Good evening ladies and gentlemen.
I wasn’t sure how to start this evening, and decided to begin with the collective noun for a group of CRO’s. You are collectively known as a murder.
Now I hope you won’t murder me for telling you that as a murder of CRO’s you are a collective failure.
Oh dear, that’s not a good start, is it?
Not a great way to engage my audience.
But I have to start with a bit of a downer, I’m afraid. I promise it will get happier and better but, to start with, you have collectively failed in your role to manage risk.
How can I say such a thing?
I will tell you and promise you that it’s not your fault.
You have not managed risk, and you did not prepare for it properly.
You have all failed.
If you had managed risk effectively, why are we in this mess we’re in today.
Now I’ve been around a long time and can remember in the 1990s that we were starting to create professionalism around market and credit risk. Before that, we just had a view of counterparty risk – is the person, business or bank a sound risk to deal with? – and then we started to understand the technicalities of market risks – yes, investments do go down as well as up – and credit – is the chain of risk in this transaction viable?
Then, just as we thought we were getting good at this stuff, the collapse of Barings Bank showed us that we were missing a trick.
Nick Leeson’s melding of front and back office activities demonstrated a new form of risk – operational risk – and we began to create new market disciplines around this area in the late 1990s.
But, a decade later, we see Jérôme Kerviel at Société Générale and Kweku Adoboli at UBS, and realise that we have not handled operational risk at all.
It still exists and is enabled by a culture that does not implement risk controls in the right way.
The result is that UBS has become Usually Banking Scarily and we are all banking scarily today, what with the European sovereign debt crisis and the credit crisis that preceded it.
How can we have a credit crisis, if we have a great ability to manage credit risk?
How can we have a market crisis, if we have the ability to manage market risk?
How could businesses that understand risk allow these crises to happen?
The reason is that we all thought we had modelled the risks and that we had de-risked the model.
We created computer simulations that showed we could package up debt in securitised vehicles and gave them rich acronyms like MBAs, SIVs, CDOs and more.
But the biggest acronym was CDS – the Credit Default Swap.
Should any issue appear we can swap it … but that didn’t work as when the swap hit the fan, we all realised where it went back to: Lehmans! Argh!
When Lehmans collapsed there was $400 billion of bad debt on their books.
That bad debt was leveraged into massive exposures, as it was used to back other bad debt. In fact, Barclays Capital estimated that when Lehmans went under, for every $1 of bad debt there was another $20 in Lehmans backed Credit Default Swaps that went behind hit.
This is because Lehmans had a Triple-A credit rating prior to its collapse, and its Triple-A was used to trade CDS contracts globally.
So Lehmans $400 billion was multiplied by a factor of twenty to create an $8 trillion OTC derivative implosion.
This is why we all lost trust in each other and why we found a new form of risk – liquidity risk.
It is why HBOS was merged with Lloyds, Washington Mutual was merged with JPMorgan and Wachovia with Wells Fargo. It is why Fortis, here in Holland, had to get a bailout, as did Commerzbank in Germany and so many other banks across Europe and America.
We had essentially taken the rug from under the markets.
Triple AAA ratings had a lot to answer for of course, as did the rating agencies, but so did risk managers.
Risk managers had failed to manage risk.
How could risk managers, who understood credit risk, allow a credit crisis?
Well, I said it is not your fault, it was the models and systems but it was also because things had just become too complicated.
According to the Bank of England, when Residential Mortgage Backed Securities (RMBS) were first introduced, they could be understood by reading about 200 pages of documentation.
When Collateralised Debt Obligations (CDO) launched, you would be required to read about 30,000 pages of information to understand the contract fully.
Now take CDO-squared derivatives, where Credit Default Swaps multiplied the risks, and you would need to read over a million pages of documentation to get close to tracking the complexity of such instruments.
That’s complicated but, even so, I would claim we should still have seen the risks.
Let me give you a good example of what went wrong in the form of the former CEO of Halifax Bank of Scotland, Sir James Crosby.
He was in front of the Treasury Select Committee on Monday in London as the former head of HBOS, now Lloyds, and a Board Member of the Financial Services Authority.
He is an actuary by background and yet, after taking over as CEO, he converted the bank into a retailer and increased corporate lending from £35 billion to £66 billion in TWO YEARS!!!
This leverage of debt was based upon unlimited access to securitised lending which, in retrospect, was stupid.
Of course, it’s not unlimited and that is what the credit crisis has taught us.
Credit is limited.
But we knew this – we have managed credit risk for decades – so how did this happen?
Well, it’s hard to be a risk manager when you cannot predict the future, and it’s even harder to manage risk when the culture of the bank is to create shareholder value at the expense of risk.
