Cloud is Down

Yes, even the cloud can go down!

For the many firms, including the SEC and CIA, who run their infrastructure in the AWS cloud, Tuesday’s outage was a pain. The economic impact of the outage will easily be in the many tens of millions.

It is particularly poignant as it comes at a time when so many core processes are moving into the public cloud and more and more capital market participants are building in the cloud, or toward a cloud future, as we discussed in The Cloud Comes of Age in the Capital Markets: All Clear for More Cloud.

This outage is a reminder that not only can all technology fail at some point, but it will. The scale of this week’s outage, along with its rarity makes it newsworthy. However, the scale masks the simple truth that the net downtime of this failure is far less than the aggregate downtime, had all impacted firms been running their own infrastructure.

Furthermore, it is a lesson for firms moving into the cloud to consider how to best manage risk profiles across various clouds and models, or ensuring that they are running across regions (a single AWS region went down).

But the news flow now suggests the most common point of failure: the human. And, of course, the proverbial fat finger. As in many cases, in market technology failures, it is at the human/machine interface that is the weakest link.

This is a time to learn, access the risk and move forward.

Cyber Security: Is Blockchain the Answer?

Cyber security has long been a serious matter for financial institutions and corporates alike, but fintech and the digital era make cyber security more of an issue. Delivery of products and services through digital channels means that more systems are available to scrutiny by malefactors. The continuing adoption of fintech APIs (by which institutions provide their clients with third party services) and cloud computing may introduce further vulnerabilities. Meanwhile, the growth of the digital economy is also creating a large population of highly trained technologists — potentially creating greater numbers of cyber attackers and cyber thieves.

Cyber threats affect all industries, but financial institutions are particularly at risk, because of the direct financial gain possible from a cyber intrusion. An important question is whether the existing cyber security guidelines issued by various industry organizations will continue to be adequate in the age of fintech and digital financial services.

Fortunately, the evolution of fintech also entails the development of new technologies aimed at creating the next generation of cyber security. A number of startups are beginning to develop applications using semantic analysis and machine learning to tackle KYC, AML and fraud issues. Significantly, IBM Watson and eight universities recently unveiled an initiative aimed at applying artificial intelligence to thwart cyber attacks.

The traditional cyber security paradigm is one of “defense,” and unfortunately defenses can always be breached. Artificial intelligence, as advanced as it is, still represents the traditional cyber security paradigm of “defense,” putting up physical and virtual walls and fortifications to protect against or react to attacks, breaches, and fraud or other financial crime.

What if there were a technology that broke through this “defense” paradigm and instead made cyber security an integral aspect of financial technology?

This is precisely the approach taken to cyber security by blockchain technology.

Bank consortia and startups alike are engaged in efforts to develop distributed ledgers for transfer of value (payments) and for capital markets trading (where the execution of complex financial transactions is done through blockchain-based smart contracts). Accordingly, distributed ledgers and smart contracts are likely to one day have a place in treasury operations, for both payments and trading.

Blockchain is gaining attention primarily because its consensus-based, distributed structure may create new business models within financial services. In addition, though, blockchain technology has at its core encryption technologies that not only keep it secure, but are actually the mechanism by which transactions are completed and recorded. In the case of Bitcoin, blockchain has demonstrated that its encryption technologies are quite secure. The further development of blockchain will necessarily entail significant enhancements in next-generation encryption technologies such as multi-party computation and homomorphic encryption, which are already under development. In other words, blockchain is likely to not only play a role in altering the way payments and capital markets transactions are undertaken, but also in the way next-generation financial systems are secured.

