When I meet India’s & International Top Prop Desk MD or CEO.Their main concern is Not about Returns.But its Risk Which occurs due to Technology.So we short listed some important points to highlight the Risk occurs due to High Tech Technology used in financial Markets.In our conclusion we provide solution to this problem.
It goes without saying that the reliance on technology in today’s financial markets is so great that technology risk is a massive issue for organizations& we all know the benefits that technology has brought to the industry have been very significant, shaping today’s globalized business of raising capital, trading and investment. Without doubt the capacity that technology has generated has led to the large growth in volumes and the introduction of new and sophisticated products. As we know, it has also transformed the way in which operations perform their tasks, giving a wide range of benefits from dematerialized settlement to added-value client services. However, this radical transformation of the industry has been accompanied by the introduction of technology risk. This risk is, perhaps not surprisingly, a significant element in operational risk but how and why does technology risk arise?
Technology risk can arise in many ways. Take, for instance, an organization that invests in new technology, either new to the business or new to the marketplace. The risk here is that the technology may be untried and subsequently proves difficult to work with, fails to meet requirements or is unreliable in operation.
Alternatively, a firm may create technology risk by under investing in technology so that the operational processes become increasingly affected by the inadequate and failing systems.
There is also the risk of technology-based projects taking longer to complete or being over-budget and, in some cases, there may be inadequate training of the teams supporting and using the technology. Elsewhere in the article we have commented on the dangers of projects being mismanaged and over-running and, of course, in extreme cases the projects may be shelved because the funding and/or time runs out – costly mistakes in monetary as well as competitive and risk terms.
Implementation itself can, of course, be a risk with everything from inadequate training to underestimation of converting data from the old to the new system and adequate controls to reconcile this process.
Risk issues due to Technology :
1) Errors in the development of software ( OMS,Risk Management System or Trading Software). The complex nature of the investment banking industry means that any support system would require complex algorithms or business rules to be developed. Unless there is comprehensive testing, there is a risk that the algorithms may be incorrectly programmed.
2) Errors in formulae or mathematical models.( Quant or Algo Strategies): The nature of some products like derivatives requires development of complex models for revaluation or margin purposes. New products are constantly being introduced and new models need developing or existing ones updated.
3) The quality and availability of systems support ( Colocation,Various venders) can be a major issue and cause severe problems in the operations environment.
4) Problems with static data input( Algo Variable Inputs) and maintenance affecting key processes like revaluations, expiry of products, corporate actions,etc.
5) Failure in Network / Hardware or communication channels.
6) Inadequate security over the system and its output.
Let us discuss in detail:::
1) Core Risk by Technology :: System risk
A core technology risk is system risk. The failure of a system to perform or to be reliable can have far-reaching implications for an organization. Recommendation 2 – 2000 of The International Securities Services Association Recommendations 2000 illustrates the importance of systems in allowing the efficient and risk-managed environment for securities clearing and settlement by considering technology risk from the point of view of core processing. In commenting on securities systems in the clearing house/custodian/Central Securities Depository fields it states:
ISSA 2000 Recommendation 2
Securities systems must allow the option of network access on an interactive basis. They should cope with peak capacity without any service degradation, and have sufficient standby capabilities to recover operations in a reasonably short period within each processing day.
The considerations in formulating this recommendation were the market infrastructure and the impact from the technology perspective.
Their findings were that market infrastructure will need to accommodate:
1) Increasing volumes of traffic and volatility in markets
2) Globalization of investment
3) Emergence of electronic communication networks (ECNs) as virtual exchanges
4) Demand for real-time settlement of stock and cash with a move to real time or rapid multiple batch intra-day settlement
5) Demand for flexible processes allowing delivery versus delivery of stock both internally and across depositiories
6) Longer hours of operation for trading and need to support 24-hour, 7-day week operations.
7) Circuit breaker execution on time.
8) Control on HFT speed.
