Category Archives: Data Mining

Assessing Counterparty Risk post-GFC – some lessons for #FinTech

Posted on by
Reply

At the height of the GFC, banks, governments, regulators, investors and corporations were all struggling to assess the amount of credit risk that Lehman Brothers represented to global capital markets and financial systems. One of the key lessons learnt from the Lehman collapse was the need to take a very different approach to identifying, understanding and managing counterparty risk – a lesson which fintech startups would be well-advised to heed, but one which should also present new opportunities.

In Lehman’s case, the credit risk was not confined to the investment bank’s ability to meet its immediate and direct financial obligations. It extended to transactions, deals and businesses where Lehman and its myriad of subsidiaries in multiple jurisdictions provided a range of financial services – from liquidity support to asset management; from brokerage to clearing and settlement; from commodities trading to securities lending. The contagion risk represented by Lehman was therefore not just the value of debt and other obligations it issued in its own name, but also the exposures represented by the extensive network of transactions where Lehman was a counterparty – such as acting as guarantor, underwriter, credit insurer, collateral provider or reference entity.

Before the GFC

Counterparty risk was seen purely as a form of bilateral risk. It related to single transactions or exposures. It was mainly limited to hedging and derivative positions. It was confined to banks, brokers and OTC market participants. In particular, the use of credit default swaps (CDS) to insure against the risk of an obiligor (borrower or bond issuer) failing to meet its obligations in full and on time.

The problem is that there is no limit to the amount of credit “protection” policies that can be written against a single default, much like the value of stock futures and options contracts being written in the derivatives markets can outstrip the value of the underlying equities. This results in what is euphemistically called market “overhang”, where the total face value of derivative instruments trading in the market far exceeds the value of the underlying securities.

As a consequence of the GFC, global markets and regulators undertook a delicate process of “compression”, to unwind the outstanding CDS positions back to their core underlying obligations, thereby averting a further credit squeeze as liquidity is released back into the market.

Post-GFC

Counterparty risk is now multi-dimensional. Exposures are complex and inter-related. It can apply to any credit-related obligation (loans, stored value cards, trade finance, supply chains etc.). It is not just a problem for banks, brokers and intermediaries. Corporate treasurers and CFOs are having to develop counterparty risk policies and procedures (e.g., managing individual bank lines of credit or reconciling supplier/customer trading terms).

It has also drawn attention to other factors for determining counterparty credit risk, beyond the nature and amount of the financial exposure, including:

  • Bank counterparty risk – borrowers and depositors both need to be reassured that their banks can continue to operate if there is any sort of credit event or market disruption. (During the GFC, some customers distributed their deposits among several banks – to diversify their bank risk, and to bring individual deposits within the scope of government-backed deposit guarantees)
  • Shareholder risk – companies like to diversify their share registry, by having a broad investor base; but, if stock markets are volatile, some shareholders are more likely to sell off their shares (e.g., overseas investors and retail investors) which impacts the market cap value when share prices fall
  • Concentration risk – in the past, concentration risk was mostly viewed from a portfolio perspective, and with reference to single name or sector exposures. Now, concentration risk has to be managed across a combination of attributes (geographic, industry, supply chain etc.)

Implications for Counterparty Risk Management

Since the GFC, market participants need to have better access to more appropriate data, and the ability to interrogate and interpret the data, for “hidden” or indirect exposures. For example, if your company is exporting to, say Greece, and you are relying on your customers’ local banks to provide credit guarantees, how confidant are you that the overseas bank will be able to step in if your client defaults on the payment?

Counterparty data is not always configured to easily uncover potential or actual risks, because the data is held in silos (by transactions, products, clients etc.) and not organized holistically (e.g., a single view of a customer by accounts, products and transactions, and their related parties such as subsidiaries, parent companies or even their banks).

Business transformation projects designed to improve processes and reduce risk tend to be led by IT or Change Management teams, where data is often an afterthought. Even where there is a focus on data management, the data governance is not rigorous and lacks structure, standards, stewardship and QA.

Typical vendor solutions for managing counterparty risk tend to be disproportionately expensive or take an “all or nothing” approach (i.e., enterprise solutions that favour a one-size-fits-all solution). Opportunities to secure incremental improvements are overlooked in favour of “big bang” outcomes.

Finally, solutions may already exist in-house, but it requires better deployment of available data and systems to realize the benefits (e.g., by getting the CRM to “talk to” the loan portfolio).

Opportunities for Fintech

The key lesson for fintech in managing counterparty risk is that more data, and more transparent data, should make it easier to identify potential problems. Since many fintech startups are taking advantage of better access to, and improved availability of, customer and transactional data to develop their risk-calculation algorithms, this should help them flag issues such as possible credit events before they arise.

Fintech startups are less hamstrung by legacy systems (e.g., some banks still run COBOL on their core systems), and can develop more flexible solutions that are better suited to the way customers interact with their banks. As an example, the proportion of customers who only transact via mobile banking is rapidly growing, which places different demands on banking infrastructure. More customers are expected to conduct all their other financial business (insurance, investing, financial planning, wealth management, superannuation) via mobile solutions that give them a consolidated view of their finances within a single point of access.

However, while all the additional “big data” coming from e-commerce, mobile banking, payment apps and digital wallets represents a valuable resource, if not used wisely, it’s just another data lake that is hard to fathom. The transactional and customer data still needs to be structured, tagged and identified so that it can be interpreted and analysed effectively.

The role of Legal Entity Identifiers in Counterparty Risk

In the case of Lehman Brothers, the challenge in working out which subsidiary was responsible for a specific debt in a particular jurisdiction was mainly due to the lack of formal identification of each legal entity that was party to a transaction. Simply knowing the counterparty was “Lehman” was not precise or accurate enough.

As a result of the GFC, financial markets and regulators agreed on the need for a standard system of unique identifiers for each and every market participant, regardless of their market roles. Hence the assignment of Legal Entity Identifiers (LEI) to all entities that engage in financial transactions, especially cross-border.

To date, nearly 400,000 LEIs have been issued globally by the national and regional Local Operating Units (LOU – for Australia, this is APIR). There is still a long way to go to assign LEIs to every legal entity that conducts any sort of financial transaction, because the use of LEIs has not yet been universally mandated, and is only a requirement for certain financial reporting purposes (for example, in Australia, in theory the identifier would be extended to all self-managed superannuation funds because they buy and sell securities, and they are subject to regulation and reporting requirements by the ATO).

The irony is that while LEIs are not yet universal, financial institutions are having to conduct more intensive and more frequent KYC, AML and CTF checks – something that would no doubt be a lot easier and a lot cheaper by reference to a standard counterparty identifier such as the LEI. Hopefully, an enterprising fintech startup is on the case.

Next week: Sharing the love – tips from #startup founders

#FinTech – using data to disintermediate banks?

Posted on by
2

At a recent #FinTechMelb meetup event, Aris Allegos, co-founder and CEO of Moula, talked about how the on-line SME lender had raised $30m in investor funding from Liberty Financial within 9 months of launch, as evidence that their concept worked. In addition, Moula has access to warehouse financing facilities to underwrite unsecured loans of up to $100k, and has strategic partnerships with Xero (cloud accounting software) and Tyro (payments platform).

Screen Shot 2015-09-07 at 10.52.16 amMoula is yet one more example of how #FinTech startups are using a combination of “big data” (and proprietary algorithms) to disrupt and disintermediate traditional bank lending, both personal and business. Initially, Moula is drawing on e-commerce and social media data (sales volumes, account transactions, customer feedback, etc.). Combined with the borrower’s cashflow and accounting data, plus its own “secret sauce” credit analysis, Moula is able to process on-line loan applications within minutes, rather than the usual days or weeks that banks can take to approve SME loans – and the latter often require some form of security, such as property or other assets.

So far, in the peer-to-peer (P2P) market there are about half-a-dozen providers, across personal and business loans, offering secured and unsecured products, to either retail or sophisticated investors, via direct matching or pooled lending solutions. Along with Moula, the likes of SocietyOne, RateSetter, DirectMoney, Spotcap, ThinCats and the forthcoming MoneyPlace are all vying for a share of the roughly $90bn personal loan and $400bn commercial loan market, the bulk of which is serviced by Australia’s traditional banks. (Although no doubt the latter are waking up to this threat, with Westpac, for example, investing in SocietyOne.)

We should be careful to distinguish between the P2P market and the raft of so-called “payday” lenders, who lend direct to consumers, often at much higher interest rates than either bank loans or standard credit cards, and who have recently leveraged web and mobile technology to bring new brands and products to market. Amid broad allegations of predatory lending practices, exorbitant interest rates and specific cases of unconscionable conduct, payday lenders are facing something of a backlash as some banks decide to withdraw their funding support from such providers.

However, opportunities to disintermediate banks from their traditional areas of business is not confined to personal and business loans: point-to-point payment services, stored-value apps, point of sale platforms and foreign currency tools are just some of the disruptive and data-driven startup solutions to emerge. That’s not to say that the banks themselves are not joining in, either through strategic partnerships, direct investments or in-house innovation – as well as launching on-line brands, expanded mobile banking apps and new product distribution models.

But what about the data? In Australia, a recent report from Roy Morgan Research reveals that we are increasingly using solely our mobile devices to access banking services (albeit at a low overall engagement level). But expect this usage to really take off when ApplePay comes to the market. Various public bodies are also embracing the hackathon spirit to open up (limited) access to their data to see what new and innovative client solutions developers and designers can come up with. Added to this is the positive consumer credit reporting regime which means more data sources can be used for personal credit scoring, and to provide even more detailed profiles about customers.

As one seasoned banker told me recently as he outlined his vision for a new startup bank, one of the “five C’s of credit” is Character (the others being Capacity – ability to pay based on cashflow and interest coverage; Capital – how much the borrower is willing to contribute/risk; Collateral – what assets can be secured against the loan; and Conditions – the purpose of the loan, the market environment, and loan terms). “Character” is not simply “my word is my bond”, but takes into account reputation, integrity and relationships – and increasingly this data is easily discoverable via social media monitoring and search tools. It stills needs to be validated, but using cross-referencing and triangulation techniques, it’s not that difficult to build up a risk profile that is not wholly reliant on bank account data or payment records.

Imagine a scenario where your academic records, club memberships, professional qualifications, social media profiles and LinkedIn account could say more about you and your potential creditworthiness than how much money you have in your bank account, or how much you spend on your credit card.

Declaration of interest: The author currently consults to Roy Morgan Research. These comments are made in a personal capacity.

Next week: Rapid-fire pitching competitions hot up…..

Deconstructing #Digital Obsolescence

Posted on by
Reply

Remember the video format wars of the 1980s? At one point, VHS and Betamax were running neck and neck in the consumer market, but VHS eventually won out (although the also-ran V2000 was technically superior to both). Since then, we’ve had similar format battles for games consoles, video discs, computer storage, CD’s and e-books. It’s the inevitable consequence of operating platforms trying to dominate content – a continuing trend which has probably reached its apotheosis with the launch of Apple’s Beats 1 streaming service. This convergence of hardware and software is prompting some contrary trends and, if nothing else, proves our suspicion of hermetically sealed systems…

about-format2

Trevor Jackson embarks on a format frenzy….

1. Digital Divergence

Earlier this year, UK music producer Trevor Jackson released a collection of 12 songs, each one pressed on a different media format: 12″, 10″ and 7″ vinyl; CD and mini-CD; cassette; USB; VHS; minidisc; DAT; 8-track cartridge; and reel-to-reel tape. Of course, he could have also used 78 rpm shellac records, digital compact cassettes, Digital8 tapes, 3.5 and 5.25 inch floppy disks (still available, I kid you not) or any of the multitude of memory cards that proliferate even today.

While Jackson’s “Format” project might seem gimmicky, it does demonstrate that many digital formats are already obsolete compared to their analogue counterparts (and until very recently, I could have played 8 of the 12 formats myself – but I’ve just donated my VHS player to our local DVD store).

As I have blogged previously, there is an established body of digital/analogue hybrids, especially in data storage, and I can only see this continuing as part of the creative tension between operating systems and content formats.

2. Digital Archeology

Each new hardware/software upgrade brings a trail of digital obsolescence (and a corresponding amount of e-waste). It’s also giving rise to a new discipline of digital archeology, combining forensics, anthropology and hacking.

Back in 2002, it was discovered that a 15-year old multimedia version of the Domesday book was unreadable* – yet the hand-written version is still legible, and available to anyone who can read (provided they can decipher 1,000-year old Norman English). Apparently, it has taken longer to decrypt the 1986 video disc than it took to create it in the first place.

More digital archeologists will be needed to mine the volumes of data that reside in archival formats, if we are to avoid losing much of the knowledge we have created since the advent of the personal computer and the public internet.

3. Digital Provenance

We’re used to managing our data privacy and computer security via password protection, network protocols and user authentication. If we think about it, we also question the veracity of certain e-mails and websites (phishing, scamming, malware, trojans etc.).

A while ago I blogged about the topic of digital forgeries, and the associated phenomenon of digital decay. Just as in the art world, there is a need to establish a method of digital provenance to verify the attributes and authenticity of content we consume.

We are already seeing this happen in the use of block chains for managing cryptocurrencies, but I believe there is a need to extend these concepts to a broader set of transactions, while also facilitating the future proofing and retrofitting of content and operating systems.

4. Digital Diversity

In response to closed operating systems, sealed hardware units and redundant formats, there are several interesting and divergent threads emerging. These are both an extension of the open source culture, and a realisation that we need to have transferable and flexible programming abilities, rather than hardwired coding skills for specific operating systems or software platforms.

First, the Raspberry Pi movement is enabling richer interaction between programming and hardware. This is especially so with the Internet of Things. (For a related example, witness the Bigshot camera).

Second, Circuit Bending is finding ways to repurpose otherwise antiquated hardware that still contain reusable components, processors and circuit boards.

Third, some inventive musicians and programmers are resuscitating recent and premature digital antiques, such as Rex The Dog‘s re-use of the Casio CZ-230S synthesizer and its Memory Tapes to remix their first single, and humbleTUNE‘s creation of an app that can be retrofitted to the original Nintendo Gameboy.

These trends remind me of those Radio Shack and Tandy electronics kits I had as a child, which taught me how to assemble simple circuits and connect them to hardware. (And let’s not forget that toys like LEGO and Meccano started incorporating motors, electronics, processors and robotics into their kits many years ago.)

 5. Salvaging the Future

Finally, as mentioned above, built-in digital obsolescence creates e-waste of the future. A few recycling schemes do exist, but we need to do a better job of reclaiming not just the data archives contained in those old disks, drives and displays, but also the materials from which they are made.

* My thanks to Donald Farmer of Qlik for including this in his recent presentation in Melbourne.

Next week: #FinTech – what’s next?

Personal vs Public: Rethinking Privacy

Posted on by
Reply

An incident I recently witnessed in my neighbourhood has caused to me to rethink how we should be defining “privacy”. Data protection is one thing, but when our privacy can be compromised via the direct connection between the digital and analog worlds, all the cyber security in the world doesn’t protect us against unwanted nuisance, intrusion or even invasion of our personal space.

Pressefotografen mit KamerasScenario

As I was walking along the street, I saw another pedestrian stop outside a house, and from the pavement, use her smart phone to take a photograph through the open bedroom window. Regardless of who was inside, and irrespective of what they were doing (assuming nothing illegal was occurring), I would consider this to be an invasion of privacy.

For example, it would be very easy to share the picture via social media, along with date and location data. From there, it could be possible to search land registries and other public records to ascertain the identity of the owners and/or occupants. And with a little more effort, you might have enough information to stalk or even cyber-bully them.

Privacy Law

Photographing people on private property (e.g., in their home) from public property (e.g., on the street outside) is not an offence, although photographers must not cause a nuisance nor interfere with the occupants’ right of quiet enjoyment. Our current privacy laws largely exclude this breach of privacy (unless it relates to disclosure of personal data by a regulated entity). Even rules about the use of drones are driven by safety rather than privacy concerns.

Since the late 1990’s, and the advent of spam and internet hacking, there have been court decisions that update the law of trespass to include what could be defined as “digital trespass”, although some judges have since tried to limit such actions to instances where actual harm or damage has been inflicted on the plaintiff. (Interestingly, in Australia, an act of trespass does not have to be “intentional”, merely “negligent”.)

Apart from economic and financial loss that can arise from internet fraud and identity theft, invasion of privacy via public disclosure of personal data could lead to personal embarrassment, damage to reputation or even ostracism. (In legal terms emotional stress falls within “pain and suffering”).

Data Protection Law

The Australian Privacy Principles contained within the 1988 Privacy Act apply to government agencies, private companies with annual turnover of $3m or more, and any organisations trading in personal data, dealing with credit information or providing health services. There are specific provisions relating to the use and misuse of government-derived identifiers such as medical records and tax file numbers.

The main purpose of the privacy legislation is to protect “sensitive” information, and to prevent such data being used unlawfully to identify specific individuals. At a minimum, this means keeping personal data such as dates of birth, financial records or hospital files in a secure format.

Some Practical Definitions

The following are not legal definitions, but hopefully offer a practical framework to understand how we might categorise such data, and manage our obligations towards it:

“Confidential”

Secret information that must not be disclosed to anyone unless there is a legal obligation or permission to do so. (There are also specific issues and exceptions relating to “classified information”, public interest matters, whistleblower protection and Freedom of Information requests.)

“Private”

Information which is not for public or general consumption, although the data itself may not be “confidential”. May still be subject to legal protection or rights, such as the right of adopted children to discover the identity of their birth parents, or the right of someone not to be identified as a lottery winner.

“Personal”

Data that relates to, or can specifically identify a particular individual. An increasing issue for Big Data, because data that otherwise resides in separate locations can now be re-connected using triangulation techniques – scrape enough websites and drill down into enough databases, and you could probably find my shoe size.

“Public”

Anything that has been published, or easily discoverable through open search or public database retrieval (but, for example, does not include my past transactions on eBay unless I have chosen to disclose them to other users). My date of birth may be a matter of record, but unless you have authorised access to the relevant database or registry, you won’t be able to discover it and you certainly shouldn’t disclose it without my permission.

Copyright Law

One further dimension to the debate is copyright law – the ownership and related rights associated with any creative works, including photographs. All original content is copyright (except those works deemed to be in the “public domain”), and nearly all copyright vests with the person who created the work (unless they have legally assigned their copyright, or the material was created in the course of their employment).

In the scenario described above, the photographer would hold copyright in the picture they took. However, if the photograph included the image of an artwork or even a framed letter hanging on the wall, they could not reproduce the photograph without the permission of the person who owned the copyright in those original works. In some (limited) situations, a photograph of a building may be subject to the architect’s copyright in the design.

Curiosity is not enough justification to share

My personal view on all this is that unless there is a compelling reason to make something public, protecting our personal privacy takes precedent over the need to post, share or upload pictures of other people in their private residence, especially any images taken without the occupants’ knowledge or permission.

Just to clarify, I’m not referring to surveillance and monitoring by the security services and law enforcement agencies, for which there are understandable motives (and appropriate safeguards).

I’m saying that if we showed a little more respect for each others’ personal space and privacy (particularly within our homes, not just in cyberspace) then we might show a little more consideration to our neighbours and fellow citizens.

Next week: It’s OK to say “I don’t know”