That is one of the lessons we have learned from this crisis.
But enough about the downside of all of this, where’s the upside?
I think there’s lots of potential upside.
After all, you do not have progress if you do not take risks.
This has been borne out many times in history, and will be seen many times more in the future.
To enjoy progress, you have to take risk, and to take risks means you have to face losses.
The aim is to minimise those losses as we progress.
So Credit Default Swaps were and are an innovation that enabled progress. CDS allowed us to increase trade and support globalisation
The fact that it has caused a credit implosion in Europe and America is because of our own greed and stupidity.
But that’s what happens when you take risks to enable progress, you allow greed and stupidity to enter the process.
It is the basic tenet of the old book Extraordinary Popular Delusions and the Madness of Crowds, and core to how markets operate.
The madness of crowds created the Tulip bubble of 1637 here in Amsterdam.
At its peak, a single tulip bulb was worth more than the total annual income of a skilled craftsman.
The madness of crowds.
The same was true with the South Sea Bubble, the Great Depression, the Dotcom bust and now the Credit Crisis.
The madness of crowds.
When JPMorgan’s CEO Jamie Dimon was asked by his young daughter, “what’s a financial crisis”, he responded “something that happens about every seven years”.
It shouldn’t, but you cannot have progress without risk and you cannot take risk without losses and if you allow excessive risk you will find, on regular occasion, crisis.
It’s in the very nature of risk.
As Harry Lime in the old but classic film the Third Man says:
“In Italy, for thirty years under the Borgias they had warfare, terror, murder and bloodshed, but they produced Michaelangelo, Leonardo da Vinci and the Renaissance. In Switzerland, they five hundred years of brotherly love, democracy and peace, and what did they produce? The cuckoo clock.”
Now I’ve got nothing against the Swiss – they invented modern banking - but the point is that you need to take risks to progress, you have to face losses to progress, you need crisis for progress and you need risk managers to try to minimise these inevitabilities.
That’s why you’re here.
So you know you will fail, but your role is to minimise the failure of your institutions, which I am sure you are very good at.
And how do you minimise the failure of your institutions?
I guess you can wrap it up in the acronym of R.I.S.K., which stands for Regulation, Innovation, Strategy and Kafka.
I’ll need to explain that last one but let’s start with Regulation, the bane of our lives.
There is too much Regulation around at the moment, and it is too complicated.
This is because countries and governments are trying to work out how best to regulate, and they are struggling.
As David Wright, Secretary General of IOSCO said at this year’s SIBOS:
“You cannot resolve a failing institution that has a global structure if there is a region or major country in the system that does not cooperate”
and this is where the challenge lies as not all countries are the same.
We have a two-stream world.
Half of our world – our part of the world – is in an austerity meltdown whilst the other half of the world – the Southern hemisphere mainly – is in growth and expansionism.
You cannot have an effective regulatory framework in a world split in two.
Equally, you cannot have an effective regulatory framework in a world where even the EU cannot agree on its’ Union.
And you cannot have an effective regulatory framework when it is muddled.
The muddle is illustrated well by the Basel Accord.
The first iteration of the Basel Accord had seven risk metrics requiring seven calculations; by the time we implement Basel III, there will be over 200,000 risk categories requiring over 200 million calculations.
Another great example of muddle is the Volcker Rule.
When Paul Volcker wrote the rule, it was a three-page letter to the President. When Dodd-Frank went to Congress, the rule was ten pages. By the time the Volcker Rule finally emerged for public comment in October 2011, it was 298 pages with a further attachment of 1,300 questions about 400 topics.
Can anyone read, absorb and implement such a rule?
And then the rule gets fragmented as, here in Europe, we do not have a Volcker Rule and we will not be applying it.
We cannot even agree basic regulatory harmonisation, as illustrated by the dichotomy between the European Market Infrastructure Regulation, Dodd-Frank and MiFID II (see the CAS-WG for more).
We see huge debates over definitions about everything, from what is and is not a speculative versus a commercial use of derivatives to how much collateral needs to be posted on which exchange venues and when.
The issues these changes create are many and multiple, and are best illustrated by a metaphor used at a recent Financial Services Club meeting.
The regulators are trying so hard to make everything so safe and with so little risk that it is like responding to a terrorist attack on an airline with the notion that all the passengers must fly naked.
Sure, it means that you have no concerns about people packing explosives in their underpants, but it also means that no-one bothers to fly.
That is the concern we all have today, as regulators try to lock down risks by over-regulating with too much change, too fast and too soon.
And you have to bear in mind that, as they do this, half the world doesn’t need this regulation. Half the world is growing and needs fuel for investment, not austerity lockdown.