This is a major issue for the industry as initiatives like STP rely on the ability of the key market organizations to put in place the above. From a technology perspective, this gives rise to:
• Utilities that serve multiple trading markets or platforms
• Systems that can accommodate surges in activity (in transaction processing and information transmission) without any degradation of service and response time
• Real-time process enabling interactive communication to facilitate intra-day traffic
• Linkage to the appropriate real-time cash settlement processes
• Adequate contingency and back-up, minimizing the risk of outages that could prevent the timely completion of settlements on the contracted date
Each of the above issues is significant to both the suppliers of the systems and the users. The risk of defaults and financial losses increases when settlement is delayed and clearing houses, CSDs and custodians cannot afford to have or interact with unreliable core systems.
As ISSA points out, this implies that the technology infrastructure must have:
• Open access to on- and off-exchange markets
• Scaleable systems covering the maximum forecast daily volumes
• Resilient and fault-tolerant processes
• Continuous processing capability with interactive user communication links
• Adequate stand-by allowing for recovery of operations, without any loss of data in a reasonably short period within the working day
Operations managers will be familiar with the problems created by system downtime. It is a source of concern to risk managers as well, not least because the dealing activity cannot realistically be suspended every time the operations systems are down, even though it is not possible during this time to verify totally the exposure of the business. When we talk about system risk we need to differentiate between the internal system risk and the external risk as described in the ISSA Recommendations, and yet both are very significant issues in different ways.
Internal system risk
This is a risk that to some extent at least is under the control of the firm. The system is either in-house or supplied and may be supported internally or externally or both. It is chosen to meet the business requirement of the firm and developed accordingly. The risk associated with it would be:
• Capability to meet current and future levels of business
• Ability to handle products
• Age of system and reliability
• Poor maintenance capability
• Understanding of the scope of the system by operations managers and teams
• Comparison to other systems
When considering the degree of system risk it has, a firm must pay particular attention to these risk situations and be satisfied that the business is not being compromised as a result. If any are evident then the operational risk level is going to be increased, if the impact of any is compromising the clearing and settlement processes then the risk level is likely to be, or will become, critical. As a result, systems will need to be reviewed then redeveloped or replaced.
External system risk
The principal problem with external risk is that the firm is not very often in control, i.e. they have to utilize the system or services in any case. It is this impact of systems in the counterparty that worries ISSA and led to their recommendations.
The failure of systems within counterparties, whether they be prolonged failures or just inadequate functionality has a profound impact on the performance of the operations team within the user.
For instance, the inability to provide timely and accurate data from a custodian has an impact on the client, likewise the inability of a CSD to receive and process correctly instructions. However, the problem is not just with the organizations within the clearing and settlement infrastructure, it also lies with the suppliers of systems to the banks, brokers and institutional clients.
Late delivery of system releases, errors in newly released functionality and failure to rectify errors with software in a timely fashion can all have a drastic affect on the operations team’s ability to carry out the function efficiently. This in turn increases the risk. Monitoring of the system and support performance is therefore essential and while service level agreements may give some comfort they do not remove or negate all the risk.
2) System security
With systems and technology at the heart of the industry and the businesses it is not surprising that system security is considered a major operational risk. Fraud, money laundering, manipulation of data, technology criminals, Strategies leakage, terrorism and ‘for fun’ hackers all present a very real danger to businesses. In many cases the business is vulnerable because of poor security over access and/or availability of data output from the system.
Operations managers have a responsibility to ensure that the data input and output to and from the systems is in a controlled environment. This may seem very simple but in reality can actually be very difficult as the need to be able to carry out the processing functions can create areas where there is a conflict of interest with risk control. For example, it is late in the day and a new product has been traded that needs to be set up on the system. The natural control to prevent fraud would be to have an independent person from deal input/processing set up the product on the system. This would incorporate an independent check that the product was duly authorized etc. However, if this person (and any support) is not available or they are not competent to set up the product on the system there will be problems. As a result of not being set up or set up incorrectly the trade may not be processed, affecting records and reporting, and could affect clients and generate both operational and possibly regulatory risk.
However, if the processing team are permitted to set up products in the system there is a different, but just as dangerous, weakness.
Organizations overcome this by sometimes having static data teams and manage the situation through ensuring availability of trained staff and setting deadlines for the time to set up a new product in the system. By instituting adequate procedures and controls the situation can be managed but incorporating this into headcount, operational hours and ensuring adequate competency is not easy, particularly in smaller firms.
