Top 10 op risks 2018: unauthorised trading
Banks say threat from rogue algos outstrips that of human traders
It’s notable that, despite a year free from big losses from rogue trading incidents, almost all senior op risk bankers who spoke to Risk.net for this year’s Top 10 Op Risks said they were steeling themselves for the next major violation: whatever controls a bank has in place, most agree it remains a matter of when, not if.
“Unauthorised trading is a risk for any firm with an investment banking business of any size, and it always will be – it’s as simple as that,” states the head of op risk at one European bank.
But the definition of unauthorised trading has also continued to evolve, in line with changing market structure. Rogue algorithms are now considered an equivalent, if not greater, source of potential losses than rogue traders purposefully circumnavigating the controls, or fat-finger error.
Malfunction of trading algorithms has been under intensive study since the flash crash of 2010, with early warning tools now being tested by both buy-side firms and regulators. These tools aim to identify and respond to an event once it has happened. But legislators are also enacting measures to prevent these failures from occurring in the first place. The EU’s Markets in Financial Instruments Directive revises and formalises control over trading algorithms, and the UK Prudential Regulation Authority has followed up this year with a draft statement that lays down basic principles on algo regulation.
In the UK, the Senior Managers Regime mandates clear ownership by named individuals of the development, testing and oversight for each trading algorithm. It also highlights that algorithms should be re-validated before being deployed in a different market, and asks for documentation of the differences between testing and real-world environments – both measures aimed at the risks involved in deploying algorithms in unfamiliar trading conditions.
The SMR also calls for clear documentation of algorithmic kill switches – the last-ditch safeguard against a trading algorithm running out of control. As the regulator points out in its February consultation, a failure in the system architecture could cause “trading to stop or to continue but in an uncontrolled way… Such risks could include… risk exposures rising beyond their limits and the firm’s risk appetite.”
Like all sizable op risk losses, the impact on a bank’s capital from an unauthorised trading incident lingers long after the initial breach has occurred. And banks can find wrangles over their losses continuing for years after the event: Societe Generale is currently fighting the French government over a €2.2 billion ($2.73 billion) tax writeoff it took on losses inflicted by the rogue trader Jerome Kerviel in 2008.
Still, there are hopeful signs that banks and regulators are getting smarter when it comes to balancing carrot-and-stick incentives to encouraging good behaviour among traders. In the US, Citi has made much of its recent bonus scheme overhaul, intended to change the bank’s culture by linking compensation explicitly to ethical conduct as well as bottom line performance.
In the UK, op risk heads report the SMR has already led to a marked decrease in the numbers of traders breaching their risk limits, something they attribute to the greater awareness of the potential for reprimand under the regime – including the ultimate threat of criminal prosecution for senior managers whose conduct is found to have recklessly endangered a bank.
Traders who went rogue
Name: Nick Leeson
Year: 1995
Institution: Barings Bank
Trading losses: $1.3 billion
Name: Toshihide Iguchi
Year: 1995
Institution: Daiwa Bank
Trading losses: $1.1 billion
Name: Jerome Kerviel
Year: 2008
Institution: Societe Generale
Trading losses: $6.7 billion
Name: Kweku Adoboli
Year: 2011
Institution: UBS
Trading losses: $2.3 billion
…and a rogue algo
Year: 2012
Institution: Knight Capital
Trading losses: $440 million
Banks, too, have made big efforts to beef up controls over the past few years in a bid to detect and prevent rogue trading. For instance, after a series of risk management failures that saw rogue trader Kweku Adoboli lose billions in its London office in 2011, UBS overhauled its operational risk function sufficiently to win Operational Risk’s Bank of the Year award in 2016.
However, some fear prudential regulators’ recent upending of the op risk capital framework could have a detrimental impact in this regard. The standardised measurement approach removes banks’ freedom to factor in the impact that changes in internal controls would have in preventing future breaches from the capital calculation process – a tactic many banks were successfully able to employ to reduce requirements under the own-models approach. Practitioners have argued this could take away the incentive to improve controls in the first place, engendering a new source of operational risk. Most regulators, including the Prudential Regulation Authority, have made clear they will consider the effectiveness of a bank’s conduct risk controls when setting its Pillar 2 capital requirement, however.
Many also warn that one of the difficulties in defending against the risk of unauthorised trading losses is that they may depend as much on extraneous factors as on banks’ conscious precautions against them. For instance, the long years of a low-rate, low-return environment provide unwanted incentives for unauthorised trading by those unable to make their targets in any other way – and their activity may go unobserved until a market correction reveals it, as was the case with Nick Leeson.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Op risk data: TD Bank takes US reg pill in purported drug-related AML fails
Also: SCB fraud bill rising fast; Postbank pain for Deutsche Bank. Data by ORX News
Clear warning on escape hatch for optimisation trades
CCPs fear Emir clearing mandate carve-out for portfolio rebalancing could be abused
One year on, regulators still want a cure for bank runs
Broad support for higher outflow assumptions on uninsured deposits, but that won’t save insolvent banks
Falling T2 balances bode well for eurozone’s stability
Impact of fragmentation would be less severe today than in 2010s, says Marcello Minenna
For a growing number of banks, synthetics are the real deal
More lenders want to use SRTs to offload credit risk, but old hands say they have a long road ahead
Did Fed’s stress capital buffer blunt CCAR?
Experts fear flagship test’s use as a capital top-up has undermined its role in risk management
How Ally found the key to GenAI at the bottom of a teacup
Risk-and-tech chemistry – plus Microsoft’s flexibility – has seen US lender leap from experiments to execution
Industry urges focus on initial margin instead of intraday VM
CPMI-Iosco says scheduled variation margin is better than ad hoc calls by clearing houses
Most read
- Breaking out of the cells: banks’ long goodbye to spreadsheets
- Too soon to say good riddance to banks’ public enemy number one
- Industry calls for major rethink of Basel III rules