Another year of stress

Global banks are facing another year where there will be two regulatory stress testing exercises through the course of 2016 – namely the two big ones, US CCAR and EU stress tests. These exercises have been executed over the past few years with great trepidation and strain. However, despite the progress made to date by institutions, regulatory standards continue to evolve towards “tests” becoming more difficult each year, with higher expectations around the process and its sub-components. The underlying paradigm is one of “looking under the hood” of the stress testing machinery to ensure that its underpinnings are sound. My latest report points to strategic considerations and recommendations for the future of stress testing operating models and the solutions. However, I would like to also point out a number of separate (but related) observations from another industry report. In the most recent BCBS progress report for the adoption of the Principles for effective risk data aggregation and risk reporting (BCBS239), the most significant challenges involves the following, where:
  • 57% of banks surveyed in their compliance progress are materially non-compliant with Principle 2, which requires data architecture and IT infrastructure to fully support risk data aggregation capabilities and risk reporting practices not only in normal times but also during times of stress or crisis.
  • 50% of banks reported themselves to be materially non-compliant with Principle 3, which is in their ability to generate accurate and reliable risk data – aggregated on a largely automated basis so as to minimize the probability of errors – to meet normal and stress/crisis reporting accuracy requirements.
  • 43% of the banks are materially non-compliant with Principle 6, to generate aggregate risk data to meet a broad range of on-demand, adhoc risk management reporting requests, including requests during stress/crisis situations, requests due to changing internal needs and requests to meet supervisory queries.
The numbers above are telling and symptomatic of how the industry is coordinating various strands of regulation, and the architectural strategies that underpin the delivery of these initiatives. In our report, one of the points we underline is the need for stress testing data governance and management practices to be reconciled (better yet, commonly shared) with data/outputs from other related initiatives; for risk data aggregation and reporting (BCBS239), but also to cover emerging regulations like Fundamental Review of the Trading Book (FRTB) and accounting for loss provisions (IFRS9). Net net: If architecture around data and applications are not fundamentally (re)designed and IT change programmes are not executed to actively address interdependencies between various strands of regulations, banks will face an uphill battle for future regulatory compliance, and efforts to develop more sophisticated capabilities will yield diminishing returns. The ‘what’ and ‘where’ of these pain points are perhaps more straightforward to identify, but the ‘how’ of solving it is more elusive. That will be the focus on our upcoming studies e.g. stress testing vendor solutions, risk appetite management initiatives, and risk technology strategies. Watch this space.

The future is here

The pressures are well known in banking and the capital markets. Each month there are front page articles of scaling back, overhauling, reorganizing, or closing major bank lines. A continued reworking, a forging of a new business is occurring. Old models are shrinking and being replaced by new business models or being cast aside. Since the 2008 crisis, wave after wave of pressure has made this perfectly clear. Capital constraints, on-going regulatory pressures, and an ultra-low interest rate environment have all struck hard at the existing banking & broker/dealer system. Nearly all players-big and small- are rethinking the very core of their businesses. And this is a multi-threaded problem across all businesses: equities, FX, fixed income, and derivatives. Banks and broker/dealers are trying to balance their existing franchises against the pressures they are facing to create a lean profitable business that supports their clients. There are no easy answers, given the strong interdependence between the wealth, asset management, and capital markets businesses across all products. Many of the solutions are moving from efficiency, or cost-cutting to effectiveness. Costs are being cut-there are improvements in risk, compliance, processing. The cost side is getting better but the challenge remains on the revenue side. This drive for effectiveness is driving business models that support internal and external clients from a compliance, transparency, regulatory, fairness and cost perspective are driving more automation and electronic trading solutions. Celent will be discussing the evolving landscape of innovation in automation and technology at two upcoming roundtables. On September 15th in London we will be looking at changes in the US and European fixed income markets and how new technologies are driving change. Then on September 22nd in Zurich, we will be looking at wealth management and the capital markets and the many changes that are occurring in Swiss banking.

OTC derivatives regulations in US and Europe

There has been an ongoing dialogue for some time now between the European capital markets regulator European Securities and Markets Authority (ESMA) and the Commodity Futures Trading Commission (CFTC) of the US regarding the requirements for clearing of OTC derivatives. In the opinion of market participants, the lack of agreement, over issues such as margin requirements and the period for which a transaction can be considered to be at risk, is highly detrimental to the efficient functioning of the global capital markets. The evidence has also shown that increasingly there are two separate pools of liquidity operating in the US and European markets respectively, a sub-optimal and undesirable state of affairs. However, from the point of view of the trading participants, the important thing to keep in mind for the future is that the two regulators are in ongoing discussions and the contentious issues are specific and not pervasive. There is also a great deal of respect and understanding that has been displayed by both regulators for the other’s point of view, all of which bodes well for overcoming their differences. An agreement would allow for greater liquidity and higher levels of market efficiency, and should also provide a much needed boost to global derivatives trading.

