While official reports have now declared the end of the recession, global regulatory action is gaining vigour. Like the great Terror of the French Revolution, no-one and nowhere is safe from investigation. In recent times, one such avenue under increased scrutiny pertains to the off-exchange trading books known as ‘dark pools’ – trades not displayed on order books. Equities markets functioned perfectly during the financial crisis and the finger of blame for the downturn has been pointed very firmly in other directions. However, regulators appear zealously committed to ensuring that such a crisis never occurs again.

Key findings

• Prevalence – Reliable statistics have proven hard to obtain, with wide disparities between quotes figures. In general though, trading under this guise is a much rarer occurrence in Europe than in the United States.
• Source of risk – While several market participants find no concrete rationale behind the intense regulatory focus, the lack of transparency and elusive data on the prevalence of dark pools underlie the source of the alarm.
• Regulatory action – Legislation in the United States and Europe appears to raise concern over the creation of a two-tier market, growing volumes of dark pool trading and the deepening fall of public confidence in financial markets as a consequence of a lack of transparency
• Effectiveness of regulation – Several participants believe that regulations are unnecessary. They are described variously as results of political expediency, misinterpretation of the source of the crisis and inability to recognize the benefits of dark pools.  There are fears that this form of trading may even seize to exist.

Conclusion

With regulation gaining currency, the prospect that the market for dark pool trading may be fundamentally altered is very plausible. However, it is uncertain whether regulation in its current form is adequately equipped to eliminate the perceived risks with this practice.  

To obtain a free copy of this section in full, please contact us at marketing@lepus.com with your name, job title, firm, phone number and email.

Data centre virtualisation projects have a ripple effect throughout an organisation’s infrastructure and operations. Before embarking on data centre virtualisation deployments, there are a number of considerations which must be made. Collapsing multiple physical devices into software affects the people and processes supporting the data centre. Therefore, enterprises should thoroughly evaluate how business processes, administrative rights, capacity planning, performance monitoring tools and security strategies will need to change.

Key Findings

• High availability implications of virtual machines – The spare capacity afforded by retaining an extra 25% to 35% capacity helps address failover and disaster recovery when determining the appropriate number of virtual machines (VMs) to consolidate onto a single physical host. Evidently a tier-1 European bank explained how the failure of a given VM on a physical host will not affect the operation of another VM on that host, because each VM has its own isolated set of compute, memory and power resources. 
• Partitioning – Two leading European banks recommended that partitions should be set up to segregate a particular type of virtualised server farm from another, such as database servers from web servers. Otherwise, malware aimed at one server farm might make its way to the other servers.
• Time services – A recommendation that was noted from two banks was that clients and servers must agree on a time of day to properly synchronise files. Timing services are also important to system security. For example, computers connected to the internet must keep accurate time for evidence gathering in the case of a system break-in. Encryption and authentication protocols also require accurate time on both server and clients.
• Vendor packages – Lepus findings highlighted that two of the interviewed banks currently use VMware solutions and another leading organisation currently uses Citrix. Having said this, all three institutions cited that they are completely satisfied with their vendor packages and would happily recommend them to other banks.    

Conclusion

Virtualisation involves turning a number of physical hardware computing and networking devices into software and loading them on to a common high-powered hardware platform. When deployed in enterprise data centres, it affords a number of cost and energy-conserving benefits. Still, organisations can hardly go into a virtualisation project without assessing how such a project will impact traditional operations, both technically and organisationally.

To obtain a free copy of this section in full, please contact us at marketing@lepus.com with your name, job title, firm, phone number and email.

The various models utilised by the financial sector for monitoring risk exposures and valuating products have been heavily criticised by industry commentators over the last 12 months. Much blame has been apportioned to model risk, in particular VaR and its failures being cited as a factor in the demise of the global economy.

Key findings

• Current Practices – None of the banks interviewed for the research had a fundamental definition of model risk management but had a form of management or governance process to oversee model accurancy through validation.
• Benefits of Model usage –  There are many perceived benefits associated with the use of models throughout the financial industry. These advantages have been heightened by continuous technological advances.
• Criticism and drawbacks – There has been much criticism of the various models used by financial institutions of late, with much of this negative attention being focused on misinterpretation and blind reliance on model output.
• Vetting and Validation methods – Models will not be abandoned because of past failures and will continue to play a significant role in the foreseeable future. Therefore, for maximum effectiveness to be derived, there needs to be a process under which new models are vetted extensively and existing models are continuously validated.
• Future Initiatives – In view of the criticism directed at ineffective models, Lepus wanted to find out if banks were responding to this through greater investment in regards to model risk management. The responses suggest that much of the criticism is unjustified and that the players of the financial industry are ultimately confident in the abilities of these models.

Conclusion

Risk management is both a science and an art. Theoretical models will always play a vital role in risk management. However, for models to be effective they must be used carefully and in conjuction with risk managers’ own judgement. This will ensure that each model is used in the right situation and that it remains accurate to changes in the financial climate. Models have shown themselves to be vulnerable when relied upon too highly and effort is not made to fully understand the associated outputs.

To obtain a free copy of this section in full, please contact us at marketing@lepus.com with your name, job title, firm, phone number and email.

To a certain extent, it can be stated that the weight the opinion of the risk manager carries has increased of late. However, at some banks, traders are still able to execute unauthorised trades in pursuit of higher revenues, resulting in the risk managers’ engagement with the legal department. This is an example of a more extreme scenario, and at each bank there will be a somewhat different culture and/or ethos. Moreover, the relationship with the traders will depend on a number of different factors; one such factor being the proximity between the risk manager and the trader.

Key findings

• Location of Risk Employees – It should be noted that there was a common approach across the interviewed sample. All of the participants indicated that there is somewhat of a combined approach, and risk managers tend to be located both on the trading floor and away from it on other floors in the building.
• Seniority of Employees – All of the banks acknowledged that the level of seniority on the trading floor varies and there are both senior and junior people that are currently located there.
• Consistency – Banks should aim to develop, implement and maximise consistency, taking into account specific regional or jurisdictional anomalies and/or requirements.

Conclusion

The location of the risk managers will vary and depend on a number of different factors. One of the main issues is space and the amount of people already on the trading floor.

All of the banks spoken to have market risk managers situated on and off the trading floor. In addition, there is a combination of senior and junior personnel. On average, the banks are more focused on policing the front office and serving the board and the regulatory body than assisting the front office. This is somewhat expected given the increase in different proposals and directives from the regulators around the world. 

To obtain a free copy of this section in full, please contact us at marketing@lepus.com with your name, job title, firm, phone number and email.

As a result of the economic credit crisis of the last year and a half, the role of the risk manager has been given greater importance. The risk manager’s previously diminished role was partly a result of the belief that risk management methodologies have been unable to keep pace with the high octane pace set by the various trading desks.  Regulators are ensuring that banks are able to capture and report all aspects of its risk profile, gathering as much data as possible in doing so. This then seems to be leading to a move for risk departments to move to real-time to allow them to catch greater and more up to date information.

Key findings

• Current practice – The risk management methods such as end of day VaR and liquidity calculations currently used by banks are very similar to those that were being used on the eve of the credit crisis. Although VaR has been heavily criticised, it is still found to be effective when supported with greater stress and scenario testing.
• Drivers – Regulatory pressure on industry practitioners to provide greater and more transparent data. Heavy fines will be handed out to those who do not comply.  Although senior managers, in reaction to regulatory pressure, want to see more up to date figures, they are currently unsure as to the gains from an enterprise wide move to real-time risk management.
• Strategy – Research has found that most of the banks spoken to are yet to move to enterprise wide real-time risk management. Though VaR and liquidity models are calculated at the end of day, real-time stress testing has been universally adopted.
• Benefits and Challenges – It can be concluded that banks currently believe that costs of real-time risk management heavily outweigh the modest benefits. Obvious benefits such as greater accuracy of risk positions, with information being captured, analysed and reported after individual trades are offset by the cost and time issues involved with utilising the tools.

Conclusion

While there are obvious benefits to real-time risk management relating to greater accuracy to risk positions and transparency, the general consensus from banks is that the switch over is a costly and complex undertaking. It seems as though there is a greater demand for the voice of the risk manager to be heard by board members, although the information they are parlaying in these meetings is not as of yet exclusively calculated in real-time. It may just take the heavy hand of the regulatory bodies to convince banks of its worth sooner rather than later.

To obtain a free copy of this section in full, please contact us at marketing@lepus.com with your name, job title, firm, phone number and email.

