Saturday, January 3, 2015

The largest public investment program in history...

... rescues billions from poverty ...

Economist, June 1, 12013

... and begets the largest fraud in history.

Transparency, checks and balances should never be optional.

Thursday, March 6, 2014

Do We Need Ratings Agencies? recently published a talk by Annette Heuser about ratings agencies. She argues that the current ratings agencies need to be replaced with a new, non-profit one. This, she feels, will resolve current potential conflicts of interest and will, presumably, lead to better ratings. Specifically, her focus is on giving sovereign debts higher ratings in order to reduce borrowing costs for countries which have a poor credit history.

Unfortunately, her proposal suffers from a misunderstanding of basic economics. The issue is not public vs. private. The issue is who pays. Currently, as she says, the issuers (who are being rated) pay, causing the potential for conflict of interest. The potential conflict obviously doesn't go away if the rating agency is non-profit. A non-profit still needs to cover the costs of their research and rating process. Thus, the very very simple fix is to switch the payer from the issuer (country or company) to the lenders and buyers of the securities (banks or investors). This could take the form of a transaction fee, or it could take the form of a consortium whose budget is covered annually by buyers/investors. I would strongly suggest that Annette refocus her attention on this aspect and ensure that INCRA is funded thus. Her focus on non-profitism, transparency, breaking the grip is just a set of side-shows.

But wait, there's more. An achilles heel of any ratings agency is their reliance on their chosen rating methodology/algorithm. As we saw in 2007, securities with AAA ratings crashed. This objectively demonstrated that the prevailing rating methodologies were inadequate because they did not accurately factor in all risks and probabilities and/or did not accurately represent them to consumers. Ms. Heuser's proposal to clone the current (flawed) rating-agency structure would no correct this problem. A far better solution would be to empower investors.


Replace ratings (the conclusion of one entity's analysis) with the ability to rate. In other words, give investors the ability to formulate their own conclusion, and to see what others have concluded. To do so, empower investors with powerful analytical tools that can access rich, diverse, open-source data.

Now is the time. All of the component pieces are proliferating today. OpenGovernment info can be combined with open-source historical markets and financial data, open-source regression models, data analytics, data visualization tools.

Of course, there are issues to be sorted out. The first to get these right will have a massively winning business model:

  • Making money - who pays? for what? how is it priced?
  • Messy data - to be valuable, the platform needs data from a multitude of sources. Necessarily, data will thus be heterogenous in terms of structure, quality, accuracy, completeness, encoding, and definitions. To be useful, the platform will need to provide ways of using a heterogeny of data without degrading quality of outcomes
  • Source Neutrality - are certain data sources "better" than others? Should certain data providers be made preferential? Should opinions or interpretations or results of analytics be included in the data? If so, how should they be differentiated from raw facts?
  • User Neutrality - should all users have access to all data? Should users have to subscribe to specific data sources/quality levels/time periods?
  • Modeling skills - Will users have the ability to create their own valid ratings? Will they have the requisite knowledge of data, probability concepts, risk concepts, details of financial products? How can the platform abstract these concepts? 

Bottom line, ratings agencies are relics of a prior age, just like Encyclopedias and farriers.

Sunday, March 2, 2014

How Your Customers Should Think About Bitcoin

Bitcoin reminds me of the Gold Standard or UN SDRs. They're great in concept, but probably needs to weather a good crisis or two before I'll trust it.

The first thing to understand is that it is a bearer-owned stored-value mechanism like gold, dollars, or bearer bonds. It's not a payment network like paypal. It's not a payment mechanism like a credit card. It's not an account. Whoever physically "holds" the bitcoins owns their value.

This leads to one great benefit: Unlike the USD or other national currencies, no politician can use them as a political tool by using inflation to ruin the value or using executive orders to inflate the value of Bitcoins. So, like gold, they should be safe stores of value, immune to a specific country's situation.

But the reality is far less sanguine or simple. There are problems:

  • The notion that it is outside the influence of governments hasn't been tested. I'm sure government lawyers are working on this. Every single time a bitcoin changes hands, its authenticity is verified at the central database. This means every transaction and transfer can be monitored. The amount of data is too juicy for the NSA to ignore. But will other parts of the government (executive branch, for example) also get ahold of the info? 
  • The way they determine the value of the currency. Bitcoin is based on supply and demand. Because it is a small market with relatively few traders, it is easily manipulated. The issuing company says they are increasing the supply steadily based on the size of the economy. The good news is that, since 
  • Counterfeit. Every computer system has weaknesses. Even the most secure networks have been attacked, and most of them have been compromised at some point. I don't trust that Bitcoin is secure enough, if for no other reason than because it hasn't been attacked hard enough. 
  • Fraud. There are system-administrators in the Bitcoin foundation who must have special system access in order to do their jobs. These people could certainly be bought off for the right price. We haven't invented a really technologically fool-proof way to avoid this yet. Mt. Gox is the obvious example of what can go wrong here.
  • and, of course, not many places accept bitcoins as payment (currently)

Friday, June 29, 2012

Is the Future More or Less Secure?

