I don't know why UBS risk managers ignored risk and operational systems that detected unauthorised or unexplained activity by Kweku Adoboli. I don't know why they didn't investigate the signals or why appropriate action (whatever that means) wasn't taken to ensure their existing controls were fully enforced. According to this Reuters report however, UBS's own internal report indicates all these things did - or rather didn't - happen
I am not surprised. There are countless reasons why action might not have been taken, ranging from failure to understand the signals to a positive decision to ignore them. But underpinning all the possible reasons is the fact that how risk management systems successfully monitor human/system (e.g. trading) interaction - never mind how humans successfully interact with risk management systems - has yet to be successfully worked out.
One challenge is motivation. When we wrote this Basel II report, my co-author and I spent a lot of time trying to think through what it was about man-made systems that made them different from natural ones in the context of risk. We were particularly trying to think about the modelling and pricing implications for transferring operational risk under Basel II - of which Adoboli's 'alleged' fraud is a prime example.
At that time, ten years ago, we came to a number of conclusions - some of which we might think about differently today (but not much). One was that in a natural system (a tree for example), the system's agents (earth, sun and water for example) can be identified and their interactions (photosynthesis for example) observed, leading to the possibility of successfully inferring its objective (to mature and propagate).
In a human system like a bank however, its overall objective (to grow and make a profit) is formally established (rather than inferred) as part of its design. The agents (for example, people and capital) are brought together and rules introduced to govern their interactions, aimed at the achievement of the objective. The problem is that how those agents actually interact is difficult to observe and cannot safely be inferred because the motivations of different agents can differ so considerably from the formally established objective.
In understanding this difficulty, we believed (and I continue to believe) that a key to understanding the true nature of risk in many human systems is to try to understand the true nature of power and influence relationships within organisations and the importance of the organisation's culture in determining the nature of those relationships. Today, we would think in terms of a social graph but that wasn't possible ten years ago.
One recent book that rather supports one of our concerns with risk in banks - as I have very briefly outlined it above - is Delivering Happiness by Tony Hsieh. One of the key points of the book is that a vital ingredient of a firm's culture is that the firm itself have a purpose beyond simply growing or making a profit.
That's always going to be a tough sell in a bank, not because banks don't have purpose; after all, intermediation is absolutely critical for a capitalist economy to function. But I wonder if it is the very importance of intermediation that means the profit banks can generate can be so high that profit blinds bankers to their genuinely valuable purpose - amongst other things...
No comments:
Post a Comment