On a more simplistic but nevertheless important note, password control into systems can be, and often is, woeful. Not only are passwords often freely shared, but they can take an age to be disabled after a person leaves the organization. Slack access rules open up an
organization to all manner of dangers that, to be fair, the operations team member may not recognize. We have probably all used someone else’s access code to expedite a quick solution to an inquiry, particularly when dealing with a client inquiry and they are waiting on the telephone for the reply. However, this cannot, in risk terms, be justified. The situation where the access code of a departed employee takes days, sometimes weeks, to be disabled is a totally unacceptable risk.
Problems also exist today with so many organizations offering and taking services via the Internet. Without question this is a quick and very attractive medium to communicate and get information, for instance from exchanges. However, unless there are adequate controls and protection to the systems a disaster is waiting to happen. It may be unsavoury that employees might access and download pornography, but the real danger is the vulnerability to viruses and hackers. Activists for various anti-capitalist groups, criminals and terrorists can bring a company quickly to its knees if they can access the core systems. With people often on the inside, i.e. employed in the firm, any weakness that can be discovered and then conveyed to compatriots on the outside presents a massive risk.
3) Business-continuation risk
With the exception of a regulatory suspension or ban, nowhere is there more risk to the continuation of the business than technology.If we look back at some of the risks we have already mentioned, most of them could manifest themselves into a very significant problem, some quite quickly. A virus, for instance, or a major problem with the implementation of a new system would be examples. Yet it is the loss or severe disruption of a system that perhaps creates the greatest concern in many people’s minds. Even in London businesses have faced the threat of terrorism for many years and the Irish Republican Army (IRA) has, while never stopping the financial markets, or indeed firms operating in the markets, from continuing their business, given insight into the consequences of losing infrastructure like buildings.
Although the threat from the IRA has to some extent been reduced by the Northern Ireland peace process, dissidents still harbour ideas about attacks on Britain and crave the publicity that a ‘big one’, i.e. bomb, brings. This was highlighted in the USA and indeed the world by the terror attacks of 11 September 2001. In both cases despite appalling destruction, deaths and damage, most businesses defiantly survived and continue in operation today. They did so because of disaster recovery and business-continuation policies that enabled them to re-establish the business, including systems, in an alternative location.
These types of massive disruption are a risk, there can be no question about that, and yet other potentially equally dangerous situations to the business exist.
As technology advances so the industry moves forward. Many key players in the infrastructure of the capital markets are coming together in mergers and alliances, changing the whole way in which business, including clearing and settlement, is carried out. As the systems move forward in the drivers we talked about earlier in this article take effect, some firms are caught in a very difficult situation.
Redeveloping or replacing systems is neither cheap nor particularly easy to implement and yet a failure to modernize the systems can have massive implications for the business. On the one hand, there is the possibility of being unable to meet exchange or clearing house interface capabilities and therefore being unable to continue as a member of that organization. On the other, operations teams faced with increasing demands from clients for ever more sophisticated technology-based services cannot compete with other firms because of outdated systems.
These both pose significant threats to the firm and need to be addressed by a long-term commitment simply because the pace of change is unlikely to slow and ‘temporary patches’ are no solution.
Operations managers must therefore be very aware of their role in helping to plan and develop the system capabilities for the firm, as wrong decisions on the choice of system and the future requirements are not just simply an embarrassment and a financial loss, they may be terminal and prompt the firm to consider outsourcing the operations function. Given the threat to the business of the failure of systems to be adequate from a business and regulatory aspect, one can see why the directors may decide that the risk to the continuation of the business is too great, not to mention the investment, to maintain an Operations function.
There are, of course, many sound arguments for investing in systems and utilizing the Operations function as a revenue generator and support service to the business and its clients. So providing the Operations managers can show their ability to manage systems, both in usage and development capacity, there is no reason to believe that business-continuation risk cannot be adequately managed.
Finally the —- Technology is power. It is also a risk. So re test 10 times on all above mention points before goes into Production line.
One of the Solution for Technology Risk :
There is a General insurance provided by three insurance company by which you can protect your pro desk under Technology risk occurs. Flash crash can also be insured using this policy.
Please write your comments: