Finance Dublin
Finance Jobs
Thursday, 18th April 2024
    Home             Archive             Publications             Our Services             Finance Jobs             Events             Surveys & Awards             
Unauthorised trading is the biggest risk treasury departments face Back  
In recent times, there have been several high profile rogue trading cases. Donal Galvin says that in order to avoid the severe damage these cases caused, treasury departments need to implement key control activities such as reviews of operating performance, as well as adequate and effective audit programs.
Treasury departments have developed sophisticated risk management systems and the basic components of these systems are identifying and defining the risks that the firm is exposed to, assessing their magnitude, mitigating them using a variety of products and procedures and setting aside capital for potential or expected losses. Over the last 20 years, financial institutions have been using economic modelling to assist them in these tasks. The development of empirical models of financial volatility have led to more accurate measurement of market risk, which is the risk arising from fluctuations of financial prices e.g. interest rates, foreign exchange & spread risk. In the area of credit risk, models have been developed for large scale credit risk management purposes utilizing historic default & recovery rates for different assets classes’ .Yet not all of the risks faced by financial institutions can be so easily categorized and modelled. The risks of electrical failures or employee fraud do not lend themselves as readily to quantification. Such risks are typically categorized under the banner of operational risk.
Operational risk is difficult to define and harder to measure. The Basle committee has made things somewhat easier by adopting a common industry understanding and creating a benchmark regulatory definition of operational risk which is ‘the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events’. Many of the great financial fiascos have involved some sort of operational risk. The biggest such risk is unauthorised trading where the best examples can be summarised through the following cases:
• February 1995: Most famous case, Nick Leeson brings down Barings bank by accumulating losses of $800 million through unauthorised dealing in the futures and options markets.
• July 1995: Toshide Iguchi admits to the New York branch of Daiwa Bank that he has been fiddling (for over a decade) confirmations to allow him to sell off securities owned by Daiwa clients. It costs Daiwa $1.1bn as well as a large fine and irreparable damage to its reputation and regulatory relations.
• June 1996: Sumitomo announces the sacking of copper trader Yasuo Hamanaka for trades that eventually cost the Japanese Institution $2.6bn.
Operational risks such as these infamous cases above can cause irreparable damage to a bank and the biggest fear for any board of directors is to have their financial or corporate treasury added to this list. While equity investors understand that the very function of a bank is to take risk and accept that losses will occur from time to time, they will be less understandable when losses in a financial institution are caused by a lack of supervision or a fundamental weakness in an institutions risk governance framework. These losses are viewed as entirely avoidable.
A number of these banking fiascos happened around the same time and caused financial institutions to start a wave a self-assessment and stress testing internal controls. On careful examination of each case highlighted above regulators identified a number of recurring factors, these were the following1:
• Lack of adequate management oversight and accountability, and failure to develop a strong culture of control within the bank.
• Inadequate assessment of the risk of certain banking activities, whether on or off-balance sheet.
• The absence or failure of key control activities such as the segregation of duties, approvals, verifications, reconciliations and reviews of operating performance.
• Inadequate communication of information between levels of management within the bank, especially in the upward communication of problems.
• Inadequate or ineffective audit programs and other monitoring programs

In the wake of the financial scandals of the mid 90’s financial institutions revised their risk governance frameworks and re-evaluated their philosophy and risk profiles. There are no quick wins when trying to change a companies risk framework and risk culture, this decision needs to be taken at board level otherwise any controls and frameworks which are put in place become rapidly undermined, usually by the revenue generating divisions which they were originally supposed to monitor. The losses highlighted above would now be categorized under operational risk .Up to recently this has been the poor brother of market and credit risk, but companies are becoming increasingly aware that they have to begin analysing this broad risk class if they are to avoid a) unexplainable losses and b) severe regulatory capital charges further down the line.
Each institution will have to find its own way of translating data the areas of risk into some kind of risk weighted number that can be used as the firm requires, most probably for operational risk regulatory capital charges, internal economic capital model inputs or senior management reports. There are two broad methods, which can be adopted, top down or bottom up.
Bottom up: This approach requires clearly defining, and then gathering fresh evidence on, the many kinds of operational risk the institution is exposed to. The risk of loss in each business and operational area must first be quantified and then the net value of an institutions risk of loss operational portfolio must be calculated. This approach is very nice in theory but the practical implementation has proved to be very difficult. The main reason for this is the difficulty in gathering loss related data for the critical risk areas. The BIS II rules, which will be adopted in 2005, will require a bottom up approach for operational risk to be adopted by banks that wish to be classified as ‘Advanced’.
Top Down: The top down approach steers clear of a microanalysis of a firm’s operations and calculates operational risk based on easily accessible firm data such as divisional business volume adjusted by some kind of market multiplier. This is quick and easy to implement but not very informative when trying to isolate key risk areas and improve them. The BIS II rules, allow this kind of approach for banks classified as ‘Standard’.

Implementing a framework for monitoring operational risk is an expensive and time consuming task so why should a firm undertake the project. The most obvious reason is to avoid the name of your company being added to the offenders list outlined above. On top of actual costs affecting the bottom line the reputational risk is huge and for a listed financial institution can be roughly measured from the difference between the costs of the operational risk minus the fall in value of the financial institutions stock. In 1997 Natwest Capital Markets realised their options desk were overvaluing derivatives due to a modelling error. The bottom line cost was estimated to be ?80 million when fully corrected but as a result billions of pounds were wiped off Natwest’s stock price. An effective operational risk framework should allow financial institutions to benefit from decreased regulatory or economic capital charges, which ultimately should lead to a more efficient capital allocation process and enhanced shareholder value.
The topic of operational risk, particularly in a treasury environment, is fully ‘in play’, proposed regulatory capital charges and recent trading losses have ensured this to be the case. At a recent regulatory conference Sir Howard Davies, Chairman of the FSA, said with respect to the financial services industry that ‘The greatest threat so far has been from the enemy within’ so ignore operational risk at your peril.

1Source: Framework for the Evaluation of Internal Control Systems, Basle Committee on Banking Supervision January 1998.

Digg.com Del.icio.us Stumbleupon.com Reddit.com Yahoo.com

Home | About Us | Privacy Statement | Contact
©2024 Fintel Publications Ltd. All rights reserved.