Prof. Jayanth R. Varma’s Financial Markets Blog

A blog on financial markets and their regulation

Monthly Archives: December 2015

Why waste taxpayer money to enforce stupid exchange rules?

Early this month, the US SEC passed an order against Behruz and Kenny about how they fraudulently obtained liquidity rebates from the option exchanges on which they traded. When I read this order, my first reaction was to laugh out loud at the stupidity of the alleged victims: some of the largest option exchanges in the US were running pretty silly liquidity rebate schemes. I can understand that regulators might wish to step in to protect small retail investors against their own stupidity, but if somebody like the CBOE chooses to run a scheme that is basically an open invitation to be gamed, my inclination would be to let them suffer the consequences. For the regulator to go after the alleged offender is to my mind a waste of tax payers’ money. I do take Stigler’s classic paper on the optimum enforcement of laws quite seriously.

The first charge against Behruz and Kenny is that they earned $2 million of liquidity rebates (and exchange fees avoided) from the option exchanges by misrepresenting “customer” status for their trading accounts. If you are not a broker-dealer, your orders are treated as “customer” orders unless your trading goes above the threshold of 390-order per day. To reach the 390-order threshold, you would have to enter an order every minute from market open to market close. “Customer” orders do not incur any transaction fees and receive higher liquidity rebates from the exchanges. In practice, trading activity was reviewed quarterly to determine to determine the “customer” status. If the trading was below 390-order per day during one quarter, then the trading account received “customer” status in the next quarter. To see how silly this is, note that if you did not trade at all one quarter, you would have “customer” status in the next quarter even if you were pumping thousands of orders a day in that quarter. Why somebody would think up such a stupid implementation of the rule in this day and age is beyond me.

Behruz and Kenny could have traded thousands of orders a day for six months in the year, and spent their time at the beach for the remaining six months without falling afoul of the SEC. But they were more greedy and wanted to trade with “customer” status round the year. So they created two accounts and switched between them each quarter – when they were trading thousands of orders a day in one account, they kept the other account almost dormant so that that other account would have “customer” status in the next quarter when the first account lost that status. The rules did however require that accounts with the same beneficial ownership should be aggregated for determining “customer” status, and Behruz and Kenny misrepresented the beneficial ownership to avoid this result. One way of looking at the SEC action is that they brought offenders to book, but the other way of looking at it is that the SEC is encouraging large and sophisticated players to create silly rules and implement them in silly ways, confident that the SEC will clean up after them.

The second charge is that Behruz and Kenny used spoofing orders to earn liquidity rebates from the (Nasdaq OMX) PHLX options exchange. The typical scheme was to enter a series of large hidden All-or-None (AON) orders to buy options at a price that was a penny more than the option’s current best bid. Because they are hidden, these AON orders do not change the best bid. Behruz and Kenny then placed smaller (typically one lot), non-bona fide sell orders at the same price as the AON. These orders were too small to execute against the AON order, but (since they were not hidden) they lowered the option’s best offer by one penny. The idea was to induce genuine sellers to send sell orders at the new best offer. When enough such sell orders arrived to make up the quantity of the AON order, they all executed against the AON. The PHLX in its infinite wisdom regarded the AON orders (that nobody could see) as having provided liquidity to the market. Since the AON buy order was sitting in the order book before the sale orders arrived, the AON was deemed to have provided liquidity while the sell orders were deemed to have taken liquidity. The PHLX gave a liquidity rebate to Behruz and Kenny, and charged a liquidity take fee to the sellers. Behruz and Kenny then turned around to execute the same strategy on the opposite side to dispose of the options that they had just bought – a large hidden AON sell order and a small displayed buy order.

One can have a debate on whether liquidity rebates and the maker-taker model make sense at all. But there is no debate about the silliness of what PHLX is doing. The idea that a hidden AON buy order that did not even move the best bid offered liquidity to the market is laughable. In a rational market, exchanges that do stupid things should lose money or business or both – the survival of the smartest. The regulators should not be trying to protect the silly and impede this market dynamic.

A recent blog post by the Streetwise Professor makes an even broader but similar argument about spoofing in general. He says that sophisticated and knowledgeable players have the incentive to detect spoofing and take defensive measures that would reduce the frequency and scale of spoofing activity. Therefore regulators need not bother much about it. I tend to agree. Harris’ classic book on market microstructure for practictioners (Trading and Exchanges, OUP, 2002) has a whole chapter on “bluffers” and within that there is a section in particular on how bluffers discipline liquidity providers. We might have invented a more exotic name (spoofing) for what has been known for centuries as bluffing, but the basic principles remain the same – spoofers discipline the HFTs.


Operational versus financial creditors redux

A month back when I blogged about Creditor versus Creditor and Creditor versus Debtor, I talked about the potential for conflicts between operational and financial creditors, but did not have any good examples of such battles. I am able to remedy that gap now thanks to the fading fortunes of shale oil producers in the United States. A couple of days ago, Reuters carried a story about three instances where operational creditors had initiated involuntary bankruptcy proceedings against large energy producers to avoid being outmanoeuvred by financial creditors:

Involuntary bankruptcy gives vendors some say over how an energy producers’ dwindling funds are managed, and vendors can use it to try to stop a company from cutting deals that favor lenders or investors.

Such cases also allow creditors to choose the court, and all three of the recent cases have been filed outside the busy bankruptcy court in Wilmington, Delaware. Bankruptcy lawyers in Texas said that may suggest suppliers are worried the court is too eager to approve quick sales of businesses, which tend to favor secured creditors.

A lawyer for the creditors … said the involuntary bankruptcy prevented the Gulf of Mexico producer from being stripped of all of its value in favor of the company’s owners.

If the facts stated in the story are correct, then standard theory (governance rights vest with residual rights) would imply that the operational creditors should indeed be in charge of the bankruptcy process.

Have Indian banks gone berserk on FATCA?

Under the US FATCA Act and the related Inter-Governmental Agreement between India and the US, banks and other financial institutions in India are required to report information about accounts held with them by US persons or entities controlled by US persons. All the documents that I have read are clear that this should not affect Indian citizens who are tax resident in India. But I find Indian banks and financial institutions send out notices demanding complex information and threatening closure of accounts to Indian citizens resident in India.

I am not a lawyer, but both Rule 114H(3) and the RBI Guidance Notes are very clear that banks should seek information from the account holder only if any of the indicia of foreign citizenship or foreign tax residence are present. The indicia include:

  • Foreign citizenship or residence
  • US place of birth
  • Foreign address or telephone number
  • Repeating payment instructions to US address or US account
  • Power of Attorney or signatory authority granted to a person with a US address
  • “Care of” or “Hold mail” address is the sole address for the account holder

In the cases that I am referring to, the account is fully KYC compliant, the Indian address and identity documents are on record with the bank, and none of the other indicia are present, and still the FATCA notice is being sent. In one case, where the Indian citizen and Indian resident account holder was threatened with closure of account, I spent several minutes struggling to understand the complex form in which information was sought before realizing that the form that had been sent to an individual account holder was the form relevant for legal entities! Surely, a bank should know whether its customer is an individual or a corporate entity. But this elementary confusion had caused the bank to apply the $250,000 threshold applicable to legal entities for identifying “high value” accounts instead of the $1 million threshold applicable to individuals. It is another matter that even if it was classified as a “high value” account, the FATCA notice should not have been sent because the bank knew that none of the indicia were present.

I think tax terrorism by governments in both hemispheres of the world has become so severe that banks would rather harass their customers needlessly and go berserk with enforcing non existent compliance requirements than risk being held guilty of any shortfall in compliance. Perhaps some customers should sue the banks for sending baseless threatening letters so that banks would start doing what is required by law – neither more nor less.

Data access controls within banks

An order last month by the UK Financial Conduct Authority (FCA) against Barclays Bank highlights the problems faced by banks and other financial services firms in controlling the access that their employees have to customer data. I have long heard complaints about this: for example, some bank employees keep telling me that as soon as their bonus is paid to them, other employees with access to the core banking software can find out the exact quantum of this bonus.

Now we have confirmation that when one of the largest banks in the world wants to limit who can see the information about a customer, the best they can do is to go back to paper hard copies stored in a vault.

