Rogues of Wall Street Rogues of Wall Street How to Manage Risk in the Cognitive Era Andrew B Waxman Copyright © 2017 by International Business Machines Corporation (“IBM”) All rights reserved Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750–8400, fax (978) 646–8600, or on the Web at www.copyright.com Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748–6011, fax (201) 748–6008, or online at http://www.wiley.com/go/permissions Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose No warranty may be created or extended by sales representatives or written sales materials The advice and strategies contained herein may not be suitable for your situation You should consult with a professional where appropriate Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: IBM, the IBM Press logo, and IBM Watson A current list of IBM trademarks is available on the web at “copyright and trademark information” as www.ibm.com/legal/copytrade.shtml For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002 Wiley publishes in a variety of print and electronic formats and by print-on-demand Some material included with standard print versions of this book may not be included in e-books or in print-on-demand If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com For more information about Wiley products, visit www.wiley.com Library of Congress Cataloging-in-Publication Data is available ISBN 9781119380146 (Hardcover) ISBN 9781119380177 (ePDF) ISBN 9781119380153 (ePub) Cover Design: Wiley Cover Image: © Photo by.Ignacio Ayestaran/Getty Images Printed in the United States of America 10 To my mother and father of blessed memory, Anthony and Lynda Waxman, who inspired in me a lifelong love of good writing and analytical thinking Contents Introduction: A Risky Business ix Acknowledgments xvii About the Author xix The Historical Context 10 11 12 13 14 Insider Trading 27 15 16 The Rogue Trader Genius Traders: Who They Are and How to Catch Them 19 Price Manipulation Risk: The Big Unknown 37 The Mortgage Mess 45 Ponzi Schemes and Snake Oil Salesmen 53 Rogue Computer 63 Funding the Bad Guys—Winning the AML Battle 73 Litigation and Big Data Risk 85 Twitter Risk and Fake News Risk 91 Spreadsheet Risk: Should We Ban Excel? 95 Acts of God Risk 99 Cybersecurity—The Threat from Outside and Inside the Firewall 101 Turning the Tables on Risk 107 Building the Right Culture: Values, Organization, and Culture 113 viii Contents 17 18 19 The 360-Degree Risk Management Function 123 20 21 22 The New Tools of the Trade 159 23 Case Studies and Guiding Principles in Planning for Disaster 185 24 25 The Risk Management Society and Its Friends 191 What We Talk about When We Talk about Risk 137 The Future Is Unknowable, the Present Burdensome; Only the Past Can Be Understood 147 Cognitive Technologies 169 The Role of Government and Regulators in Managing Risk 177 Conclusion: Seven Traits for Successfully Managing Cognitive Risk 203 Index 207 Introduction: A Risky Business T he managing director for risk fixed him with skeptical blue eyes, “you are probably the most dangerous person at this Bank” I was incredulous She wasn’t talking to a swaggering trader She was talking to her supposedly close colleague, the Head of the Global Policy Office at the Bank The discussion for the last hour had been about the need to strengthen global compliance policies for Sales and Trading in the aftermath of the 2008 Financial Crisis Surely, I thought, the danger must lie elsewhere Why I open with this story? In many ways it’s symptomatic of what was wrong at banks before and after the 2008 Financial Crisis There were traders losing money hand over fist, in some cases, to the point of taking their banks over the edge during The Crisis, yet the MD perceived the greater threat as stemming from the Global Policy Office Really? The pre-Crisis view was that traders should be left more or less alone by Risk and Compliance to work their magic This did not work out so well in retrospect After The Crisis a new belief took hold, almost as pervasive and erroneous as the “let traders be traders” view The new belief was that rigorous enforcement of new policies and procedures would lead almost magically to prevention of wrongdoing The MD, perfectly cognizant of this, was afraid that risk managers would retreat behind a bureaucrat’s desk rather than engaging with day-to-day activity on the trading floor and that the effects would be just as bad as previously Sadly, in her defense, to a significant extent it’s my view that this is what has gone wrong after the crisis The evidence presented in this book suggests that both these factors have been at play in the years since the Financial Crisis The strengthened regulatory and compliance regime imposed since the 2008 Financial Crisis this has not yet resulted in a corresponding reduction in operational risk events and failures.1 Even a cursory reading of newspaper headlines in 2016 provides sufficient evidence of that point: Ponzi schemes, fictitious bank accounts, and cybersecurity failures are still common occurrences The book’s objective is, x Introduction: A Risky Business however, not to offer a critique of these