RESPONSIBILITY WITH AUTHORITY: USING THE POWER OF THE

advertisement
Leveraging The Subprime Crisis:
Making The Case For Continuous
Auditing And Monitoring Of Financial
Institutions
Michael Alles
Miklos Vasarhelyi
Department Of Accounting, Business Ethics And Information
Systems
CONTECSI 2008: I SIMPÓSIO DE AUDITORIA CONTÍNUA
Background: An Unprecedented Crisis
• Bank write-downs from subprime crisis are $355 billion and
growing: by most measures, larger than either S&L or Latin
American debt crises of 1980’s.
• Estimates are that this crisis will be longer and deeper than
any other before and losses at investment banks could
amount to 2 ½ years of profits!
• House prices in free-fall in much of the developed world as
mortgages become difficult to get even for borrowers with
good credit.
• Some consider banking sector to be facing a crisis of 1930’s
proportions as entire basis for modern banking practices
brought into question, as well as the governance/regulatory
structure that gave rise to it.
2
An Evolving Crisis
a
Subprimes
Are sold to
clients that cannot
afford them or
speculators
Subprimes
Subprimes
Subprimes
Subprimes
Moral hazard..
The one that sells
the mortgage is
not who ultimately
carries it
Many forms of
mortgages have
been engineered
to minimize
monthly payments
These lower
quality loans carry
higher interest
rates therefore pay
higher sales
commissions
With the passing
of time or
decrease in real
estate values
these mortgages
become
3
An Evolving Crisis
Subprimes
Subprimes
Subprimes
Subprimes
Subprimes
Subprimes
Subprimes
Sold by one
entity acquired
by another
that converts
them to
a SIV
(structured
Investment
Vehicle)
Subprimes
Subprime B
They are sold
as paper to
banks wanting
to improve
their returns
Subprime B
Subprimes
C
Subprimes
C
These are
broken down
into different
risk categories
called
“tranches”
4
An Evolving Crisis
Subprimes
Subprimes
Subprimes
Subprimes
Sold by one
entity acquired
by another
that converts
them to
a SIV
(structured
Investment
Vehicle)
Subprimes
Short- term
Financial
paper
Subprime B
Subprime B
Short- term
Financial
paper
Subprimes
C
Subprimes
Subprimes
Subprimes
Banks sell
The tranches
to clients that
finance it
issuing short
term paper
Subprimes
C
Off balance sheet
Entities are created
Short- term
Financial
paper
5
An Evolving Crisis
Subprimes
Subprimes
Subprimes
Subprimes
Sold by one
entity acquired
by another
that converts
them to
a SIV
(structured
Investment
Vehicle)
Subprimes
Subprimes
Short- term
Financial
paper
Subprime B
Subprime B
Short- term
Financial
paper
Subprimes
C
Subprimes
Subprimes
Swaps are sold insuring the instruments
Banks sell
Higher interest
yielding
insured
instruments
Subprimes
C
Off balance sheet
Entities are created
Short- term
Financial
paper
6
7
Market Failure
• The credit crisis has choked off many of the markets that
banks in recent years relied on to take assets off their balance
sheets. Issuance of mortgage-backed securities has dropped
sharply, while demand for more complex instruments such as
C.D.O.s has dried up completely.
• Many bankers think it will be months, if not years, before they
can start issuing these securities again. If and when they do,
investors are bound to demand higher returns than before and
are likely to require banks to demonstrate confidence in the
securities by keeping a greater proportion themselves.
• In short, this means that banks will be forced to fund more of
their future loans from their own balance sheet resources.
8
Banks Need To Strengthen Balance Sheets
• Several of the world's largest banks--Citigroup, Merrill Lynch,
UBS and Morgan Stanley—have sold multibillion-dollar stakes
to Asian and Middle Eastern investors and Sovereign Wealth
Funds to boost their capital amid heavy losses on mortgage
investments. But as banks increasingly take responsibility for
assets that had been held in off-balance sheet funds such as
SIVs, their capital needs have grown.