With a two-stream world, we cannot therefore create a single global regulation or policy. Without a single global regulation or policy, you end up with a mess as everyone can play games, look for weaknesses and arbitrage the rules.
Right now, that means we should all move to Hong Kong, where taxes and policies benefit the brave. What does that mean for Europe and America? How does the regulatory world help the future growth of North America and Europe if all the opportunity moves to Asia and Latin America?
That is outside our control, as we cannot change the way in which the regulators are moving and so, from a risk managers viewpoint, the best strategy is to look for the core of what needs to change and manage as best we can.
That is one approach.
Another is to look for opportunity, which brings me to my second point in my R.I.S.K. acronym: Innovation.
Innovation has many facets, with many coming from new technologies such as Cloud, Big Data, Mobile and Social.
These are the big deals of our day and can be illustrated by what we see happening in many parts of the world.
I am not going to talk about these in depth tonight, but the use of dongles to make mobile telephones points of sale is a great example of innovative change through technology.
Another is the use of real time data analytics on FPGA (Field Programmable Gateway Arrays) for HFT (High Frequency Trading).
There are many more, such as using real-time geolocation to provide proximity based marketing through Google Wallet.
All of these things are combining the power of data in the cloud to provide contextual and targeted marketing in a real-time world.
A world of risk, for sure, but a world where innovation can take place in real-time and in short time.
What does real-time risk analytics mean for your operations for example?
For one firm, it means creating a whole new business.
Wonga, the UK’s largest payday loan company, can only exist through the innovative use of technology to provide real-time risk analysis of people applying for credit.
Real-time credit risk.
And these things do not take long to take off.
It took almost four decades for the wireless radio to take off and gain 50 million users; it took under a year for the iPad to achieve the same.
Things change fast and in real time.
This creates both opportunities and threats.
I think you can see the opportunities, especially if we focus upon technology change, but the threats?
Well these are also created by technology – think about the globalisation of our industry thanks to our global connectivity through technology – but they are also now created by society.
We live in a new world of capitalism for example, and it is called social capitalism.
Social capitalism allows anyone, anywhere to make a change to the world, whether that is igniting the Arab Spring as Mohamed Bouzazi did in Tunisia, or changing a bank policy as Molly Katchpole did in America.
In the case of Mohamed Bouzazi, he changed the world after leaving a message on Facebook to his mother one hour before setting fire to himself as a sign of protest against oppression. This action resulted in a major social movement across the Middle East that saw the uprising of people in Egypt, Libya, Yemen, Bahrain and more.
Molly Katchpole achieved a different sort of change, when she forced Bank of America to reverse their policy after posting a petition on change.org. The petition gained over 300,000 signatures in a fortnight, and resulted in the public shaming of the bank who had to reverse their policy.
These are two examples of individuals changing things through the innovations of social media, but the best example is perhaps the Occupy Movement.
The Movement is fuelled by social media and allows the 99% to organise themselves in protest against the 1%.
Who are the 99%?
The 99% are those not enjoying the wealth of the 1%, and the 1% are those who have 99% of the wealth in the world.
The Occupy Movement has arisen to create a social movement that aims to rebalance this imbalance and has gained endorsements from many quarters, with the ultimate endorsement coming from the regulators.
Yes, from our very own financial regulators.
Our regulators have said that the Occupy Movement is “entirely constructive” and that we may be “in the early stages of a reformation of finance”, but that it is “a reformation which Occupy has helped stir”.
So we have opportunity from innovation and risk, with the greatest risk being ignoring, or rather the ignorance of the implications of social capitalism.
Social capitalism is a new form of capitalism, and one which expects the banking system to show an ethical and moral backbone, something we have clearly failed to deliver in the last decade.
So yes, we have risk in our world, thanks to Regulations and Innovations, and the question is what to do about it?
This leads me to my third dimension of the R.I.S.K. acronym: Strategy.
Strategy represents the question of what to do next.
I was thinking about this and the fact that this event is sponsored by SAS.
In Britain, we also have an SAS. It’s rather different as it’s the Special Air Service of the British Army.
The motto of the SAS is: Who Dares Wins and this is a good analogy when it comes to strategy for banks today.
But the SAS don’t say Who Dares Wins lightly.
If it was purely Who Dares Wins without managing risk, then it would be foolish as he who does not look before they leap is purely a daredevil, and a daredevil is someone who is willing to take a risk without managing it.
The SAS are rather the ultimate risk managers, as they manage risks to ensure they win.
So it’s not Who Dares Wins but Who Dares and Manages Risk Best Wins.
