Many times trading company risk managers discuss the three primary focus areas of risk management departments as Market, Credit and Operational.
Being more quantifiable Market and Credit risk are easier to model and are often represented in nice graphical format in distributed risk reports.
It is a reality that operational risk assessment takes a back seat in management reporting. However, history has shown that inattention in this area has lead to some of the largest risk disasters.
Operational risk must form the backbone of any risk strategy and boards should provide guidance and ensure there is assessment and inclusion in regular reporting.
But, what exactly is operational risk management?
It starts with the intangibles of culture and behaviour. Looking at how people are incentivised to act. Whether we like to admit it or not, most employees will work with their own self interest in mind so it is important that the interest of the business and the interest of the individual or team are aligned.
Many trading companies have made the error of offering large cash bonuses based purely on financial results. This has invariably lead to behaviour geared towards achieving the highest possible results in order to gain the maximum bonus payout, at the expense of what is best for the business. There are many examples where this reward structure has incentivised traders to cross the line between acceptable and unacceptable behaviour.
A bonus driven culture also tends to favour the front office over other functions and leads to an environment where the front office dominates and there is not enough balance from relatively under-rewarded control and monitoring functions.
There are many examples of this type of abuse. One is that of Enron’s short term power desk. The desk was incentivised to maximise profit and at the same time the traders were given control of a number of key generation assets. The best return was achieved by turning the power stations to full generation, tanking the spot prices, loading up on short term power and then turning them all off. This in turn would ramp the spot price, into which the trading desk would oversell and then turn generation back up sending prices tumbling once again. They made a lot of money, a huge amount, but, peoples lights and air conditioning went off, hospitals and other essential services had to engage their emergency back-up. Ultimately this lead to statewide investigation, government enquiry and significant damage to reputation. This of course was not the last time Enrons reputation would be damaged…
A second aspect of operational risk is examination of process. By following a few different transactions through their lifecycle from initiation to financial reporting it is possible to analyse where there may be conflicts of interest and missing controls as well as areas to place performance monitoring.
One excellent example of where things can go badly wrong is the confirmation process. When a trade has been agreed by the front office, input into the trade capture system and confirmed by the trader, it should then be confirmed by the customer. It is essential that confirmation goes directly from the customer to a confirmation function and not via the front office.
The function which checks the confirmations must be completely separated from the front office and must insist everything is received from the customer directly and should have contacts at every customer business so they can call and check if a confirmation is missing. In addition, once a transaction has been input in the front office it must be locked out such that only the confirmation function can make changes. If there is a deal change agreed at a later date, such as rolling forward to a later delivery, this needs to be requested by the front office and agreed by the confirmation function and confirmed by the customer. There have been a number of very large frauds perpetrated due to a lack of control in this area.
I have experienced operational issues from traders sending incorrect confirmation information to the confirmation desk that looks as if it came from a customer but ultimately proved to be a forgery. In addition I have seen traders enter the system and alter contract information without any confirmation of change and without the knowledge of the middle/back office, creating effectively fake contracts in order to boost profit/loss for the end of year bonus mark.
A classic trick is bottom draw trades which have not been input or confirmed. The only hope to pick these trades up is if there is a process in place whereby customers send independent confirmations to a separated confirmation function that can identify if trades confirmed externally are not input locally.
One of the largest ever rogue trader cases was that of Jerome Kerviel who between 2006-2008 ran a massive book of unauthorised trades which ultimately lost his employer Societe General $6.9billion.
Provides a list of the largest rogue trader cases and nearly all of them could have been prevented with better operational risk around independent confirmations.
Another aspect of operational risk is what is referred to as continuous business improvement. This involves analysis of issues within a company which have lead to unexpected loss and establishing what could be changed in the current procedure or process to ensure that this issue will not happen again. The idea is not only to rectify the system in the area where the unexpected loss was experienced but also to roll out the knowledge gained to the rest of the organisation. Perhaps the best model for this is found in aviation where all issues are openly distributed across the industry.
These are just some short examples, there are many more aspects of operational risk which are important if a commodity business is to avoid unnecessary loss. An operational risk policy should identify key risk indicators (KRI’s) which can be monitored at regular intervals to warn where processes are deteriorating and also to highlight where improvements are being made.
Admin - 10:03 | Add a comment