The Economist online is currently hosting a debate about cybersecurity and specifically the question of whether we are headed for a more or less secure world as interconnectivity increases. My vote is "no" for the following reason which I posted to their debate site:
It would be quite difficult to compromise security if we each existed entirely in our own hermetically-sealed network like an egg in a carton or a standalone PC on a desk. Each connection with the outside world creates a perforation in the egg shell and creates a security risk in the form of a point of potential compromise. The perforation can be compromised or the "tube" connecting me to the next "egg" can be compromised. Further, the "egg" I'm connecting to can be compromised. Or an "egg" connected to the one I'm connected to can be compromised. As you can imagine, hyperconnectivity increases the number of points of potential compromise exponentially with time. 
Our current risk-mitigation approach tries to hermetically seal all the perforations, joints, and pipes by wrapping them in a "fortress firewall." This becomes exponentially more difficult with the increase in points of potential compromise. Attacks are inevitable, as are compromises until and unless our approach to risk mitigation shifts from a "fortress firewall" approach to one in which we can examine, wrap, and filter actual bytes of information as they float around cyberspace. 
While I don't know what this approach will look like in practice, I predict it will include a strong focus on data provenance. Imagine an "HTTPS 2.0" in which we not only wrap packets of data in an encrypted security layer, but also give that packet the ability to either reveal its contents or self-destruct based on who/what/where/when/WHY it is accessed. 
Until then, data security risk shall continue to increase.

Tuesday, April 10, 2012

Did You Know? ... The Makeup of the US Financial Services Industry

This is the first of a new "Did you know?" category of posts which will appear periodically on this blog. These brief posts will contain industry statistics relevant to risk and financial crime management.

Quite often, both in the Consulting arena and in Financial Services, analyses require an understanding of the industry. Hard statistics are often ... well ... hard to come by. My intention is to provide a quick public point of reference for this type of information.

Statistics posted here will carry a source URL link, as you can see below, or a citation.

Today's stats relate to the overall size and makeup of the US Financial Services industry. According to a recent report by the Department of Homeland Security:

1. Deposit and payment systems and products ($12 trillion in assets; 17,000 depository institutions)
2. Credit and liquidity products ($14 trillion in assets; many thousands of credit and financing institutions)
3. Investment products ($18 trillion in assets; 15,000 providers of investment products)
4. Risk-transfer products ($6 trillion in assets; 8,500 providers of risk-transfer products)

Thursday, January 12, 2012

Quote of the Day: KYC --> EPS

An organization that positively knows its clients can obtain a commercial advantage over rivals.
- KPMG, Anti-Money Laundering Compliance in a Changing Risk and Regulatory World

Thursday, January 5, 2012

Food for New Years Thought: The Future of Banking

Every consultant worth his salt is busy trying to write something prescient on the future business model for banks. GLG Research recently published a report calling out the following key parameters, with a focus on retail banking:
1. Peer-to-Peer (P2P) Lending: An advanced technology that eliminates middlemen and directly connects borrowers and lenders.

2. Prepaid General Purpose Reloadable (GPR) cards: In return for modest commissions, a global agency network of convenience stores and retailers are now enabling cards to be “loaded” with cash. When equipped with remote deposit check capture, direct deposit, bill payment and ancillary credit, savings and investment accounts, these cards make traditional bank branching redundant. eWallets such as those touted by ISIS, Google, Visa, Amex, Paypal and FaceCash are the offspring of GPR built on the same infrastructure; similar economics but a different, arguably more convenient, access device.

3. Social Media: Social media like Facebook and LinkedIn can offer insight into customer behavior that can be applied to enhance customer acquisition, retention, and even underwriting (
Banks which are early movers in this area have a great opportunity to reverse the post-2007 profitability decline. Success, in my opinion, will depend on three things:
  • Getting it done quickly
  • Getting the customer experience right
  • Getting the risk management right
Those aims are, in many areas, conflicting. A balancing act is required. Wading too timidly into these areas might cause impatient "early adopter" customers to defect, or at least decrease their activity level. Making a big splash in these areas without consideration of risk factors invites the wrong kind of customers and is sure to balloon losses.

Critical to all three of these emerging trends are the "Three Risk-Management A's of Next-Generation Banking"
  1. Analytics: Collecting the necessary data about behavior as well as customer preferences to objectively understand and address behavior in a consolidated, risk-based, customer-centric manner 
  2. Authorization: Making an informed, risk-based decision about what the bank allows the customer to do
  3. Authentication: Making sure the transaction is being done by the customer, not a fraudster
Periodically on this blog, I will individually look at these trends, highlighting the risk implications for the future banking business model.