Operations challenges for APAC asset managers

The global capital markets have been going through a turbulent recovery phase in the last few years. Asia-Pacific is no exception to this rule and the region’s asset managers will come up against a set of operational issues and constraints to be addressed in a difficult market environment. Addressing regulatory pressures, be they from within their own jurisdiction, or from without, will be paramount in the mind of asset managers. It is important for managers to consider the various KYC and AML requirements internationally and how they affect their respective jurisdictions. This is not an isolated enterprise, and must be undertaken along with the task of upgrading the operational capabilities, and if required, acquiring the necessary platforms or systems to address these concerns. As much as possible, asset managers must try and use a comprehensive solution, underlining a desirable holistic approach to the issue. Most asset managers will meet their various operational requirements by using a mix of in-house and third party services. Outsourcing is nothing new to the industry, but can still be challenging. It has its own set of risks which need to be considered and mitigated for successful operations. Firms have to ensure a strong integration of the outsourced services with the in-house operations. Another challenge is the complexity of products being utilized by asset managers to meet their clients’ needs. With more choices available and structured products becoming popular again in leading Asian jurisdictions, firms have to ensure that their risk management systems are capable of handling greater product complexity. These are only some of the issues asset managers need to keep in mind, and overall they would be well served with taking a more holistic approach to operations management, and ensuring they make sufficient investment in their systems to help them handle the various challenges.

Market Surveillance issues

As I begin work on the last in the current series of Market Surveillance reports, there are some important points that we can reiterate from the recent research. The first is the all encompassing requirement for surveillance. The recent Deutsche Bank co-CEO resignations have shown the negative impact the benchmark manipulation related sanctions and fines had on not just this bank but the industry as a whole. Similarly, the investigation of a couple of British banks regarding the payments made in the FIFA bribery scandal also shows the need for constant vigilance on part of banking and capital market participants. Firms are embracing the need for holistic surveillance and compliance, which covers not just trading but also related areas such as best execution, cyber-security and AML. Firms that have legacy systems in place might want to continue with several systems, but for the better part, most firms would prefer to have one system that meets most of their requirements. As more advanced technology becomes available, this is becoming more of a reality. Another important aspect is the rising use of machine learning capabilities. Surveillance systems are becoming more advanced, processing both structured and unstructured data, especially through the use of cloud based processing and Big Data technologies. Machine learning takes this to the next level, as it reduces the need for human intervention, and allows for reduction in false positives and negatives. Furthermore, such advanced systems also allow firms to keep tabs with new compliance requirements more efficiently as they can anticipate problem areas based on learning from past experience. Finally, exchanges and sellside have been the main users of market surveillance technology. But increasingly regulators and buyside firms have also started acquiring these systems. For regulators, it makes sense because it allows them to monitor the market independently and reduces their dependence on the exchanges and the sellside for data and analysis. For buyside firms that are playing a more active role in the market, it is important that their trade surveillance is upto scratch, otherwise they are making themselves vulnerable to the same issues that are plaguing sellside firms at the moment.

Hedge funds/ asset managers continue to find opportunity in capital markets and shadow banking

Citadel announcing this week that they will become a dealer of US treasuries becomes another proof point that hedge funds continue to take on sell-side market making activities filling a growing liquidity void in credit and loan products. Although Citadel has no desire to become a primary dealer at this point, it will hold substantial dealer inventory to meet client demands. Citadel’s broker dealer arm will handle this business as it already does with equities and FX. This continues the trend that as Western banks both in the US and Europe are required by regulators to reduce their balance sheets, hedge funds, asset managers will continue to full fill the supply side of this demand vacuum. We already see this as an increasing number of hedge funds are building portfolios of syndicated loans, private equity and real estate. Also a few hedge funds have started the securitization of mortgages and loans even to the point of securitizing and packaging “peer-to-peer” debt. The main point is as bank balance sheets shed high demanding RWC products, hedge funds and asset managers will move into supplying these products. Increased liquidity will be provided and an increase of revenues for hedge funds and performance returns for asset managers. But at the same time regulators will increasingly focus on these “shadow banking” activities, demanding hedge funds and asset managers to up their game managing market, credit and operational risk. This is all good but also means hedge funds and asset managers will need to continue to upgrade operations and systems in order to satisfy client and regulatory transparency demands. As one business shrinks another’s grows. For more on shrinking balance sheets see Oliver Wyman’s The Wholesale and Investment Banking Report.

