Five Questions: When Risk Managers Aren’t Managing
What causes big banks like UBS, which have sophisticated risk management systems, to be hit by rogue traders who can cause billions of dollars in losses? Five Questions with Aaron Brown.
What causes big banks like UBS, which have sophisticated risk management systems, to be hit by rogue traders who can cause billions of dollars in losses?
Aaron Brown is a well-regarded risk manager at AQR, a $37 billion hedge fund in Greenwich, Conn. He previously worked as a risk manager for Citigroup, JP Morgan, and Morgan Stanley. Before that he was a professor of finance at Fordham and Yeshiva universities. The author of the recently published book “Red-Blooded Risk: The Secret History of Wall Street,” Brown recently spoke with Institutional Investor contributing writer Charles Wallace.
Institutional Investor: We’ve had two recent examples of lone traders managing to run up huge losses for their banks. At UBS this summer, 31-year-old Kweku Adoboli, a trader at the investment bank in London, lost $2.3 billion. In January 2008, Jerome Kurviel, a trader at Société Générale in Paris lost $6.7 billion for his bank. Normally, what sorts of safeguards do banks have in place to prevent these kinds of losses from happening?
First of all, you’ve got an immediate supervisor who should be seeing his trades and know what he is doing and how he makes his money. Then there is an internal audit that is reconciling everything. There is an operations department that is clearing all the trades and there are risks managers who are looking at the total exposure and how that relates to actual price and cash movements.
In a perfect world, all of those people would have seen what the traders were doing. You can invent reasons why a clever person can figure out ways to make it harder for them to see, but I think it takes either some luck or some unusual circumstance in addition to a clever and unscrupulous person to get away with something like this. It really is pretty rare. I tend to take the side of the risk managers, but this stuff is a lot harder than it looks. You’ve got thousands of employees and some of them are very, very clever and you’ve got millions and millions of trades. You’ve got a lot of settlement errors, back office issues. I’m not making excuses for this but I do think it’s not as easy as it sounds to run a modern financial institution that a clever employee with some luck can’t game for a few months.
So with all those safeguards, how could something like the UBS debacle take place?
The story circulating among risk managers, and this is not official, was that his fictitious trades were with small European banks that refuse to confirm before settlement. So he was doing forward starting trades and he said, “Okay I did a trade with them and they’ve agreed to buy and they are going to settle in a month.” He just knew that those banks wouldn’t confirm until the settlement date and if that’s true then that’s obviously a hole in their compliance. Anytime a firm is obligated to someone you should confirm it immediately.
But if you are dealing with a client and that client says I don’t want to do it and you are making money from them and everybody else treats them that way, it’s very easy to let the rules slip. That kind of thing does happen and usually it doesn’t cause a disaster. Now on top of that, which is a hole in the first place, someone somewhere had to be looking at a report that said here are all our unconfirmed trades with these European banks because you want to make sure it’s not tens of billions of dollars. If the total amount stays under $10 million, and they’ve never been a problem in the past, you could see why people would tolerate a certain amount of sloppiness.
So one of the questions we are curious about is: how come that report didn’t show this? Based on the kind of numbers we’ve gotten, people are ‘guesstimating’ he must have had something on the order of $15 billion worth of trades on and you just can’t hide that number. If it is showing up on any report at all, it’s a gigantic red flag. If they are all from one trader who shouldn’t be doing that kind of stuff, you know somebody should have caught that.
How do risk managers fit into this process and how could they have prevented these unauthorized trades?
I’m really talking about the front office and the middle office risk managers. Some of what people call risk management is their back office risk management, which is making sure all the trades are confirmed and making sure all the accounting all adds up and that kind of thing and that obviously was one thing that missed. The middle and front office manager are primarily concerned with the economic risk of the trade. They delve down into things like failed trades and confirms and settlements and things like that because it’s very important to make sure your data is right.
As a risk manager, you are saying: Well what if their models are wrong, what if some of their data is wrong? You don’t what to have a firm’s health depend on nobody making a mistake. So as a risk manager you are always looking for stuff you can really rely on, objective stuff that comes from independent sources that you can cross check against, such as real cash flows or audited numbers and things like that. So the risk managers should have been looking at some things that if things had worked properly would have told them something was wrong there. But there is kind of a trade-off though because you are dealing with some very complicated instruments. In order to really understand them and model them and know the economic exposure, you almost have to use some information from the desk, some models from the desk, otherwise you’ll miss a lot of risk.
Say if it is electricity trading, which takes place in thousands and thousands of different locations and you know it’s very difficult for the accounting system to really keep track of all that and to know how the locations interact. The front office will have a system that does that properly. And your trade-off is if you go use the front office system you’ve got a very precise estimate of the positions and the risk, but it’s dependent on the front office model being right, the front office data being right and the front office people being honest. If you go to the back office for the that kind of information, you’ll get something reliable and independent, but it’s going to be very, very difficult to really assess the risk of a set of electricity contracts from the data you can get from the back office without those front office models and the front office extra information. For the risk manager, this is a constant dilemma and you compromise, you take a little from here and a little from there, you try and make sure you are covering all the bases. But the case at UBS involved Delta One hedging.
Not only at UBS but also at Société Générale, the problems were on Delta One desks. Is there something specific about those areas that can cause risk managers to worry?
That is a desk where if you know the position and you know the back-up position, you know the risk. There is nothing complicated or difficult about that. Delta One trades as a book and will consist of positions that should be exactly offsetting. So he’s got a $10 million dollar Eurostoxx future contract and he is short all the stocks that are in the index, it should match exactly one for one and that’s what Delta One means. He may have some latitude but you’re talking about futures, ETFs and publicly traded stocks. Everything is publicly traded and there is no complicated derivative that somebody might have hidden something in a confirm that you don’t know about. There’s no reason why you should be looking at any front office stuff for that and that is what I don’t understand.
Jared Dillion, a former trader from Lehman Brothers was also essentially a Delta One trader although he didn’t call it that. One of the things he talks about in his new book, “Street Freak,” is how he used to disguise risks by doing things that the risk management system saw as riskless. He would trade futures of two different delivery dates. So he would do a May future against a June future and the risk management system collapsed them because they were offsetting. Now I actually find a little hard to believe that Lehman Brothers did that but that conceivably could be the kind of thing somebody might do to disguise the trading risk at a Delta One. That’s the reason you might want to use some front office data because the front office data will pick up the risk in a contact and the back office might not. Although the Delta One people think of it as being absolutely hedged, typically you do allow the traders some leeway.
For example, they buy an ETF and they go short on all those individual stocks. You can’t do that immediately so you have to work a little bit and maybe wait five minutes before you do it or you do half the stocks but you wait on the other half. So you are taking a little bit of risk and they might even allow them to do things that are not exactly the same, like buy the ETF and just short some of the bigger names in the index or trade one ETF versus another. So if they were intentionally taking more risks they might have gone to them and said, “OK, now you can take twice as long. Instead of taking five minutes you are allowed to wait 15 minutes. Instead of having an exact match, you’re allowed to have a 95 percent correlation or better.” That could have conceivably allowed them to do that and that might have been the thing that made the trader think he would get paid if he made some money on these things. We may find that he had some losses doing that kind of stuff, possibly even lost more than he was supposed to lose and so tried to get it back by doubling up, trying to make back earlier losses. We find that often.
What are the take-aways about these incidents for other institutions?
You have to be twice as careful not to let anything sloppy happen. Such as unconfirmed trades. Why was the warning ignored and why didn’t someone have a report of total size of unconfirmed trades, broken down by trader? Why didn’t his supervisor know what he was doing, and why didn’t the risk front office manager know what he was doing? My guess is when they do their internal investigation that there was a different reason for each one and it is not that the bank was sloppy and they did everything wrong.
They just kind of got unlucky that five things all happened at the same desk for the same trader. I know them they have very good risk control and they have great people there in risk and they are one of the tightest run organizations around. I won’t say it’s the last place you’d expect to see this happen, but it’s absolutely not the first place.