The Problem of Complexity

"A rising market can still bring the reality of riches. This in turn can draw more and more people to participate. The government preventatives and controls are ready. In the hands of a determined government their efficacy cannot be doubted. There are however 100 reasons why the government will determine not to use them"

This quote, drawn from 1929, shows that the desire to create a new set of improved controls post catastrophe has probably been with us from the day civilisations started.

The new regulatory framework devised since 2008 is indeed an impressive body of work and with the higher capital buffer, I agree with the supervisors who believe that there is now sufficient capital to buffer the financial system from a repeat of recent events. I only hope that this time the memory of the pain that those fateful months in 2007-9 lives on beyond the two generations it took to fade with the repel of Glass-Steagall.

Ticked boxes and oil spills

I have picked on BP, a non-bank to make an observation that its ignominy in the Gulf was not from a lack of controls but because its culture allowed box-ticking that led to a false sense of protection. BP had an embedded risk culture that operated under well-defined risk appetite, had large and strong compliance and risk departments in a 3LoD framework, well-defined controls and monitoring procedures, governance with committees of senior staff. BP even boasted their own Risk Academy as evidence of a superior risk culture.  

And yet BP suffered failure of multiple lines of defense leading to the spilling copious amounts of oil into the Gulf. Why after all that effort in building out an impressive control framework did so many lines fail at the same time? 

BP like all of the investment banks was the singular desire to be bigger. Anyone who has attended any Town Hall by any bank’s CEO in the past twenty years will recognize the echo chamber of “we are the smartest, we can be the biggest, and we will be the best”. 

Ignoring "I, pencil"

From the mid-nineties, banks rushed to expand their footprint by moving into areas previously not considered good business: 

• Finance deals with clients who are hiding something or clearly cannot pay
• Lending on the margin to those that will walk away at the first sight of trouble
• Create derivative products with complex payoffs, longer maturity or on illiquid underlying

The events of 2008/9 and the regulatory response are well-documented. Much of the rapid expansion came with system complexity now thanks to regulation is driving transaction costs higher with their clumsy architecture.

In I, Pencil (https://history.fee.org/media/3736/84-i-pencil.pdf), Leonard Mead shows how complex the modern world can be in the production of a lowly pencil. Who knows what he would make of a stack of models, data and processing prevalent in investment banking

Control committees and wet spaghetti

All banks have a complex web of control committees who in the past have waved through new products and signed off more accumulated risk. All doing their job, all improved thanks to regulatory and audit scrutiny and yet all failed to stop even borderline decisions. Product knowledge is spread too thinly and with the directive from above to expand, individual responsibility is lost alongside the incentive to ask the vexing questions of “should we” and “how much is too much”. The resulting matrix of committees constitutes a backbone no better than wet spaghetti.

Committee should mirror the migration to smaller trading units - the overall number might not change but the focus of each around narrow product groups will improve quality and accountability. Delegating real authority to a group who understand the unit’s risk strategy and have the credibility to go several rounds with deal teams and traders can provide sufficient independent and useful challenge.

Data, data everywhere

So why does critical information about the proverbial next oil spill not permeate into the control framework, why is nobody positioned to join the dots? Banking is not short of data, and maybe suffers from too much data flowing across the 3LoD that creates its own false sense of security. The new fad for AI solutions is to dive into this sea of data, but not a substitute for someone putting their hand up and ask searching "I don't get it" questions.

Small is beautiful

Schumacher would propose that the only logical route would be to decompose firms into smaller autonomous trading groups and minimise the role and burden of central functions.  This opportunity to repeat the 1930s and break up the banks has come and gone, so the final remediation is to make at least the organisational and governance framework easier to navigate.

An effective rollout of 3LoD where the Front Office build their own control tools and evidence that they can manage risk while the Risk/Finance functions focus on challenging. This simple structure leave Audit to complete assurance around the accountability-challenge model. 

The other aspect is to reduce the number of control points to an absolute minimum - more really is not better, its just more effort. Streamlining the committee structure with clear mandates, proper teeth with 90% of the data in the appendix. By incentivising participants to prepare beforehand and meaningfully challenge, banks will find not only their cost of compliance significantly lower, the overall robustness of the control framework will improve.

David K Kelly is a Director and Founder of Kerr Shearer Limited