A German enterprise software concern recently published a white paper about financial market scandals, expressing its views as to how regulators can “get serious” about market surveillance. It’s worth looking seriously at these ideas (even if they were put forward, in essence, as advertising) for what they may say about how certain international winds are blowing.
It’s also somewhat amusing to see the way in which authors settle upon the number “seven” in order to make their points. The authors of this paper could easily have sliced and diced their case in different ways, and given us six bullet points, or the eight habits of highly effective compliance officers. Instead, they gave us seven, because seven is sacred.
Seven “pillars,” of course, allude to the autobiography of Lawrence of Arabia, The Seven Pillars of Wisdom. A quick googling of the phrase also reveals that there are “seven pillars of character,” “seven pillars of true education,” and even “seven pillars of life.”
Even Without Pillars
But even without pillars: the number is sacred. God rested on the seventh day of the first such week. A bit closer to the world of finance: Ancient Israel’s Jubilee, the forgiveness of debts, took place at the end of 49 years, seven cycles of seven.
Would you prefer your numerology with a touch of the business cycle? In Joseph’s interpretation of the Pharaoh’s dream (Genesis, chapter 41) the seven fat cows represent seven prosperous years to come, and the seven lean cows represent years of famine.
But the white paper brings this sacred number into the world of compliance software. It does so with reference to several recent scandals, starting with the issuance of fines for the manipulation of forex benchmark rates in November 2014. That month, three regulators – the U.S. CFTC, the UK’s Financial Conduct Authority, and Switzerland’s Financial Market Supervisory Authority – issued fines that totaled $4.3 billion against six global banks: Citibank; HSBC; JPMorgan; RBS; Bank of America; UBS. To retain their focus on the number seven, the white paper’s authors couldn’t help mention that Barclays was also under investigation.
As it broadens its focus, the paper acknowledges technological issues in the recent scandals (trading technology that “has progressed further than regulators could have imagined”) but keeps its emphasis is on the human factor: fat fingers, insiders, “rogues” doubling down on bad bets, etc.
Further, the software company reaches the conclusion that what supervisory authorities, the public ones and their private compliance office counterparts, both need is a crystal ball, a way of reading the early signs before a headline crisis.
So, here are those seven pillars
This is the system that needs “seven pillars.” They are as follows:
- A convergent threat system, that is, the integration of previously siloed systems, so that operational risk, market risk. Trader profiling are all integrated;
- An identification of anomalous behaviors through a combination of “historical, real-time, and predictive analysis….”
- Support for fast big data;
- Monitoring that crosses asset classes. For example, in the period 2007-12, “the price of oil was highly correlated to the stock market,” so if something spooked the one market it spooked the other.
- Monitoring that crosses regional boundaries. This is necessary, especially, to control for regulatory arbitrage, “which can create confusion and opportunities for error.”
- Alerts for unusual trader behavior. For example, if “a trader converses via instant messaging with a trader she doesn’t usually speak to, and this is followed by trading an unusually large trade in a stock she doesn’t usually trade, and it comes just before a market moving news event that raises the value by 35 percent, you [a supervisory or compliance official] would want to see” such an alert. [This sounds a lot like pillar #2, but, as noted, some gerrymandering to get to seven is expected on such lists.]
- Finally, the software must account for the dynamic evolution of rules. As the unknowns become knowns, new unknowns will surely develop at their frontiers, so no surveillance system can allow itself to become a shrink wrapped app.