rules and regulations or to argue that they are not needed.2 The main objective of this book, rather, is to hold up a mirror to events caused by the Rogues of Wall Street—to analyze and understand them and then describe ways and techniques for identifying, mitigating, or preventing them in the future This past decade has been an exceedingly turbulent one for banks and the financial services industry So many losses have been paid out to investors, regulators, and clients as either straightforward financial losses or penalties paid out for accepted wrongdoing The trade date for many of these losses was the financial crisis of 2007–2008 Settlement date was often later—in some cases, as late as 2016—before the penalty was paid Even in 2017, regulators are still announcing the settlement of cases with banks that go back to 2007 to 2008.3 I worked in operations and risk management at several large banks in the 2000’s As such, I participated in what are called “scenario planning workshops.” The goal of these workshops was (and is) to estimate the size of potential losses in the worst of circumstances, black swan type events I have to admit, however, that during these discussions, we hardly conceived of losses at the levels they have since reached With multi-billion penalties incurred in some cases, it is now evident that banks failed to price these types of risks properly It is also apparent that financial crises hold special trepidation for banks and other financial institutions This is largely because unknown operational risks4 that, banks and other financial institutions hold on their books, are suddenly and ruthlessly exposed at such times In 2008, bank losses suddenly ballooned from areas as disparate as credit default swaps, debt offerings, mortgage securities, money market funds, Ponzi schemes (Madoff), rogue trading, hedge fund positions and so on Some institutions were pushed over the edge—Bear Stearns, Lehman Brothers for instance—while many others barely survived This was no coincidence Rogue trading positions, Ponzi schemes, even losses on mortgage securities, can be smoothed over, hidden by high profits, during the good times, but not during the bad times Madoff’s scheme, for instance, finally came to light in December 2008 after years of successful concealment Driven by sudden cash needs, brought on by the Financial Crisis, multiple investors asked for their money at the same time The demand for cash could not be met by Madoff’s cash on hand and the harsh reality was suddenly exposed This same dynamic played out across multiple venues, markets and positions While it may have appeared then, Introduction: A Risky Business xi that defenses were suddenly breached during the Financial Crisis, it was actually in the run up to the Crisis, that banks and other institutions were opened up, by and to, inside and outside threats This book suggests ways for banks and financial institutions to strengthen their defenses during the good times to better protect themselves during the storms that will inevitably hit from time to time The acquisition of risk management capabilities linked to what I call the “Cognitive Era” are going to be required The Cognitive Era is referenced in the title of this book for two important reasons First, the field of cognitive psychology pioneered by Daniel Kahneman and Amos Tversky, is in many ways a gift to modern risk managers By leveraging some of this thinking (we will study some examples in the latter half of the book) risk management errors of the past can be avoided Second, the era of “cognitive computing”, that has been recently heralded by IBM and other proponents of Artificial Intelligence, presents new opportunities for risk managers Partly due to the availability of ever-increasing computing hardware and network power and also due to the availability of new AI (artificial intelligence) technologies, corporations now have cognitive digital platforms at their disposal to improve their ability to manage a wide range of tasks These platforms encompass machine learning, reasoning, natural language processing, speech and vision, human-computer interaction, dialog and narrative generation, and more—systems that learn at scale, reason with purpose, and interact with humans naturally We explore some specific applications in the field of surveillance and regulatory management that can support the ability of banks to prevent and mitigate operational risks more effectively in the future Some of these techniques are already being explored and implemented in the field The first part of this book, Chapters through 14, takes the reader through a “Rogue Gallery of Wall Street”—the characters and events behind the losses and failures at storied investment houses and securities firms in the past several years We look at some of the factors behind the events, the causes, and some of the things that can be done to prevent their reoccurrence in the future The Rogue Trader, naturally enough, is the first character we come across in this Rogue Gallery Typical of this archetype was the trading incident at UBS that occurred in late 2011 that resulted in a loss of over $2 billion