Sure, it doesn’t trip off the tongue so easily, but it is the core of the SAS approach, and one we can learn from as banks.
Bank’s strategies are focused upon being able to innovate, take on risk, have a daring approach, but that you manage that approach through risk management in order to win.
It is this latter part that is the key to winning, and I bet you didn’t expect me to equate this murder of CROs to the SAS but yes, you are the special force of the financial industry.
So how can you ensure that you are the best crack team possible when it comes to managing risk and winning?
For me, it’s all about being a daredevil who knows what you’re getting into when you take on those dares.
If you know the risks you are getting into, you can hedge and scenario plan and insure yourself against issues and exposures.
The way to do that is through understanding what will change your business in the future.
If you know what will change your business in the future, then you can insure it.
How do you know what will change in the future?
Well, it’s simple and based upon another acronym: P.E.S.T.
P.E.S.T. is a method used by people planning for the future to understand the Political, Economic, Social and Technological changes coming downstream.
In banking, we can see the P.E.S.T. changes coming, as I’ve talked about many of them already.
Politically, it is the regulatory changes each government is making, with a clear dichotomy between the European approach (a Banking Union and transaction taxes) and the American approach (a ban on proprietary trading and capping fees).
Economically, we see a two-stream world of opportunity. A world of growth in key economies such as Colombia, Indonesia, Vietnam, Turkey and South Africa, whilst a world of contraction in other economies, particularly in Southern Europe.
Socially, the change affected by the Occupy Movement and the Arab Spring has shown that the individual can make as dramatic a difference to world thinking as a government or corporation.
Finally, Technologically, we are seeing the mobile device connecting everyone on the planet wirelessly one-to-one.
So strategically I recommend that you are daredevils but with a clear foresight. Innovate and win, but avoid erroneous and obvious risks by clearly understanding your future shocks. Track your future shocks by understanding the uncertainties around the world politically, economically, socially and technologically, and try to make those unknowns known.
This brings me to my final point: Kafka, the K in R.I.S.K.
Franz Kafka was an author of the twentieth century who created his own movement and influence, called Kafkaesque.
Kafkaesque has various definitions, but the key one I would pick up and use would be being “marked by a senseless, disorienting and often menacing complexity and impending danger”.
As you can see, the financial markets are pretty Kafkaesque at the moment.
We live in a world that is off-kilter, disorienting and slightly menacing.
Every day we wake up and expect another headline to hit us: rogue trader, insider trader, rate fixer, mis-seller; along with all sorts of other accusations of greed, arrogance and stupidity.
All of these things have been thrown at our walls from inside and outside over the past few years, and we have learned to live with this uncertainty and doubt.
But as risk managers, you cannot live with uncertainty and doubt. To manage risk, you need certainty and confidence.
And there is the rub: it is your role that will determine the path your bank will follow in the future, and it is your job to restore the bank’s certainty and confidence.
It is your job to manage this Kafkaesque moment, and it is your job to restore the future path for the bank.
Now that is not easy, as times are so uncertain and doubtful, but I recommend you give it your best shot.
In fact, it is critical that you do this, as financial markets cannot exist without taking risks, innovating and being daring.
It is the reason why Jamie Dimon says we have a financial crisis every seven years.
It is no surprise that we have crisis, bubbles and bursts.
It is something that has been happening since the dawn of capitalism.
The only difference today is the bubbles and bursts are getting bigger.
The Tulip Bubble, the South Sea Bubble, the Great Depression and the Dotcom Bust were all big financial crisis where people lost their money, but the Subprime Meltdown is a globalised crisis where some countries lost their money.
We have globalised innovation and risk, and so it is no surprise that the innovations and risks are far greater today than they have ever been before.
It is of this reason that I want to make one final plea before I close this presentation.
We need to create Wikirisk.
We need to collaborate more and share our knowledge of risk more.
We need a Wikipage for risk managers to pool their knowledge and share their information.
Why we don’t do this is a mystery to me.
Sharing risk information in banking is no different to sharing risk information in insurance.
Insurance firms pool their knowledge of insurance claims made, in order to catch multiple claims, fraudulent claims and identify emerging and future trends and risks.
Why don’t banks do this?
Because of competitive forces?
Because of industry inertia?
Because of a lack of motivation?
Whatever the reasons, it is imperative for the industry to get better at tracking the multiple risks we face collaboratively, rather than individually.
That is where I see the greatest opportunity today for change.
I hope you agree.
In summary, I admire the risk function.
Effective risk management allows banks, companies, individuals and soldiers to dare and win.
Without being able to dare, we would have no progress and no innovation.
But daring without managing risk well is dangerous, which is why we need to bring risk management to a global level, pooling our knowledge globally.