Good evening ladies and gentlemen.
I wasn’t sure how to start this
evening, and decided to begin with the collective noun for a group of
CRO’s. You are collectively known as a murder.
Now I hope you won’t murder me for
telling you that as a murder of CRO’s you are a collective failure.
Oh dear, that’s not a good start,
Not a great way to engage my
But I have to start with a bit of
a downer, I’m afraid. I promise it will
get happier and better but, to start with, you have collectively failed in your
role to manage risk.
How can I say such a thing?
I will tell you and promise you
that it’s not your fault.
You have not managed risk, and you
did not prepare for it properly.
You have all failed.
If you had managed risk
effectively, why are we in this mess we’re in today.
Now I’ve been around a long time
and can remember in the 1990s that we were starting to create professionalism
around market and credit risk. Before
that, we just had a view of counterparty risk – is the person, business or bank
a sound risk to deal with? – and then we started to understand the
technicalities of market risks – yes, investments do go down as well as up –
and credit – is the chain of risk in this transaction viable?
Then, just as we thought we were
getting good at this stuff, the collapse of Barings Bank showed us that we were
missing a trick.
Nick Leeson’s melding of front and
back office activities demonstrated a new form of risk – operational risk – and
we began to create new market disciplines around this area in the late 1990s.
But, a decade later, we see Jérôme
Kerviel at Société Générale and Kweku Adoboli at UBS, and realise that we have
not handled operational risk at all.
It still exists and is enabled by
a culture that does not implement risk controls in the right way.
The result is that UBS has become
Usually Banking Scarily and we are all banking scarily today, what with the
European sovereign debt crisis and the credit crisis that preceded it.
How can we have a credit crisis,
if we have a great ability to manage credit risk?
How can we have a market crisis,
if we have the ability to manage market risk?
How could businesses that
understand risk allow these crises to happen?
The reason is that we all thought
we had modelled the risks and that we had de-risked the model.
We created computer simulations
that showed we could package up debt in securitised vehicles and gave them rich
acronyms like MBAs, SIVs, CDOs and more.
But the biggest acronym was CDS –
the Credit Default Swap.
Should any issue appear we can
swap it … but that didn’t work as when the swap hit the fan, we all realised
where it went back to: Lehmans! Argh!
When Lehmans collapsed there was
$400 billion of bad debt on their books.
That bad debt was leveraged into
massive exposures, as it was used to back other bad debt. In fact, Barclays Capital estimated that when
Lehmans went under, for every $1 of bad debt there was another $20 in Lehmans
backed Credit Default Swaps that went behind hit.
This is because Lehmans had a
Triple-A credit rating prior to its collapse, and its Triple-A was used to
trade CDS contracts globally.
So Lehmans $400 billion was multiplied
by a factor of twenty to create an $8 trillion OTC derivative implosion.
This is why we all lost trust in
each other and why we found a new form of risk – liquidity risk.
It is why HBOS was merged with
Lloyds, Washington Mutual was merged with JPMorgan and Wachovia with Wells
Fargo. It is why Fortis, here in
Holland, had to get a bailout, as did Commerzbank in Germany and so many other
banks across Europe and America.
We had essentially taken the rug
from under the markets.
Triple AAA ratings had a lot to
answer for of course, as did the rating agencies, but so did risk managers.
Risk managers had failed to manage
How could risk managers, who understood
credit risk, allow a credit crisis?
Well, I said it is not your fault,
it was the models and systems but it was also because things had just become
According to the Bank of England, when Residential Mortgage Backed Securities (RMBS) were
first introduced, they could be understood by reading about 200 pages of
When Collateralised Debt
Obligations (CDO) launched, you would be required to read about 30,000 pages of
information to understand the contract fully.
Now take CDO-squared derivatives,
where Credit Default Swaps multiplied the risks, and you would need to read over
a million pages of documentation to get close to tracking the complexity of
That’s complicated but, even so, I
would claim we should still have seen the risks.
Let me give you a good example of
what went wrong in the form of the former CEO of Halifax Bank of Scotland, Sir James
He was in front of the Treasury
Select Committee on Monday in London as the former head of HBOS, now Lloyds,
and a Board Member of the Financial Services Authority.
He is an actuary by background and
yet, after taking over as CEO, he converted the bank into a retailer and
increased corporate lending from £35 billion to £66 billion in TWO YEARS!!!
This leverage of debt was based
upon unlimited access to securitised lending which, in retrospect, was stupid.
Of course, it’s not unlimited and
that is what the credit crisis has taught us.
Credit is limited.
But we knew this – we have managed
credit risk for decades – so how did this happen?
Well, it’s hard to be a risk
manager when you cannot predict the future, and it’s even harder to manage risk
when the culture of the bank is to create shareholder value at the expense of
That is one of the lessons we have
learned from this crisis.
