Data error inflated Wells Fargo’s op risk capital by $5 billion

By Louie Woodall | News | 3 June 2020

Sharp fall in Q1 RWAs followed removal of duplicate data

Faulty data led Wells Fargo to overstate its operational risk capital charge for the fourth quarter of 2019 by $5.2 billion, raising further questions on the soundness of the bank’s op risk management.

In its regulatory filing for the first quarter, the San Francisco-based lender revised its op risk-weighted assets (RWAs) amount as of Q4 2019 to $338.7 billion. The previous filing had pegged the amount at $403.6 billion, 19% higher. Minimum regulatory capital charges are set at 8% of RWAs, meaning Wells Fargo held $32.3 billion of op risk capital at end-2019. As of Q1, op RWAs totalled $335.7 billion, 17% lower than the original Q4 2019 amount.

A spokesperson for the bank said: “The revision was due to duplicative data from a third party, and once the matter was identified the result was a favourable impact to regulatory capital under the advanced measurement approach.”

Wells Fargo did not disclose the identity of the third party – but in its latest Pillar 3 regulatory disclosure, the bank says it uses ORX, the industry op risk data exchange, to source external operational risk loss data. ORX said it does not comment on individual members or their data.

An op risk expert at another US bank said the abrupt revision was unlikely the result of a “fat finger” error. “Given the importance of that number, it’s more likely it’s the result of a change in the categorisation of the loss event,” he said.

“It could be that they had two events in their loss data set that they initially thought were separate that have now been determined to be the same. For example, they could have previously treated a group of lawsuits as separate events and these have now been classified as one broader event,” he adds.

The snafu did not impact the bank’s risk-based capital requirements, since in both Q4 2019 and Q1 2020 Wells was bound by the standardised approach, which sets capital using credit and market RWAs calculated using regulator-set formulas and does not include an op risk component. Under the US supervisory framework, the constraining risk-based requirement is the higher of that set by the standardised and advanced approaches – which includes op risk capital.

The revision was due to duplicative data from a third party, and once the matter was identified the result was a favourable impact to regulatory capital under the advanced measurement approach

Wells Fargo spokesperson

Big US banks use the advanced measurement approach (AMA) to calculate op RWAs. Wells Fargo’s AMA model incorporates internal loss data from its own database, and external loss data through membership of ORX, which is used to benchmark RWAs to a bank’s peer group, and to help estimate future op risk losses through such techniques as scenario analysis.

However, the frequency and severity of historical losses plays an outsized role in the AMA. Flawed op risk data, therefore, can materially affect the RWA amounts generated by an AMA model.

“AMA models were calibrated in the US under rigorous standards that the Fed has set. One element people dislike is looking at the empirical loss data as a floor, which you need a very strong justification to violate,” says the op risk expert.

The Federal Reserve, Wells’ primary regulator, declined to comment. However a person familiar with the Wells Fargo issue at the Fed said he had not observed a bank restating its op RWAs in this way before.



Bank data fidelity is monitored by the Fed, and issues affecting op risk management systems, processes and data can be dealt with through supervisory actions. For example, the Fed can declare a “matter requiring attention” or “matter requiring immediate attention” following a bank examination if it unearths an issue that could undermine the safety and soundness of an institution or that represents significant noncompliance with applicable laws or regulations.

Since February 2018, Wells Fargo has been bound by an asset cap of $2 trillion imposed by the Fed after it was found to have mis-sold “ghost accounts” to unsuspecting customers. The cap will be lifted at the Fed’s discretion following an overhaul of its op risk management framework.

Speaking at a virtual industry conference in May, Wells Fargo chief executive Charles Scharf said that it’s “very, very clear” what the bank has to do to remove the cap. “We’re doing the work. It’s a hard thing to talk about because we have milestones. We know exactly what we have to accomplish. But ultimately, it’s up to the Federal Reserve to decide when it's been done to their satisfaction.”

Mental health: the new frontline for risk management

By James Ryder | News | 2 June 2020

Rise in stress and anxiety among locked-down staff could open up banks to range of risks

Like millions of others, finance professionals have been working from home since March. It hasn’t been easy. For some, the workload is greater than ever as recent volatility in markets has hiked the number of trades to execute and process. But restrictive home office set-ups and patchy internet connections mean simple tasks can take longer to complete. Virtual meetings help workers stay in touch but it’s not the same as office camaraderie.

HR teams at financial firms are assessing the demands the coronavirus lockdowns are putting on their employees. Errors by stressed-out staff, extended periods of absence, and litigation risk from illness are among the business exposures now facing employers. The pandemic is forcing a new focus on mental health and its attendant risks.

“Safeguarding my team’s mental health is my number one priority right now,” says the head of a front-office quant finance team at a large European bank.

Research conducted even before the coronavirus pandemic struck shows the biggest cause of business disruption across industries globally is poor health, outstripping other factors such as cyber attacks and IT outages. Mental health-related absence can also be more costly for a company than absence from physical illness or injury. Employees who are absent for sickness such as stress, anxiety and depression are off work for 40% longer on average than those absent due to all types of illness and injury, according to recent UK government statistics.

Absence puts additional pressure on staff to cover for their ill colleagues – or for those on furlough, as many companies have had to place staff on temporary paid leave during the lockdown.

Some financial institutions are filling gaps in their output by outsourcing functions. In trading, for example, the pandemic has led to greater interest in outsourced order execution. Investment firms are looking for extra muscle to help them handle a spike in transaction volumes, or for trading unfamiliar asset classes.

Outsourcing brings its own risks, though. Third parties open up a new front for cyber criminals to exploit. Companies have to carefully vet vendors to ensure their standards of data protection, for example, are up to scratch.

Financial pressure on companies often equates to pressure on individuals. The pandemic has upended business-as-usual, slashing revenue streams or magnifying losses. The onus on sales and trading teams to hit targets is greater than ever.

It’s the kind of environment that can give rise to rogue trading or other misconduct. A lack of supervision enabled traders such as Jérôme Kerviel and Kweku Adoboli to rack up 10-digit losses at their respective banks. There are fears that widespread remote working during the pandemic will interfere with supervisory lines of sight, increasing the risk of internal fraud.

