Don’t Forget the Basics!

There is a great danger that managers in our business are losing sight of the big picture. From work I have recently undertaken, it is clear that senior management are over paranoid about the pitfalls of regulation.
There is a great danger that managers in our business are losing sight of the big picture. From work I have recently undertaken, it is clear that senior management are over paranoid about the pitfalls of regulation. That is understandable, given the damage that regulatory opprobrium does to balance sheets and reputations. But the reality is that the penalties are out of proportion to the real risks; yet they are becoming the principal focus of the business.

I have seen much emphasis and discussion on the minutiae of regulation but a cursory acceptance of major risks. I have seen too much recourse to the false harbour of seeking legal approval for business decisions which should be taken by business management. I have seen too much effort going into ensuring timely reporting, often to the detriment of sensible analysis of the data gathered. And I see too much attention to compliance with intuitive views of internal stakeholders, often without regard to client needs.

Let me give some examples. I have seen spread sheets with hundreds of risk points, and yet two or three are mission critical to the business. But the process has become embroiled in a numbers game rather than an analytical exercise with a distribution of the risk points according to a logical risk ladder. I have seen a knee jerk reaction to refer policy issues in documentation to a friendly lawyer or compliance officer but their natural response is to produce a wording that obfuscates the relevant risk in the hope that the resultant ambiguity passes muster with their counterparty. I have seen people called off their jobs and away from their clients to agree what needs to be reported and when, due to the growing mound of data required by internal management, trade reporting and regulatory bodies.

Productivity, measured by net income per head, of the business is declining as more headcount is assigned to non-revenue earning items. Costs are rising faster than business growth and fees are falling irrespective of the changes in the risk profile. The risk appetite of the major players for smaller funds is declining, creating a systemically high risk and poorly capitalised shadow depository segment. In short, the industry outlook is far from happy as we approach the likely term of the current bullish markets. With the Dow Jones 3% off its all-time high and 70% above its 2011 level, and with interest rates unlikely to fall further and boost fixed income stocks, the scenario is troublesome.

In this situation, forgetting the basic rules of risk management is dangerous. So, let me suggest some areas for a renewed focus by walking through the key risks I see in the transaction life cycle.

At a transaction level, we should return to assessing the true meaning of the delivery versus payment process in all markets. Too much credibility is given to a loose assurance that DVP is in place. But, as ISSA and G30 have pointed out on many occasions, true DVP includes the concepts of simultaneity of cash and stock exchange as well as finality and irrevocability of both components to that exchange. And, if that concept is not absolutely clear, is the local agent willing to guarantee it and have they the balance sheet credibility as well as their senior management support to do so? If not who carries the risk?

At a custody level, especially with the advent of greater liability under the proposed UCITS V regulations and the opaque comforts in AIFMD, we really need to revisit CSD liability. There should be minimum requirements for a CSD, but that has to be tempered with the fact that a CSD will never have enough of a capital or revenue buffer to cover a truly major loss of assets. The CSD must be liable for the actions of its employees and have insurance to cover for fraud, provided either by the insurance market or from its shareholders and direct stakeholders. The CSD should be liable for any breach of its cyber security. The risks of losses arising through employee malpractice or fraud or cybercrime may be remote but each CSD should have a clear living will by which they define explicitly how they would allocate such a loss. If investors, as an example, were to carry the loss pro rata to their holdings, there will be an interesting debate between them and their sub agents to apportion such losses. The CSD is also liable for operational losses although these are likely to be at a lower level than those resulting potentially from fraud or cybercrime. But the CSD should also be transparent about its control procedures, the effectiveness of its reconciliation processes and the liability it has for ancillary services such as asset servicing.

We need also to revisit asset servicing. This has lost some of the focus it used to have and most errors have been readily apportioned between the different parties. But the process is totally flawed. Investors need to be mobilised to ensure more reliable data transmission between issuer and investor with technology being used intelligently in machine readable secure messaging mode as the normal medium rather than paper or electronic document files. Governance needs to be tightened with mandatory provision of standardised electronic voting by all companies. Tax reclamation should follow best practice and, to start, a European directive should be targeted. And, throughout this process, we need to move to standard declarations in electronic form rather than the confusing pile of local language and often company unique documentation we have today.
These are all simple tasks. There are other flaws in the process. The CCP structure is a risk concentration nightmare. The cavalier demand for prime collateral, especially at times of crisis, will never match nervous supply. There are potential conflicts between the fiduciary obligations of market intermediaries and likely government policy at times of stress, especially as infrastructure moves into areas such as triparty, collateral management or securities lending. The hunger for data, most of it assembled in a manner that defies useful application, and the reliance on the existence of that data by the regulators will be put to test in a future crisis.

But to ensure that crisis is manageable, the industry risk managers should revisit some of these basics in the areas of greatest risk. Otherwise, we may find, despite all the progress made, a crisis driven gridlock that will decimate our industry.