30 November 2017

22 Years later, Info Sec is still a problem

In about 1995, I remember an IT manager being dismissive of our internal audit recommendations to improve information security. No matter how we documented the issues, he either ignored then, argued with them, or promised to implement the sometime in the future, date unknown.

In my frustration I had one of our very smart people try something.

Two days later, I wandered into the IT managers office, politely knocking. Eye-roll, "Yes, what can I do to help you this time?" he asked. 

I silently handed his a plain white envelope. He looked at it, opened it, and pulled out the single sheet of paper, carefully folded in three. He opened the paper.

In the very middle of the page was one word: his password.

After a moment, his only comment was "Okay, I get it. Now bugger off."

Best "bugger off" I've heard in my life. Recommendations started to be implemented.

Sometimes it is fun to consider just how far we have come with computer security, and how how far we still have to go. Today I would have had that very smart person find a way to get a Trojan onto his laptop and would have stolen the saved passwords, or would have had someone sniff his packet traffic. Nothing new, but still wide open gaps in too many system.

10 October 2017

Whalen on CDOs, OBS, Fraud and Europe - I suggest you be very afraid

In 2006, after reading one of my friend Chris Whalen's articles in which he discussed the size and dangers of the Synthetic Collateralized Debt Obligation (CDO) market, I picked up the phone and rang him. "Chris, I have to admit that I simply do not understand what you've just written. Could you please explain it to me in small words?"

To his credit he did, and he took his time, and used small words, and at the end of our call, the only thing I could say was "Chris, based on what you've just taught me and what you are saying, you are now the scariest person I know."

Not long after came the collapse of Lehman Brothers and the slide into the Global Financial Crisis (GFC). Everything Chris had written seemed to come to fruition, as if he had written the play-book for the crisis, or at least the reasons for the processes creating the crisis.

Fast forward to 2017, and over the past two weeks Chris has again written two very alarming articles. Last week focusing on CDOs and OBS risk, while this week's article sheds light on why Europe should worry us.

Last week Chris wrote a piece, this time called "CDO Redux: Credit Spreads & Financial Fraud". Read this article from Chris. It is as scary as anything he wrote in 2006. Toward the end you'll find the following statement:
The fact that Citi, JPM and GS are now pushing back into the dangerous world of off-balance sheet (OBS) derivatives just illustrates the fact that the large banks cannot survive without cheating customers, creditors and shareholders.
He points out that the very largest banks, like retailers, cannot be profitable by selling a greater volume at a lose, but only by, in effect, cooking the books. This suggests that systemic fraud is part of the natural business cycle, and he seems to be saying that we are nearing the end of this cycle.
As we note in "Good Banks, Bad Banks," larger institutions suffer from a fatal lack of profitability that ultimately dooms them to commit fraud and, eventually, suffer a catastrophic systemic risk event.
How big is this problem? Chris has a nice chart. Sure, it looks like the problems were in the past, but look at the re-growth to today. Notional Off Balance-Sheet Derivatives (OBS) are, between the three largest (Citi, JPMorgan, and Goldman Sacks) over $140 Trillion, not far from the GFC peak of around $130 and a later peak of possibly $175 Trillion.

Now, I seem to remember that "OBS" - Off Balance-Sheet, is bad. I seem to remember that it was the Off Balance-Sheet manipulation via the use of Special Purpose Vehicles (SVPs) that distorted their true debt position, and lead to the crash of Enron in late 2001.

Imagine a bank for which a 30BP (Basis Points: 100 PB = 1%) move in the OBS book would wipe out the bank's capital. Imagine wiping out a bank's capital with a .07% move (7 basis points). Imagine any entity leveraged 8000:1.

Note too that the relatively small GS has a notional OBS derivatives book of more than $41 trillion, almost as large as that of Citi and JPM.  More alarming, a move of just 7bp in the smaller bank’s OBS derivatives exposures would wipe out the capital of Goldman’s subsidiary bank. This gives GS an effective leverage ratio vs its notional OBS derivatives exposures of 8,800 to 1.
Worried yet?

Jumping forward to this week, and he has nothing comforting to say about Europe (or again, the American situation). This the following is not a surprise, the clarity of statement leaves no doubt:

Zero rates and QE a la Yellen, Draghi and Abe is not about growth so much as it is about subsidizing debtors, especially governments and other public obligors who are beyond the point of recovery in terms of ability to repay debt.

Meanwhile we continue to see the Rape of Greece, with bailouts primarily intended to subsidize European banks and governments, with Germany seeming to take the lead. All this as European banks continue to record interest "income" against non-performing loans. Many of those loans will never be repaid, and a haircut is inevitable. Chris points out that "more public sector debt has been incurred and the banks – which admit to some €850 billion (6%) in non-performing loans – are essentially insolvent as a group."

The big question will be whether Cyprus becomes the model for Europe, and if so, how long can the banking sector survive a run, or at least a slow walk, on deposits by individual savers. So far, QE in Europe has been used to avoid this, but not forever.
Europe is drowning in debt and there are a number of large EU banks that are demonstrably insolvent.
This continued pretense by the Europeans, coupled with the CDO & OBS situation in the US points to two of the three major economic blocks (counting China & ROTW {Rest of the world} as the third) piling on higher and higher levels of systemic risk. And not matter what anyone says, it will not be different this time.