for that bank This incident was similar in many respects to the Rogue Trader incident at Societe Generale5 only four years earlier that resulted in a loss of around $7 million We will look at these characters and incidents in more detail in Chapter xii Introduction: A Risky Business Rogue Traders, however, are not the only type of bad actor that investment banks have had to deal with in the past few years The Genius Trader is the second character we meet, and, of course, is not always bad to know As the name suggests, this character is very smart, perhaps too smart, and his colleagues and bosses give him more latitude to trade than other traders The trades he executes and the positions he accumulates are very complex and not necessarily understood by his bosses or by the risk managers whose job it is to protect the bank from taking on too much risk The losses that can result from these trading decisions and miscalculations can be very, very large, leading in some cases to the fall of a major financial institution.6 We will look at the many lessons for risk management from this and other episodes in Chapter Insider trading has also been front and center in the past few years Many of those convicted of insider trading have been traders at hedge funds One of the consequences of banking regulations has been the multiplying of hedge funds established by traders dissatisfied by the resulting conditions at the large banks The spate of insider trading charges at hedge funds, some of which may lack sufficiently strong and independent compliance oversight and surveillance functions, has perhaps been the logical consequence of that The issues here and potential remedies are looked at in Chapter Banks also need to be aware that there may be price manipulators in their ranks Traders at several banks were charged in 2012 with the crime of manipulating LIBOR rates, rates that are set by a group of specifically appointed banks The foreign exchange rate manipulation debacle followed soon after that.7 Wide-ranging investigations following both these scandals resulted in dismissals and even criminal charges levelled at several major banks One may wonder justifiably why all the compliance and pricing infrastructure and policies and procedures that banks have put in place failed to identify these issues We will look at these issues in more detail in Chapter Penalties imposed by regulators following mortgage-related litigation has been a significant drain on banks since the 2008 Financial Crisis We identify the key risk indicators and lessons learned from these events in Chapter Meanwhile, threats inside banks and hedge funds posed by Rogue Traders and others are matched by threats posed by those from outside Wall Street also needs to a better job of protecting itself and society from these external threats: money launderers (drug gangs, terrorists, etc.), Ponzi schemers, cyberterrorists, social media, rogue technology, spreadsheets, and Acts of God We will look at each of these risks and episodes in some detail and draw out what can be done going forward in respect of each one in Chapters to 14 206 Rogues of Wall Street analyze data in more powerful ways to identify emerging risks more quickly and accurately Those organizations that have outsourced certain repetitive tasks have nurtured a rich risk talent pool to focus on solving difficult analytical questions They will be able to make the best use of new analytical tools, and will be more sophisticated in managing key risk categories such as anti–money laundering, capital market manipulation, insider trading, and potential global market dislocations In the future, managing these risks with such tools should become more like managing the traffic of a busy city: Jams will surely occur, but they won’t lead to major take-downs Constant Self-Analysis Perhaps the most important trait is a bank’s ability and willingness to improve risk management elements that are lacking, which hinder the institution’s success Managing the transformation into a high-functioning risk organization is a long-term but still vital endeavor It starts with the ability to look in the mirror and conduct an honest and accurate assessment of the organization in relation to each of these traits and identify where the company falls short When a company is hit by a high-profile risk failure, it is natural to ask which risk management shortcomings the episode revealed, and then try to address those shortcomings But an even more winning strategy would be to avoid knee-jerk reactions, asking enough skeptical questions about any efforts to fill gaps—to ensure the new initiative is indeed a right fit for the organization—so the business isn’t blinded by its own sense of immediacy The acquisition of these seven traits is not simple, but developing the right path will ultimately bring significant rewards to those able to navigate it Index Note: Page references followed by f and t indicate an illustrated figure and table, respectively A Activity periods, nondetection (duration reduction), 16 Acts of God risk, 99 Adoboli, Kweku, 7, 8–9, 22 Advisory services, 183 AIG, bailout, 177 AIG-like scenario, risk