But enough about the downside of all of this,
where’s the upside?
I think there’s lots of potential
After all, you do not have progress
if you do not take risks.
This has been borne out many times
in history, and will be seen many times more in the future.
To enjoy progress, you have to
take risk, and to take risks means you have to face losses.
The aim is to minimise those
losses as we progress.
So Credit Default Swaps were and
are an innovation that enabled progress.
CDS allowed us to increase trade and support globalisation
The fact that it has caused a
credit implosion in Europe and America is because of our own greed and
But that’s what happens when you
take risks to enable progress, you allow greed and stupidity to enter the
It is the basic tenet of the old
book Extraordinary Popular Delusions and
the Madness of Crowds, and core to how markets operate.
The madness of crowds created the
Tulip bubble of 1637 here in Amsterdam.
At its peak, a single tulip bulb
was worth more than the total annual income of a skilled craftsman.
The madness of crowds.
The same was true with the South
Sea Bubble, the Great Depression, the Dotcom bust and now the Credit Crisis.
The madness of crowds.
When JPMorgan’s CEO Jamie Dimon
was asked by his young daughter, “what’s a financial crisis”, he responded
“something that happens about every seven years”.
It shouldn’t, but you cannot have
progress without risk and you cannot take risk without losses and if you allow
excessive risk you will find, on regular occasion, crisis.
It’s in the very nature of risk.
As Harry Lime in the old but
classic film the Third Man says:
Italy, for thirty years under the Borgias they had warfare, terror, murder and
bloodshed, but they produced Michaelangelo, Leonardo da Vinci and the
Renaissance. In Switzerland, they five
hundred years of brotherly love, democracy and peace, and what did they
produce? The cuckoo clock.”
Now I’ve got nothing against the
Swiss – they invented modern banking – but the point is that you need to take risks to
progress, you have to face losses to progress, you need crisis for progress and
you need risk managers to try to minimise these inevitabilities.
That’s why you’re here.
So you know you will fail, but
your role is to minimise the failure of your institutions, which I am sure you
are very good at.
And how do you minimise the
failure of your institutions?
I guess you can wrap it up in the acronym
of R.I.S.K., which stands for Regulation, Innovation, Strategy and Kafka.
I’ll need to explain that last one
but let’s start with Regulation, the bane of our lives.
There is too much Regulation
around at the moment, and it is too complicated.
This is because countries and governments
are trying to work out how best to regulate, and they are struggling.
As David Wright, Secretary General
of IOSCO said at this year’s SIBOS:
“You cannot resolve a failing institution that has a
global structure if there is a region or major country in the system that does
and this is where the challenge lies as not all countries are
We have a two-stream world.
Half of our world – our part of
the world – is in an austerity meltdown whilst the other half of the world –
the Southern hemisphere mainly – is in growth and expansionism.
You cannot have an effective
regulatory framework in a world split in two.
Equally, you cannot have an
effective regulatory framework in a world where even the EU cannot agree on its’
And you cannot have an effective
regulatory framework when it is muddled.
The muddle is illustrated well by
the Basel Accord.
The first iteration of the Basel
Accord had seven risk metrics requiring seven calculations; by the time we implement
Basel III, there will be over 200,000 risk categories requiring over 200
Another great example of muddle is
the Volcker Rule.
When Paul Volcker wrote the rule,
it was a three-page letter to the President.
When Dodd-Frank went to Congress, the rule was ten pages. By the time the Volcker Rule finally emerged
for public comment in October 2011, it was 298 pages with a further attachment
of 1,300 questions about 400 topics.
Can anyone read, absorb and
implement such a rule?
And then the rule gets fragmented
as, here in Europe, we do not have a Volcker Rule and we will not be applying
We cannot even agree basic
regulatory harmonisation, as illustrated by the dichotomy between the European
Market Infrastructure Regulation, Dodd-Frank and MiFID II (see the CAS-WG for more).
We see huge debates over
definitions about everything, from what is and is not a speculative versus a
commercial use of derivatives to how much collateral needs to be posted on
which exchange venues and when.
The issues these changes create
are many and multiple, and are best illustrated by a metaphor used at a recent
Financial Services Club meeting.
The regulators are trying so hard
to make everything so safe and with so little risk that it is like responding
to a terrorist attack on an airline with the notion that all the passengers
must fly naked.
Sure, it means that you have no
concerns about people packing explosives in their underpants, but it also means
that no-one bothers to fly.
That is the concern we all have today,
as regulators try to lock down risks by over-regulating with too much change,
too fast and too soon.
And you have to bear in mind that,
as they do this, half the world doesn’t need this regulation. Half the world is growing and needs fuel for
investment, not austerity lockdown.
With a two-stream world, we cannot
therefore create a single global regulation or policy. Without a single global regulation or policy,
you end up with a mess as everyone can play games, look for weaknesses and
arbitrage the rules.
Right now, that means we should
all move to Hong Kong, where taxes and policies benefit the brave. What does that mean for Europe and
America? How does the regulatory world
help the future growth of North America and Europe if all the opportunity moves
to Asia and Latin America?
That is outside our control, as we
cannot change the way in which the regulators are moving and so, from a risk managers
viewpoint, the best strategy is to look for the core of what needs to change
and manage as best we can.
That is one approach.
Another is to look for
opportunity, which brings me to my second point in my R.I.S.K. acronym:
Innovation has many facets, with
many coming from new technologies such as Cloud, Big Data, Mobile and Social.
These are the big deals of our day
and can be illustrated by what we see happening in many parts of the world.
I am not going to talk about these
in depth tonight, but the use of dongles to make mobile telephones points of
sale is a great example of innovative change through technology.
Another is the use of real time
data analytics on FPGA (Field Programmable Gateway Arrays) for HFT (High
There are many more, such as using
real-time geolocation to provide proximity based marketing through Google
All of these things are combining
the power of data in the cloud to provide contextual and targeted marketing in
a real-time world.
A world of risk, for sure, but a
world where innovation can take place in real-time and in short time.
What does real-time risk analytics
mean for your operations for example?
For one firm, it means creating a
whole new business.
Wonga, the UK’s largest payday
loan company, can only exist through the innovative use of technology to
provide real-time risk analysis of people applying for credit.
Real-time credit risk.
And these things do not take long
to take off.
It took almost four decades for
the wireless radio to take off and gain 50 million users; it took under a year
for the iPad to achieve the same.
Things change fast and in real
This creates both opportunities
I think you can see the
opportunities, especially if we focus upon technology change, but the threats?
Well these are also created by
technology – think about the globalisation of our industry thanks to our global
connectivity through technology – but they are also now created by society.
We live in a new world of
capitalism for example, and it is called social capitalism.
Social capitalism allows anyone,
anywhere to make a change to the world, whether that is igniting the Arab
Spring as Mohamed Bouzazi did in Tunisia, or changing a bank policy as Molly
Katchpole did in America.
In the case of Mohamed Bouzazi, he changed the world after leaving a message on Facebook
to his mother one hour before setting fire to himself as a sign of protest
against oppression. This action
resulted in a major social movement across the Middle East that saw the uprising
of people in Egypt, Libya, Yemen, Bahrain and more.
Molly Katchpole achieved a
different sort of change, when she forced Bank of America to reverse their
policy after posting a petition on change.org.
The petition gained over 300,000 signatures in a fortnight, and resulted
in the public shaming of the bank who had to reverse their policy.
These are two examples of individuals
changing things through the innovations of social media, but the best example
is perhaps the Occupy Movement.
The Movement is fuelled by social
media and allows the 99% to organise themselves in protest against the 1%.
Who are the 99%?
The 99% are those not enjoying the
wealth of the 1%, and the 1% are those who have 99% of the wealth in the world.
The Occupy Movement has arisen to
create a social movement that aims to rebalance this imbalance and has gained
endorsements from many quarters, with the ultimate endorsement coming from the regulators.
Yes, from our very own financial regulators.
Our regulators have said that the
Occupy Movement is “entirely constructive” and that we may be “in the early stages of a reformation
of finance”, but that it is “a reformation which Occupy has helped stir”.
So we have opportunity from
innovation and risk, with the greatest risk being ignoring, or rather the
ignorance of the implications of social capitalism.
Social capitalism is a new form of capitalism, and one which expects the banking
system to show an ethical and moral backbone, something we have clearly failed
to deliver in the last decade.
So yes, we have risk in our world,
thanks to Regulations and Innovations, and the question is what to do about it?
This leads me to my third
dimension of the R.I.S.K. acronym: Strategy.
Strategy represents the question
of what to do next.
I was thinking about this and the
fact that this event is sponsored by SAS.
In Britain, we also have an
SAS. It’s rather different as it’s the
Special Air Service of the British Army.
The motto of the SAS is: Who Dares Wins and this is a good
analogy when it comes to strategy for banks today.
But the SAS don’t say Who Dares Wins lightly.
If it was purely Who Dares Wins without managing risk, then
it would be foolish as he who does not look before they leap is purely a
daredevil, and a daredevil is someone who is willing to take a risk without
The SAS are rather the ultimate
risk managers, as they manage risks to ensure they win.
So it’s not Who Dares Wins but Who Dares and
Manages Risk Best Wins.
Sure, it doesn’t trip off the
tongue so easily, but it is the core of the SAS approach, and one we can learn
from as banks.