Chris is being scary again. and again, we should listen to him.

25 September 2017

Reputation v Reality - Panama and Banking

Opening a bank account in a Tax Haven is supposed to be easy. All hush hush, sly winks, funny bank account numbers. Or as the British might say - "Nudge, nudge, wink, wink, say no more, say no more". I would not say that was my expectation when opening a bank account in Panama, but I certainly was not ready for the level of Customer Due Diligence, KYC (Know Your Customer) and AML (Anti-Money Laundering) checks that were required. And here I were thinking, I'll hand over some cash and we'll open a bank account.

Still the (new) bank insisted the checks they insisted on making were completely normal, and that there had been no change in their process. The printed and many-times photocopied forms certainly appeared to support their position.  This in contrast to my experience opening a bank account in the UK with nothing more than a Belgian identify card. I walked in, sat down, handed over my Belgian identify card and a letter from my employer (which, frankly, I could have typed and printed from my own computer). With little other than asking me for my address, I had a UK bank account, with a debit card in the mail.

At this stage let me say that this was all above-board, as we were in the process of actually moving to Panama from the UK. I'll also confess that this was a month after the world wide splash of the "Panama Papers" and the sudden spotlight that this had shown on Panama in general, and on banking and legal services in particular.

Opening a bank account is one great example of just how the stereotypes of Panama simply are not accurate. Not only did they require identification (and a Belgian identify card was not sufficient, thank you), they required a letter of introduction from our UK bank. A letter that could never touch my hands, but that had to be sent from Bank to Bank. Imagine the humor when I asked for a letter of introduction from my bank. The conversation went something like:

"I need a letter of introduction for my new bank."
"We don't usually issue those."
"This isn't a UK bank."
"Oh, okay, in what country?" said as the service representative was looking up the procedure online.
"Umm, Panama."
Big smile from the service representative "Really? Panama, like, the Papers?" Big smile.
"Yes, really. You didn't need one, but they do."
"Yes, really, and it must go directly from this bank to that bank."
"Oh, so I can't just print it and give it to you?"
“No, and it must be mailed to them, on UK bank’s letterhead, and from the bank’s office. I cannot touch the letter.”

There is little question that the Panama Papers scandal has been a trauma for the country and the legal and financial services industry. Regardless of how many times people are reminded that "offshore havens" are rife, and that certain US States effectively replicate the functions of offshore tax shelters and money laundering havens, the stigma now sticks to Panama. A recent estimate says that 10% of global GDP is held in "off-shore" havens. Trust me, that money is not in Panama.

The Panama Papers have already toppled the government of Iceland, and last month, the Prime Minister of Pakistan was dismissed by the Supreme Court on the grounds of corruption exposed by the papers. numerous politicians and celebrities have been exposed as having "businesses" in off-shore havens, not all in Panama, but all exposed by the release (hacked theft or internal theft, this still remains to be confirmed one way or the other) of files from Mossack Fonseca, a Panamanian law firm that operated in at least 9 countries at the time.

Multi-national corporations with regional headquarters in Panama have considered relocating, and at least one appears to be on the brink of doing so. While that organization does not have significant operations in Panama, it is the Latin America and Caribbean administrative hub.

Meanwhile, Panama has, over the past decade, maked real, tangible progress in the area of Corporate Governance, lead by the IGCP (Instituto de Gobierno Corporativo-Panamá) and various financial supervisory regulators, and the OECD. The first Corporate Governance Code was introduced in 2010, and is enshrined in the Corporate Law.

In relation to the effectiveness of banking supervision, in 2006 the IMF reported: "Panama is largely compliant with the majority of FATF Recommendations for anti-money laundering and countering the financing of terrorism (AML/CFT), reflecting the efforts of the authorities and industry to put in place an effective AML system. Nevertheless, staff makes several recommendations..." Panama has since updated its legislation in line with the IMF recommendations.

In the associated area of Risk Management, the Panamanian banking supervisor requires all banks to provide a statement that they have an effective system of Risk Management. Further, this statement must be signed by the Board of Directors. This is included in the detailed in Chapter IV of Rule 7-2014 (August 2014).

So while Panama has been making serious progress on corporate governance, anti-corruption and banking supervision for many years, still the country has a bad reputation. Having the previous president sitting in a US jail awaiting extradition for corruption does not help. Nor does a culture in which the police regularly request bribes, and in fact give lessons on how to pay those bribes.

Clearly there is a long way to go, both in actual implementation of effective corporate governance, and in inculcating a culture that rejects corruption at the grass-roots level as well as at the most senior levels of government. But the country is not the Wild West, and if anything can be learned from the Panama Papers, it is a reminder that reputation made in years, but destroyed in seconds. Panama has been spending the years demonstrating that it plays by the international rules, and in fact enshrines those rules in law.

Going through the processes of getting a bank letter of introduction was not the end of their due diligence. My employer in the UK received a telephone call from the bank in Panama. Do I actually exist, and do I really work for this company? Could they confirm by email please, from a company email address?

Remember that this is required by a bank in an off-shore tax haven. All I can do is quote the UK bank service representative: "Really?"

09 September 2017

"The Zone" is more than just a place

Once upon a time there was a special place. So special, that the people of the land and country on both sides of the place were not allowed to go there, unless invited or to work. The only people who could live there were aliens from another land. And they brought that other land with them, right down to mowed lawns, schools and supermarkets, bowling alleys and cinemas. But only the aliens were allowed to send their sons and daughters to the schools, and only the aliens were allowed to shop in the stores. This special place, we'll call it "The Zone" contained the single most valuable national infrastructure asset in the country. An asset so huge and costly to build, that it became one of the single most important strategic assets of the aliens, and of the world; more important than almost any infrastructure asset in the aliens own land. Now imagine that this asset could generate, directly, or enable up to 20% of the country's GDP, if it could be exploited by the country it sat in. Imagine also that this asset could, but did not, generate a continual revenue stream to the national government, that could be used for development, roads, education, rural electrification, ports, healthcare systems, the list goes on.

Oil is one of the only natural resources that is able to generate that kind of benefit for a country, but then only if the global oil market is delivering a price point that exceeds the extraction and committed costs associated with that oil. But as oil is fungible and (relatively) plentiful, too often countries have created spending commitments based on a oil prices at their peak, and not at their trough or even average price. The price of oil jumps, then crashes, then crashes and jumps again, and now is relatively stable at a level below the cost of production for many countries that rely on oil revenues.

Imagine instead a resource that is limited, stable, non-fungible, with a clearly definable economic break even point for consumers and users of that resource. And where was that special resource? In "The Zone" of course, out of reach of the country in which it sits, and completely under the control of the aliens with their supermarkets and schools and mowed lawns.

To make matters worse, the aliens were giving it away! Access to the resource was mandated to be provided at an operating break even price, not at a economic break even price for the user of the resource. This means that the users effectively gained a massive windfall at the expense of the country. Restricted access to that infrastructure and asset, and the inability to influence the pricing of the asset (or use of the asset) and inability to access a revenue stream for the government, was holding back economic development of the rest of the country.

So economic development outside "The Zone" progressed at a crawl, with the host country unable to enter "The Zone" without permission, unable to set the price of the resource, and unable to economically benefit from that resource.

The Panama Canal is that resource, and it sits in the middle of "The Zone", a strip of land 10 miles wide, which since the end of 1999 is once again Panamanian national territory. Before the handover, the Panama Canal was mandated to run as a break-even proposition, owned by the United States government. As much at $10 million per year in profit could be provided to the Panamanian government, if the Canal ran a surplus. $10 million on annual revenues of $350 million is not a very good return on the asset, and this was the maximum that was authorized to be paid.

In 1989, the Panama Canal Authority had revenues of US$329 million. With inflation, that $329 million in 1989 would equate to $638 million in 2017 dollars. Current, 2016, Panama Canal revenue was $1,933 million, based on traffic volumes; total tonnage has almost doubled, while total transits remains comparable to 1989. So for decades, the equivalent of $1.3 billion in national revenue was effectively being distributed to shipping companies in the form of subsidized low-cost canal transits.

"Including the passage of neopanamax ships by the new locks, the Canal recorded between October 2015 and September 30th, a total of 13,114 transits and 330.7 million CP-UMS tons (volume measurement of the Universal Systems Tonnage of the Canal of Panama), said the official information."

Today "The Zone" remains, but is now Panamanian national territory, and while most of the land was converted into, and remains a national park, development does encroach.

Most importantly though, the Canal now runs as a profit making infrastructure, delivering over $1.5 Billion into the Panamanian treasury every year. In addition to the direct revenue to the Panamanian government, the very existence of the Canal creates and enables a massive logistics and transport industry, accounting for over 20% of the GDP of the country.

That increase in national revenue is remarkably stable. While traffic volumes fluctuate, the swings are in no way as wide, up or down, as the price of oil. Nor is the price of transit fungible. There is only one Canal, and the options are quite limited if you want to avoid rounding the South American continent, or if transporting across the North American continent by train is too expensive and time consuming. Therefore the Canal is able to price its service based on the economics of transporting goods by any other method or route. This creates a very steady revenue stream, and the country has been able to put that to good use for national infrastructure development.

There is a long way to go for Panama, and as with all developing countries, the challenges are huge, not least education, health, infrastructure and employment (although official employment figures are health with an official unemployment rate in the 4% - 5% range for a number of years). Corruption is rampant, and while Panama is a major offshore financial center, the "Panama Papers" scandal of 2016 dented its reputation.

If anything positive can be said about the 85 years during which the Canal was under US control, it is that the administrative and operational systems were put in place and a level of discipline inculcated that has carried over to Panamanian administration. The Canal is efficient, profitable, and well maintained, and functions as smoothly under Panamanian control as it did under American.

"The Zone" remains, but is now an artefact. But also remaining is the question of just how developed could this country be if it had access to price and profit from the Canal for the 100 years that it has been in operation, and not for the 17 years that it has been under the control of the country in which it is located.