Re:Balance -- Jim Peterson

A new one-liner in the cultural vocabulary was introduced when the hit comedy, “No Sex Please, We’re British,” opened in London in 1971.

Today’s plea – with the Securities and Exchange Commission’s proposal to inflict an analytic structure upon the making of accounting and audit judgments – would be “No Standards Please, We’re American.”

On February 14 the SEC presented for public comments the interim progress report of its Advisory Committee on Improvements to Financial Reporting – here – which among its suggestions was that the Commission should adopt a “judgment framework” in the accounting area, and that the country’s audit regulator, the Public Company Accounting Oversight Board, should do the same for audit judgments.

Responses to the SEC are due the end of this month. Meanwhile, the PCAOB sponsored a panel discussion on February 27 by its Standing Advisory Group – summarized here by Edith Orenstein of Financial Executives International.

The signal achievement of this day-long effort was that the competing interests in the debate managed at the same time to expose both the hazards and the vacuity of the whole idea.

As co-presented to the PCAOB group by a managing director of Moody’s – yes, the credit rating agency – the notion is this:

•    Preparers of financial statements would be assisted by yet more pages of codified bullet points, in choosing and applying among the myriad of alternatives for selecting and implementing accounting standards, quantifying estimates, evaluating evidence and all the rest.

•    Auditors, likewise, would be similarly enlightened across the spectrum of judgments required to choose audit procedures, to evaluate the likelihood and impact of fraud and other risks, to conduct audit sampling, to evaluate controls and – layering the irony – to assess management’s own judgments.

Wait.

In the century and a half since the emergence of independent accounting early in the Victorian era, preparers of financial statements and their auditors have been striving get their judgment processes right. So who are these bureaucrats, with their presumption of assistance?

This is, after all, the same SEC that was caught flat-footed over the pervasive extent of executive options back-dating. The same PCAOB that in its sixth year has no more than a pilot program for constructive engagement with non-US regulators and inspection beyond the samples taken within its own borders. And the same Moody’s whose involvement in the subprime mortgage fiasco, along with the other major credit ratings agencies, finds them to be central in the still-spreading credit markets turmoil.

Put another way, taking advice on the process for judgment-making from this crowd could be viewed like hiring Noah to give flood-control advice to the city of New Orleans.

As for the parody that passes for debate, the self-interested and antagonistic participants are circling the topic and each other like stray and wary dogs around a hydrant.

The accounting firms at the PCAOB’s table gave cautious endorsement to the framework idea, despite the obvious hazard: By getting it right they would obtain no more credit, safeguard or protection than is available today under existing guidance. Instead, they would only have one more procedure to get wrong, and therefore increase their already debilitating litigation exposure.

The large accounting firms remain muzzled on their fragile and threatened state, unwilling out of either fear or denial to acknowledge the shockingly low litigation impact that would cause their disintegration (which I've calculated and discussed here).

As a result, they are inhibited from insisting that the only realistic usefulness of yet more regulation on the exercise of their judgments would be under a “safe harbor” within which they could explore and apply new modes of working.

But on the other hand, investor advocates among the profession’s critics make plain the political reality that no adjustments in the American legal liability framework that entraps the auditors today are about to be forthcoming.

Exposing the sterility of the discussion, even the regulators themselves are in full self-protection mode, making clear that nothing in the application of the suggested framework process would inhibit the SEC or the PCAOB from examining and criticizing the judgments made by issuers or auditors.

For British theatre-goers the farce of “No Sex Please” ended when the nightly curtain came down. Because a new "judgment framework" would offer benefits that range from elusive to non-existent, would impose costs of extra work and documentation that are extensive, and would inflict potential litigation hazards that are considerable, the farce now playing out in Washington deserves a closing notice.   

For other aspects of the PCAOB’s meeting last week, see my friend Francine McKenna at Re:The Auditors -- here.

Published in the IHT on February 1, 2008 (here)

SocGen: When Risk Management Fell Asleep at the Switch

Since the first story is seldom the whole story, it will take time and police work to get to the bottom of the €4.82 billion euros in financial trading losses racked up by the French bank Société Générale in unwinding unauthorized positions taken by a trader, Jérôme Kerviel.

Will Kerviel emerge as an evil genius disguised as a 30-something slacker? The ring leader of a clever gang of financial scamsters? Or, more likely, an average-to-dull employee who exploited the weaknesses of his employer's systems and the credulity of his overseers?

The answer to the question "How did he do it?" appears routine enough. Kerviel's exploits seem not very different from those of the wrong-way traders who have popped up like mushrooms in the back offices of trading institutions from Barings to Sumitomo to Allied Irish Bank to Penn Square.

The scenario is almost always the same: An early burst of irregular but winning trades, motivated by bonus envy or simple testosterone, later spirals the wrong way - briefly matched by a daisy chain of falsified counterdeals and an accelerating but ultimately futile concealment of old losses covered by new ones.

The more demanding question - "How did he get away with it?" - will become answerable only through SocGen's accountability to investigators; to President Nicolas Sarkozy of France, who is not amused; and to its shareholders.

Outside auditors have been summoned. But since there is no forensic process so banal as the after-the-fact sweeping of the dust off the wrong-doer's trail, the interesting question they will likely not address is this: "Where were the curious, persistent and demanding managers ahead of the wreck?"

It's too early to tell, but enough is knowable to suggest that a relative of Inspector Clouseau was seconded to the risk management and compliance function of the hapless bank.

My first and best mentor in the scrutiny of financial fraud made a point of extending his inquiry beyond the immediate problem. Called to investigate an irregularity in one corporate corner, he would search for other possible outbreaks. Instead of assuming a system to be foolproof, he would speculate about ways to stress-test it for vulnerabilities.

He had a first principle: Any system of recording and reporting transactions is suspect. As a product of human design and operation, it is vulnerable not only to simple error but also to deliberate subversion.
In the SocGen situation there are some basic risk management tools, implicated by Kerviel's apparent mode of operating.

First is the vacation rule: Everyone who processes transactions should be taken off his desk at intervals, so that a chain of successive falsifications, if one exists, can be discovered and broken. This has been an article of faith since long before it became the centerpiece of a landmark 1976 U.S. Supreme Court decision in the Hochfelder case. That case dealt with the right to sue under the securities laws, but it started as a dispute over the application of a simple tool in internal control: the realization that an employee who never takes a vacation may be hiding something.

A low-level French employee who declines to take his vacation entitlement is already an extraordinary anomaly, enough that Kerviel's superiors should have gone on immediate and full alert. As Kerviel himself acknowledged to French police investigators, "It's one of the elementary rules of internal control. A trader who doesn't take any days off is a trader who doesn't want to leave his book to another."

A second risk management premise is that you don't net positions before quantifying risk. The exposure in a portfolio with €50 billion euros of puts and €49 billion of calls is emphatically not limited to €1 billion. At least since the Continental Vending case in the 1960s, where criminality was charged over the improper offset of accounts receivable against payables before setting a reserve, "netting" has been recognized as a recipe for concealed disaster.

Especially in a trading environment, combining the ostensible effects of "buys" and "sells" subverts the very essence of safeguarding against the possibility that one leg or the other might somehow go wrong - or even, as here, be falsified altogether.

A third is that back-office compliance cannot be only a little bit broken. Whether Kerviel was known to take irregular trading positions as far back as 2005, as he says, or only starting in 2006, as the investigator suggests, either one indicates a tolerance at SocGen for a back-office error rate greater than zero. But as the effect of financial leverage in Kerviel's dealings makes clear, there is no such thing as small or controlled leakage in a commodities operation.

Back-office compliance does not work to the same margin of error as, say, audited financial statements, which need only be stated fairly within the broadly judgmental range of "materiality" - or, in laymen's terms, "close enough." For systems capable of going awry to the tune of billions of euros, that level of tolerance for error cannot pass a credibility test.

Finally, and indicative of the SocGen attitude of mind, is the report that Kerviel talked his way out of an external alert by producing falsified documents by way of excuse. Once the red flag is raised, going to the target himself for an explanation suggests a box-ticking mentality that is out of place in a compliance function.

"Rogue trader" is probably too colorful an epithet for Kerviel. For the functionaries in SocGen's risk management, "asleep at the switch" probably doesn't go far enough.