Despite recent events, Value at Risk (VaR) remains to be an important tool used by risk managers. However, the weight that is placed on the results returned by VaR models has changed over the recent years. Banks are now more focused on other metrics, such as stress testing and scenario analysis. Recent Lepus research indicates that the majority of banks are looking to capture risk not in VaR through improved stress testing frameworks.

Key findings

• VaR models – There was a similar response amongst the interviewed sample. In principle the interviewees agreed that VaR models are better when parsimonious. The vast majority of the participating banks acknowledge that it is understood that VaR is not a suitable measure for non VaR type risks.
• Risks not in VaR –  All participating banks have implemented a framework for risks not in VaR. Main risks that are not captured by VaR depends on sophistication of such models and on the type of positions and exposures the bank has.
• Materiality Thresholds – Materiality is an important measure when assessing risk. Risk appetite will vary, and different firms will have different thresholds. Those governed by the FSA use the recommended 5% of VaR threshold as a guideline, with one prudent bank opting for a 1% threshold. The experience and judgement of  risk managers is the determining factor to thresholds for some of the banks.
• RNIV Charge – The interviewed banks were asked how they aggregate individual RNIV charges to derive the total figure. Most of the banks spoken to add the individual charges, not taking into account the diversification effect. Many banks are wondering if the regulators truly understand VaR diversification and materiality, and feel that there are issues that need to be addressed.

Conclusion

To conclude the report, the interviewees were asked how frequently they perform calculations and whether they had any initiative planned. Research discovered that there is as of yet no global structure in regards to calculation timelines, with the various banks running these calculations as often as once every week to once a year. A number of banks are unsure and deliberating as to whether or not they should formally run the exercise more often.

To obtain a free copy of this section in full, please contact us at marketing@lepus.com with your name, job title, firm, phone number and email.

In July 2009 the FSA fined HSBC more than £3m for failing to protect sensitive data. The FSA’s review into the case led many banks to reassess the way in which they look after sensitive data. This extends far beyond customer data on the retail side and also covers information on employees, and sensitive information on other institutions.

Key findings

• Data Protection – All of the banks spoken to stated that their information polices require sensitive data to be appropriately protected. While none of the banks specifically mentioned any specialist encryption software at this stage, it can be seen from the responses below that password features in Microsoft Office, as well as Win Zip are widely used.
• Email – The greatest threat to banks in terms of data leakage is via email. While stories of laptops being left on trains, or CDs going missing in the post generally grab the media attention, an estimated 80% of data leakage actually occurs through email.
• Clear Desk Polices – Clear desk policies are a simple measure that can help to prevent data loss. While the principle is clear, such policies may be difficult to practically implement and monitor. All of the banks interviewed said that they have clear desk polices in place and that desks are usually kept clear of confidential information.
• Disposal of Waste – One area of data leakage that is often overlooked is the disposal of waste. Confidential documents, or files on PCs that are discarded with regular rubbish can easily fall into the wrong hands. All of the banks spoken to stated that they address the requirements for secure destruction in contracts for the disposal of waste.

Conclusion

Due to the very nature of data leakage and the size and complexity of firms within the financial services industry, by no means is it something that can be eradicated overnight, if at all. However, through enhancing email monitoring systems and data encryption policies, alongside sound education and training banks will be well placed to prevent their names from making the headlines for the wrong reasons.

To obtain a free copy of this section in full, please contact us at marketing@lepus.com with your name, job title, firm, phone number and email.

Profit and loss (P&L) is an important element of financial reporting, and monitoring P&L performance is essential, with the front office, product control and accounting all drawing critical information from the process at different times during the day.

Key findings

• Current systems deployed by banks – Banks deploy a combination of both home-grown and third-party systems across their business lines, with many citing a preference for in-house solutions. Third-party solutions include those from players such as Murex, Quartet, and StreamBase.
• Centralised P&L repository – Banks tend to collate information from separate P&L systems that carry out the calculations, which are then fed into a central repository.
• Integrated vs. disparate systems - While there is some movement towards integration between P&L calculations and accounting systems, systems remain separate for risk computations and systems for the purpose of regulatory purpose and internal controls.
• P&L calculations – Half the banks interviewed undertake the same calculations across their business lines, while others perform different calculations. Today, traders generally have access to flash P&L on a daily basis, with the final P&L produced on T+1.
• Control & management – Product control is gaining significant presence and role within banks, ensuring controls are performed on a daily basis to complete verification.
• Buy vs. build – While two banks plan to continue with in-house implementations, other banks are increasingly considering third-party solutions that can help achieve a fast return on investment.
• Future strategy – Investments are planned to tackle issues such as the reliance on manual processes, spreadsheet risk, and disparate systems.

Conclusion

The global investment banking industry has increased its awareness of risk and P&L management practices significantly as a result of the financial crisis that hit the market in 2008. A lot more emphasis is being given to the quality of internal management and control systems as a key way to prevent trading losses and fraudulent activity experienced in recent years.

To obtain a free copy of this section in full, please contact us at marketing@lepus.com with your name, job title, firm, phone number and email.

On the eve of 2009, financial observers criticised the lack of risk management and regulator oversight.2009 was then always likely to witness a move to overwrite these failures. Financial Institutions must expect a series of regulatory changes and should be in the initial steps of implementing the processes and models to comply with them. While banks are facing much external pressure to manage risk more robustly, Risk Managers should fully expect pressures from within which will empower their position and give them more influence in affecting business policy.

Key findings

• Regulatory proposals – Regulatory requirements are now more so than ever, the most substantial and fundamental factor driving necessary changes to the banking business. There has been much discourse from many regional and global regulatory bodies highlighting greater supervision.
• The role of the Risk Manager – The inability of the risk manager to effectively communicate reservations in regards to hazardous business strategy, has been cited as a primary cause of the credit crisis. Criticism should instead be directed at the infrastructure of financial companies which curtailed their authority.
• Stress testing – One fundamental theme that has come from all the literature surrounding regulation of the financial services industry is the increased need for stress testing as an effective tool for risk management.
• Remuneration – Incentive packages are part and parcel of a capitalist society, and calls to cut back bonuses are onerous. Instead there should be a restructuring of bonus packages to reward long term performances.
• 2010 and beyond – 2010 will be a year where stress and scenario analysis are maximised to accompany established risk management tools such as VaR. Therefore to ensure that stress testing measures will be meaningful, much effort needs to be directed to ensuring that operational risk, coupled with model risk is managed more precisely.

Conclusion

It had become abundantly clear that 2009 needed to see an atmosphere and culture in financial institutions that was conducive to greater risk management. Furthermore risk needed to become a concern for everyone in the business. Knowledge of an organisation’s risk appetite should not be restricted to just the risk function, and every member of the bank should concern themselves with risk management.

To obtain a free copy of this section in full, please contact us at marketing@lepus.com with your name, job title, firm, phone number and email.

Selecting the appropriate operating system is important for Investment banks as it helps them support critical applications, driving growth while providing scalability and security. This report seeks to examine the current trends around the use of operating systems in the banking space

Key findings

• Key operating systems deployed – Sun Solaris and Microsoft Windows have both existed in the financial services industry for some time. Linux is also increasingly used. Other operating systems have been assessed as part of pilot projects, however at a very small scale.
• OS preferred in certain parts of the bank – While Sun Solaris tends to be deployed on main servers to power larger applications, Linux tends to dominate the development workstations and deployed on low-end servers.
• The mainframe area continues to be dominated by Unix – While there has been movement from Unix to Linux or Windows, a significant share of these migrations are so far workloads from small Unix-based systems
• Windows 7.0 – Many banks are currently making use of Windows XP and few made the move to Vista. Having skipped this upgrade cycle, banks are instead assessing the jump straight to Windows 7.0. However, migration projects are generally being delayed until at least the end of 2010.
• Virtualisation - Virtualisation is a notable trend in the OS space, supporting the increased utilization rate of servers. This technology enables banks and other organisations to run several different operating systems, as well as the applications that are running in those operating systems, on a single machine.
• Key challenges – Main concerns raised by banks include: difficulty in obtaining business buy-in for new OS investments, lack of openness and standardisation among vendors, concerns around migration to Windows 7.0 from XP, and uncertainty around Sun’s future product roadmap, due to its acquisition by Oracle.

Conclusion

Banks continue to rely on Unix for the high priority mission critical applications, with some movement towards Linux and Windows for smaller tasks. Linux OS has made major progress in the industry as banks strive to reduce costs, increase efficiencies while addressing legacy systems and enhanced interoperability. However, investments are being delayed in the short term due to the tough economic climate. Nonetheless, investments are being made as part of post-merger integration projects or where a clear ROI can be achieved in a short timeframe.

To obtain a free copy of this section in full, please contact us at marketing@lepus.com with your name, job title, firm, phone number and email.