Wall Street has changed immeasurably in the past several decades. Key changes that have occurred include computerization of trading, the growth of universal banks (and hedge funds), and the development of financial engineering. Each of these changes enabled major revolutions to take place in our larger society. Banks are not what they used to be, but while they were agents in enabling change in society—changes that brought major benefits—with these benefits also came major costs.

First, computerization of trading has helped to facilitate the growth of a shareholder society. The casual, retail investor now has access to trading tools that provide access to very liquid and fast‐moving markets with the ability to execute shorts, options, swaps, foreign exchange (FX), and other complex transactions from their PC or smart phone. The cost of participating in such trading activities has declined dramatically and, as a result, millions more people¹ own shares today than in the past. This has been in large part due to the creation of new trading and computer technologies and resulting cost reduction. Such gains are not achieved without risk, however. Some of the operational risk incidents we will review in the coming chapters stem from the technical challenges that are posed by such technological advances.

Second, the growth of universal banks² with massive capital resources and services aimed at every customer segment has helped achieve major efficiencies in the promotion of new capital structures and investment vehicles. The availability of credit to greater numbers of people and the provision of new types of financial innovation to every type of corporate entity has enabled the creation and expansion of new productive capacity in the United States. These advantages were particularly clear during the expansion years of the 1990s and early 2000s. However, these benefits also brought problems in their wake.

The sheer size of these universal banks and the stitching together of different legacy systems and bank cultures has created patchworks of manual process and controls that became too complex to manage. The risk of great and complex failures inherent in such unwieldy structures has, in the eyes of many analysts, grown, rather than retreated since the Financial Crisis of 2008. Most recently, Neel Kashkari, chief of the Federal Reserve Bank of Minneapolis, has argued for further controls to be put in place against banks that are so called “too big to fail.”³

To his point, managing multiple businesses and multiple country branches brings a level of complexity that makes it much more difficult to monitor activities across an entire organization. Additionally, privacy laws that have multiplied in different countries have further exacerbated this issue. This can and has led to failures to assert centralized controls and unified lines of defense against suspicious trading activity and the like.⁴

Third, the growth of financial engineering took place in the context of relatively light regulation and planning. Credit default swaps, for example, started as a relatively obscure product in an obscure trading group within investment banks. While investment banks and broker/dealers are required to oversee new product development in a careful way, new products have a habit of getting through with relatively little scrutiny and planning. This lack of planning is, in part, a reasonable response to the nature of the trading market. Many products are thought up in the twinkle of a trader's eye and many of them fail to take hold. In the case of credit default swaps,⁵ however, within a very short time frame, billions of them were being written to cover bondholders and non–bondholders. Expansion in areas like this brought much greater profits to the banks, at least for a time. It also brought much greater complexity to the business. Obscure products like credit default swaps can thus grow from a relative backwater status to a major profit center in a short space of time in a way that is hard to predict or plan for. The ability to manage the resulting complexity, however, does not tend to keep up. The rash of scandals, penalties, and significant operational losses in the case of mortgage‐securitized products are one indicator of that.

The rapid change at investment banks as a result of these particular areas of innovation has made it hard for regulators to keep up in their ability to understand and monitor these changes. Yet the role of regulators has never been more important. In some ways, the battle over regulation that took place in the years after the 2008 Financial Crisis, and in particular, the battle to introduce the Dodd‐Frank legislation was similar to that played out in the original battles fought by Washington and the SEC to establish US securities laws and the SEC in the 1930s. This will be discussed further in Chapter 22.

The battle fought by the regulators since 2008 has also been to arm themselves for battle more effectively, by adding to their ranks people with the expertise and experience to be able to identify, monitor, and manage the risks as they unfold at their charges' houses of operations. Unfortunately, it may always be the case that regulators, like the French generals of the 1930s who built the Maginot Line of Defense, are doomed to be forever fighting the previous war.

The example that perhaps best illustrates this is the case of Wells Fargo that hit the headlines in 2016.⁶ This was different from what had gone before in three important respects. First, relative to the mortgage and other scandals, which led to billions of dollars in lost wealth, the churning of unauthorized bank and other accounts involved sums that were relatively small. Second, instead of a few relatively high level traders being involved, as in, for example, the mortgage, FX and LIBOR scandals, this scandal involved thousands of fairly low level employees. Third, those involved in the scandal did not possess any special financial engineering skills, rather, they applied routine customer facing banking skills to set up and self‐authorize fake bank and credit card accounts. It is apparent that investment banks, faced with increasing regulation in the investment banking sphere, have been turning to retail and private banking as alternative sources of revenue. Even Goldman Sachs has established a unit for online personal banking so it may be that this Wells Fargo incident is the first of a new emerging class of risk. It is clear at least that the regulations and procedures put in place by compliance and risk management were not adequate to address this risk at Wells Fargo.

At the same time, it is also the case that banks have been able to put in place many sensible and effective controls to mitigate risks that they do run from their sheer size and complexity. Some of this has come about from the pressure that they have been put under by regulators. A friend of mine is an MD who works in an area called model risk at one of the major investment banks on Wall Street.⁷ Under the constant prodding of regulators and internal audit, he has constructed a complex set of controls over the various models used by the bank to value every single complex position that is traded there. If a trader is ever tempted to modify the way a position he is trading is valued, to perhaps help it reflect a profit to his greater advantage, it will be known straight away by those monitoring the valuation models. However, the separation of controls put in place most likely means that the trader, who in prior years would have been able to easily do such a thing, is now not able to do so. While this makes the bank safer than it was, there may be diminishing returns and unintended consequences from further nit picking by regulators with what has been accomplished.

Added regulations and administration has meant the need for banks to add significant resources to meet these regulatory requirements while hamstringing them in other ways. The ban or severe restriction on proprietary trading, the Volcker Rule⁸ for example, arguably has already had some negative consequences, even though the ban has only recently come into effect. One unintended consequence is that as banks have been adding to the ranks of staff engaged in compliance matters while they have been losing and shedding the trading talent that has been the long‐term source of their competitive advantage. Traders and risk managers have been leaving to join hedge funds, asset managers, and even insurance companies in droves. This drain on talent, has only added to the difficulties banks face in managing their trading risks effectively.

This is some of the context for the operational threats faced by the Banking and financial services industry today. Some of these are posed from the outside, some from the inside. What the banking industry cannot do is afford to let these threats subsist alongside their business model. Rather they have to address the issues head on. We will explore in the succeeding chapters how some of the changes described here have led to these threats and some of the tools that firms can leverage to address them successfully. We now turn our attention to some of these major events and losses.