Kweku Adoboli has done me a great favor.
Many others could not say the same. They include Oswald Grüber, Carsten Kengeter and Maureen Miskovic – the chief executive, head of investment banking and senior risk officer of UBS – whose balance sheet the 31-year-old trader has blown up to the tune of $ 2.3 billion, through the unimaginative if devastating use of fictitious customer trades to mask his massive wrong-way bets on the S&P 500 and other major indices.
While Adolboli will stay another month in custody in London, and Grüber’s team of gnomes in Zurich begin the extended process of damage assessment and control of this latest outbreak at the troubled bank, I have the privilege of bringing to a seminar at the University of Chicago Law School the MBA-level course in Risk Management I have taught at business schools these last three years.
Arrested on the third anniversary of the collapse of Lehman Brothers, Adoboli not only lets me throw out the opening pages of my introductory lecture notes, on the inevitable eruption of large-scale unmanaged risks in complex systems. He also replaces Société Générale’s Jérôme Kerviel as a final exam topic on the test question, “Where’s the rogue?”
In the law school environment, we will explore the proposition freshly demonstrated at UBS, that compliance-oriented risk systems – limited in concept, execution and assurance to the narrow and unsatisfactory conclusion that “most things are working, most of the time” – are both wasteful and ineffective to detect or deter an existential threat.
It’s as true for a rogue trader as for a suicide terrorist: doing pat-downs or box-ticks of an entire population, whether grandmothers on airplanes or bank clerks writing customer orders, will not stop the dangerous deviant capable of causing a blow-up – however much those intrusive and costly procedures may serve the political goal of lulling both leaders and constituents into a false if harassed sense of security.
In context of Adoboli’s shenanigans, said to date back to 2008 when UBS itself was bailed out of the consequences of its ill-fated venture into subprime mortgage-backed derivatives, on through its climb-down before the Justice Department over the business of sheltering US taxpayers, there is painful irony in reading the bank’s self-congratulation on the subject of its risk management. Take, for example, excerpts from its 2010 annual report:
“Operational risk is the risk resulting from inadequate or failed internal processes, human error and systems failure, or from external causes (deliberate, accidental or natural). Events may be manifested as direct financial losses or indirectly in the form of revenue forgone as a result of business suspension. They may also result in damage to our reputation and to our franchise causing longer term financial consequences.
“Managing risk is a core element of our business activities, and operational risk is an inevitable consequence of being in business. Our aim is not to eliminate every source of operational risk, but to provide a framework that supports the identification and assessment of all material operational risks and their potential concentrations in order to achieve an appropriate balance between risk and return.
“… Management, in all functions, is responsible for establishing an appropriate operational risk management environment, including the establishment and maintenance of robust internal controls and a strong risk culture.” (All emphasis added.)
With that, a question could be posed to Mr. Grüber concerning the bank’s reported 2010 payment of fees to Ernst & Young of 67.4 million Swiss francs ($ 59 million at today’s exchange), of which CHF 58.5 million were classified as audit, to obtain the latest annual version of a standard auditor’s report:
“With hindsight, how badly would you have wished to re-direct some portion of that audit fee to an engagement to conduct a precise and effectively directed, root-and-branch scrutiny of the condition of the controls at the sections of your bank having potential to inflict multi-billion dollar harm?”
Because herein lies the puzzle, about the unavailability of such valuable assurance to replace today’s outmoded commodity product:
In launching its concept release on the auditors’ report, Public Company Accounting Oversight Board chairman James Doty’s June 21, 2011 statement acknowledged “generalized investor dissatisfaction with the pass-fail model, and generalized frustration with auditors who had issued unqualified opinions on the financial statements of banks that later failed.”
And yet -- the entire community of financial statement issuers, users, regulators and auditors remain committed to what one comment letter notes as “the PCAOB’s intent to retain the current (‘pass/fail’) form of the auditor’s report.” As stated, there is “overwhelming support from all stakeholder groups for retaining this long-standing approach to auditor reporting.”
Why?
Kweku Adoboli now stands as poster boy for the unrecognized urgency of replacing that model.
Thanks for joining this dialog. Please share with friends and colleagues. Comments are welcome, and subscription sign-up is easy and free, both at the Main page.