• Goldman Sachs estimated that $475 billion of “extra” assets
had been moved to bank balance sheets since the credit
crunch picked up speed earlier this year.
• Mortgage insurance entities have been shored up by the
same banks that they insure.
9
From Banking Crisis To Governance Crisis
• The SPM-crisis brings into focus the fact that financial service
practice is running far ahead of governance practices, which
include:
• External mandatory, periodic audit.
• Internal audit.
• Ratings agencies.
• Government regulators.
• Board of directors.
• Auditing is only one part of the reformed governance structure
that is needed to overcome the current crisis and perhaps
reduce frequency of future ones. But the role of audit has to
been seen against this wider breakdown in governance.
10
SPM-Crisis Not Unprecedented
• Consider
lessons
from
Long
Term
Capital
Management (LTCM) crisis: not hard to find—see Wikipedia!
• In 1998, Russian default caused LTCM to fail precipitously
forcing $3.65 billion intervention by the Federal Reserve.
• LTCM had equity of $4.72 billion and had borrowed over
$124.5 billion with assets of around $129 billion. It had offbalance sheet derivative positions with a notional value of
approximately $1.25 trillion, most of which were in interest
rate derivatives such as interest rate swaps.
• The fear was that there would be a chain reaction as the
company liquidated its securities to cover its debt, leading to a
drop in prices, which would force other companies to liquidate
their own debt creating a vicious cycle.
11
LTMC Gave Warning Of Future Risks
• The profits from LTCM's trading strategies were generally not
correlated with each other and thus normally LTCM's highly
leveraged portfolio benefited from diversification. However,
the general flight to liquidity in the late summer of 1998 led to
a marketwide repricing of all risk leading these positions
to all move in the same direction.
• As the correlation of LTCM's positions increased, the
diversified aspect of LTCM's portfolio vanished and large
losses to its equity value occurred.
• Thus the primary lesson of 1998 and the collapse of LTCM for
Value at Risk (VaR) users is not a liquidity one, but more
fundamentally that the underlying Covariance matrix used
in VaR analysis is not static but changes over time.
12
“Black Swans”: Managing For 10-Ω Events
• Nassim Taleb compared LTCM's strategies to “picking up
pennies in front of a steamroller”.
• Problem is that standard risk models, such as value at risk
(VaR) tend to underappreciate the risk of low probability/high
loss events, such as the market moving in unison and
unraveling risk diversification strategies or assumptions about
liquidity of assets.
• “VaR leads to the illusion that you can quantify all risks and
therefore regulate them”. Till Gulidmann, creator of VaR
concept.
• Ignores changes in markets, assets: “like observing 100 years
of weather in Antarctica to forecast the weather in Hawaii”.
13
Underlying Causes Of LTCM Debacle
• Greatly contributing to the crisis were:
– the total lack of transparency of LTCM positions
– the ignorance by counterparties of LTCM of its intricate web
of relationships and their consequent exposure
– the effectively totally unregulated nature of hedge funds
– the immense arrogance and greed of both LTCM partners,
counterparties and investors, all of whom were seduced by
the Nobel Prizes of the LTCM partners
– a refusal to ask hard questions and to insist on usual
controls and standards of prudence
– the lack of disclosures on derivatives by all parties
14
LTCM Had Little Long Term Impact
• 10th Year anniversary of LTCM:
– The FASB issued derivative disclosure rules, but
disclosures remain opaque.
– Many other types of financial instruments continue to be
under-reported or non-reported under the excuse of
competitive impairment.
– As private equity and hedge funds remained largely
unregulated and Sarbanes-Oxley increased the regulatory
burden on public firms, large amount of funds was routed
to these entities.
– The financial institutions refined the use of SPE-like
entities for taking assets and liabilities off the balance
sheet.
15
Governance And Regulatory Environment
• In general, very little regulatory impact on SPM-crisis except,
importantly, in the negative sense.
• Lack of regulation on lenders, despite desperate calls to do
so. On the one hand, SPM was a public policy good, ending
racist practice of black-lining loans, predatory loans.
• Made housing available to a large deserving group previously
denied loans, boosting house sales (not house ownership!) to
record highs.
• Problem was increasing practice of lending without usual
standards of ability to pay back, or documentation: “Liar’s
loans”.
• In one mortgage backed security of 2,393 mortgages, 43%
provided no documentation of income!
16
Incentives Unraveled Throughout Industry
• Even mortgages for owner-occupied homes proved less
reliable than past history indicated?
• Why? Because people were buying them as investments, not
as “homes” and so had less loyalty to them.
• Thus mortgage holders look at homes rationally and not with
sentimentality: as soon as they have negative equity, even
home-owners with good credit walk away from the loan,
raising default rates to unprecedentedly high levels.
• Mortgage lenders made loans so that they could sell them to
Wall Street to be securitized. Thus they had little incentive to
care how good the loans were and though, sometimes
mistakenly, that they could pass on the risk completely.
17
Securitization: The Great Driver
• Securitization—transforming cash flows from assets into
bonds—is the real driver of the SPM-crisis.
• Bankers created a new market from slicing, dicing and
packaging mortgages into such new derivative instruments as
mortgage backed securities, collateralized debt obligations,
C.D.O.’s squared, special purpose vehicles etc.
• At best these structured finance products allowed risk to be
better allocated and diversified and hence expanded the
amount of credit that could be offered: a key feature of the
Basel II standard.
• At worst, they vastly leveraged the amount of gambling that
could be done on the financial markets: C.D.O.’s of some $75
billion generated trades with a notional value of $60 trillion.
18
Key Enabler: Ratings Agencies
• Ability to sell these derivative products depends on their
ratings. Instead of being gate keepers, rating agencies
became “gate-openers”.
• Analysts look at mathematical models, not details of the
underlying mortgages. Moody’s did not even have access to
the individual loan files. Certainly did not communicate with
the borrowers or try to verify the information they provided in
their loan applications.
• “We aren't loan officers. Our expertise is as statisticians on an
aggregate basis. We want to know, of 1,000 individuals,
based on historical performance, what percent will pay their
loans?” Claire Robinson, a 20-year veteran for Moody’s.
19
Ratings System Broke Down
• Centrality of ratings for process and fact that seller not buyer
paid for rating created obvious incentive problem: “Every
agency has a model available to bankers that allows them to
run the numbers until they get something they like and send it
in for a rating” says former Moody’s securitization expert.
• Moreover, valuing derivatives more difficult than valuing
underlying assets when they are put through securitization
process: “Four thousand pieces of a Porsche are more
difficult to value than a Porsche itself and the sum of the parts
does not equal the whole,” says Bill Michael of KPMG.
• In the anything goes climate of 2006, Moody’s had only a
single day to value a mortgage backed security.
20
Implied Versus Actual Ratings
• Moody's Analytics, which operates separately from Moody's
ratings division, uses credit-default swap prices as an
alternative system of grading debt.
• These so-called implied ratings often differ significantly from
Moody's official grades, suggesting higher default risk than
Moody’s official ratings.
• And the data shows that the implied ratings are more
accurate predictors of default risk.
• “The only thing holding [securities] at AAA is simply the model
that the rating agencies claim they use to judge that capital
and the fact they know that if they downgrade the companies,
it'll push them into default”. Tim Backshall, CDR LLC.
21
“If You Are So Smart, How Come I Am President?”
• Reputation for intellectual horsepower and amount of money
earned by those doing securitization intimidated those who
would ask questions. In hindsight, both sellers and buyers
failed to understand the true risks of derivative products.
• “Investment bankers who talk about 'exploding short-term
gamma risk' earn $2m; someone in our debt-recovery team
earns $50,000. The only difference between them is that the
person who earns $50,000 knows what he is doing.”
• Same old story: Nobel prize winners at LTCM; Andersen
auditors working for free in their part time for Enron because
of prestige of working for “America’s most innovative
company”.
• Such behavioral issues pervasive, significant.
22
Societe Generale: The Icing On The Cake
• Jérôme Kerviel, a junior trader at Societe Generale accused
of exceeding his authority to engage in unauthorized trades
totaling as much as €49.9 billion, a figure far higher than the
bank’s total market capitalization.
• Investigators say Kerviel's bosses missed more than 1,000
faked trades; a huge jump in his earnings in 2007; questions
about his trades from the Eurex exchange; unusually high
levels of cash flow, accounting anomalies, and high brokerage
expenses; Kerviel's failure to take vacation; and his breach of
the desk's market risk limit on one position.
• One problem was that it was only net positions that were
monitored, not total.
23
Anatomy Of A Bank Failure
• Controversy about whether his superiors knew what was
going on—alerted by Eurex exchange, did not object when
net position was showing profits for the bank.
• “My feeling is that — we are now on the second report — by
the third report it's going to be the fault of the cleaning ladies.
Each time it goes down (the corporate hierarchy), instead of
up.” Kerviel’s lawyer.
• A central issue was that the trader had worked in the controls
area and knew how to circumvent them. “Several key controls
that could have identified fraudulent mechanisms were
lacking. There was a lack of an appropriate awareness of the
risk of fraud”. PwC report.
24
Societe Generale: What Lessons?
• At Goldman Sachs people are routinely rotated between
control functions and business functions so that each has an
equal cachet, and problems are discussed by a broad range
of insiders. Aim is avoid risk management being seen as
second-rate naysayers holding back sexy trading strategies.
• But is this a good thing, or does is it give people like Kerviel
the means to circumvent controls?
• “The number of firms that will investigate an unusual profit is
smaller than the number of firms that will investigate an
unusual loss”. Andrew Gray, PwC.
• Bottom line is that banks, especially investment banks, are
inherently susceptible to failures of control and governance
since their culture today is to push risk/reward boundaries.
25
Lessons For Auditing From Recent Crises
• Point of recounting this story is to understand the challenges
facing governance and control of financial service firms today.
Many lessons available from recent crises, but one lesson is
that such lessons have to be continuously re-learnt.
• Societe Generale is tightening computer security, significantly
investing in information technology, reinforcing controls and
taking more account of the possibility of fraud.
• Clearly technology has a major role to play, but it is not a
magic bullet. Need to take behavioral issues into account.
• Technology can indicate that something is wrong, but it cannot
stop risky behavior.
• None are as foolish as those willing to be fooled.
26
Tasks Auditors Will Have To Perform
•
•
•
Assess the sufficiency of capital to give a “going concern”
opinion and satisfy banking regulation.
Conduct “arms length” valuation of the financial assets of the
client and assess the value at risk that they pose.
Develop a methodology for ensuring that complex derivative
instruments that pose particular risks are properly recorded
when they are created or traded and that controls are in
place to monitor how they are utilized.
27
Challenging Audit Environment
• Boundaries of business entities are increasingly ill defined
with special purpose entities and counterparties impacting the
firm’s balance sheets, but which are often outside the scope
of existing audit practice.
• Difficult to assess VaR from financial instrument and contracts
whose underlying assumptions are unclear and whose value
depends on market dynamics and market confidence to a
degree that only now is being realized.
• The interlocked nature of financial entities and instruments
that are being measured, assured, and valued separately, and
with less control than many had assumed.
28
Challenging Audit Environment Continued
• Hedge operations involving numerous instruments are often
managed and monitored on nothing more sophisticated than a
spreadsheet. Pervasive problem in finance and insurance.
• As the Societe Generale case has demonstrated, even
seemingly sophisticated real-time controls have weaknesses
stemming from their own lack of security, monitoring and
alarm handling features. Firms may be monitoring the wrong
people and the wrong things and not know what to do with the
information that controls are generating.
• Application of accounting rules, especially Fair Value, may
cause unforeseeable problems, impacting markets, not just
providing a neutral measurement.
29
Audit Methodology Behind The Times
• External audit methodology is an anachronism.
– The periodic, backward looking audit is not designed to
monitor fast moving financial operations or detect going
concern weaknesses in short periods of times.
– Fails to measure integrated risk faced by financial
institutions.
– Or deal with the fuzzy boundary issues of interlinked
financial agents.
• Internal audit groups.
– Are better positioned to deal with these issues.
– But they often do not have the monitoring and control
charter.
– Need to develop a comfort zone for monitoring and
assurance functions to be negotiated among the Basel II,
compliance, fraud, Sarbanes-Oxley, and operating groups.
30
Applying Technology To Auditing
• Continuous auditing and monitoring: applying technology to
the reengineer the audit process in order to enable ondemand auditing with reduced latency between the
transaction event and the provision of assurance.
• CA = continuous control monitoring + continuous data
level assurance.
• Continuous auditing and monitoring cannot by themselves
prevent crises such as SPM or Societe Generale.
• Scope of CA/CM today is too limited, focused on operational
control, automation of existing audit processes and fraud
detection.
• Need to take it to the next level. But note that trading already
subject to CA, which indicates need for caution.
31
CA/CM In The Governance Process
• Would CA/CM as currently envisaged have prevented the
SPM-crisis? Realistically, no.
• When there is a systematic failure across the entire
governance process, no one part of that process can
compensate sufficiently.
• Part of the problem is the failure to understand the flawed
incentives throughout the governance process, which can
lead to even technological alarms to be ignored, as in the
case of Societe Generale.
• On the other hand, advantage of technology is that it is not
swayed by status, income or position.
• The point of this conference is to begin the process of taking
CA/CM to the level necessary where it will have a real impact.
32
Some Possible Solutions To Explore
• A valuation platform that will provide third party valuation of
complex financial instruments and a systemic assessment of
their critical risks, types and their inter-linkages, and an
automated confirmation mechanism (a more sophisticated
and broader form of the SWIFT system, using confirmatory
extranets) to verify and affirm the existence of the instruments
in question.
• A library and taxonomy of derivative valuation programs
drawn from various sources, both external and internally
developed.
• A template for a linkage methodology where related derivative
instruments part of a coordinated hedge will be linked.
• A high level set of risk KPI and monitoring alarming features.
33
Thinking Out Of The Box Continued
• A set of analytic continuity equations linking: varied outside
market conditions; clearance agents; derivative instrument
and security positions, and different views of risk exposures.
• A representation of clearance agents, clients, paper issuers,
SPEs, and other relevant entities.
• An alarming/management methodology to mitigate the danger
of rogue trading and unbalanced derivative positions.
• Simulation of several alternate conditions/contingencies
based on published reports of major frauds at Societe
Generale, Citigroup, Barings and so on to test the validity of
the proposed approach as a preventive and detective control.
34
1. Database to database confirmations
3. library of derivative
valuation programs
4. high level set
of risk KPI
and monitoring
alarming
Counterparty 1
5. Analytic
2. A reporting level
control panel
continuity equations
FI enters in thousands of
Derivative transactions
6. alarming/management
methodology
•Many transactions are multiparty
•Similar instruments are actual different
•There are tight and loose hedges
•Catastrophic changes in markets undermine hedges
Counterparty n
35
Discussion Questions
• Can a technologically based solution and new audit
methodologies be derived to deal with or mitigate these
problems?
• How good are the current risk management platforms at the
financial institutions?
• Can a platform just involving one institution without spanning its
counterparties be relied upon?
• How do we make allowance for incentive issues, especially in
the face of enormous temptations to subvert governance.
• With XBRL now effectively mandated the question that looms is
if version 2.1 is adequate to represent fast moving instruments
or will new XML extension languages have to be created to
deal with the “live financial report.”
36
Download