Emerging solutions in AML technology

Numerous forces of change, not least economic and regulatory changes, are having profound effects on anti-money laundering (AML) culture and technology practices at banks and other financial institutions. Faced with pressures from growing compliance requirements and cutting costs, they are seeking to use technology to increase efficiency and free up resources. Furthermore, the need to ensure enterprise wide compliance is giving rise to centralization and standardization of AML operations, as well as integration of AML and anti-fraud programs. To capitalize on this trend providers are developing solutions that address complete client lifecycle management functions across different lines of business. In particular the Know Your Customer (KYC) function is receiving a lot of attention both from banks and solution providers as that is the first step in the client lifecycle process and successful due diligence and risk profiling of clients during the KYC stage can go a long way in ensuring compliance with AML rules and regulations. Banks typically use a combination of best of breed solutions to cover all of their AML compliance needs; but there is an increasing trend to rationalize number of vendor relationships and source technology from fewer vendors to standardize and centralize operations. Use of technology in AML related activities have traditionally lagged behind other areas of financial services. It was dominated by manual processes and in-house systems for a long time before banks started using third party end to end solutions. Outsourcing of AML operations is still rare. Since the crisis of 2008 banks are having to work under severe cost pressure and are looking to cut cost wherever possible through a combination of new models such as outsourcing, managed services and utilities – these are primarily seen in areas that are non-core, non-differentiating for banks, such as mid and back office functions (e.g., post trade operations).  AML operations are not necessarily a differentiator for financial institutions, but due to high sensitivity of AML activities banks have traditionally looked to manage them in-house to have more control and oversight.  To strike a balance between these two somewhat opposing needs – cost cutting yet not losing control – some supply side providers have developed outsourced AML offerings  whereby the vendor takes charge of the complete or bulk of the AML process freeing up resources of the financial institution and lowering cost of ownership of their AML solutions. We are also seeing new and innovative solutions emerge that support parsing large volumes of data from different sources. Analyzing these data involve unstructured data analysis that is not usually supported by rule based methods followed by traditional AML software. These new solutions employ innovative tools and technology such as machine learning, Fuzzy logic, semantic analysis to not only analyze large volumes of unstructured data, but also carry out traditional tasks of name matching in original languages and scripts without requiring traditional means of translation or transliteration. We discuss a number of such new and emerging solutions in the AML space that address some of these issues in a recently released Celent report. One issue that is still at an idea generation stage is the case of cybersecurity. With growing instances of cyber fraud it is likely that a few solutions will eventually emerge enabling financial institutions to better manage their cyber security. It is interesting to note that some of these emerging issues (e.g., unstructured data analysis, cyber security) do not solely pertain to AML operations, but can be applied to a variety of businesses in a number of industries. Therefore we are already seeing vendors traditionally focused in other industries are entering the financial services space. If these tools and technologies become more popular in the AML space, it is likely that some of the incumbent solution providers would like to add such capabilities to their repertoire, and we may see strategic partnerships or even acquisitions among some of the players in the future.

Lack of liquidity in corporate bonds – (un)intended consequence of low rate policy

I was at the Fixed Income Trading & Investing Summit conference earlier this week listening to many perspectives on the fixed income market, particularly corporates. The themes of market structure, liquidity (or lack thereof), regulation, electronification, and new entrants in the space pervaded all conversations, formal and informal. Reflecting on the state of the US corporate bond market, it is difficult to reconcile record new issuance, and record levels of bonds outstanding, with the drop in major dealer inventory by 80% from pre-crisis levels to present. This lack of dealer inventory was recently discussed by SEC Commissioner Daniel Gallagher. In March, Gallagher said that the drop in dealer liquidity could cause “systemic risk”.  The SEC is bringing to attention the possibility of a liquidity crisis, perhaps sparked by an eventual rate rise. However, one of the main reasons that dealer inventory is so low, is the evolving regulatory and capital regime make it much more expensive to maintain risk assets on balance sheet. In a sense, an unintended consequence of the low rate policy is potential dysfunction in secondary bond liquidity. Arguably, certain policy makers might have intended to move secondary trading of corporates away from major dealers, as part of general strategy of de-risking the financial system, or at least, as a means of transferring assets from dealers to the buyside. The SEC is now looking carefully at how to deal with the liquidity issue; they seem to desire that the industry offer innovative solutions for providing secondary trading. This liquidity can come from traditional dealers and alternative liquidity sources such as the buyside, or other types of dealers and expanded electronic resources.  We are at a juncture in the evolving market structure of corporate bonds. The goal should be for the industry to find the right level of incentives for the dealers to make markets, engage the buyside and their needs, and leverage innovative technology to fill the gaps.