Bank’s strategies are focused upon
being able to innovate, take on risk, have a daring approach, but that you
manage that approach through risk management in order to win.
It is this latter part that is the
key to winning, and I bet you didn’t expect me to equate this murder of CROs to
the SAS but yes, you are the special force of the financial industry.
So how can you ensure that you are
the best crack team possible when it comes to managing risk and winning?
For me, it’s all about being a
daredevil who knows what you’re getting into when you take on those dares.
If you know the risks you are
getting into, you can hedge and scenario plan and insure yourself against
issues and exposures.
The way to do that is through
understanding what will change your business in the future.
If you know what will change your
business in the future, then you can insure it.
How do you know what will change
in the future?
Well, it’s simple and based upon
another acronym: P.E.S.T.
P.E.S.T. is a method used by
people planning for the future to understand the Political, Economic, Social and
Technological changes coming downstream.
In banking, we can see the
P.E.S.T. changes coming, as I’ve talked about many of them already.
Politically, it is the regulatory changes
each government is making, with a clear dichotomy between the European approach
(a Banking Union and transaction taxes) and the American approach (a ban on
proprietary trading and capping fees).
Economically, we see a two-stream
world of opportunity. A world of growth
in key economies such as Colombia,
Indonesia, Vietnam, Turkey and South Africa, whilst a world of contraction in
other economies, particularly in Southern Europe.
Socially, the change affected by
the Occupy Movement and the Arab Spring has shown that the individual can make
as dramatic a difference to world thinking as a government or corporation.
Finally, Technologically, we are
seeing the mobile device connecting everyone on the planet wirelessly one-to-one.
So strategically I recommend that
you are daredevils but with a clear foresight.
Innovate and win, but avoid erroneous and obvious risks by clearly
understanding your future shocks. Track
your future shocks by understanding the uncertainties around the world politically,
economically, socially and technologically, and try to make those unknowns
This brings me to my final point:
Kafka, the K in R.I.S.K.
Franz Kafka was an author of the
twentieth century who created his own movement and influence, called
Kafkaesque has various
definitions, but the key one I would pick up and use would be being “marked by
a senseless, disorienting and often menacing complexity and impending danger”.
As you can see, the financial
markets are pretty Kafkaesque at the moment.
We live in a world that is
off-kilter, disorienting and slightly menacing.
Every day we wake up and expect
another headline to hit us: rogue trader, insider trader, rate fixer, mis-seller;
along with all sorts of other accusations of greed, arrogance and stupidity.
All of these things have been
thrown at our walls from inside and outside over the past few years, and we
have learned to live with this uncertainty and doubt.
But as risk managers, you cannot
live with uncertainty and doubt. To
manage risk, you need certainty and confidence.
And there is the rub: it is your
role that will determine the path your bank will follow in the future, and it
is your job to restore the bank’s certainty and confidence.
It is your job to manage this
Kafkaesque moment, and it is your job to restore the future path for the bank.
Now that is not easy, as times are
so uncertain and doubtful, but I recommend you give it your best shot.
In fact, it is critical that you
do this, as financial markets cannot exist without taking risks, innovating and
It is the reason why Jamie Dimon
says we have a financial crisis every seven years.
It is no surprise that we have crisis,
bubbles and bursts.
It is something that has been
happening since the dawn of capitalism.
The only difference today is the
bubbles and bursts are getting bigger.
The Tulip Bubble, the South Sea Bubble,
the Great Depression and the Dotcom Bust were all big financial crisis where people
lost their money, but the Subprime Meltdown is a globalised crisis where some
countries lost their money.
We have globalised innovation and
risk, and so it is no surprise that the innovations and risks are far greater
today than they have ever been before.
It is of this reason that I want
to make one final plea before I close this presentation.
We need to create Wikirisk.
We need to collaborate more and
share our knowledge of risk more.
We need a Wikipage for risk
managers to pool their knowledge and share their information.
Why we don’t do this is a mystery
Sharing risk information in
banking is no different to sharing risk information in insurance.
Insurance firms pool their
knowledge of insurance claims made, in order to catch multiple claims,
fraudulent claims and identify emerging and future trends and risks.
Why don’t banks do this?
Because of competitive forces?
Because of industry inertia?
Because of a lack of motivation?
Whatever the reasons, it is
imperative for the industry to get better at tracking the multiple risks we
face collaboratively, rather than individually.
That is where I see the greatest
opportunity today for change.
I hope you agree.
In summary, I admire the risk
Effective risk management allows
banks, companies, individuals and soldiers to dare and win.
Without being able to dare, we
would have no progress and no innovation.
But daring without managing risk
well is dangerous, which is why we need to bring risk management to a global
level, pooling our knowledge globally.