The FCA order refers to a £1.88 billion transaction that Barclays was doing for a group of ultra-high net worth Politically Exposed Persons (PEPs) who wanted a very high degree of confidentiality:

Prior to Barclays arranging the Transaction, Barclays agreed to enter into the Confidentiality Agreement which sought to keep knowledge of the Clients’ identity restricted to a very limited number of people within Barclays and its advisers. In the event that Barclays breached these confidentiality obligations, it would be required to indemnify the Clients up to £37.7 million. The terms of the Confidentiality Agreement were onerous and were considered by Barclays to be an unprecedented concession for clients who wished to preserve their confidentiality. (Para 4.11)

In view of these confidentiality requirements, Barclays determined that details of the Clients and the Transaction should not be kept on its computer systems. (Para 4.12)

Barclays decided to omit the names of the Clients from its internal electronic systems in order to comply with the terms of the Confidentiality Agreement. As a result, automated checks that would typically have been carried out against the Clients’ names were not undertaken. Such checks would have included regular overnight screenings of client names against sanctions and court order lists. If, for example, the Clients had become the subjects of law enforcement proceedings in any jurisdiction, Barclays could have been unaware of such a development. No adequate alternative manual process for carrying out such checks was established by Barclays. (Para 4.49)

Some documents relating to the Business Relationship were held by Barclays in hard copy in a safe purchased specifically for storing information relating to the Business Relationship. This was Barclays’ alternative to storing the records electronically. While there is nothing inherently wrong with keeping documents in hard copy, they must be easily identifiable and retrievable. However, few people within Barclays knew of the existence and location of the safe. (Para 4.52)

I am sure that 130,000 clients of HSBC Private Bank in Switzerland (now accused of evading taxes in their home countries) wish that their data too was kept in paper form in a vault beyond the reach of Falciani’s hacking skills.

More seriously, banks need to rethink the way they maintain customer confidentiality. With anywhere banking, far too many employees have access to the complete data of every customer. A lot of progress can be made with some very simple access control principles:

  1. Every access to customer information must be logged to provide a detailed audit trail of who, when, what and why. Ideally, the customer should have access to a suitably anonymously form of these logs.

  2. Every access must require justification in terms of a specific task falling within the accessor’s job profile.

  3. Every access request should only result in the minimal information required to complete the task for which the access is requested.

For example, a customer comes to a branch (assuming such archaic things still exist) for a cash withdrawal. The cashier requests access by providing details of the requested withdrawal; and the system accepts the request because it is part of the cashier’s job to process these withdrawals (Principle #2). The system responds with only a yes or a no: either the customer has sufficient balance to allow this withdrawal or not. The actual balance is not provided to the cashier (Principle #3). It should be emphasized that without Principle #1 and #2, the cashier could make repeated queries with different hypothetical withdrawal amounts and guess the true balance within a relatively small range using what computer scientists would recognize as a binary search method.

In my view, access controls are easy to implement if banks decide to prioritize (or regulators decide to enforce) customer confidentiality. However access controls have their limits and cryptographic tools are indispensable to achieve more complex objectives. Banks need to promote further research into these tools in order to make them usable for their needs:

  • To deal with Falciani risk, the entire customer data must be encrypted even inside the core banking software. The Snowden episode demonstrates that even system administrators must not have access to all information. Banks need to think very carefully about database level and column level encryption of the core banking data. Of course, banks need to worry about application security of their core banking systems: one publicly released security report of three different popular core banking software products revealed poor applications security to the point of causing an operational risk to the banks concerned.
  • The problem that Barclays had of running automated tests against sanctions and court order lists while keeping the customer identity confidential can be solved using a more sophisticated cryptographic tool –
    homomorphic encryption. Homomorphic encryption is a form of encryption which allows computations to be performed on data without first decrypting it. For example, suppose two numbers a and b have been encrypted into cypher texts x and y, and it is desired to compute a+b. Homomorphic encryption would perform some computations on x and y and produce a result z such that decrypting z yields a+b. The person who is performing the computation knows that she is adding two numbers, but does not know which numbers are being added. Moreover, she does not know what was the sum; she obtains only an encrypted version of the sum. Only the person with the encryption key or password can determine the sum by decrypting z.

    Some special cases of homomorphic encryption are reasonably efficient, but fully homomorphic encryption is currently impractical. Banks need to think creatively about how to use partially homomorphic cryptosystems to achieve their goals efficiently. Simple transactions like deposits and withdrawals involve only addition (and subtraction) which are more amenable to homomorphic encryption than more complex computations.

  • It is desirable to allow compliance staff to verify that adequate documentation exists without being privy to the confidential information. Another advanced cryptographic tool comes to our rescue – zero-knowledge proof. Suppose the relationship staff who know the client are trying to satisfy the compliance staff that they have obtained the requisite documentation from the client, but the compliance staff are not allowed to see the documents themselves to protect the confidentiality of the customer. A zero-knowledge proof is a technique which must satisfy three properties:

    • If the documentation actually exists, the compliance staff will be convinced of this fact by the “proofs” provided by the relationship staff.
    • If the documentation is missing, it is almost certain that the relationship staff would fail to convince the compliance staff that it exists.
    • If the documentation actually exists, then the “proof” of its existence (provided by the relationship staff) will not allow the compliance staff to learn anything about the documentation other than that it exists.

    The core procedure of a zero-knowledge proof is interactive: it consists of a series of challenges by the compliance staff and a series of responses by the relationship staff which are so designed that it is very difficult to provide fake responses to fool the challenger. At the same time, each challenge and response is designed not to reveal anything about the content of the document, and the responses to different challenges cannot be put together to learn anything either.

    The regulatory regime needs to be redesigned from the ground up to exploit zero-knowledge proofs. The effort involved is non trivial, but the benefits are well worth the effort.

I think the time has come for consumers and regulators to start demanding that banks pay greater attention to customer confidentiality. Actually, there is a similar problem in regulatory and self-regulatory organizations. For example, the surveillance staff in a stock exchange (and in the capital market regulator) have access to too much information and there is immense scope for abuse of this information. Mathematics (in the form of cryptography) gives us the tools required to solve many of these problems; we just need the will to use these tools.

HBOS: An old fashioned bank failure

Most of the bank failures of the Global Financial Crisis involved complex products or an excessive reliance on markets rather than good old banking relationships. The HBOS failure as described in last month’s 400 page report by the UK regulators (PRA and FCA) is quite different. One could almost say that this was a German or Japanese style relationship bank.

The report describes the approach of the Corporate Division where most of the losses arose:

The often-quoted approach of the division was to be a relationship bank that would ‘lend through the cycle’. Elsewhere the division’s approach had been called ‘counter-cyclical’. This was described as standing by and supporting existing customers through difficult times, while continuing to lend to those good opportunities that could be found. The division claimed it had a deep knowledge of the customers and markets in which it operated, which would enable it to pursue this approach with minimal threat to the Group. It was an approach that was felt to have served BoS well in the early 1990s downturn. (Para 274)

What could go wrong with such old fashioned banking? The answer is very simple:

Taking into account renting, hotels and construction, the firm’s overall exposure to property and related assets increases to £68 billion or 56% of the portfolio. (para 285)

And in some ways, relationship banking made things worse:

The top 30 exposures included a number of individual high-profile businessmen. Many of these had been customers of the division for many years, some going back to the BoS pre-merger. True to the division’s banking philosophy, it had supported these customers as they grew and expanded their businesses. However, business growth and expansion sometimes meant a change in business model to become significant property investors; not necessarily the original core business and expertise of the borrower. In the crisis, a number of these businessmen, though not all, incurred losses on their property investments. (Para 318)

When you as a bank lend a big chunk of your balance sheet into a bubble, it does not matter whether you are a transaction bank or a relationship bank: you are well on your way to failure. (If you do not want to jump to conclusions based on one bank, a recent BIS Working Paper on US commercial banks studies all bank failures in the US during the Great Recession and comes to a very similar conclusion).

In the sister blog and on Twitter during October and November 2015

The following posts appeared on the sister blog (on Computing) during the last
two months.

Tweets during the last two months (other than blog post tweets):