At the very start of my career, I became a junior fixed-income derivatives trader for a large investment bank. Upon graduating from the bank's management training program, I was awarded a trading desk role and handed state-of-the-art technology to manage the risky business of hedging risk. It was an HP 12c calculator with the bank's logo engraved on it. I was told to figure out how to program it to calculate options prices (Black Scholes algorithm) and then the "Greeks" (Delta, Vega, Theta, Gamma). Within a few hours, I had completed the task, and I felt confident that I was ready to learn the finer points of derivatives trading and portfolio risk management.
In retrospect, we clearly lacked the tools to manage the risks we faced -- and they were hidden in plain sight in a huge stack of paper we created every day. After pricing a trade on the HP and executing it, we filled out three-part carbon paper tickets, which were taken to the back office for booking and settlement, and we recorded our positions on a paper ledger. We received a printed report the next day from a back-office Dec Vax "mini," and we were told to reval our positions nightly using our "best guess" as to where these OTC trades would be fairly valued.
The weakness of this workflow is now obvious and came into sharp focus during the stock market crash of 1987, when investment banks' poor risk controls were widely exposed. In a single day, we lost our entire P/L for the year, and we never made it back, because we were short volatility in a rapidly rising bond market. Some months afterward, I requisitioned an IBM XT personal computer and an early-stage spreadsheet product called Visicalc. Using these tools, I created a dynamic risk model. This "what if" model showed me what a 100+ basis point move in any direction would do to my P&L and my Greeks. This was Risk Tech 101 but a huge improvement nonetheless over the HP 12c.
Black Monday in 1987 was a learning opportunity, and it has stayed with me ever since. I've developed additional instincts about where to find risk in both obvious and less obvious locations across the business enterprise. The obvious is to look at manual processes that are often paper-based and hence analog (form driven or unstructured). This approach is as valid today as it was on the desk 27 years ago. Yet, surprisingly, the digital revolution has still not reached all four corners of the enterprise.
As my product team searches for commercial opportunities, I ask them first to look across organizations for large stacks of paper. Several years ago, we came to the conclusion that, though much of the trading workflow has become digital and thus supported by real-time monitoring, the departments in close proximity to the trading desk (compliance, legal, sales & marketing, etc.) have not necessarily gone through the same modernization. We launched several products in those areas to capture and normalize the paper-based data in those backwater areas. Our work is not done -- we continue to find stacks of risk (paper) that are by and large ignored.
A bit less obvious in the search for risk hotspots is the notion that capping risk in one area often pushes the risk downstream to another. A great example is the recent academic study conducted by professors from New York University's Stern School of Business and McGill University, showing that the business of M&A is rife with insider trading abuse. The study found that as many as 25% of M&A transactions from 1996 through 2012 coincided with unusual call option trading activity ahead of the post-announcement price spike (a.k.a. classic insider trading).
For years, the Securities and Exchange Commission and the chief compliance officers at major investment banks have often focused on underwriter's risk (investment banking staff using material nonpublic deal information to front run deals). However, they by and large have ignored the risk of the "paper trail" within the rest of the M&A ecosystem -- law firms, accounting firms, consulting firms, etc., all of which may possess sensitive nonpublic information leading up to deal announcements. What good does it do to supervise a restricted list when only 25% of the parties under the tent are subject to scrutiny? Temptation is not the exclusive province of investment bankers. The same risk detection techniques that have curbed abuses for more than 15 years in the banking community have unintentionally relocated that risk to adjacent communities.
Ironically, we all need to be sensitive to an additional plain-sight risk environment within the risk technology platforms themselves. The days of a well-intentioned, homegrown point solution are waning. The fintech community is at the vanguard of understanding the set of risks on a broad scale. Now, more than ever, collaboration between the internal risk management team and the technology community is necessary to ensure that all aspects of risk are accounted for and mitigated. The nature of risk is that it migrates and morphs. Effective risk management programs require vigilance and an ongoing commitment to tracking and detection.
Can I interest anyone in a used HP 12c?Mitchel Kraskin is co-founder and CEO of Compliance Science, Inc. ("CSI") which has developed several groundbreaking governance, risk management and compliance solutions. With over twenty five years of executive experience managing the creation and delivery of software-based ... View Full Bio