levels (growth), 179 Algorithmic data mining, 15 Algorithms deployment, 65 problems, 170 American Revolution, 192 Anchoring bias, 155 example, 165–166 Anti-money laundering (AML), 169 battle, winning, 73 controls enforcement, failure, 115 oversight, 76 failures, fines (imposition), 78t legislature/regulations, 76–77 procedures, following (failure), 157 program, effectiveness, 77–82 regulations, 76–77 regulator fines, example, 153 risk, example, 156–157 Arthur Andersen, problems, 88 Artificial intelligence (AI), 60, 169 tool, policy document usage, 173 Asset management arm, growth, 127 example, 157 Asset managers, pension funds middlemen, 59–60 Assets, changes, 47 Associated Press (AP) Twitter account, hack, 91 Asymmetric compensation structures, 48–49 Authority, national systems, 197 Avian flu (N7N9 virus), 197 Awareness, culture (maintenance), 192–193 B Back-office systems, access, 12 Balance sheet, size, 165–166 Bankers, conflicts (minimization), 86–87 Banking secrecy, violation, 103 Banks assessment types, 82 checks/balances, review, 15–16 data leverage, 162–163 data storage review, 88 employees, knowledge, 105 fraud detection methods/procedures review, 14 global banks compliance, 79–80 pre-transaction screening, implementation challenges, 80 human resources model, 160 IT network, security, 102 Rogues of Wall Street: How to Manage Risk in the Cognitive Era, Andrew B Waxman © 2017 by International Business Machines Corporation (“IBM”) Published 2017 by John Wiley & Sons, Inc 208 Index Banks (Continued) risk management, 88 secrecy laws, 80 trading team, Rogue Trading entrant, VaR limit, 165 Bank Secrecy Act (BSA), passage, 76 Barclays chart room/coded language, usage, 40 fixed-income trading footprint reduction, 124 operational risk events, 133–134 Baring Capital, 169–170 Barings, Barings (investment bank), collapse, 133 Basel Committee on Banking Supervision, 133 tools, 159 Bear Stearns headstones, 127 objectives, assessment, 125 regulator events, 49 Bear Stearns High Grade Structured Credit Fun, destruction, 38 Behavioral/sentiment analysis, 169 Berkshire Hathaway, 123, 205 Bernanke, Ben, 181 Better Alternative Trading System (BATS) IPO, 63, 68 problems, 67–68 Big Bang, 64 Big data analysis, 15 principles, usage, 162 risk, 85 systemic risks, 87–89 uses, 111 “Big Short, The” (movie), 181–182 Bilateral agreement, 38–39 Black Monday, 64 Black September, 75–76 Boston Marathon bombers, identification problems, 196 Break the glass procedures, 93 Break-the-glass scenario sets, 69 Bribery, 58–61 Bridgewater Associates, 119 leadership, 197–198 success, 195 British National Criminal Intelligence Services, PLO activities, 73 British Petroleum (BP), Deepwater Horizon oil leak, 138 Buffett, Warren, 126 equities market investment, 205 talents/ethics, 31 technology stock distaste, 123–124 Build social network capabilities, 140 Business environmental factors, 156 goals, 137 knowledge, leveraging, 154 process, 137–138 risk management, 110 strategy, 110 C Capital market manipulation, 169 Capital strike, experience, 178 Case studies (disaster planning), 185 Cash movers, detection (absence), 73–75 Cash transfers, 163 Cayne, James, Change, organizational barriers (breaking), 116–120 Checks/balances, bank review, 15–16 Chernobyl nuclear disaster (1986), 196 Chief operating officers (COOs), complaints, 161 Chinese walls, 32–33 Citigroup chart room/coded language, usage, 40 settlements, external incidents review, 154 Index Clawbacks activation, 162 usage, 159 Client knowledge, risk (example), 157 Code of ethics, 120 Code red procedures, 93 Cognitive reasoning engine, 170, 172–173 Cognitive risk management, traits, 203 Cognitive surveillance tools, 111 Cognitive systems, usage, 169 Cognitive technologies, 169 Collateralized debt obligations (CDOs), 38, 46 Collusion, 40–42 Command-and-control center, centralization, 102–103 Commercial entity, dynamic, 195 Commercial secrecy, violation, 103 Commission-based trading activity, revenue (increase), 183 Commodities and Futures Trading Commission (CFTC) action, effectiveness, 179 counterparty creation, 177 fraud identification problem, 164 market regulation, 177–180 regulatory environment, 180 rules, provision, 179 sales approach, 58 Technology Advisory Board, 58 Communication absence, 116 channels, 60 Companies, investment, 34 Complex risks, identification, 132 Compliance functions, outsourcing, 31 team, usage, 173 Comprehensive Capital Analysis and Review (Federal Reserve), 182 Confidentiality requirements, impact, 151 Confirmation automation, 89 procedures, 16 Consent orders, 42 Contribution, value (recognition), 110, 113–115 Controllers, impact, 37 Controls assessment, 145 examples, 156–157 dictionary, 144–145 governance controls, 144 mitigating controls, 144 preventative controls, 144 self-assessment, 110 weaknesses, documentation, 147 Corruption, 58–61 Counterparty CFTC creation, 177 debts/obligations, 132 risk decisions, 129 Country country-based lists, usage, 79 risk, 81 Create Internet-based client networks, 140 Credit default swaps (CDSs), 38, 177–179 initiation, positions, hedge, 117 Credit derivatives portfolio, marking, 39 Credit risk, 130–131 Credit Suisse, earnings (restatement), 39 Cultural tools, 110 Culture awareness, maintenance, 192–193 building, 113 ethical culture, 120 Currency trading activity, damage, 132 209 210 Index Currency Transaction Report, usage, 76 Customer accounts, 102 data flow, enabling, 104 due diligence, 78–79 information, updates, 78 risk appetite, 125 Cyber criminals, impact, 174 Cybersecurity (cyber security), 101 controls, 105–106 incidents, reporting, 107 Cyberthreats, 101–103 D Dallio, Ray, 119, 195, 197–198 Dark pools, 64 trades, disappearance, 180 Data algorithmic data mining, 15 anchoring, example, 165–166 bank usage, 24 big data, 85, 87–89 data-driven approach, 163 encryption routines/utilities, usage, 104–105 examination, 100 increase, operational risk (relationship), 87–88 leverage, 162–163 mega data, 13 objective assessment, 189 objective data analysis, usage, 24, 163 old data, deletion, 88 privacy, problem, 79 security, elevation, 102 storage, costs/risks, 89 substitution, example, 165 theft, 103 thin data, example, 166 unstructured sources, 92 usage, 99–100, 162–164 David and Goliath (Gladwell), 101 Deal teams, impact, 32 Deepwater Horizon oil leak (BP), 138 Defensible disposal, 89 Delta One Desk, usage, 107 Delta One trading desk, promotion, 8–9 Diamondback Capital Management, 30 Dirty money, appearance, 75 Disaster planning, case studies/guiding principles, 185 Dodd-Frank Act requirements, 182 stress tests, 205 Dodd-Frank legislation, 38–39, 173 introduction, battle, opposition, 178 Domain-specific lexicon, 172 “Don’t Be Evil” (Google), 195 Downstream consequences, 140 Drew, Ina, 117–118 Due diligence process, 87 Dutch Republic, religious beliefs, 193 Duties, segregation, 16 E Earnings restatements, 39–40 eDiscovery, 88–89 Education, 198–199 Eisman, Steve, 48 Electronic markets, power groups, 64 Emotional temperature, changes (display), 171f Employees communications, monitoring, 60 engagement/interconnectedness, levels, 161 fulfillment, 161 motivation, 192 relationships, visualization techniques (example), 172f Employees, bank knowledge, 105 Engagement letters, 87 Enron, problems, 154, 180 Entebbe, raid, 76 Index Equities markets examination, 180 investment, 205 position hedge, 117 priority, 162 trading, example, 155, 156–157 Errors, chain, 119 Espionage, usage, 105 Ethical culture, 120 Ethical risk appetite, 126 Ethical values, sharing, 193–196 Euro, breakup (addressing), 131–132 Event causes, documentation, 147 Excel, usage (cessation), 95 Exception processing, 22 Executions, arbitrage, 41 External cyberthreats, 101–103 External incidents, 151–153 list, compilation, 155 External loss incidents, 152t External threats, 109f F Facebook IPO, 63 problems, 67–68 Facebook risks, 205 Fake counterparties, 12 Fake news risk, 91 Falciani, Herve, 103–104 Fat-finger errors, 139–140 controls, example, 144–145 Federal National Mortgage Association (FNMA), compensation, 49 Federal Reserve Comprehensive Capital Analysis and Review, 182 risk taking regulation, 180–181 Fiduciary responsibility, absence, 32 Financial Action Task Force (FATF), founding, 76 Financial asset, value, 97 Financial crisis (2008), 2, 195–196 regulatory reform, 181–183 Financial engineering, growth, Financial espionage, 103 Financial impact, example, 141–142 Financial risk appetite, 126 impact method, 141t Fines, imposition, 78t FINRA rules, 32 Firewall creation, 102–103 threats, 101 Firm culture, connections (building), 110 management, business assessment, 124 risk connection, 128–130 profile, understanding, 205 stature, 23 Fixed income securities, trading systems, 41 Flash Boys (Lewis), 180 Flash crash (2010), 64–67, 107 Foreign Corrupt Practices Act (FCPA), 58–59 Foreign exchange (FX), 1, 40 collusion, 40–41, 170 markets, criminality, 40 scams, 170 scandals, 3, 42, 175 trading scandal/tools/models, 34 France, invasion, 185–186 Fraud, 57–58 detection methods/procedures, bank review, 14–15 Friehling, David G., 55 Front Point Partners, 30 Front-running, 32 Future knowledge, 147 mitigation, past (understanding), 148f Future losses, prediction, 150–151 211 212 Index G Galleon Group, 28, 30 Genius risk indicators, 23f management process, 23–25 Genius traders, 19 characteristics, 19–23 impact, 10–11 indicators/controls, 22–23 risk, 20–21 Gladwell, Malcolm, 101 Global banks compliance, 79–80 pre-transaction screening, implementation challenges, 80 Global lists, usage, 79 Global market dislocations, 169 Goals, assessment, 123–127 Goldman Sachs employees, standards commitment, 195–196 insider information, 28 online personal banking unit, positions, hedge, 47–48 risk managers, actions, 49 Good information, advantage/ importance, 27–28 Gorbachev, Mikhail, 196 Governance controls, 144 Government, role, 177 Grant, Adam, 113–114 Graphing visualization techniques, 171–172 Great Depression, causes, 178 Grove, Andy, 192 Guiding principles (disaster planning), 185 multiple scenarios/optionality, development, 185–186 political will, building, 189 scenarios, strategies (development), 186–187 world, change (understanding), 188 Gupta, Rajat, 28 H Habsburg Empire, rebellion, 191–192 Hedge Fund Association, hedge fund professional survey, 31 Hedge funds, 137–138 