Societe Generale reports a $4.9 billion loss from fraud perpetuated by a rogue trader; Morgan Stanley confirms that an operations executive stole money by cooking the books; Credit Suisse takes a $2.8 billion write-down for errors in valuations. And let's not forget what could be classified as the worst financial crime-Bernie Madoff is able to bypass scrutiny from the Securities and Exchange Commission in faking $50 billion worth of transactions.

Those are just a handful of the instances of so-called operational risk factors that made their way through the press. But for each of those cases, there are hundreds, if not thousands of others which never do.

The parties involved-typically two broker dealers or banks, or a financial firm and its customer-"settle" any disputes privately. The injured party is always made whole often through a handshake of sorts over the telephone or through an email.

Rarely, if ever, do such issues ever make their way through the court system. And for good reason. The motto: treat others as you wish to be treated appears to be key. "Nobody wants to sue anybody for fear they could easily find themselves in the same boat in the future," says one recently retired former operations executive at a major New York bank. "The blue code of silence applies and nobody ever crosses that line."

Among the most common operational mistakes cited by two dozen operations executives contacted by Securities Industry News last week: IT glitches; failed settlement of trades, incorrect valuations, unreconciled transactions among counterparties and service providers; and erroneous processing of corporate action notifications.

While there are no official estimates of the total costs financial firms bear for operational risk, there are some estimates. In 2002 messaging network provider Swift estimated that the "lack of straight through processing" cost the financial industry about $12 billion; the cost was attributed to manual processing and fixing failed trades. In 2006, London-based research firm Oxera said that firms spend between $400 million and $900 million annually to fix corporate action errors.

"In some complicated reorganizations, the investor could be asked to vote on whether it wanted to accept cash or shares or a combination of the two," said one operations executive. "If the bank interprets the wrong amount of cash, or the wrong number of securities and passes the information onto the fund manager, the fund manager could make the wrong choice and find out after the fact. And if the fund manager gets the information on the corporate action too late to make a decision on what it wants, it won't collect anything. Several other operations experts at custodian banks told Securities Industry News that a delay in sending out a corporate action notification late or including the wrong details could cost a financial intermediary as much as $10 million. And that's a conservative estimate.

Banks with large asset servicing arms do annually put a percentage of their operating revenues in a reserve to pay for mistakes in securities processing. The percentage, while not disclosed, typically represents an analysis of past losses projected onto expected volumes for settlement other activities. The largest part of the reserve usually goes to paying for errors in corporate action notifications.

Mistakes in processing corporate actions are often due to mistranslation or misinterpretation, as information moves between messages sent or received in different formats. As a result, some financial firms are now advocating that corporations use the extensible business reporting language (XBRL) to identify each element of a corporate action notice. Such a move, advocated by XBRL US, the US arm of XBRL international, message network Swift and the Depository Trust & Clearing Corp., would allow financial firms to quickly generate Swift-based message formats from the XBRL tags.

In the case of settlement failures, incomplete or erroneous information on the terms of the trade are often to blame. Also contributing are mistakes in settlement instructions as well as losing track of securities out on loan which need to be delivered.

Failures to settle trades on time are rare and on average amount to less than 1 percent of a firm's trading volume. But each fix adds up, from $10 to as much as $1,000 depending on the time it takes to correct the error. And that doesn't include the cost of replacing securities which were not delivered on time or paying interest on funds not sent on time.

So how do firms measure just how much these operational risk they are exposed to? The Basel II Accord does allow banks to come up with some calculation based on one of three methodologies: a flat 15 percent of its total annual gross income or other predetermined percentage of multiple operating units. Financial institutions can also depend on their own calculations by extrapolating data on past losses. U.S. banks are expected to take the third so-called advanced measurement approach.

In either case, losses are not being measured accurately or consistently, on a daily basis. "Firms can account for future unexpected losses but not current potential losses in their day to day workings," says Alan Grody, president of Financial InterGroup, a New York financial services consultancy, and former professor of risk management at New York University's Stern School of Business

Grody and Peter Hughes, a former Chase Manhattan risk management executive, have come up with what they believe is a better way of measuring real-time operational risk from the current transactions a bank or other financial firm undertakes. "The calculation uses risk weightings which take into account the technical expertise of the people involved in the process, the accuracy of the data used and the level of automation," explains Hughes. "The weightings are used to measure each business process's exposure to risk in risk units."

Hughes compares the risk units to a FICO credit score which can be consolidated to come up with an enterprise-wide score. Such a methodology, he says, allows a firm to drill down into the causes of any deficiencies creating unintended operational risk. "It is meant to complement the regulatory capital being set aside for operational risk so that risk mitigation can be done in day-to-day operations," says Hughes.

Given the limitations of Basel II in addressing daily operational losses, many banks are turning to qualitative benchmarks. The goal is to reduce the amount of regulatory capital set aside to comply with the Basel II Accord's requirements and to slash current costs. Software vendors specializing in measuring operational risk to comply with the Basel II Accord estimate that additional reserve capital could come to as much as $7 billion for a large global bank.

At PNC Global Investment Servicing, quality benchmarks are set at 100 percent accuracy. Business lines work with their respective risk officers to produce transactional analysis report cards explaining whether or not the organization made that mark and where it lagged.

Depending on how sizeable the errors are, the matter is then referred to an executive risk management committee for review, says Sam Sparhawk, managing director for securities lending at the Wilmington, Del-based global custodian.

Recalling one instance where income and dividend payments were not posted correctly on payable date, Sparhawk says "when we discovered we were receiving erroneous information from a data vendor which we then notified to correct the mistake."

John Van Pelt, head of corporate operational risk for Northern Trust, says his bank defines its risk appetite as a percentage of its revenues. That undisclosed percentage varies among the bank's asset servicing, asset management and banking services. "In the case of asset servicing, which reflects processing of securities transactions, the percentage is set pretty low," says Van Pelt. He declined to specify the percentage but said that when exceeded, actions are quickly taken to quickly ensure errors won't happen again.

Although Van Pelt and other bank executives interviewed by Securities Industry News declined to provide specifics on remedies taken, software vendors specializing in data scrubbing engines to reconcile disparate information from multiple information vendors, reconciliation packages to catch inconsistencies in records between counterparties and third-party valuation services say their business is booming.

Calypso, a San Francisco-based risk management software vendor, just released a new version of its platform that allows firms to reduce operational risk by calculating the actual cost of processing a transaction for different types of assets. That cost is based on a total of the costs for each of the multiple subtasks.

"A bank could compare the operational costs involved with processing of complex structured derivatives which require lots of manual confirmation and pricing tasks in the middle office with those of an equity trade which is automated," says Sanela Hodzic, vice president of Calypso. "The bank can then compare the profit and loss made from the derivatives and equity transactions and understand where the highest operational costs reside."

Because the highest operational costs typically come from human intervention, eliminating a paper trail will help out a lot. Case in point: using consistent and automated pricing models for valuing over-the-counter derivatives will reduce the potential for discrepancies and errors between the calculations made in the front, middle and back offices.

This article can also be found at

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access