a stress scenario in Europe be “too optimistic”, not taking into account the possibility of multiple failures (rather than one)? This question brings up a point that in stress testing activities, it is an art in making judgement calls rather than science. Any stress testing calculation and/or process is only as credible as the quality of the assumptions and judgement behind them.
  In an interim conclusion, I would state this: Although the news of encouraging stress test results promote the notion of safety and soundness in the banking system, competitive advantage at a firm level is based first of all, on this scarce commodity called trust, even before elements like optimizing of business mix, capital efficiency, product / service innovation and operational excellence are taken into account. The balance sheets of large institutions take time to rebuild, but a full measure of trust takes even longer to build (and sustain), notwithstanding stringent regulation and industry wide stress testing initiatives like this. Trust is a commodity in short supply nowadays. It takes a long time to build, yet can dissipate in a matter of minutes. And beyond this, it will take more than mere regulatory efforts to say that the banking system is fixed, but a global community of bankers, to restore trust. With these stress testing initiatives, I would say we are at least now at the starting line. There is a long marathon ahead.

Putting strategy back into regulatory responses…

Putting strategy back into regulatory responses…
Topics of regulation and its effects are all the rage in the financial sector news nowadays. Banking, investment and securities activities are facing the weight of multiple ‘structural’ regulations, compounded by the threat of an impending sovereign debt crisis and economic downturn. Cases in point: Basel regulations on capital and liquidity, OTC derivatives trading and clearing infrastructure reforms (Dodd-Frank, EMIR), Durbin debit card interchange rules are all not ordinary “adhere and comply” regulations. These produce second and third order “ecosystem effects” that will force fundamental shifts in the value chain of the financial industry and its clients.   Whilst uncertainties remain, one thing is clear. Firms and vendors’ planning responses to regulation and its ripple effects will need to change substantially.   As financial firms chart strategies to navigate the deluge of regulations, they need to explicitly think about what paradigm and mode of operation to adopt, rather than merely reacting. Specifically, in an uncertain environment where cross-sector regulatory effects are likely to play out, firms need to:
  1. Establish the appropriate regulatory response paradigm beyond the conventional reactive, bottom-up approach. Structural regulations cannot be treated the same as ‘point’ regulations.
  2. Plan and anticipate for different outcomes using a regulatory scenario approach for regulations that are ambiguous and entail multiple cause and effects
  3. Converge fragmented risk and compliance operations to optimize and achieve cost synergies
  4. Ensure that IT stakeholders and technology strategies need to be formulated in tandem with business planning, not as a “leave that for later” afterthought.
  5. IT should maintain strategic flexibility in times of uncertainty. Identify potential “drag areas” and as much as possible, plan for multiple business / regulatory scenarios in order to future-proof emerging requirements.
  Indeed, we live in interesting times. Things are likely to get worse before they get better. We will be following regulatory developments, business dynamics, and technology trends closely in the coming months. In the meantime, here are recent analyses that highlight further perspectives on regulatory impact, scenarios and strategic implications: Getting Smart about Regulation Dodd-Frank and EMIR Derivatives Reforms: Future Scenarios and the Impact on Derivatives Technology OTC Derivatives Clearing and the Buy-side in the US: Rough Ride Ahead Durbin Second Order Effects