The volumes for operations staff in some of the markets in which banks operate were two, three, four times normal

Balbir Bakhshi, Deutsche Bank

Alternatively, pressure to meet sales targets could seed the ground for the next great mis-selling scandal. Incentive schemes and an overly sales-oriented culture were said to be prime factors behind the mis-selling of payment protection insurance by retail banks in the UK. The episode resulted in costs of more than £50 billion ($62 billion) in fines and other charges for the banks involved.

Damage may not even be intentional. Unexpectedly high volumes of transactions snarled up back-office margin systems in Asia in March, as human errors caused logjams in trade processing.

At Deutsche Bank, group head of non-financial risk Balbir Bakhshi says the operations department is among those under the most strain. The team, which has a big presence in India, endured a leap in its workload throughout March.

“The volumes for operations staff in some of the markets in which banks operate were two, three, four times normal,” he says. “Think about people working in a remote environment getting through more than two times their day job in a fairly seamless way – they did that by working longer hours. The mental health hotspots to watch, from an inherent risk perspective, are in areas like that.”

At times of stress, staff may be more liable to make mistakes. Even something as simple as a misplaced word can have costly consequences, as Samsung Securities discovered in 2018 when a fat-finger error resulted in the company doling out $100 billion worth of company shares to employees rather than the intended $2.6 million in dividends.

See you in court

A decline in mental health among individuals could open up banks to litigation risk as workers look to sue employers for stress-related illness. Last year, JP Morgan faced a lawsuit from the family of a sales executive who committed suicide after suffering from depression.

Lawsuits could come in several shapes and sizes. Nicola Rabson, global head of employment at law firm Linklaters, says individuals who have a psychiatric illness amounting to a disability may claim their bank hasn’t made the adjustments necessary to allow the employee to do their work properly. In a related scenario, the employee might feel they have been discriminated against indirectly, by being passed over for promotions or bonuses.

In the second type, an employee may claim for personal injury. In this scenario, says Rabson, individuals allege that their employer’s treatment of them has caused a psychiatric injury directly.

Kate Field, global head of health, safety and wellbeing at the British Standards Institution, says employee health issues have become more disruptive to companies in part due to a rise in lawsuits. “There has been an increase in civil litigation, which is costing these financial institutions large amounts of money.”

It’s a business risk if we don’t take care of our teammates

Anne Oxrider, Bank of America

Spotting the warning signs of incipient illness may be harder among staff who are working remotely. The signals managers may look out for, like an employee staying late very often or displaying uncharacteristic behaviour, become easier to miss when everybody works from home.

“The risk factor is aggravated – the employer doesn’t know the environment in which the employee is working,” Rabson says.

To combat this, banks are ramping up support services for staff and strengthening lines of communication. Citi has a full-time mental health nurse, while Deutsche Bank has a team of mental health first aiders.

Bank of America has a ‘life event services’ team that assists employees facing a range of personal challenges. The team was in such high demand at the start of the coronavirus crisis that the bank had to redeploy staff from other departments to boost headcount.

“It’s a business risk if we don’t take care of our teammates,” says Anne Oxrider, a senior vice-president in the HR team at Bank of America.

Citi is also using a form of scenario analysis – a tool familiar to operational risk managers – to help train staff. Managers receive an email periodically with scenarios they might encounter among team members, advice on how to handle related conversations, and links to resources for managing remote teams during the lockdown.

For more practical help, the US bank offers financial assistance for employees who earn below $60,000 per year in the form of a one-time payment of $1,000. The cash helps staff deal with the “dislocation” the coronavirus has caused, explains Jenny Grey, regional head of human resources at Citi.

“It’s in recognition that our lower-paid employees may have additional stresses as a result of the virus,” Grey says.

Remote working is not a stress-inducing experience for all staff. One large bank recently conducted an internal survey on the effect of working from home, and found that half of respondents thought that it was a positive experience. One quarter felt it was similar to working in the office, and a quarter found it a negative experience. Tellingly, the ‘negatives’ felt much stronger than the ‘positives’.

“The negative people skew far more negative than the positive people skew positive,” says the bank’s head of liquidity management.

A legacy of the lockdown may be greater awareness of mental health, HR heads at global banks suggest. The kind of discussions that were once taboo in some cultures may now become more commonplace as workers plan for the gradual return to the office.

Editing by Alex Krohn

Elevating enterprise resiliency practices to combat business challenges and disruptions

By RSA | Advertisement | 29 May 2020

The panel

  • James Fong, Solution Lead, South-east Asia and Greater China, RSA Archer
  • Patrick Potter, Global Risk Strategist, RSA 
  • Yusuf Yasin, Operational Risk Professional, Standard Chartered
  • Moderator: Dominic Wu, Chairman, Hong Kong Chapter, Institute of Operational Risk

Hosted by and RSA, this webinar explores the latest in enterprise resiliency strategies and how they can be effectively communicated throughout all parts of your organisation.

With limited visibility into immediate or emerging business and operational risks that impact on company resiliency, it is often difficult for financial services professionals to demonstrate to senior management that continuity and recovery plans will allow their organisations to withstand impending risks. By covering pertinent risks – including cyber security, third-party management and technological risks – the panel discusses key resiliency practices and upcoming challenges.

Key topics discussed:

Though Covid crisis rages, US banks’ op RWAs fall

By Abdool Fawzee Bhollah, Louie Woodall | Data | 18 May 2020

In the first quarter, US banks saw their credit and market risk-weighted assets (RWAs) surge as the coronavirus crisis plunged the financial system into chaos. But RWAs used to capitalise operational risks either stayed flat or shrunk at these top dealers.

Aggregate op RWAs at the eight US global systemically important banks (G-Sibs) fell by $5.7 billion over the first three months of 2020 to $1.86 trillion.

San Francisco-based lender Wells Fargo saw its op RWAs fall the most, by $2.9 billion (-1%) to $335.7 billion. Morgan Stanley followed with a reduction of $1.8 billion (-2%) to $100.2 billion. 


