Risky bets are a part of the deal in investment banking, but taking a punt that ends up costing your institution $5.5bn dollars is less a gamble gone wrong and more a fork in the road to ask deep questions about your governance and risk management. Credit Suisse, having suffered the largest loss on Wall Street from the collapse of US-based family office Archegos Capital, is at the epicentre of this soul searching. But lessons from the breakdown should trigger introspection across the wider investment banking sector.
The plot of the saga, in a nutshell, is this: Credit Suisse acted as prime broker to the now collapsed Archegos, lending it large sums to finance the purchase of positions in various quoted companies. Archegos was betting the market price of these investments would rise. When the share price of some of these very large investments fell, Archegos had to exit many of its positions urgently, a discounted fire sale. This left Archegos unable to repay its loans to investment banks, including Nomura Holdings, Goldman Sachs and Morgan Stanley. However it is Credit Suisse that has been left holding the most titanic loss.
How did it happen?
How did the banks, and in particular Credit Suisse, let this happen? One view, from Jonathan Hayward, partner at Independent Audit, is that the “greed-driven culture” in broking is at the extreme end of what makes investment banking risky and hard to control.
“This makes accidents more likely, it's not necessarily an excuse, and it’s a reason for having much closer monitoring, but it is relevant,” he says. Perhaps the biggest risk management anomaly in this particular case is that Archegos was a fund run by, and managing the personal fortune of, a convicted insider trader, Bill Hwang.
That other banks also unwisely chose to do business with Mr Hwang, and were also hit by losses in the Archegos collapse, suggests some kind of financial suffering was inevitable. Even so, Credit Suisse’s $5.5bn hole looks egregious.
“Why was Credit Suisse doing business with a convicted criminal?” asks Chris Burt, director at the Risk Coalition Research Company, quickly followed by ‘why didn’t Credit Suisse hold sufficient high quality collateral to mitigate the potential exposure?’ Burt’s view is that, assuming the Credit Suisse risk governance systems and processes were working as designed – in so much as there was no fraud – the fact the bank was lending very large sums of unsecured, or insufficiently secured, money to a convicted criminal to fund his market speculation, “would have been known and tolerated at senior levels, and given the sums involved, one would assume it was known and tolerated at the very highest levels”.
The upshot of his analysis is very senior people decided Credit Suisse could make a large profit from funding Archegos’ activities – and so the risk was worthwhile. “It also suggests the board hadn’t put adequate policies in place governing risk-taking, collateral requirements, and desirable versus undesirable clients,” he says, “or if they had, they weren’t enforced”.
Departures
Brian Chin, chief executive of Credit Suisse’s investment bank, and Lara Warner, chief risk and compliance officer, have both stepped down as a result of the fiasco.
If, however, it was a revenue-chasing business decision from the top to take on, and keep taking, the Archegos deal, come hell or high water, should the CRO have been made to go? Christian Hunt, founder of Human Risk and a former chief operating officer of the Prudential Regulation Authority, thinks so.
“The risk function is there to oversee and control the risks the firm is taking, to prevent the kinds of losses we saw incurred. Large exposures like Archegos will require CRO sign-off. Either the risks weren't identified or monitored properly, which would be a failure of the risk function, or they were and the CRO signed off on them anyway.”
As Hunt points out, the framework of the risk function should preclude the post holder from falling foul of CEO demands, at Credit Suisse, or any other bank. While the ‘front office’ is incentivised to take risks (and asking them to manage that alone could easily create a conflict of interest), the oversight and control from the risk function is designed to be independent.
Risk role
From this outside vantage point the CRO role is also supposed to take a firm-wide view. “Individual transactions or exposures may fall within what seems reasonable. But an aggregate result may pose excessive risk to the firm as a whole, so that must be managed,” says Hunt.
To do this, the risk function needs to look at the wood as well as the individual trees, hence why risk management is a specialist discipline that requires technical expertise, and a dedicated function.
Applying this rationale to Credit Suisse and its CRO Lara Warner is where things become unstuck in ways at once particular to the investment bank and emblematic of how things are at times allowed to operate in the financial sector generally, and investment banking specifically (see 2008 global financial crisis).
“The CRO doesn't appear to have had any meaningful risk management experience ahead of being appointed CRO, and in addition to her CRO responsibilities she was also made head of compliance, another key area she had no prior experience in,” Hunt points out. Likewise, Brian Chin, the now-removed CEO of Credit Suisse’s investment bank, had recently been given an expanded remit.
“This is suggestive of senior individuals being given far too much responsibility which, regardless of expertise, isn't a good thing,” says Hunt, “so you could argue, particularly in the CRO's case, the range of responsibilities being handed out, made mistakes more likely”.
Greensill lending
A suitable Exhibit A in this argument may be Credit Suisse’s finger burning in the Greensill affair a month prior to Archegos’s collapse. According to Financial Times, London-based risk managers at the Swiss bank had rejected a $160m loan to the now also disgraced and defunct Greensill Capital, before CRO Lara Warner overruled them and signed off on the loan.
“There is some finger pointing going on,” one person told the FT. “All the risk teams are telling the probe that they said no, but it was escalated and overruled.” Another person said the loan was “hugely controversial” and “imposed from above.”
Assuming something similar happened on Archegos – and in any case, you could argue Greensill was bad enough on its own – “then it does appear as though the Credit Suisse CRO does bear personal responsibility”, says Hunt.
In Warner’s defence, Burt argues sacking the CRO reinforces first line management’s lack of accountability for its own decisions. His Risk Coalition has written guidance, Raising the Bar, highlighting the dangers of the CRO becoming part of the management decision making process. It states: “Where the chief risk officer or members of the risk function are expected to make, approve or authorise first line management decisions as part of their role, the implications on the effectiveness of second line oversight and challenge should be assessed and shared with the board risk committee for its consideration and approval.” In other words, says Burt, the CRO really shouldn’t approve management decisions as part of a sign off process: “They should challenge management to make sure all the relevant risks have been identified, considered and mitigated as appropriate – management remains accountable for their own decisions.”
Lessons to be learned
What can other banks learn from Credit Suisse’s two-time failure to prevent large lending losses? Firstly, says Hunt, respect the basis of risk management outlined earlier. Credit Suisse’s CRO, if she did override her own teams, may have been under management pressure to do so, “but that is why you need people that understand the subject and with the ability to control the business and say 'no', with real independence and an ability to stand firm”, he says.
Accountability regimes like the SMCR in the UK and BEAR in Australia, are making senior executives more accountable. Hunt expects that will mean more senior execs having to take responsibility when things go wrong in their areas, and a focusing of corporate minds on what responsibilities people are being given, “and whether or not they have the requisite expertise to be able to do the role”.
From a lending exposure standpoint, John Cronin, banks analyst at investment broker Goodbody, points out the instruments used by Archegos were total return swaps, which carry lighter capital requirements for the banks that write them. This contributed to an uneven risk distribution on the balance sheets of all the investment banks Archegos made deals with, and ultimately aided its burning of them.
“It would seem some tightening of disclosure obligations in relation to family offices’ exposures is appropriate,” Cronin says. Tighter countercyclical margin requirements would help avoid such problems in the future. Even so, the buck returns to Credit Suisse’s risk management. “Credit Suisse had oversized and inadequately-managed exposures to the Archegos family office, which was a clear shortcoming from an internal risk management perspective,” says Cronin, adding this is likely to be “front and centre” of the new Chairman’s agenda.
Integrated risk management
Arguably the most important lesson of the Credit Suisse/ Archegos affair is not to see risk management and compliance as an expendable overhead. “It's expensive, but that's the cost of being in the game. What is far more expensive is not investing properly and having things go wrong,” says Hunt.
Cost-saving technology and cheaper locations are one thing; reducing investment in risk management and compliance at the expense of doing it well is another. “Banks looking to cut costs can see control functions as rich pickings, and that's a mistake,” Hunt says. But risk management can only be effective if the front office also takes responsibility, which requires the right culture and incentives.
“If the only metric by which the front office is measured is profit, they'll respond accordingly. My sense is that the prevalent culture at Credit Suisse encouraged poor decision-making. If you're putting pressure on risk to sign things off, then something is going wrong.”