We need a holistic approach to regulating risk

This is a version of my column published in the Irish Examiner 29 March 2014. One thing we know from even a cursory study of economics and finance is that there are cycles. This time is rarely different. Sometimes the cycles are short, sometimes longer. But they are there.  Regulators and officials contracted to mitigate the effects of cycles need to first be aware of them and then to understand them in a holistic fashion. Understanding them requires more than just advanced quantitative techniques.

This week I hosted a  one day symposium on people risk in finance. We had a good audience composed of academics, bankers, Central Bankers (but not, as far as I am aware, from the Department of Finance) and researchers.  The general consensus at the conclusion was that we have, in modern finance regulation and oversight, lost sight of the centrality of people. And that is a problem

Consider for example the data from the Operational Riskdata eXchange Association , a non profit body which looks at financial services risk and losses. Losses are very skewed – the vast majority of losses rise from a small number of issues. These issues tend to be concentrated in areas where the ultimate control is a person. The greatest part of these losses are not down to fraud; they are down to issues such as poor business practices and poor execution of these practices.  A particular challenge for finance is that many of the problems that it faces are systemic. While in a healthcare or automotive context individuals can and do take responsibility for ameliorating risk (not leaving surgical tools in body cavities, not forgetting to reconnect brake cables) this is not the case in finance.  There we find a significant disconnect.  Take LIBOR – if an individual were to have not cooperated in the rigging scandal they would in all probability been sanctioned, and the system would have continued. Rogue traders are almost never driven by personal greed and a fraudulent aim. Therefore exemplary punishment and condign treatment of one will have no great effect on others – they fall prey to and then become trapped in system failure, and it is at the level of systems that regulation needs to work as well.

A key weakness of the modern financial regulatory system architecture is that it is not systemic. Nobody is looking at large parts (FX in particular) of the system; other regulators are nationally, industry or product bounded. As a consequence, the coupling of parts of the system to other parts can become looser or tighter without anyone being able to intervene or even perhaps notice.

A further key weakness is that it is focused on quantitative approaches. Quantification of risk is funny thing. It relies on failure – to know how often we will have a large market drawdown or a rogue trader or a systemic crisis we require a baseline of a number of these events.  In the Irish context we have financial regulator and central bank that has been very strongly hiring quantitatively skilled persons. These are ideal at looking at the probability of a mortgage default given lender demographics, or at the role of SME finance etc However, they are limited to the data which they have. This data is typically partial- nobody is looking at the system as a whole, domestically or internationally.  What is more, an over reliance on quantitative techniques alone misses the crucial human element.  Systems fail either because they are poorly designed or because people find a way around them. The best designed system will not survive contact with someone inept or determined enough to circumvent it. Chernobyl comes to mind… This raises the question – where are the holistic risk managers?

The vast majority of risk management approaches in finance, as seen in the professional risk manager programs and certification, are rigorously quantitative. But they are almost bereft of even behavioural economics or finance. They contain little if any around economic or financial history. They are not people cantered. This is a major weakness. Our regulatory bodies need  to take on board a much more holistic approach . On one level this means that we need to see a push for greater scope of regulation on areas such as the Repo or FX or commodity markets where existing regulations are weaker. At another more fundamental level it requires hiring psychologists, behavioural finance and economic specialists, anthropologists, sociologists and historians. Cross disciplinary teams need to be more than accountants and economists.  For so long as we do not regulate finance in a human cantered systemic manner we give an implicit nod that these issues are not important. They are and we should begin to signal that clearly and unambiguously.

We need more regulation and better (more holistic) regulation. We need finance to learn from other areas such as surgery or engineering, where safety and risk mitigation are inherent. We need to change culture – this can happen as we have seen in airlines- where individuals are not only empowered but required to halt the system when it is in their opinion going awry. And we need to recenter and deglamorize finance – it needs to be seen as a boring utility.



One thought on “We need a holistic approach to regulating risk

  1. JohnB

    The people participating in fraud don’t need to be aware of it though – as William K. Black writes on a lot, and outlines well in his book ‘The Best Way to Rob a Bank is to Own One‘, CEO’s who want to loot banks/financial institutions, can do this by setting up perverse ‘performance-based’ incentives (leading to raises/bonuses/etc.) that indirectly encourage fraudulent behaviour, which in turn encourages increased short-term profits (at greater long-term loss), that high-ups in the business benefit from through performance-linked salaries/bonuses/perks and the like.
    So personally, I would say that high levels of punishment for fraud are important – even if people are committing it unknowingly – and management/executives in particular, need to be made directly culpable in some form, for the actions of those below them.
    The law is the law, ignorance is not an excuse, and financial fraud can become one of the most destructive forms of crime there is – so it should be punished above and beyond, all other forms of crime.
    When you look at whistleblowers like Jonathan Sugarman, someone who tried to report a significant breach of regulations to the central-bank/regulators, and was himself implicitly threatened with being reported to the police (“he was told he could come and tell the regulator what he knew, but that if he revealed any wrong doing by the bank that occurred during the time he was there, the regulator would have to report him to the police.”), then the regulatory problem in this country seems to be more about a complete lack of enforcement, and arguably even a protection of fraud from within financial/banking institutions.
    While there’s certainly room for tweaking the implementation of any regulatory body that is in place, in ways you suggest here, it seems to me to be more of a political problem at the moment, where regulations and enforcement are deliberately lax – if not institutionally corrupted/captured by the banking/financial industry itself.
    Just one glaring indication of regulatory capture: Jonathan Sugarman’s boss at UniCredit, at the time he witnessed the regulatory breaches, was Brian Hillery, and (sometime after Jonathan tried to report the regulatory failures) Brian become a director at the central bank, for two and a half years.
    It’s my impression, that there’s as much corruption/rot in our banking/financial regulatory system, as there is anywhere else in this countries political system.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s