State Street cut $1.2 billion (-3%), Citi $997 million (-0.3%) and Goldman Sachs $375 million (0.3%).

Bank of America’s op RWAs held steady at $500 billion. 

BNY Mellon and JP Morgan were the only G-Sibs to see their op RWAs rise quarter-on-quarter, by $450 million (0.7%) and $1.2 billion (0.3%), respectively.

What is it? 

Basel II rules lay out three methods by which banks can calculate their capital requirements for operational risk: the basic indicator approach; the standardised approach; and the advanced measurement approach (AMA). The first two use bank data inputs and regulator-set formulas to generate the required capital, while the AMA allows banks to use their own models to produce the outputs

Why it matters

It looks odd that op RWAs, and therefore capital to protect against operational failures, should be falling in the midst of the coronavirus crisis. The pandemic has forced thousands of bank employees to work from home and weakened firms’ protections from internal fraud. It would be expected that op RWAs would skyrocket, rather than diminish, under such pressures.

But such a reading doesn’t take into account the mechanics of the advanced measurement approach, which the US G-Sibs all use. The backward-looking component feeds on historical data, and as periods of severe or frequent op risk failures roll out of the observation window, op RWAs fall.

However, as old data drops out, new data is added in. It’s probable that some of the G-Sibs’ op RWAs will rise sharply in coming quarters to reflect the inclusion of op risk losses incurred through the current crisis, meaning this quarter’s savings may be an anomaly. 

Get in touch

Sign up to the Risk Quantum daily newsletter to receive the latest data insights.

Let us know your thoughts on our latest analysis. You can drop us a line at or send a tweet to @RiskQuantum.

Tell me more

Emergency Covid loans carry high mis-selling risk, banks fear

Banks race to adapt AML systems for the coronavirus age

Virus weakens banks’ defences against internal fraud

View all bank stories

Investors trade the drama out of the crisis

By Ben St. Clair | Feature | 13 May 2020

How LGIM, Axa IM, Manulife and other buy-siders tackled the toughest markets since 2008

Necessity is the mother of invention, says the old adage. And in recent months, asset managers and investors have been forced to reinvent their environment as well as their trading practices. In addition to the market fallout from coronavirus, their traders have faced a new and unexpected challenge: how to continue transacting away from their desks and – significantly – away from other traders.

Buy-side trading desks, which typically thrive on having traders share information and collaborate in close proximity, have been forced to change trading strategies and think differently about finding counterparties willing to trade at acceptable levels. In navigating some of the most volatile and illiquid markets since the financial crisis, sometimes the biggest challenge was simply to get a trade completed.

For this article, more than a dozen traders, market participants and industry experts spoke about how the buy side adapted to the “new normal” in currency, bond and equity markets.

“The circumstances will stick around in memory for a while, I think. Probably comparable to what the market saw after the 2008 financial crisis,” says Joost de Bakker, a trader at Netherlands and UK investment manager Cardano. “After a long period, we could return to the normal liquidity circumstances we were used to, but I think it will definitely take a [long] time.”

Equity traders, for example, began buying and selling in smaller blocks of stock and using execution algorithms to take advantage of trading opportunities quickly. In over-the-counter markets, such as rates and credit, some buy-side firms put fewer dealers in competition when asking for quotes and looked instead to their peers through alternative trading protocols.

Market participants agree that a smooth transition was contingent on constant communication with clients and portfolio managers to find the best product and trading strategy. Leaning on relationships with sell-side counterparties was also key.

Testing the bounds

Amidst the upheaval, the role of buy-side traders was cast into the spotlight. These traders serve within their firms in execution and advisory roles. Their skills are put to mandatory use in Europe, where regulators have made achieving best execution through trading an obligation, compelling managers to take into account various execution factors such as price, timing and size.

The regulation accepts that trading conditions and particular investment products will dictate the ideal method for trading and, in some cases, that ideal can depend on the specific needs of portfolio managers and those making the investment decisions. This is where the advisory function of a trader’s role comes into play, providing market colour to help managers understand liquidity conditions so that they can most effectively express investment views.

Ed Wicks, head of trading at Legal & General Investment Management, says these conversations were especially important in the less liquid fixed income and rates markets in March, where they worked “even more closely with portfolio managers”. Getting orders as quickly as possible to extend the potential window for execution made a difference, he says.

After a long period, we could return to the normal liquidity circumstances we were used to, but I think it will definitely take a [long] time

Joost de Bakker, Cardano

One way to gauge best execution is to compare a firm’s traded levels with a market mid-price, available on screens for some OTC products and for listed instruments. In March, deciphering this mid-price became increasingly challenging in some less liquid instruments. And waiting to trade at cost levels available mere months beforehand could have meant not being able to trade at all, says Michel Lansink, head of trading at Cardano.

“Part of adapting to these changing markets is also accepting higher transaction costs. If we were to stick to whatever we were used to, then we’d probably end up trading nothing,” he says.

Conversations with clients and portfolio managers became key. “If a PM is trying to express a view in an OTC bilateral instrument, we might say you can achieve the same in this listed or cleared instrument. That advisory aspect of the job increases in those markets in times like this,” says Wicks.

In some situations, Axa Investment Managers turned to trading the underlying asset instead of its options, or index futures instead of the swaps alternatives, according to Daniel Leon, global head of trading, security financing and derivatives at the firm.

“We went into the biggest pool of liquidity and, as expected, the simplest products had the better liquidity,” he says.

Part of adapting to these changing markets is also accepting higher transaction costs

Michel Lansink, Cardano

Portfolio managers and clients understood the need to make quick decisions and adapted their processes to be more reactive, says Leon. “When prices can change by more than 10, 20 basis points in one move, you need to be able to react very quickly.”

For example, the desks needed to be ready to take advantage of trading opportunities as they arose, says Vincenzo Barbagallo, head of trading at Generali Insurance Asset Management.

“It is crucial for us to understand whether our clients are flexible in terms of pricing and/or timing. That makes the difference, if you also consider that the ability to source liquidity in the market was very poor,” says Barbagallo.

Others echo this sentiment, highlighting the importance of knowing how “desperate” a manager is to complete a trade and how much they’re prepared to pay.

“There's always a price at which you can trade. You'd rather have those conversations than trade significantly away from a portfolio manager’s expectation,” says David Scilly, head of fixed income and currency dealing at First State Investments.

Still, conditions may have meant that transaction costs were too high to trade at certain points. Cardano’s de Bakker said the firm refrained from trading at times, notably in less liquid products such as interest rate swaptions.

OTC: other trading constraints?

The fact that market conditions changed some of their execution decisions and traders were not “hunting around for an extra basis point” does not make it more challenging to demonstrate best execution, says Jan Mark van Mill, head of treasury and trading at Netherlands-based APG Asset Management. Since “best execution is the whole process around executing a trade”, decisions must weigh a variety of aspects, including price, speed and operational risk.

In OTC markets, for example, normal market conditions would see a buy-side desk ask a handful of banks for quotes on rates or credit derivatives products. But in March, some firms found that it was better to put fewer dealers in competition – or go directly to just one. Doing so successfully relied on pre-trade liquidity analytics and understanding which counterparty was available to trade which products.

“We're not going to be going to as many counterparties in this market. Absolutely, we would be trading in a non-comp fashion. We would be calibrating the sizes that we're requesting,” says Wicks.

The buy side can view axes – or indications of a counterparty’s willingness to buy or sell certain products – on various platforms. Axes provide opportunities to trade with natural counterparties – those already looking to buy or sell.

You really need to know which dealer can source liquidity and then work with that dealer in order to get the specific trade and size done

Joost de Bakker, Cardano

In bond markets, this can mean a dealer already holds the bonds an investor wants. Instead of having to buy the credit themselves before delivering it to an investor – incurring transaction costs and possibly charging the investor more – the dealer can deliver the bonds directly, possibly at a better price.

“You need to know who is axed to trade, who's providing liquidity and which tool is more liquid,” says Leon.

He says Axa has been making use of dealer axes for years, which it has electronically fed into its internal systems. Being able to pinpoint trade opportunities was key to its ability to trade in March’s volatile markets, he notes.

Adding to the complexity was the fragmented and concentrated nature of liquidity in interest rate products, says de Bakker at Cardano. “You really need to know which dealer can source liquidity and then work with that dealer in order to get the specific trade and size done. It requires a different execution style.”

De Bakker says one way they got a sense of dealer liquidity was to speak with the bank sales traders. If they said there was poor liquidity in the market, chances are they were having trouble transacting and other dealers may be a better bet for that particular product.

“There was a very big difference across banks in terms of what they could offer. Some of them were completely out of business and others were the perfect partners to trade,” says Cardano’s Lansink.

The process accentuated the buy side’s reliance on dealer balance sheets to trade in certain asset classes and products, especially in markets without two-way flow. Some buy-side traders say banks’ increasingly more cautious stance only added to the trading challenges.

Without a natural interest from dealers or competitive pricing, the desk had to decide, consistent with its client’s needs, whether to postpone execution or trade away from expected prices, says Generali’s Barbagallo.

Algo my way

Markets that have long been electronic, like cash equities and spot foreign exchange, offered low-touch opportunities in March.

Wicks says at LGIM, the team adjusted some of the algorithms’ settings, like timing and price limits, but the firm did not stop using equity algorithms to execute in March.

“I'm not sure how effective more of a high-touch channel would be in equities. We actually had a very positive experience with our algorithms in March,” he says.

On the sell side, Jefferies was especially busy on its algorithmic desk with clients looking for the speed that algorithms offer, says Ben Springett, head of electronic and program trading at the firm.

The buy side also relied on execution algorithms to trade in FX markets, to the pleasant surprise of some traders.



“Traditionally, algos have always been linked to silent and predictable markets. But they’ve actually become smarter and grown into a suitable partner in these choppy markets as well. They’re not the exclusive domain of quiet markets anymore,” says Cardano’s Lansink.

Jason Fromer, head of US FICC trading at Manulife Investment Management, shares a similar view: “With the fractured nature of liquidity, we have found that algo trading has been a great way to execute trades without market impact. We have increased our algo volume dramatically,” he says.

As equity volatility rose (see figure 1, above) some trading behaviour did change, though. Equity trading in Europe at the market close, usually the most concentrated point of liquidity during the day, saw its share of daily volume decline in March. Between March 9 and March 16, 13.2% of daily European equity volumes traded at the close, down from January’s daily average of 18.8%, according to data from Jefferies. The proportion of European trading at the close rose in subsequent weeks.

Similar scenes were evident for US traders. “We’ve taken extra measures to advise clients on execution strategy with the abnormal widening of spreads, particularly on the market open and close, that are a result of the increased volatility,” says Matt Krebs, director of outsourced trading at Dallas-based Capital Institutional Services.

Trading throughout the day gave desks more time to complete trades and find pockets of liquidity, instead of risking that an order goes unfilled at the closing auction. Still, stocks available to trade were often only accessible in smaller blocks than traders are used to.

Jeff LeVeen, head of outsourced trading at Jones Trading, says the “increased volatility definitely led to smaller order sizes given the lack of conviction”. He called it the “the biggest adjustment” for traders to make in March.

In Europe, Jefferies data shows that the average displayed trade sizes for two weekly periods in mid-to-late March were roughly a third of what they were at the start of the year: $62,000 down from a $171,000 average in January.


Even if the raucous trading floors of the Liar’s Poker generation have long been replaced by the quieter buzz of computers, today’s buy- and sell-side trading desks depend on close communication – and traders working in the same room.

Now, the coronavirus pandemic has forced firms to move some traders home and others to auxiliary sites. The few left in the office are appropriately distanced.

While some firms have had a taste of what it’s like for traders to work away from the office during the recent protest disruptions in Hong Kong, the global nature of the current crisis, combined with the surge in market volatility, offered a crash course in remote working. But buy-side firms say the transition has been relatively seamless.

“I've been at the firm five years, and I've never authorised anyone to trade from home on a regular basis. This is quite a new – quite a big step – for us to take and it's actually gone quite well,” says Legal & General Investment Management's Ed Wicks. The firm sent 36-inch monitors to its London traders’ homes for them to connect to company-issued laptops.

