When things go wrong, there is often a tendency to say something was a one off or an event so unlikely it could not have been foreseen. Quite often, that hides the truth. At its core, banking is not that difficult or that different from other businesses. Reading the recent write-up of the mess caused by the London Whale at JP Morgan prompted this week’s thought.
USD 6.2 billion. That, it seems, was the cost of the errors in JPM’s London based CIO office. When the issue surfaced, the CEO, Jamie Dimon, called it a “tempest in a teapot”. That remark was up there with Tony Hayward at BP who in the middle of the Deepwater Horizon spill fiasco commented on how he “wanted my life back”. The idea of the CIO area, Chief Investment Office, was that it was a corporate level department designed to hedge some of the major bank wide risks the firm had. As the story unfolded, it was clear that there were some very big trades being put on. Big as in bigger than other things that would be done internally and big in terms of relative size of the market they are in. Size and what is normal are a topic I have commented on in previous posts.
This week’s focus is on what I saw in the formal investigative report. Like all major banks, JPM has a board level risk committee. That committee’s work is based on inputs from the business. The write-up is worth reading, even it is written in what I call “lawyer speak”. The short version of the story in simple terms is that the reports to the risk committee did not include both the regular bank business and the CIO area in the same consolidated view. The main reports excluded CIO, and some other things, the appendices showed VaR, Value at Risk, for the CIO. Basically, a mess and mess with such a complex and extensive set of documents that the board committee members had no way of knowing that the data was incomplete and inconsistent.
This sounded like a familiar failing and one that we had seen not too long ago at UBS.
In 2007, UBS had a major loss associated with its holdings of sub-prime mortgage backed securities. That involved a write down of approximately USD 50 billion and led to the bank seeking government support. There are various threads to the story, one of which is relevant to this post. UBS had at least three separate areas holding sub-prime positions; the separate Dillon Read Capital Management business, an in-house hedge fund run by star trader John Costas, the investment bank and the treasury. The investment bank was doing typical mortgage back business, warehousing loans and then securitising them. In the treasury the bonds were in use as collateral to support the payments systems that UBS was a member of. Each activity quite normal and with the ratings the bonds had, it is understandable that the bonds were in use as collateral. It was though the firm-wide risk reporting that failed. Those three buckets of securities were not added up together and reported on collectively. In total, across those three buckets there was more risk than one might take, but nobody could see it and it seems nobody wanted to see it.
For more on the UBS issue: Click Here
For more on the JP Morgan, London Whale, issue: Click Here
Lessons Learned: The key issue here is a simple one: Consolidated Reporting. When you are reporting you need to be very sure that you have the whole position from across the firm. That is often a very difficult challenge, because there are multiple systems that are doing the same thing, perhaps supporting different businesses or even products.
Some years ago, Stephen Hester was the COO at the then Credit Suisse First Boston. He had such a spaghetti like mess of systems that he had a firm-wide project, BPTA, aimed at clearing up the mess so that CSFB could keep its licence from the FSA, the local regulator. In one of the project meetings, a wise IT manager when talking about the complexity of the systems came out with a great catch-phrase: “Entropy kills”. He was referring to how much information gets lost when there are too many different systems.
Killing off old iron and standardising on one multi-entity platform is a holy grail in banks. It is a battle worth fighting. Having too many systems for the same thing is a root cause of the reporting and control problems in both the JPM and the UBS cases. I would add to that human failings on the part of the CRO, the chief risk officer, and his peers, who ought to have been asking: “is this all of the risk across the whole bank, where do I see the figures for CIO?” One can understand that the board members did not perceive the possible failings. Management should have though.
A personal request: Comments and feedback from regular readers are very welcome. Thank you for each and every one of them. If you find this Blog useful, please subscribe. There is an E-Mail tool and an RSS link on the right hand side of the main Blog page. If you like it enough to share, please share this with a friend or two and ask them to subscribe too. If I am wide of the mark and not offering anything of use, please comment or make contact directly via E-Mail
Share on:
