The Follies of Portfolio Theory in Risk Management

As the price of gas starts to approach that of cheap wine, foreclosures hit a record, and companies find themselves unable to get the loans necessary to do business, I think again of portfolio theory in corporate risk management. I mentioned this a while back as a response to an article by Nassim Nicholas Taleb, author of The Black Swan: The Impact of the Highly Improbable. But today I started doing some rough calculations. One of the problems with complex mathematical models is that they have to simplify to make things easy for most people to understand.

However, sometimes there are simple calculations that can show you the potential folly of your ways. Assume for a second that in the financial world, there are, at any given time, 20 things that could go horribly wrong and wreak havoc. Say that the chance of any one of them occuring is only half a percent. Pretty low odds, right? Yes, for each given event, there is only a 0.5 percent chance in a year that it could happen. But remember that there are 20 of them, and because they are independent, they have a multiplicative effect. But 0.5 percent chance of going wrong is the same as 99.5 percent chance of going right. But when you multiple 99.5 percent by itself 20 times, you end up with about 90.5 percent. We've just gone from the psychology of safety in only a half percent chance of disaster to a more sobering 9.5 percent chance. Take that over a decade, and you see numbers that would make you bet the financial world would implode to some degree.

You can quibble with the percentages, or the number of disaster factors, even though I'd say I'm being pretty reasonable. So change some of the percentages, or the number of disaster scenarios. You're still left with the fact that, over time, the world will periodically drive itself into a brick wall at high speed.

I remember interviewing ChevronTexaco CEO David O'Reilly a few years ago. At one point I asked about geopolitical factors, as those are a problem in the oil business. He said that over time, there's always some war or political unrest that affects their business. The company just assumes there will be one at any given time and figure out how to live with it. If more companies should take that attitude, the world might be in far more secure shape.

Ignoring Data Security Could Spell Lawsuit

If you are an executive in business - or you are a consumer - then this posting and series of comments from Slashdot.org should scare the heck out of you. The original author writes:

I see our customers turn a blind eye to blatant security issues, in the name of the application or business requirements. I see our own senior officers reduce the risk ratings of internal findings, and even strong-arm 3rd party auditors/testers to reduce their risk ratings on the threat of losing our business. It's truly sad that the fear of losing our jobs and the necessity of supporting our families comes first before the security of highly confidential information.

If that isn't chilling enough, scroll down the page and see one story after another that, if known to the people affected, could easily lead to significant law suits:

• I was employed in a medical software company that did not treat their staff terribly yet managed to deploy products that were genuinely unsafe. This was in the imaging dept.of a medical records company - imaging handled diagnostic images as well as records for archival. This needed to be 100%+ HIPPA [hhs.gov] compliant and was nowhere close.
• Don't even get me started. I work at a company which makes document imaging software and our customers send us all kinds of crap that honestly, scares the shit out of me. Not to mention information specifically protected by law. Most of the time, I get the sense that the sender didn't even remotely think about it. All they know is "this is not viewing/printing how it should" and so off they send it, as an attachment on unencrypted email.
• I remember in my days consulting, I got sent a DB to look at. This DB held all the personal information for everyone who was worth over $X. The DB contained SSN's, spouse's name, spouse's SSN, etc. As soon as I saw this DB, I asked where the NDA for it was. When I was told there was no NDA [non-disclosure agreement] sent over, I felt sorry for everyone who's information was in there.
• I work for a very large US government department. Our agency oversees all of the child agencies. If we leak information about how we fast-talk the 20-some year old college graduate security auditors that know jack about computers, we would surely lose our contract. Our contract pays big, on the order of a few million per year. We have a total staff a little over 20, do the math. If the federal it director says to do it one way, we do it that one way to ensure nice paychecks to our employees.

By no means are all the posts negative, and some mention companies that seem to take security seriously. But for any company of significant size not to grasp the potential liability of inadequately handling data to which it has been entrusted is dumbfounding. Are they waiting for the class action suit to get dropped on their desks?

Has AT&T Gone Daft?

I know that AT&T was taken over by new management when acquired by Cingular a few years ago. But you'd think that the people running any major telecommunications company would have some grasp on the essentials of the business, and of its legal underpinnings.

For years, telecom carriers have gone out of their way to avoid looking at traffic passing over their networks. But AT&T has decided to end that trend, as this C/NET report shows:

For the past several months, AT&T executives have said the company is testing technology to filter traffic on its network to look for copyrighted material that is being illegally distributed. James Cicconi, senior executive vice president for external and legislative affairs for AT&T, reiterated the carrier's plans last week during a panel discussion at the Consumer Electronics Show in Las Vegas.

In other words, AT&T would play Internet traffic cop for some reason or another. But why? This has to be the biggest mudhole a corporation could want to sink in.

The customer service problems are obvious. How many complaints can one organization field from outraged customers who are sure that what they are trying to send, receive, or view online is perfect legal? Many of them might even be right...

But the big problem is not even customers, but legal liability, as Tim Wu wrote in Slate. AT&T was one of the prime forces behind the Digital Millennium Copyright Act of 1998, which, among other things, shielded telecoms from liability of copyright infringement, et. al., so long as they didn't poke into the content they carried and selectively choose what they would and wouldn't allow to pass.

Once a company starts sticking its nose into the content and making transmission decisions based on it, however, the protection pretty much disappears. And that's exactly the pit AT&T is about to enter. Now the recording industry can sue not only people who download illegal copies of songs, but potentially AT&T if its networks are carrying the traffic. And as the company has perhaps the biggest single share of Internet traffic, and as technology is never perfect and always screws up, chances are that AT&T will find itself liable in this and many other situations.