Others observed similarly smooth transitions. Netherlands-based APG Asset Management started to transition to mobile working at the end of February, ensuring traders had screens, keyboards and key office equipment at home to simulate the office dealing room. Now three quarters of traders are working from home, while the others are socially distancing in the office. Treasury and trading head Jan Mark van Mill says traders have adapted well.

Still, normal process remains disrupted and video calls and instant messaging conversations can only offer some consolation.

“We have the internal policy of executing transactions with two traders in order to reduce operational risk. We needed to be inventive in order to get that arranged, so it's definitely a lot more interaction via phone, chat, and screen sharing now. We needed to definitely take some time to get fully used to that,” says Cardano's Joost de Bakker.

High and dry

Even as some markets saw record volumes, traders complained of poor liquidity conditions – or the ability to trade in the desired product, size and perceived-as-fair price point.

Bank of America Securities’ liquidity risk indicator, which measures funding stress in the global financial system by looking at spread-based relationships in rates, credit and currencies, shows markets experienced the highest levels of stress since the financial crisis. May levels remained elevated.    

Bid-offer spreads are another way to gauge volatility and the cost of trading. According to various measures, investors in March faced some of the highest spreads in years (see chart below).



At their peak, spreads for US high-grade credit were 12 times wider during the volatility than their daily January average and exceeded those of riskier high-yield bonds, MarketAxess data shows. At the end of April, investment-grade spreads remained more than twice as high as their January average. Spreads on high-yield bonds were roughly one and a half times higher than their January average.

Equity trading experienced similarly high transaction costs. The median bid-ask spread for stocks comprising the S&P 500 jumped from an average of just over 4 basis points in January to roughly 23bp at their peak on March 23, according to daily figures from Goldman Sachs Investment Research. The median spreads on stocks in European indexes show similar jumps.

One reason for high spreads may be the inability to trade in large sizes, says Ben Springett, head of electronic and program trading at Jefferies.

“The cost of trading is still double what it was in January – even though market volumes have returned and spreads have come down and intraday volatility has come down – because we haven't seen the display size yet come back up to anywhere like what it was in January or February,” he said in early April.

Banking regulator: beef up security in Covid-19 remote working era

By Josephine Gallagher | News | 7 April 2020
Superfast broadband will provide more benefits to the UK than airport or railway improvements, says the IET. Getty Images

OCC security controller warns cybercriminals exploiting wider attack surface created by remote working

Financial services firms are being urged to bolster their security infrastructure and practices, as cyber criminals seek to exploit vulnerabilities in remote working setups. Experts fear that as millions of financial services employees around the world are conducting business from home, cyber attackers are looking to target weak points in firms’ IT stacks, third-party devices and networks.

Kevin Greenfield, deputy controller of operational risk at the US Office of the Comptroller of the Currency, warned this week that many of the breaches at banks during the coronavirus pandemic have stemmed from the failure to properly configure the security controls of out-of-the-box vendor solutions. 

He urged bank workers to remember the basics, and turn on password controls, change default user IDs and implement multi-factor authentication.

“The bad guys know the popular vendor systems and how they are set up, and will seek to exploit institutions’ mistakes and oversights when setting these products up,” Greenfield said during a keynote address at the OpRisk Virtual Week conference. 

The past two months have seen a surge in the use of video collaboration tools, the extended use of virtual private networks and the adaptation of technologies to remotely support entire teams. Although many of these technologies have robust security features, the way in which they are deployed and used plays a significant part in their end-to-end security, said Adrian Scrase, CTO at the European Telecommunications Standards Institute.

For example, “unless password protection is the default setting, you could enable people to have communication paths that are not password-protected, and that’s just bad behavior by the end-user”, Scrase said.

Security officers at financial institutions are concerned employees might become complacent while working from home and outside of their normal office safeguards. Teams within an organisation may have varying levels of technical knowledge, and some may require more training than others on their remote technology setups.

Global cyber security organisations – such as the UK National Cyber Security Center (NCSC) – have issued guidelines on how enterprises can securely connect their global corporate networks to the internet or partnering networks. A firm’s network typically spans many jurisdictions, devices, cloud servers and on-premises data centres, but in the Covid-19 era, that network is further stretched, as more people are working from different devices, remotely set up, and located in various parts of the world.

Instead of having a network operate between one main office site and another, it is now extended to work between multiple home locations, creating a broader area of exposure for cybercriminals to exploit.

These organisations encourage firms to think about physical connections, such as router security, but also where their data is stored and processed. The NCSC guidelines advised network management, focusing on areas such as “access to ports, protocols, and applications by filtering and inspecting all traffic at the network perimeter to ensure that only traffic which is required to support the business is being exchanged”.

“Thousands of new remote connections open vulnerabilities in privilege management, and security teams are seeing thousands of new and unusual security events in new and unusual times, each of which must be investigated and acted on,” said Steve Hunt, senior analyst at Aite Group, speaking on a ‘Navigating the Covid-19 Crisis’ webinar in April.

“Cyber security is not merely a flavour of IT. It’s a reflection of culture, leadership, strategy, and engaging the workforce. It is a continual improvement at pace with the improvement of the company as a whole. Because it’s not our job to secure the network, it’s our job to secure the business and help it to thrive amid risk,” Hunt said.

Big banks worry small lenders could derail Libor switch

By James Ryder | News | 8 May 2020

As UK regulator reiterates 2021 warning, dealers say Covid-19 is forcing smaller lenders to divert resources

Smaller banks are being forced to put their Libor transition preparations on hold amid a coronavirus-induced resource crunch, larger dealers are warning – throwing into jeopardy regulators’ plans to have the whole market migrate to new risk-free reference rates from the end of next year.

While larger banks have dedicated transition teams, smaller firms are being forced to divert resources during ongoing market panics and a massive uptick in emergency lending – meaning they face a challenging time completing important transition work on schedule, said Jason Granet, head of Libor transition at Goldman Sachs. 

“In this environment, [attention paid] to Libor shrinks to zero,” Granet said of smaller firms, during a panel discussion on Libor transition on May 6.

The comments join a growing chorus of concerns that the industry’s mission to migrate away from legacy reference rates risks being derailed by the coronavirus crisis. In a May 7 statement on regulatory priorities in light of Covid-19, the UK’s Prudential Regulation Authority announced its intention to “resume full supervisory engagement” on Libor transition efforts from June 1, including requiring firms to take part in mandatory data reporting at the end of this quarter.

From the end of 2021, UK regulators will not compel banks to support Libor rates, calling into question whether the rate will survive beyond that point. Several market participants have called for a formal extension to the transition timeline this implies – but watchdogs have appeared to nix such hopes, offering only a six-month relief period for new Libor-linked lending.

Regular pronouncements such as these are likely adding to the distress of smaller firms, Granet argued, noting the UK Financial Conduct Authority’s strong focus on treating transition as a conduct issue for firms.

He described a recent visit to one small bank, during which staff opened a cupboard to show him a large paper stack of legacy Libor contracts – all of which were yet to be scanned and processed. Those kinds of manual processes were cumbersome and costly for a smaller firm, he added. 

Speaking during the same panel discussion, Christian Rasmussen, UBS’s Americas’ head of treasury asset and liability management, argued any lack of preparation among financial firms – whatever their size – was surprising, given the long gestation of the transition and the frequency of statements from regulators on the topic. He suggested that unpreparedness could be a sign of “behavioural issues” in the market.

“The end of 2021 is not that far away. I understand smaller institutions don’t have dedicated resources for stuff like this, but we’re a year out – the fact that firms are not able to manage something like this as a one-off is surprising to me. I think it does speak to the overall apathy of the market,” said Rasmussen.

But financial firms with limited resources were entering survival mode, Granet argued: faced with the daily pressures heaped on them by the coronavirus, long-term issues, such as preparing for Libor transition, became markedly less urgent.

That risks derailing a 2021 transition, he argued: larger firms’ preparedness would mean little if many of their counterparties weren’t ready to switch. The longer the pandemic went on, he said, the less time small firms would have to dedicate to a growing pile of Libor-related work. 

“I have long said that this is a lowest-common-denominator issue. If my organisation is ready but my counterparties are not, it kind of doesn’t matter if I’m ready. It’s going to require the village to drag everyone along, or there’s going to be a lot of frown emojis that are circulated on this topic for many months,” said Granet.

Editing by Tom Osborn

Op risk data: IBK snagged in money-laundering ops to Iran

By ORX News | Opinion | 8 May 2020

Also: foul play called on Hapoalim’s football bribery scheme. Data by ORX News

In April’s largest loss, Industrial Bank of Korea (IBK) paid a total of $86 million for failures in its anti-money laundering programmes, which allowed the illegal transfer of over $1bn to Iran through its New York branch.

Investigations by the New York Attorney General’s Office (NYAG) and the New York State Department of Financial Services (NYDFS) found severe deficiencies in IBKNY’s AML controls. From at least 2006 to January 2013, IBKNY’s process for reviewing transactions was manual; it had only one full-time compliance employee and declined to provide the officer with any support staff or assistance. As a result, IBKNY fell months behind in its review of transactions and was unable to identify and report illegal transactions in a timely manner.

Kenneth Zong and companies he owned and controlled were able to exploit these deficiencies. Between January and July 2011, in accounts held at IBK and another, unnamed bank, Zong and his co-conspirators were able to transfer US dollars to Iranian-controlled entities. Using won-denominated Korean-based IBK accounts, held by the Central Bank of Iran, they converted the Iranian entities’ Korean won payments into US dollars in violation of US sanctions laws.

IBK admitted to the NYAG’s allegations and entered into a deferred prosecution agreement to forfeit $51 million. The NYDFS also entered into a consent order with IBK and IBKNY, under which the bank would pay fines totalling $35m for violations of New York’s Banking Secrecy Act and its AML laws.


In April’s second-largest loss, Wells Fargo paid $33.5 million to settle claims it failed to offer loan restructuring to homeowners eligible for relief. This loss comprises $15 million that Wells Fargo had already paid in remediation and $18.5 million to settle a class action.

According to the class action, filed in December 2018, a calculation error in Wells Fargo’s software, from 2010 to 2018, overstated the amount of attorneys' fees used when calculating borrowers’ eligibility for a trial loan modification. Some homeowners, who should have qualified for trial modifications, were deemed unqualified and the lender wrongfully denied modifications to 870 customers, 500 of whom subsequently lost their homes to foreclosure.

The bank discovered the error in 2013 and partially resolved it in 2015, but the class action claimed that Wells Fargo breached its contract duties by not fully fixing the software error until 2018. That year, it publicly disclosed the error and sent affected customers apology letters and remediation payments of between $5,000 and $15,000.

It also allegedly breached contract by not offering class members a loan modification before foreclosures, as required by the Department of Housing and Urban Development (HUD) regulations. Wells Fargo acknowledged that it erroneously denied trial loan modifications, but argued that it had only had to notify customers that they could avoid foreclosure by paying the amounts in arrears.

April’s third largest loss was at Bank Hapoalim, which was fined $30.1 million for its involvement in an international football bribery scheme.

The US Department of Justice investigation found that, between December 2010 and February 2015, Bank Hapoalim employees knew that accounts at its Miami branch and at Bank Hapoalim Switzerland were being used to pay bribes to South American football officials. The bribery scheme involved several top executives of Conmebol, the South American football association. In exchange for bribes, the Argentinian sports marketing business FullPlay was given exclusive broadcasting rights to Conmebol’s Copa América tournaments for 2015, 2019, and 2023.

The DoJ also found that compliance officers at the Swiss subsidiary had flagged the payments as suspicious, but concerns were ignored and conspirators at the bank continued to process payments. In addition, the DoJ found that these conspirators had sought to hide the origin and ownership of $20.7 million in bribes and kickbacks.

As a result of the bank’s complicity in the scheme, the DoJ ordered Bank Hapoalim to forfeit $20.7 million and pay a penalty of $9,3 million.

Bank Hapoalim was also fined a total of $874.3 million to be paid to the US Treasury, the US Federal Reserve and the NYDFS for facilitating US tax evasion. The investigations concluded that, between 2002 and 2014, the bank helped US taxpayers with accounts at its American branches to hide assets in its Swiss subsidiaries. Because this total was first provisioned by the bank and reported by ORX News in March 2015, this loss event does not count as an April 2020 loss event in the ORX News database.

The fourth largest loss of April involved retirement investment adviser FS Financial Strategies Services, which was ordered to repay C$32.8 million ($23.1 million) to hundreds of clients for making misrepresentations about its financial position to investors, illegally selling securities, and unregistered trading.

The British Columbia Securities Commission found that between November 2012 and January 2017, FSFSS and six other companies in the FS Group illegally raised over C$47 million from 389 investors. While FSFSS’s primary business is insurance, it sold securities in the form of subscription agreements for units of 3i Capital, a company of which FSFSS was the general manager. The FS group misrepresented its companies’ financial situation and was unable to generate the returns promised. It also sold securities without filing a prospectus, in some cases through subsidiaries not registered to do so, in violation of the Securities Acts.

The group’s founders were fined C$2 million each and barred from British Columbia’s investment markets. The former general manager of the group was fined C$75,000 and barred from British Columbia’s investment markets for 10 years.

April’s fifth largest loss occurred at Guaranteed Rate, a US mortgage lender, which participates in several US government-backed schemes to protect key lenders. The DoJ fined the lender $15.1 million to settle allegations that it knowingly violated material programme requirements when originating or underwriting mortgages insured by HUD’s Federal Housing Administration or guaranteed by the Department of Veterans’ Affairs.

A lawsuit was filed in a New York federal court in 2017 by a former employee, who alleged the lender pushed its underwriters into endorsing ineligible loans and making false statements to induce the government to extend insurance coverage. Federal investigations discovered that its FHA underwriters received commissions and gifts and were instructed not to review documents relevant to the underwriting decision. Furthermore, the lender certified certain loans which the government subsequently insured and guaranteed despite their being ineligible, some as far back as January 2008.

Guaranteed Rate did, however, take significant measures to prevent malpractice and strengthened its internal controls. The DoJ took these remedial actions into account when calculating the fine.


Spotlight: Skandia’s wrists slapped for capital reporting mishap

In April, the Swedish financial regulator Finansinspektionen fined pensions and insurance provider Skandia Liv Skr35 million ($3.5 million) for miscalculating its capital requirements, which led to incorrect assessment of customer protection and company solvency.

The watchdog’s probe focused on the period between the final quarter of 2016 and the third quarter of 2019. It found that Skandia Liv had used an inaccurate assumption of lapse risk. In effect it had not correctly and realistically calculated its commitments and requisite capital set-asides, impeding the fair assessment of protection for customers and, ultimately, the company’s solvency. Furthermore, the documentation for the calculation of commitments demonstrated deficiencies that further impeded the assessment.

FI considered Skandia Liv’s failure over an extended period to be serious but took into account the measures the company had taken to rectify the deficiencies. Skanda Liv received a warning in addition to an administrative, rather than a punitive fine.

In focus: Firms prepare to assess coronavirus lessons

As a precursor to any formal assessment of lessons to be learned from the coronavirus pandemic, firms are starting to address what data should be collected from across their businesses to assist them in this effort.

Data collected now will allow companies to record and understand the processes and services that must be included in future business continuity plans (BCPs) or scenario programmes – while risks and challenges are still fresh in the minds of staff.

Financial institutions are focusing on capturing information from risk officers across their different business units and engaging legal, compliance and risk functions in this process. This information is sorted into different themes, such as monitoring policy exceptions when making urgent changes to working practices, identifying incidents, highlighting new or elevated risks, and monitoring regulatory compliance, among others.

Some banks are using the data collected to review BCPs. For example, many plans focused on moving services from one site to a less affected location. Because the pandemic has affected all premises, however, these plans have had to be adapted. Companies have discovered that certain BCPs were unrealistic in failing to anticipate the global scale of the coronavirus pandemic.

Some firms have created dashboards, enabling risk officers to report issues in order to keep track in real time of the changes and challenges facing different business units.

In general, banks continue to manage risks associated with modified operating models, notably that most or all staff are working from home. They are also looking ahead to potential future risks as the crisis continues and are preparing for the shift in demands of a return to work.

Regulatory interaction has focused on firms’ responses to the new and increased risks associated with the pandemic, such as cyber risk, conduct risk and the controls surrounding employees working from home.

Editing by Louise Marshall

All information included in this report and held in ORX News comes from public sources only. It does not include any information from other services run by ORX, and we have not confirmed any of the information shown with any member of ORX.

While ORX endeavours to provide accurate, complete and up-to-date information, ORX makes no representation as to the accuracy, reliability or completeness of this information.

Banks race to adapt AML systems for the coronavirus age

By Steve Marlin | News | 6 May 2020

Lenders expect regulatory lashing if controls fail to keep pace with changes in criminal behaviour

Patterns of fraudulent activity have changed markedly during the global coronavirus lockdown, but banks don’t expect much sympathy from regulators if their detection systems are found wanting as a result.

“They do recognise that there are challenges, but I would struggle to think of an argument that I could use to the Financial Conduct Authority (FCA) that I wasn’t able to validate my new risk assessment model just because of Covid-19,” says Richard Snookes, chief compliance officer at Sberbank CIB.

Banks have already found that fraud detection systems that use machine learning techniques to spot suspicious behaviour needed to be recalibrated to be useful in the present climate, with large parts of the economy juddering to a halt.

Fraud experts say that is doubly the case with anti-money laundering (AML) controls: with far less cash being spent in businesses such as restaurants and street markets, which are often targets for money launderers, criminals are changing their behaviour and coming up with new ways to dispose of their ill-gotten gains, which bank systems may not be set up to catch as readily.

The decline in footfall in traditional stores has also led to an increase in online spending, which creates more opportunities for fraud, says Andrew Fleming, a senior financial crime risk specialist at HSBC.

“We’re going to be challenged with identifying where criminal money is coming in,” says Fleming.

Many watchdogs, including the FCA, have encouraged the use of machine learning-based tools to combat money laundering. These systems can detect patterns of fraud that would be difficult to spot manually. At the same time, systems that depend on learned patterns of behaviour may struggle to make sense of new realities. 

The FCA has also made clear it will fine banks if vendor systems are not appropriately tuned to the size and complexity of the business. Notwithstanding the efficiency gains from leveraging new technology, banks have to be prepared to prove to regulators that the systems have been adequately tested and conform to accepted risk practices.

“There’s no shortage of final notices that mention when the FCA was disappointed that although firms had spent millions on systems, they were just using the factory settings,” says Snookes.

I would struggle to think of an argument that I could use to the Financial Conduct Authority that I wasn’t able to validate my new risk assessment model just because of Covid-19

Richard Snookes, Sberbank CIB

After HSBC installed a new ML-based system, it saw a higher number of suspicious activity reports than the old system, says Fleming. However, during subsequent supervisory reviews, the bank’s regulators in Hong Kong were still keen to make sure the lender was thinking about where its new software might develop blind spots, he adds.

“They’re very keen that we implement new technologies, but they also want to make sure we don’t miss any suspicious activity reports. You’ve got to be able to show you’re still picking up the old risks in the new system, because if you miss them, then you have a risk that you’re not identifying,” he says.

The FCA has previously noted that vendor-supplied surveillance systems could fall short of Market Abuse Regulation requirements that surveillance procedures be calibrated to the scale of each firm’s business.

An FCA spokesperson declined to comment on whether the watchdog had adapted any of its supervisory policies on AML controls to account for the impact of the Covid-19 induced global lockdown.

The European Banking Authority, in a March 31 policy statement, called on banks to maintain effective money laundering controls during the crisis, and to remain vigilant against elevated risks of illicit funds transactions emanating from cash-intensive retail businesses and companies involved in international trade. It also called on regulators to make clear to financial institutions “that financial crime remains unacceptable, even in times of crisis such as the Covid-19 outbreak”.

Several large fines for AML violations have been issued since the lockdown began: in March, Swedbank was hit with a Skr4 billion ($407 million) fine over AML control failures, while in April, US regulators fined Industrial Bank of Korea a combined $86 million in penalties and disgorgement for violating AML laws, which allowed more than $1 billion to be sent illegally to Iran through its branch in New York.

Emergency Covid loans carry high mis-selling risk, banks fear

By Steve Marlin | News | 28 April 2020

Rapid roll-out of government schemes raises legal fears over inequitable client treatment

The emergency loans and relief packages being rolled out to firms and individuals affected by the coronavirus lockdown could come with a heavy price for banks: the risk of fines and lawsuits if they offer them to customers inequitably.

During ordinary times, banks are required to rigorously assess whether new loan products meet client suitability criteria – chiefly, whether a customer actually needs the product, can afford it and that it is offered on a nondiscriminatory basis.

But the unprecedented urgency with which government stimulus and aid programmes are being rolled out means lenders haven’t had time to vet products with the same diligence, operational risk managers are warning.

“There is a risk that these processes are not as well documented, not as well communicated, not as well managed because they’re temporary in nature. The concern is these processes could drive inconsistent treatment to like customers,” said Al Silipigni, head of conduct risk at Wells Fargo, during a webinar on conduct risk, which was broadcast on April 22. Silipigni was speaking in a personal capacity.

In the US, legal action by clients has already begun. The Paycheck Protection Program, designed to provide financial assistance to small businesses, has resulted in a class action lawsuit in California against four large banks: JP Morgan, Wells Fargo, Bank of America and US Bank.

The suit alleges the banks employed deceptive lending practices that favoured large clients, rather than the small business owners the programme was supposed to help by providing forgiveness of loan proceeds for up to two-and-a-half times an owner’s monthly payroll.

Op risk professionals report conduct-related losses have not so far shown a marked increase because of Covid-19 in the first quarter of 2020, but bankers anticipate these numbers will rise during the second and third quarters, largely through a combination of mis-selling, increased risk of fraud and potentially insider trading.

I am concerned that Covid will be [seen as] the de facto cause for all negative trends

Al Silipigni, Wells Fargo

The speed with which banks are introducing products under the US government’s stimulus programme increases the risk of conduct-related losses. And, as with any operational changes made in a hurry, banks fear that shortcomings in existing processes – glitches with know-your-customer software, for instance, or credit-checking models – could be exposed.

“I am concerned that Covid will be [seen as] the de facto cause for all negative trends. It’s important that we pull out what’s Covid-driven, and what is [caused by problems with] the underlying business model or process. It might be just that Covid highlights an issue, but the underlying issue is not Covid itself,” said Silipigni.

To be sure, bank systems should be capable of discriminating between inadvertent wrongdoing, such as mislaying client documentation, and deliberate, sophisticated cases where bankers had set out to mislead clients, said Tanya Weisleder, global head of conduct risk at Credit Suisse, during the same webinar.

Credit Suisse has a system in production that evaluates employee breaches – from low-severity policy violations all the way up to egregious behaviour that ends in termination of employees. This year, the bank has been focusing on enforcing positive behaviours by encouraging individuals to report incidents without fear of repercussion.

“When someone makes a mistake and inadvertently sends out confidential information, they can escalate that without fear. We have implemented programmes to acknowledge positive escalation of matters, while educating them – to say: ‘You were correct in raising that situation, but it is a breach of policy.’ So, finding that balance is what we’re working on,” she said.

Even with Covid-19 loan products, due process shouldn’t go out the window, said Silipigni. Banks needed to “have a huge focus on making sure that customer need is embedded in the product and also understanding all the ancillary costs to products”, he added.

“We need to simplify processes, procedures and products when it comes down to product construct. A lot of products are so complicated that they’re hard to execute for line individuals.”

Conduct-related losses can have a long tail, with losses accruing for years after the initial breach. In the case of the payment protection insurance scandal, UK banks have paid £38 billion ($47.4 billion) to redress 32 million complaints since 2011, according to a report issued last week by the Financial Conduct Authority.

Editing by Tom Osborn