accounts, 74 closures, 30t ethical boundaries, 126 professionals, survey, 31 transparency, increase, 33–35 HedgeWorld, hedge fund professional survey, 31 Heuristics, 111 usage, 164 Higgs, David, 39 High-functioning risk organization, risk governance framework, 203–204 High Grade Credit Opportunities fund, 125 High-risk user tools, isolation, 97 High-speed trading operations, SEC examinations, 66–67 House of Rothschild, rise, 27–28 Housing market, change, 37–38 HSBC clients, files (relationship), 104 risk identification, 77 Hurricanes Katrina/Sandy, damage, 100 I Incentive structure, placement, 13 Incident capture complications, 151 information, 149t systems, 149t Incidents analysis, 110 external incidents, 151–153 external loss incidents, 152t internal loss incidents, 147–151, 150t Index Incorrect-amount trade errors, 139–140 Indemnification clause, 85–86 Industry risk, 81 Information assets, infiltration, 102–103 defining, 28 exchange, unwillingness, 116 sales information, 103 Information technology (IT) controls, 68–69 employees/vendors, role, 104 failures, losses, 65t governance, 68 investments, 58 problems, occurrence, 68 release management practices, 68–69 Initial price offerings (IPOs), problems, 67–68 Innovation, usage, 206 Insider information, 28 Insider threats, 103–105 identification/mitigation, 104–105 Insider trader controls/analytics framework, 33f Insider trading, 27, 169 analysis, 27–29 charges, hedge funds closures, 30t description, 28–29 industry, 29–31 industry, middleman (impact), 29–30 risk, indicators, 33f Intellectual authority, 20–21 Interconnectedness, 199–200 Inter-connectedness, 115 Interest-only mortgages, demand, 127 Interest rates (derivative products), 178–179 Internal accounts, proliferation, 92 Internal incidents, list (compilation), 155 Internal loss incidents, 147–151, 150t examples, 148, 150–151 Internal threats, 109f International Monetary Fund (IMF), 103 Internet Bubble (1990s), 180 Intraday position excesses, examination (absence), 11–12 Investment cross-checking, 33 process, transparency, 34–35 strategy, 127 thesis, research (absence), 34 Investment banks asset management arm, growth, 127 change, 2–3 concerns, 142 control, 34 incentive structure, 13 normative culture, 114 systems, 14 trader limitations, 10 IRA bombing campaigns, 198 Iron Dome Defense Shield, usage, 187, 189 Israel, intelligence gathering, 188 Issues, debate (willingness), 196–198 J Jargon, absence, 118 JPMorgan Chief Investment Office Risk Committee proposal, 118 settlements, external incidents review, 154 JPMorgan Chase chart room/coded language, usage, 40 regulator event, 49 JWM Partners, 21 K Kahneman, Daniel, 164, 166 Kashkari, Neel, Kennedy, John F., 178 Kennedy, Joseph, 178, 179 Kerviel, Jerome (losses), 21–22 213 214 Index Knight Capital, 63 failures, 126, 205 headstones, 127 objectives, assessment, 125 software errors (2012), 67 Know your client (KYC) process, 74 risk, 157 Kreuger, Ivan, 53 L Labaton Sucharow, hedge fund professional survey, 31 Lagarde, Christine, 103 Lagarde list (Falciani), 103 Leadership business strategy, 123 national systems, 197 provision, 179 Learning, application, 173 Leeson, Nick, 133, 169 Legal team, usage, 173 Lehman Brothers bond offering/collapse, 86–87 headstones, 127 Lending rates, usage, 152 Leverage, increase, 48 Lewis, Michael, 24, 162, 180 Liars Poker (Lewis), LIBOR settlement, 152 Life cycle governance, 89 Limit management, absence, 10–11 Lippman, Gregory, 48 Liquidity increase, 179 loss, 48 Litigation big data risk, relationship, 85 risk, example, 154 settlements, 85 London Interbank Offered Rate (LIBOR), 39, 40 investigations, 87 lessons, 41 rate (determination), lending rates (usage), 152 scams, 170 scandals, 3, 42, 175 London Stock Exchange, 64 Long Term Capital, closure, 21 Loss capture, time/resources (usage), 151 determination decisions, 129–130 future losses, prediction, 150–151 internal loss incidents, 147–151 mismarking, contrast, 129 M Machine-learning applications, leverage (potential), 24–25 Machine learning capabilities, 171 Madoff, Bernie, 53–55, 180 Ponzi scheme, 107 responsibility, 53–54 scheme, 57 SEC investigation, 55 sentencing, 54 Maginot Line, 186–188 Maginot Line of Defense, building, Management distance, 117–118 risk management function, 110 360-degree risk management function, 123 Markets destabilization, 181 participation, increase, 179 regulation, 177–180 risk, 130–131 transparency, battle, 177 values, 132 Markopolos, Harry, 55 Massive ongoing fraud, SEC violations, 56 Match kind, 53 Material non-public information (MNPI), 27, 29, 32 registry, cross-checking, 33 Index Media exposure impact method, 143t Mega data, 13 Mergers and acquisitions (M&As) advisory, 14 Meyer, Marissa, 192 MF Global, headstones, 127 MF Global, problems, 179 Mirror trades, 74 Mitigating controls, 144 Model Risk and Control, controls, 41–42 Model Risk Control, rigor (increase), 42–43 Moneyball (Lewis), 24, 162 Money launderers impact, 75–76 practices, 73–75 value, contribution, 115 Money laundering risk, Mexico (identification), 77 Money Laundering Control Act, passage, 76 Money laundering process, steps, 74–75 Money, tracking (legislature/regulations), 76–77 Morgan Stanley, 183 punitive damages, 87 Mortgage interest-only mortgages, demand, 127 losses, aftermath, 49–50 market, long position, 166 mortgage-based credit funds, 37–38 mortgage-related risks, concentration, 87 origination division, 127 payments, 45 problems, 45 securities market, trader/firm dependence, 37–38 securitization, 45–46 Multiple scenarios, development, 185–186 N National Association of Securities Dealers (NASD), Madoff activity, 54 Natural language processing techniques, importance, 170–171 Networking opportunities, 130 Networks, infiltration, 175 New Castle Funds, 30 New product approvals, 140 New York Stock Exchange (NYSE), 64 Nonapproved pricing models, usage, 41 Nordlicht, Mark, 57 Nottingham Polytechnic, O Objective data analysis, usage, 24, 163 Office of Foreign Assets Control (OFAC) illegal entities list, 79 OFAC-blocked transaction reports, 80 sanctions, 73 Old data, deletion, 88 O’Malia, Scott, 58 Open self-analysis, principle (embedding), 197–198 Open society, 110, 118–120 creation, willingness, 119–120 issues, debate (willingness), 196–198 Operational management, 131 Operational risk, 130–131 categories, impacts, 107 coverage officers, impact, data increase, relationship, 87–88 departments, role, 134 events, 133–134 framework, development, 205 identification, 152 incidents, 108t, 133 losses, 147–148 scenarios, 153t upgrade, 110 215 216 Index Operational risk departments connection, 133–135 external/external incidents list, compilation, 155 improvement, 111 role, upgrade, 123 Operational threats, Optionality, development, 185–186 Organization importance, 113 information collection, 157 repair, 115–116 Organizational barriers, breaking, 116–120 Organizational structure, impact, 117 Ownership, changes, 78 P Past, understanding, 147, 148f Paulson, John, 48 Peer equity trading firm, computer algorithm incident, 152–153 Peer fixed income trading firm, LIBOR settlement, 152 Pennebaker, James, 164 Peregrine Financial Group, 55–56 Peregrine Ponzi scheme, 179 CFTC identification failure, 164 Phantom trades, 12 Phishing scam, 174 Platinum Partners, scandal, 57 Political will, building, 189 Ponzi, Charles, 53 Ponzi risk factor analysis, 58f Ponzi schemes, 53–57, 107, 164, 170 losses, 57t Ponzi’s Scheme (Zuckoff), 54 Portfolio managers, supervision, 35 Positive Psychology, 159–160 Present-value calculations, 97 Pre-transaction screening, 79–80 Preventative controls, 144 Price manipulation, 38–39 controls/analytics framework, 42f losses, 41t risk, 37 identification, focus areas, 42f Price models, control/edit, 41 Price verification, 41–42 Pricing, valuation, 117 Primitive tribal societies, examination, 200 Prince, Charles O., 47 Privacy bank respect, 80 data privacy, problem, 79 Product approvals, 140 Product risk, 81 indicators, 47f Product strategy, 127 Profit and loss analysis, 97 Profit and loss reviews, 16 Proprietary trading, Psychological insight, usage, 164–165 Psychology, usage, 164 Public markets, technology (history), 63–65 Pump-and-dump violation, 172 Q Qualitative bank assessment, 82 Quantitative bank assessment, 82 R Rajaratnam, Raj, 28 Regional lists, usage, 79 Regulations, 76–77 impact, 77, 182 open mind, 204–205 parsing, process (steps), 173 Regulators impact, 57–58 role, 177 rules, provision, 179 Index Regulatory attention, 74 Regulatory change management, 111 Regulatory compliance management, 173–174 Reinhart, Carmen, 94 Reputational impact, 142–143 assessment, 143t Reputational risk impact method, 142t Revenue driving, 37–38 generation, processes, 138 increase, 183 Risk, 107 activity, cessation, 159–160 Acts of God risk, 99 analysis, 137 areas, overseeing, 203 assessment, 81–82, 123–127 example, 156–157 controls, 41, 87 counterparty risk decisions, 129 country risk, 81 cultures, 128 defining, 85–87 dictionary, 138–140 disciplines, 132–133 discussion, forums, 134f fake news risk, 91 firms, connection, 128–130 functions, collaboration, 131f governance framework, 203–204 identification, 132 examples, 140–143 functions, collaboration, 124f increase, 63–65 indicators, 41, 47–49 industry risk, 81 issues, 116 language, building, 110 managers connection, 130–132 vigilance, 50 mitigation, 82, 96–97 organization, prioritization, 203 product risk, 81 indicators, 47f profile, understanding, 205 protection, 85–86 reputational risk impact method, 142t risk factor analysis, 164 risk-scaling method, 144 self-assessment, 110 spreadsheet risk, 95 strategy, leadership role, 126–127 taking, regulation, 180–181 taxonomy, 139t tolerance, 129 tools, 110 training, 199 Twitter risk, 91 Risk appetite, 124–126 customer risk appetite, 125 ethical risk appetite, 126 financial risk appetite, 126 statements, 125 Risk management, 169 cognitive risk management, traits, 203 education, 198–199 government/regulator role, 177 impact, 109 interconnectedness, 199–200 money, usage, 205–206 practice, 68 shared ethical values, 193–196 society, 191 members, shared passion, 191–193 strategy, 123–124 Risk management functions collaboration, 124f connection/inter-connection, building, 110 integration, 123 217 218 Index Rochdale Securities failures, 126 objectives, assessment, 125 trading