17 Jun 2013, Laura Hutton , SAS , Operational Risk & Regulation
During the bull markets of the 1990s and early 2000s, trading floors grew rapidly while the back-office and risk functions were left struggling to keep up. The post-crisis financial sector couldn’t look more different, with compliance, visibility of risk and speed of access to information at the top of the agenda.
As a result, many banks are realising the controls put in place to detect trader error, indiscipline and fraud are inadequate. Most are based on simple, rules-based key risk indicators (KRIs), which are only applied at transaction or event level, such as the booking and cancellation of a trade, irregular logins, or failure to take annual leave.
While all of these behaviours may indicate a trader trying to conceal a position, they are also frequently triggered as part of ‘business as usual’. With risk officers receiving upwards of 15 reports a day (often in the form of Excel spreadsheets), each relating to different KRIs, how can they begin to understand which triggers indicate true risk and which are just ‘noise’?
This cloudy view of risk is compounded by the siloed nature of the control systems and groups that generate and manage these KRIs. For example, existing systems cannot automatically cross-reference across control areas such as HR, operational risk, credit risk and IT or, indeed, look at activity across products or over the course of weeks, months or years.
Yet well-practised rogue traders can go to great lengths to avoid detection, spreading their activities across multiple products, portfolios and systems. Joining up the dots to reveal complex patterns of behaviour that differentiate genuine risk from the everyday occurrences is, therefore, like looking for the proverbial ‘needle in a haystack’ – more down to luck than judgement.
In addition, while banks hold vast quantities of data, it is not always in the best shape. Often, data labels are inconsistent and trade-level information is missing or incorrect. This can lead to increased noise, with lots of alerts being triggered unnecessarily; for example, because counterparty reference data is out of date.
It all adds up to a distinct lack of visibility. Even if a risk officer does uncover risky behaviours, it could take months – a luxury banks cannot afford in today’s fast-moving markets. In addition, a lack of meaningful information or context around KRIs means back-office investigators cannot always tell if a trader’s explanation around an alert is suspicious or satisfactory.
Room for improvement
Since the huge losses of rogue traders such as Société Générale’s Jérôme Kerviel and UBS’s Kweku Adoboli have been exposed, banks are increasingly realising this siloed and reactive approach is not up to scratch. However, there has been a tendency for banks to simply plug the holes with new KRIs – which does nothing to improve visibility.
In addition, many banks are focused on improving data quality, believing this to be the first step to an effective risk detection system. While data quality is fundamental to good insight, a data quality improvement programme could take banks 10 years or more to complete; meaning another decade of low visibility and high risk.
Banks need a system that can use advanced methods to accurately detect risk while overcoming the challenges associated with poor data quality and ‘noise’ generated by existing control systems. An effective system would give them a single view of KRIs – across traders, books and desks – and the ability to analyse this information and spot complex patterns, both known and unknown. Only through this holistic approach can they gain true visibility of risk across the organisation, eliminate noise and unlock the value in existing risk controls.
As illustrated in the diagram below, best-of-breed approaches to improving risk management is a virtuous circle of data-driven detection and exploration, with a focus on enabling banks to ingest, calculate, explore and prioritise data in a timely manner.
Detection: Looking up through the data
Data-driven risk detection creates a holistic, single view of risk and prioritises high-risk entities – traders, desks, books, behaviours – for further investigation. With a high-performance solution, banks can run complex models regularly and on-demand to receive early warnings of potential rogue trading activity or indiscipline – so the appropriate action can be taken before the threat grows or losses spiral out of control. There are three key stages to this approach:
1. Ingest the data
Multiple data sources – from the front and back offices, risk functions, HR, IT and across the organisation – should be ingested to create a single view. There needs to be flexibility to enable new data sources to be easily integrated over time, while the entire process must be fully auditable, so users can clearly see what data is being used and who it belongs to.
At this stage, banks can also use sophisticated methods to identify data quality issues, such as missing information, duplication and errors, and minimise their impact. Where a control hasn’t captured a trader’s identification, for example, it may be possible to determine which book the trade was on and who works on that book to get the most detailed picture possible.
The act of highlighting and addressing weaknesses in data quality will be an on-going process, used alongside risk detection and risk exploration, meaning banks can start making incremental improvements in their visibility of risk straight away.
2. Create a holistic view
Once data sources are ingested, a single control framework can be created that links all existing KRIs and trade information together. Through this, new KRIs can be developed and deployed as needed. Information can then be viewed at entity level – for example, by trader, product, desk or book – over any given period of time. Furthermore, data linking can be applied to identify and understand relationships between entities in the data, such as traders’ relationships with their books, counterparties and with each other.
Using this holistic view, banks can look across previously siloed controls and other data sources to assess the risk they face on the trading floor.
3. Apply sophisticated analytics and build an aggregated picture of risk
The final piece of the puzzle is to apply a range of detection techniques across this holistic view to build up an aggregated picture of risk. Techniques such as peer group and outlier analytics can be used to reduce noise by understanding what normal trading behaviour looks like. A high rate of cancellations, corrections and amendments (CCAs) from a trader in prime brokerage, for instance, may not be unusual and would be considered low risk. Yet for another trader a sudden increase in the volume of CCAs, coupled with irregular login activity and little time away from the office, could be worthy of investigation and can be flagged as a high-priority risk. Furthermore, these techniques allow the solution to evolve over time and for banks to be alert to new patterns and trends as they emerge.
However, analytics cannot be applied blindly; it is imperative to combine business knowledge and understanding with analytical methods. This hybrid method offers the optimum solution, enabling a bank to find both known and unknown risks.
An interesting by-product of this approach is the potential reduction in systemic risk through the provision of more meaningful information to the back office during their investigations. Rather than enquiring about one KRI in isolation, they can speak to traders with a complete picture of any unusual activities over any given time frame. They can ask better questions with confidence and be more satisfied with the results.
Exploration and understanding: Looking down through the data
While data-driven detection of behaviours that are known to be risky is essential, it is equally important to be able to quickly and easily drill down through the data, explore key areas of risk that have not previously been considered and then investigate further.
Using in-memory processing and data visualisation, best-of-breed technologies give users the power to ask questions on the fly, with no reliance on IT. Millions of lines of data can be analysed in seconds, with the results presented in a user-friendly and highly visual way. So a chief risk officer can instantly understand which products are exposing the bank to the most risk, rather than waiting a few days for the answers. Users can build scenarios and decide which patterns are worth looking at in more detail. This provides a continuous feedback loop to the detection model, enabling users to refine existing KRIs and identify new ones that will add genuine incremental visibility across the organisation.
Time is of the essence
With the regulators piling increasing pressure on the banks to gain better control of the trading floor and wipe out bad practice, the existing controls simply will not suffice. For many in the investment community, the prospect of taking a completely new approach is a daunting one. But a staggered approach – plugging holes with new KRIs and focusing predominantly on data quality issues – leaves banks vulnerable and blind to the true face of their risk.
With the threat of financial crime and the risk of human error never far away, along with increasing regulatory scrutiny and capital requirements, time is of the essence to put effective risk detection processes in place. Banks must therefore move quickly to gain a holistic view of their data to truly understand and manage operational risk, before they suffer financial and reputational losses.