What did the "new" AT&T do? Fire anyone at the old AT&T who might have had a clue about risk and liability? Or were they just people with "old fashioned" views who obviously couldn't be as smart as those that acquired the company? At least the lawyers will be happy.

Risk Won't Get Repriced

One of the problems with the credit crunch was that risk wasn't proportionately priced. Relatively risky investments didn't pay all that much more than safer ones, and so investors couldn't get that last visceral hint that they were writing a check for real danger. The problem was that there is just too much money in the world seeking a home, and that hasn't changed. For example, D&O (directors and officers) insurance premiums have actually been dropping in price for years, even though the chances of corporations getting sued by shareholders aren't dropping equally quickly. According to brokers I've spoken to, the reason is that there are always new sources of money trying out this type of investment, creating competitive pressures. I've heard the same from an economist who consults to upper management at large corporations.

And that money hasn't all disappeared in the recent market thrashings. Look at a Wall Street Journal article today about hedge funds bouncing back:

Through the end of the third quarter, hedge funds have seen $164 billion in new asset flows this year, already a record for a full year, according to Hedge Fund Research Inc., based in Chicago. The previous record year was 2006, with $126 billion in new asset flows. As much as $45 billion was invested in hedge funds in the third quarter, when markets were the most turbulent. Some 71% of that went to big hedge-fund firms -- those managing more than $5 billion each.

A lawyer at a major real estate firm told me that his clients in Europe were about ready to start a buying spree in the US because they have cash and because the exchange rate between the Euro and dollar gives them even more leverage.

The money goes pouring in, and it all has to find homes, so the differential between high risk and low risk will continue to remain small, not because the risks are that close in nature, but because the supply of money outstrips the demand. So people will continue to invest, largely ignoring the real risks, because they can't afford to be picky. They're all at a dance where they want to get picked, it's getting late, and being choosy means being alone. It's only in the morning that they see what they've done, but by then it's too late.

Business Using Sub-Prime as an Excuse

There have been many news accounts of how the meltdown in the sub-prime credit markets have become like a contagion, affecting a growing amount of all business. The reasoning, as I understand it, goes something like this:

1. Housing prices kept escalating, so people had burgeoning amounts of equity, at least on paper.



2. Sub-prime lenders kept taking on more risk because high demand for homes and rising housing prices made it seem relative safe.



3. Lenders bundled together derivative securities that held the mortgages.



4. By combining pools of mortgages with rising housing prices, lenders were able to wash off the risk because the failure of some percentage of borrowers still left the pool safely covered.



5. Prices topped and dropped, and a growing number of people were defaulting - not just on first mortgages, but on secondary ones, including equity-backed lines of credit.



6. Someone had to start paying out money, which meant credit insurers and mortgage lenders alike had to start pouring out cash, which meant reducing liquidity.



7. Those with lots of cash didn't want to lose it, so they stopped underwriting so much of the business being done.



8. As a result, some groups are losing money on deals because they couldn't get the terms they needed, and some hedge funds started to close because they were effectively undertaking high stakes gambling and finding that the house eventually wins.



9. Private equity firms, which had been indirectly fueling the rise in stock prices (not some quick miracle of economic conditions), are backing away from deals because they can't get the terms and returns that drive their business models. (Friday's Wall Street Journal had an article called "Leveraged Buyout Remorse?" with the following first line: "Having spent years racing to put deals together, some private-equity firms are puzzling over whether they should take them apart.")



10. The stock market is likely to see an increasing pinch as people and institutions aren't rushing to make a killing on the next takeover prospect.

So it's all the fault of the sub-prime markets, we hear. But I don't buy it. Yes, that is a mechanism, but it's not the finger pulling the trigger. That honor belongs to greed unchecked by business sense.

In the face of economic history, expecting that prices relative to other demands of life could rise forever, and even planning on that happening, is idiotic. That has never happened and isn't about to start. What we are seeing is the same as the tulip market mania of the 16th century. It's multi-level marketing on a grand scale. It's a ponzi scheme. At each point, furthering of the business "model" depends on someone having the expectation that no matter what the inflated price, he or she will shortly see the same type of return. If a business or investor wants to take some risk for high returns, that's fine, but it's called risk for a reason. There is a measurable chance, sometimes large, that you will lose part or all of the money you've invested.

To put virtually all of your eggs into this one basket is insane. Yet that's what the markets have done. All manners of companies have been betting on consumer spending to continue. But the spending wasn't itself fueled by increases in wages. No, because that would lead to inflation and corporations having higher labor expenses, and smaller returns. Instead, everyone more or less turned their heads, opened the credit taps, and let the money flow because, well, those increased housing prices would make everything fine in the end. One could always refinance, pay off the one lender at risk by transferring the risk to another, and take a little extra money out at the same time.

It's over. People are increasingly stuck in houses they couldn't afford and that, with dropping prices, they can't afford to sell, because they would remain in debt as the sales price wouldn't cover the mortgage. The markets are experiencing (I'm not sure they realize quite what is actually happening) a cold turkey economic abuse program. Now governments are involved, making cash available to keep enough money in the system to leave it afloat. Although you won't see it called such, this is the world's largest economic bailout masked as maintaining market liquidity. The sums that are going in and will probably continue to pour in will dwarf the savings and load debacle this country experienced. I wouldn't be surprised if it ultimately overtook the real spending during the Great Depression. We are in a pile of doo-doo, and all the finger-pointing and rationalization won't change the fact that it is of our own making.