Latest Blog

Riskczar Comics #2

I just had the pleasure of watching author Kathryn Schulz’s TED video about being wrong. As I watched I couldn’t help thinking about Oswald Grübel’s “moment of wrongness”: when he learned about UBS’s $2 billion trading loss.

Last November Grübel went on record saying “Risk is our business. I can assure you, as long as I’m here, as long as my colleagues are here, we do know about risks.” Schulz would probably submit that at the time Grübel made that assertion he genuinely felt very right about UBS’s risk management capabilities. His belief reflected his reality. It seems “we feel very right about everything” because “we don’t have any internal cue to tell us we are wrong until it’s too late.” In the case of UBS, too late was $2 billion too late.

The highlight of her presentation is the three assumptions we make when someone disagrees with us:

  1. We assume they are simply ignorant and have less information than us.
  2. If they have the same information as us, we assume they are simply idiots.
  3. If they have all the facts and are pretty smart, they must have their own evil agenda.

So imagine if a year ago someone at UBS had brought a potential control deficiency to the attention of risk management or Grübel. Based on the above assumptions he would have reviewed the three assumptions in his mind and likely embraced the allegation much like how Enron’s Ken Lay reacted to the memo about accounting misstatements from Sherron Watkins. Danke schoen. Auf Wiedersehen.

The trouble, she explains, is that when we stop thinking that we could be wrong is when we make mistakes. Clearly Grübel didn’t think he could be wrong.

Here’s a link to her book

I worked about six shifts at a Burger King in a shopping mall when I was in my teens. I quit because I didn’t care much for wearing the brown pants and hairnet. On my final night, the closing shift, I helped the veterans take the trash out. When we got to the Dumpster my colleagues ripped open a trash bags and pulled out a sealed bag that included dozens of Muppet Babies toys which they smuggled out of the store. Despite the manager’s belief that he had controls that were “watertight as possible” if your employees want to screw you, they will always find a way to screw you.

Years later, a trader who managed an arbitrage book explained that the bank hired him to exploit opportunities in the market because he was smarter than rival traders and institutional clients. He said to me that if he really wanted to screw the organization he could screw the organization. But he didn’t because he just didn’t.

Pick up any risk management framework to see a common approach to ERM: identify and assess your risks then do something about them. That part is academic. It’s just content. But the frameworks also have a communication and cultural component to them. Changing culture and making risk management a competency is not easy. That’s process.

Andrew Hill from the Financial Times writes about UBS:

Unfortunately, even risk managers working within a well-designed control structure are largely powerless in the face of an embedded corporate culture and a system of skewed incentives. Recent history – particularly in the financial sector – shows rules and processes are far easier to change than bad behaviour and big bonuses.

Remember anyone can generate a list of risks and even if you think “Risk is our business” creating a risk-friendly culture is where the real work needs to be done.


UPDATE: I love when I write something and someone crystalized my thoughts precisely after I wrote them. Have a look at this post on “The catch-22 of catching a rogue trader” by Shelley DuBois as it complements my post. She quotes someone and writes:

You have to hope that your traders are the finest moral people around. Then, you set up your policies and your rules as if they’re all lying, cheating crooks.”


Andrew Hill from the Financial Times writes there’s risk in relying on risk managers. He also notes that despite Carsten Kengeter’s assertion: “We will not rest until we have controls that are as watertight as possible”, we all know that organizations cannot function without taking any risk.

Banks and investment banks are in the business of making money so good luck with that whole resting thing.

A headline today on reads “UBS case latest failure of risk management”.

I think I will spend the rest of the day being offended by the CBC. (All will be forgiven if Amanda Lang appears on the National tonight.)

Despite all the systems, oversight, controls, compliance, supervision and some other sixth thing, you can’t stop the rogue trader. Adoboli is to blame. His boss is to blame. Maybe culture or performance objectives are to blame. But risk management is not.

Saying Risk Management is to blame is like saying the police department should be blamed for a teen committing a murder: the police do their best to increase patrols in high crime neighborhoods, to take weapons off the streets, to educate teens; but police cannot stop stupid people from doing dangerous things once in while. Point the fingers at parents before the police.

Risk management is neither the cause nor the solution to a bank’s problems.

UPDATE: This post was written before it was revealed Mr Adoboli was alleged to have “accrued the record loss by carrying out a large number of transactions over the course of the three-year period, rather than through a single deal that went wrong. ” It was assumed at the time I wrote this post that the crime took place over the last few days/weeks.


Blessed are the risk managers: for they shall be called sons of God.

                                                                                          –  Riskczar 5:9

One can only imagine the profanity and f-words that spewed from the mouth of Maureen Miskovic, the new Chief Risk Officer at UBS, when she learned about the $2 billion rogue trading hit at UBS. I bet she made Carol Bartz look like a Ned Flanders.

It’s still too soon to know who knew what and when, but as Simon Morris explained in a Reuters article, the root cause is likely insufficient supervision:

“No rogue trader works in a vacuum, and UBS’s management must have taken its eye off the ball to allow a trader to operate on this scale without sufficient supervision and without the systems to monitor his trades”

I am sympathetic to risk managers who often make convenient scapegoats when there are likely a half-dozen people including the rogue trader’s boss, boss’s boss and boss’s boss’s boss who are more accountable than the Chief Risk Officer.

There is rarely any upside in being the head of risk management but lots of downside. I will follow Ms. Miskovic’s story with great interest.