activity, Rogoff, Kenneth, 95 Rogoff-Reinhart arguments, 96 Rogue computer, 63 Rogue trader, cessation, possibility, 13–16 contribution, value, 114 controls/analytics framework, 15f names, ranking, 13t risk, indicators, 15f success, process, 13 trade tools, 11–12 Rogue trading, crime, 9–11 Roosevelt, Franklin D., 178 Rothschild, Nathan, 28 Royal Bank of Scotland chart room/coded language, usage, 40 fixed-income trading footprint reduction, 124 S SAC Capital, 30 Sales information, 103 Salomon Brothers, 21 Savings and loans industry, implosion, 45 Scenario analysis, 110 Scenario planning, 153–155 component, usages, 153 power, basis, 100 Securities law, violation, 174–175 price levels, stability, 41 trader pricing, 41 trades, 23 valuation, 117 problems, 23 Securities and Exchange Act (1934), 27, 178 Securities and Exchange Commission (SEC) Enforcement Division, enforcement enhancement, 59 market regulation, 177–180 Whistleblower Program, 31 Self-analysis, 206 Self-confidence, usage, Seligman, Martin, 159–160, 198 Senate investigation, 66 Senior management, 23–24 concerns, 114 Serageldiln, Kareem, 39 Settlements, 86t Severe acute respiratory syndrome (SARS), outbreak, 196–197 Shared ethical values, 193–196 Shared language, 118 Shareholders, lawsuits/ settlements, 86t Siddiqui, Salmaan, 39 Silos removal, 110, 116–117 requirements, impact, 151 Six-Day War, 185 Slush fund, 12 Snake oil salesmen, 53 Snowden, Edward, 104 Social media, usage, 142 Social networks, 140 Societe Generale, 7–8, 16 rogue trading incidents, 155 Software release, 68 tools, availability, 34 Spreadsheet errors, 95–96 risk, 95 Standard & Poor’s fraud, civil law suit, 45 Stanford, Allen, 56 Stanford Financial Group, 56 Stock market, gyrations, 38 Index Stocks focus/concentration, 34 investment, 34 Stress tests, 205 Structured notes, 38 Subprime space, adjustable rates, 47 Substitution effect, 165 example, 165 Superfast trade execution engines, 64 Superstorm Sandy, aftermath, 99 Supervision, 22 Surveillance capabilities, 42 emphasis, 42–43 reactive/passive process, 170 systems, 170–171 systems, cognitive reasoning engine, 170 technologies, 105 Suspicious activity reports (SARs), 80–81 Suspicious transaction reports (STRs), 80–81 System design priorities, 14 System entitlements, 16 Systemic risks (big data), 87–89 T Tax avoidance, 74 Technology harnessing, 14–15 history, 63–65 IPOs, 64 usage, 63, 206 Terrorism, fight, 191 Terrorists, impact, 75–76 Thin data, example, 166 Third-party services, 82 Threats external cyberthreats, 101–103 external threats, 109f firewall threats, 101 insider threats, 103–105 internal threats, 109f 360-degree risk management function, 123 Times Square bomb plot, 198 Traders cautiousness, 182 conversations/trades, monitoring, 32–33 end-of-day limits, 11–12 limitation, 10 limits, flouting, 195 market dependence, 37–38 supervision, 9–10 systems, usage, 41 valuations, 120 violation, susceptibility, 175 Trades cross-checking, 33 disappearance, 180 execution errors impact, 143 risk, 139–140 executions, 138 speed, 180 limit breaches, 23 monitoring, 32–33 trade-limit monitoring, 16 Trade surveillance, 169–173 visualization analytics, example, 171f Trading floors, 32–33 trader supervision, 9–10 losses, 22t mandate, 10 patterns, observance, 34 risk, example, 155 Transactions post-transaction monitoring, 80–82 pre-transaction screening, 79–80 Transparency, increase, 179 219 220 Index Treaty of Versailles, 186 Twitter account, hack, 91 Twitter risk, 91 U UBS, 8, fixed-income trading footprint reduction, 124 losses, operational risk events, 133–134 rogue trading incidents, 155 Understanding, overestimation (example), 166 Underwriting business, example, 154 Undetected cash movers, practices, 73–75 United Nations, global list (usage), 79 United Provinces, rebellion, 191 U.S Civil War, disagreements, 193–194 U.S Treasury, risk taking regulation, 180–181 V Vacation policy, 16 Valuation models, usage, 20 processes, 152–153 Value-at-risk (VaR), 206 Value-at-risk (VaR) limit, 165 breaching, 165–166 Values importance, 113 loss, 38 Virtual friends, connection (absence), 199–200 Visualization techniques example, 172f graphing visualization techniques, 171–172 Volcker Rule, 4, 206 W Wall Street Crash (1929), 178 Wasendorf, Sr., Russell, 55–57, 178 Watson (IBM), learning (application), 173 Wells Fargo, scandal, Whistleblower Program (SEC), 31 White, Mary Joe (appointment), 180 Workflow requirements, impact, 151 Work quality, impact, 161 World, change (understanding), 188 WorldCom, problems, 154 Wrong-way trades, 139–140 Z Zuckoff, Mitchell, 54 ... will inevitably hit from time to time The acquisition of risk management capabilities linked to what I call the Cognitive Era are going to be required The Cognitive Era is referenced in the. .. is the source of his roguishness? He is not the handsome rogue of your Victorian novel Though he may Rogues of Wall Street: How to Manage Risk in the Cognitive Era, Andrew B Waxman © 2017 by International... bank, trading books of some of the traders working in institutional equities can be in the billions of dollars buying and selling the stocks in which they make a market for their customers For