|
Page 2 of 4
Part 1: The Road to Disaster
In December, just as the sub-prime credit crisis was beginning to balloon, New York-based Goldman Sachs Group, the investment banking firm, was doling out its year-end bonuses. The average per employee came to $600,000, according to the Reuters news service, an amount that was double the sum doled out at other Wall Street firms, many of which were already feeling the first tremors of an impending financial disaster.
Similarly, in London, "Goldman was literally given out millions of pounds in bonuses because it didn't take a hit," says David Rogers, the U.K.-based global product marketing manager for risk at SAS Institute, the Cary, N.C., business intelligence and predictive analytics software vendor.
advertisement
The "hit" Rogers refers to, of course, is the mortgage-related asset writedowns and credit losses that have been recorded by banks and financial services firms in recent months. The amount is staggering—more than $200 billion, according to news service Bloomberg. And the fall-out has been far reaching, with turnover at the top of Citigroup, E*Trade Financial, Merrill Lynch, and UBS. And, after 85 years of doing business on Wall Street, Bear Stearns imploded and only managed to survive after JP Morgan Chase offered to acquire the once high-flying firm for $10 a share.
How could so many heretofore highly successful, global financial services firms and banks so unexpectedly lose enormous sums of money? And how has one of these firms, Goldman Sachs, managed so far to dodge the bullet?
The answers to both questions have to do with risk management, which Goldman Sachs has employed highly effectively. Just the opposite is true throughout the larger financial community. "[W]eaknesses in risk management practices at some large global financial services organizations appear to have led to outsized losses at those institutions," the Federal Reserve's Open Market Committee concluded on January 30, 2008.
There is no singular reason for risk management failures on this scale.
"There have been massive failures throughout the system to do appropriate risk management," says Albert "Pete" Kyle, the Charles E. Smith Chair in Finance at The Robert H. Smith School of Business at the University of Maryland.
In some instances the technology wasn't in place, or used effectively, to mitigate risk. Often, too, that risk management and assessment technology fell under the business units, rather than IT and the CIO, resulting in silos and a lack of integration. Red flags were ignored or misunderstood. At some financial firms no one took ownership for risk management while many firms were simply unprepared to cope with the degree of risk inherent in dealing in highly complex financial instruments such as collateral debt obligations (CDOs).
advertisement
CDOs are securities comprised of mortgage loans, bonds and other debt of varying investment grades. All too often, it turned out, this mixed bag of debt instruments included high risk mortgage loans hidden under better quality assets. Even more opaque are highly sophisticated CDOs known as synthetic bonds made up of mortgage loans that have been sliced and diced to the point that they are near impossible to value or to determine what assets they're comprised of. "Assessment of CDOs is extremely complex," notes SAS's Rogers.
"CDOs present a huge problem for risk management," adds Amir Orad, chief marketing officer and executive vice president at Actimize, a provider of transactional risk management software.
Moreover, billions of dollars worth of CDOs were issued by offshore hedge funds—and this is one of the dirty little secrets of the financial world—especially those based on the Cayman Islands. There is good reason that the hedge funds are drawn offshore. "Each time a bank or financial firm creates a CDO, it forms a free-standing company incorporated offshore, usually in the Cayman Islands, which doesn't tax corporations," Bloomberg reported on August 20, 2007. In fact, the Cayman Islands have been estimated to be home to about 75% of world's hedge funds, with nearly half the industry's estimated $1.225 trillion in assets under management, Institutional Investor, a publication for professional money managers, noted in its May 15, 2006, issue.
Perhaps the quantitative analysts who apply numerical or quantitative techniques to investment issues and are largely responsible for packaging this witch's brew of illiquidity, can take the measure of CDOs with their proprietary algorithms, but it's a task apparently well beyond many of the investment firms and banks that were damaged by CDOs.
"It's difficult to do risk assessment in this environment because of the added level of complexity involved," notes Marios Damianides, former international president of the Information Systems and Audit Control Association (ISACA) and the IT Governance Institute, and a partner in the Risk Advisory Services for Ernst & Young in New York.
Even financial firms such as Bear Stearns and Morgan Stanley, which both had reputations as having among the most comprehensive risk management systems in place on Wall Street, could not avoid the CDO pitfalls.
In late 2004 Morgan Stanley's former chief technology officer Guy Chiarello told the publication Wall Street & Technology, "Whether it's data security, security around client technology offerings or overall operating risk, risk management—and all it encompasses—now require greater focus."
On August 29, 2007, Chiarello, having left Morgan Stanley earlier in the year (his departure was not announced by the bank), joined iRise, the El Segundo, Calif.-based application definition software and services company, as a member of its board of advisors. CIOZone has tried to contact him through iRise public relations but has not been successful.
Chiarello was replaced by Eileen Murray who, by November 2007, had also left the bank. At the time the subprime crisis fully erupted then, Morgan Stanley was absent a technology risk gate keeper in the form of a CTO until Jim Rosenthal joined the firm on January 24 as head of firmwide technology and operations. A Morgan Stanley spokeswoman notes, however, that the bank's CTO bears minimal responsibility for risk management.
That was primarily the responsibility of chief risk officer Tom Daula, who on February 14, 2006, presented the bank with what seemingly was a comprehensive, in-depth risk management plan, a PowerPoint of which is on the Web. Entitled "Risk Management at Morgan Stanley: An Overview," the report noted that risk committees were established at the firm and also at business levels and "periodically perform comprehensive reviews of the risk profiles of the business and the firm."
According to the plan the committees had IT, operations and controllers report on transaction, system and operation risk. Treasury reported on liquidity risk while law, compliance and government affairs dealt with enforceability and regulatory risk. The market risk assessment department gave the committees assessments of everything from equity to market liquidity risk while the bank's credit department dealt with credit risk and settlement risk. "Risk management work's best when the firm's risk appetite is clear and when business managers possess a strong risk management culture," Daula noted in the report.
Of Daula's approach to risk management, Rick Bookstaber, who has worked at a number of hedge funds and was managing director in charge of firm-wide risk management at investment bank Salomon Brothers, wrote on his now defunct blog, "It all sounds pretty reasonable to me. I guess I would give him an 'A' for the planning and an 'F' for the execution. Given that things did not work out according to plan, it would be interesting to know where these plans went astray." Bookstaber is currently working for another hedge fund that doesn't allow its employees to talk to the press.
In hindsight, it's clear that the bank's appetite for risk exceeded its ability to absorb it. "Do we take a lot of risk? Yes," John Mack, the firm's chairman told a shareholder at the bank's 2007 annual meeting. "I think this firm has the capacity to take a lot more risk than it has."
At the time, February 23, 2007, the bank was recording record profits, using its own capital to invest in complex derivatives, subprime mortgages and leveraged loans. It also underwrote CDOs it later was unable to sell, according to the International Herald Tribune.
A year after the 2007 annual meeting Morgan had lost $9.4 billion (that figure is now closer to $11 billion), the bank announced that the 54-year-old Daula was retiring and would be replaced by Kenneth deRegt, who assumed the title of managing director focusing on the bank's risk profile. CIOZone has been unable to located Daula.
Meanwhile, Bear Stearns' inability to predict how the subprime market would behave under extreme conditions (this is called stress-testing and is a form of modeling in which Goldman Sachs excels) and its failure to cover debt obligations with ample liquidity caused two of its hedge funds to collapse this past summer and ultimately resulted in the entire company going on life support, according to a report issued by Financial Insights, an investment research firm that's part of IT research and consulting company IDC. "Bear Stearns was the most aggressive and least diversified investor in mortgage-backed collateralized debt obligations, and the failure of the institution can be traced to an inability to mark to market, or value these securities, after the market for CDOs evaporated in early 2007," said the report.
Bear Stearns, however, had a history of taking portfolio management and risk management seriously. "I have always run the IT department as a business," Peter Cherasia, the firm's CIO and co-head equity analytics and systematic trading group, told Wall Street Technology in January 2006. (In September, 2007, Cherasia, executive VP and CFO Samuel Molinaro and chief risk officer Michael Alix were added to the bank's top management committee in a move that was widely seen as an effort to give more prominence to risk management in the wake of the hedge fund collapses.) According to Cherasia, at the beginning of each year, the IT department at Bear Stearns works with each of the bank's business units to identify and map out initiatives within each of those units. It then uses a simple set of criteria to set its goals. "We don't work on anything that doesn't either generate revenue, cut costs or meet a defined need, such as regulatory, compliance or client retention," he said.
Bear Stearns even went so far as to acquire its own risk engine firm several years ago, MeasureRisk, and incorporated the MeasureRisk engine into its own operations.
Problem was that the two now bankrupt Bear Stearns hedge funds had their own in-house risk engines so they didn't have to use the broker-dealer's own system, a disconnect. That these funds dealt in mortgage-backed CDOs made them even more risky given that the housing market was plummeting. Moreover, they were registered in the Cayman Islands which made them even more difficult to track—and put them beyond the reach of the SEC and apparently beyond the scope of the firm's central risk management operations. Technology silos, especially offshore technology silos, are one of the reason risk management systems fail, according to the experts.
Bear Stearns, which is facing numerous investor law suits related to the collapse of the hedge funds, failed to respond to a number of telephone calls from CIOZone.
|
