Exclusive Online Only ContentRisk Management Technology
JP Morgan Rides Risk Focus Through Rocky Markets | Hard Truths: SunGard's Rowe on the Failures of Risk Management | E-Trade Turns to Agile Response Team for Rapid Risk Analysis |
Hard Truths: SunGard's Rowe on the Failures of Risk Management
April 13, 2009
Technology may be a key component of sound risk management, but it needs to be applied in conjunction with sound judgment rather than as a substitute, says David Rowe, EVP of risk management at SunGard Data Systems.
"Trust your structural imagination," says Rowe, who provides strategic input on Wayne, Pa.-based SunGard's risk management offerings and acts as its spokesperson on risk issues. "Everybody knew that a general fall in housing prices would have a devastating effect. Everybody chose to ignore it."
Rowe, who works out of the financial services technology giant's London office, knows a thing or two about the subject. Before joining SunGard ten years ago, he spent a decade in banking and financial risk management, first as CFO of Security Pacific Securities, then as SVP of Bank of America Corp.'s risk management group. Rowe recently spoke with Securities Industry News about the evolution of risk management, where it failed during the credit crisis, and what SunGard clients are looking for as they struggle to build more effective systems.
How has risk management changed in the last several decades?
From 1986 into the early 1990s, there were a series of very public losses at Bankers Trust, Merrill Lynch and other firms that served as catalysts for the creation of financial risk management as a recognized profession that ran across institutions. Along the way, it became significantly quantified, as illustrated by the value-at-risk [VAR] concept. Before that, there was no communication between the trading floor and trading management or senior management. The problem was that nobody could express what the complicated mesh of limits meant. VAR was the first effective vehicle for communicating between the trading floor and management. But the problem was that too many fell into the habit of calling VAR a worst-case loss, which it never was.
Also, we always knew VAR did not assess what lurks beyond the 1 percent threshold. You have insidious feedback loops. Once you put VAR in place, traders will abide by their limits. But they still want to make their returns. You need something besides VAR to look at extreme, potentially lethal events.
What other risk lessons are emerging from the credit crisis?
A key lesson relates to stress testing. The kinds of distributions with which we deal in assessing operational risk are such that you get self-referential risk. But unlike the physical sciences, in financial systems you can get huge sudden moves--a crystallizing event causes everyone to react in the same way at the same time. The behavior of extremes is informed hardly at all by studying the mid-99 percent of distribution.
How can this knowledge be used to make risk management more effective?
A lot of this is fundamentally cultural. The biggest institutions have found it difficult to assemble data on a timely basis--the biggest banks have become almost unmanageable. Risk management has to be a basic concern of everybody, and weighed at the level of the CEO.
There are some lessons we have neglected. First, the problem of statistical entropy--growing disorder arising unless you start from the data. You cannot squeeze information out of a set of data that the data do not possess in the beginning. A classic example is the AAA ratings on sub-prime mortgage tranches. The experience with sub-prime lending is that you didn't have a lot of evidence to support whatever conclusion you were trying to reach. We haven't spent enough time thinking about second-order uncertainty.
