World Bank Research to be Open Access

I’ve written here before about the encouraging trend to make more scholarly research available online at no charge, including efforts by JStor, The Royal Society, and the National Academies Press.  Now, according to an article at Ars Technica, the World Bank has decided to make its research and knowledge products, as well as the data underlying them,  available free of  charge under a new Open Access Policy.

…  the Bank says it will apply to “manuscripts and all accompanying data sets… that result from research, analysis, economic and sector work, or development practice… that have undergone peer review or have been otherwise vetted and approved for release to the public.

Most of the material will be made available under a liberal Creative Commons license [CC-BY].  The Bank has set up a new Web site, the Open Knowledge Repository, to make its work available for browsing and download.  (At the time I am writing this, there appears to be a problem with the site’s SSL certificate for secure [https:] access; you may get a security warning from your browser.)  There are currently more than 2,100 papers and books available in the Repository, and more will be added over the coming months.  Data sets will be available, too, and will probably be of considerable value to researchers, given the World Bank’s special insight into the process of economic development.

“Making our knowledge widely and readily available will empower others to come up with solutions to the world’s toughest problems,” World Bank Group President Robert B. Zoellick said in the Bank’s announcement.

It is great to see another significant institution move toward making information more widely and easily available.

Toxic Environments

I have finally had a chance to read Greg Smith’s letter, “Why I Am Leaving Goldman Sachs”, published as an Op-Ed this past week in the New York Times.  In it, Mr. Smith, an executive director of the US equity derivatives business at one of the world’s  leading merchant banks, says that he is resigning because, in his view, the culture of the firm has changed significant;ly for the worse since he joined it twelve years ago.

… I believe I have worked here long enough to understand the trajectory of its culture, its people and its identity. And I can honestly say that the environment now is as toxic and destructive as I have ever seen it.

Mr. Smith says that the culture of the firm has changed, from one which put the customer’s interest first , to one where making the maximum profit for the firm, at the customer’s expense if necessary, has become paramount.

I attend derivatives sales meetings where not one single minute is spent asking questions about how we can help clients. It’s purely about how we can make the most possible money off of them.

Much of the Wall Street reaction to Mr. Smith’s letter has been fairly predictable.  He has been pictured as a naive hypocrite, who never understood what the business was about, but was happy enough to deposit his bonus checks.  My own reaction, having worked for about thirty years in the financial services industry, is that no one there should be at all surprised by what Greg Smith said.  I have no specific knowledge of Goldman Sachs, but the scene he describes sounds all too familiar.

As William Cohan points out in an article in the Washington Post, the idea of Goldman Sachs, or any other investment bank, duping its clients is not exactly new.  He cites the example of Goldman’s role in and around the bankruptcy of Penn Central in 1970.  Goldman was the underwriter for Penn Central’s commercial paper.  Because of its relationship with the firm, Goldman was privy to information about Penn Central’s deteriorating liquidity position, information it did not share with its customers even as it continued to flog the commercial paper.  The SEC investigated following Penn Central’s bankruptcy.

According to the SEC, Goldman “gained possession of material adverse information, some from public sources and some from nonpublic sources indicating a continuing deterioration of the financial condition of the [railroad]. Goldman, Sachs did not communicate this information to its commercial paper customers, nor did it undertake a thorough investigation of the company. If Goldman, Sachs had heeded these warnings and undertaken a reevaluation of the company, it would have learned that its condition was substantially worse than had been publicly reported.”

The SEC sued Goldman, and the suit was settled within a short time.  Goldman was also sued by some of its customers.  Many of these suits were also settled, but some, for whatever reason, were allowed to proceed to a trial, which Goldman lost.

Incredibly, Goldman thought it could win the lawsuits and allowed them to go to trial, where much of the firm’s dirty laundry was aired. In the end, it lost the suit brought by the three companies and paid the plaintiffs 100 cents on the dollar, plus interest.

Cohan argues that, if Greg Smith had been paying attention, he could have figured out that Goldman’s actions did not always match its lofty principles.  At one level, it is hard to argue with this.  Certainly since I started work in the industry in the mid-1970s, there has never been any shortage of skunks and weasels on Wall Street.

On another level, though, I think Smith is right: the culture of Wall Street has gotten worse, and there are at least some identifiable reasons for this.  Once upon a time, firms like Goldman Sachs were partnerships, meaning that the money they were risking belonged to the partners that owned and managed the firm.  Now, most of these firms are public companies, whose (very highly paid) managers are risking the stockholders’ money; they have also been permitted to become bank holding companies, with access to lending from the Federal Reserve, meaning they can risk taxpayers’ money, too.   The rise of proprietary trading in ever more exotic and opaque financial instruments has made effective oversight more difficult.  The bonus system rewards those who produce short-term profits, even when those profits are based on theoretical valuations of long-term transactions.  (I’ve written about this before.  These are sometimes called “IBG” trades on the floor: “I’ll Be Gone” by the time the deal craters.)  It is hard, offhand, to think of a more complete collection of perverse incentives, to say nothing of agency problems and moral hazards.

Really, the only thing surprising about this is that anyone is surprised.

NASDAQ Hack, Revisited

Back in February, I posted a note here about a security breach that had been discovered in some computer networks owned by NASDAQ (originally, the National Association of Security Dealers Automated Quotation system).    The NASDAQ Stock Market is the largest US trading platform for stocks not listed on the New York Stock Exchange [NYSE].  It is the largest screen-based trading exchange in the US, listing 2800+ issues, and the largest in the world by trading volume.  It did not appear that the attack had compromised the actual NASDAQ trading system, but the total scope of the attack was still being analyzed.  One system that was affected was Directors’ Desk, a sort of bulletin-board system for senior corporate managements.

According to a recent article at Reuters, it now appears that the attackers used their successful access to Directors’ Desk as a first step to facilitate snooping on corporate directors and others to obtain confidential information.

Hackers who infiltrated the Nasdaq’s computer systems last year installed malicious software that allowed them to spy on the directors of publicly held companies, according to two people familiar with an investigation into the matter.

The new details showed the cyber attack was more serious than previously thought, as Nasdaq OMX Group had said in February that there was no evidence the hackers accessed customer information.

The breach is suspected to have been part of what is sometimes called a “blended” attack: an initial target is compromised, which may not only  yield some confidential information itself, but also other information that may lead to breaking into other systems.  (For example, the attacker might get users’ personal information that would facilitate guessing poorly-chosen passwords.)

By infecting Directors Desk, the hackers were able to access confidential documents and the communications of board directors, said Kellermann, chief technology officer at security technology firm AirPatrol Corp.

It is still not clear exactly how long the security breach existed before it was detected, nor does anyone know exactly what information was compromised.  The investigation is continuing, with the assistance of the FBI and the NSA.

 

SEC Issues Attack Disclosure Guidelines

One of the things that can make assessing the overall state of system and network security difficult is the reluctance of some organizations to reveal that they have been attacked.  Sometimes, they prefer to keep the attack secret, or at least try to, presumably because they feel that disclosure would be embarrassing and damaging to their public image.  Some state laws require disclosure, especially in cases where personal data is exposed, but even in these cases there is a tendency to do the least disclosure possible.

Public corporations — those whose stock is publicly traded — have for many years had a duty, under US securities law and associated regulations, to disclose material events that might affect the firm’s business or prospects.  For example, if another firm  were to introduce an improved competing product, or if the corporation were sued on the grounds of patent infringement, a disclosure to investors would be required.

Now, according to an article at ThreatPost, the Kaspersky Lab security news service, the US Securities and Exchange Commission [SEC] has issued guidance that suggests circumstances under which corporations may need to disclose attacks, or potential attacks.

The Securities and Exchange Commission has issued new guidance to help public companies determine when they may need to disclose an attack–or even a potential attack–in order to make potential investors aware of possible risks to the company’s business.

The SEC has issued the material as guidance, not as a regulation.  It is still up to the companies themselves to determine exactly what they should disclose; but the publication of this guidance will probably motivate a bit more openness.  As the actual guidance document says, the disclosure determination is to be made within the framework of existing law and regulation.

Although no existing disclosure requirement explicitly refers to cybersecurity risks and cyber incidents, a number of disclosure requirements may impose an obligation on registrants to disclose such risks and incidents. In addition, material information regarding cybersecurity risks and cyber incidents is required to be disclosed when necessary in order to make other required disclosures, in light of the circumstances under which they are made, not misleading.

We live in an environment where people, and companies, are becoming more and more reliant on technology to carry our their everyday business; moreover, businesses in general actively promote conveniences made possible by technology.  So I think there can be little argument that a system security breach could potentially have a very material effect on a firm’s prospects, and I welcome this move by the SEC as a logical extension of the disclosure framework that has been in place for many years.

High-Value Recycling

Bruce Schneier has a post at his Schneier on Security blog (link in the side bar) that refers to another instance of a security problem created by good old-fashioned human error.  As is the case with virtually every currency, the monetary authorities responsible for the Euro, the official currency of the Euro-zone (the majority but not all of the members of the European Union), have a process in place to remove worn-out or damaged coins from circulation.  The coins are then “destroyed” (as coins), and the materials sold to scrap metal dealers.  (This of course assumes that the materials are worth less than the face value of the coin; this is usually, but not always, the case.)

This is fine in principle; however, as the linked article from Der Spiegel relates, the implementation of the process left something to be desired in terms of security.  The problem stems, in the first instance, from the design of the €1 and €2 coins.   As you can see in the photo below, these coins are bimetallic, made up of an inner disc, surrounded by an outer ring.  (The photo shows the side of the coins that is common to all issues, regardless of nationality.)

 

Apparently the “destruction” procedure used for these coins sometimes just separated the inner disc from the outer ring.  The resulting pieces were then sold to dealers in China for recycling.   Apparently some of the Chinese firms carried out the recycling by putting the pieces back together (Krazy Glue, anyone?), and then sending them back to Germany via accomplices among Lufthansa flight crews.  The accomplices would then turn in the reconstructed coins at the German Bundesbank, in exchange for new ones.  The Bundesbank was not chosen as a redemption point at random.

According to a Thursday statement by the Frankfurt public prosecutors, the German Bundesbank is the only place in Europe which exchanges damaged coins for free. The bank accepts such coins in bags containing up to €1,000 worth of coins. They are weighed rather than counted and only periodically checked.

Apparently, the scam was finally uncovered when a German customs officer noticed an airline employee struggling with a very heavy suitcase, which, when opened, turned out to contain thousands of re-assembled coins.

 

Property Follies

There has been a great deal of discussion about the causes of the most recent financial crisis, and the ensuing recession, with many conflicting suggestions about how to prevent a recurrence.  Last week’s issue of The Economist has a special report on one of the more mundane potential culprits: property (or real estate).  It argues that, although property is widely regarded as a relatively safe investment, it is in some ways one of the most dangerous of assets.

There were many reasons for the housing bubble that has now burst, from huge amounts of global liquidity seeking high returns to the rise of private-label securitisation. But it is striking how often property causes financial trouble. “We do not want to fight the last war,” says one European banking regulator, referring to property busts, “but the fact is that we keep fighting the same war over and over.”

There are a number of reasons to think that property investments are riskier than the common perception.  The first is the sheer size of the property market.  The article estimates that, even after the recent decline in prices, the total value of property in the rich world is something like $ 80 trillion (of which about 3/4 is residential), compared to about $ 20 trillion in all equities.  To make another comparison, the value of property investments is close to 200 % of the combined countries’ GDP in 2010.

Property, especially residential property, is also an inconvenient asset in many ways.  If you have a portfolio of stocks or bonds, you can sell a portion of it to raise funds.  It is hard to sell off a bathroom and a couple of closets from your house.  The property market also tends to be illiquid; quoted values are based, typically, on a small number of recent transactions; one odd deal can significantly affect the results.  And just wanting to sell a house does not guarantee that you will find anyone who is interested in buying.

Property is also the one asset where ordinary investors can achieve very high leverage, perhaps putting down only a few percent of the purchase price in equity.  Together with tax subsidies for mortgage interest, this leads, at least in the US market, to artificially high house prices.  Since the notional owners have so little equity, things can turn sour quickly when prices fall.  The article estimates that about 25% of mortgages in the US are currently “under water”: the outstanding balance on the loan is more than the property is worth.   The recent popularity of low-quality “liar loans” (with no income verification) and “innovative” securitization has hardly helped matters.

Commercial property is slightly less crazy, but even there, otherwise sensible investors can do silly things.  Quite a few years ago, when I was working as a pension fund consultant, one of our clients made a sizable investment in a commercial property fund.  The fund manager had shown them graphs of the steadily increasing value of the fund over the previous several years.  I pointed out that, if their equity managers were allowed to value their portfolios based on what they thought the stocks should be worth, the volatility of their returns would very likely be lower.  The client went ahead with the investment anyway.  Then there was an economic downturn, and they wanted to shift some money from property to another asset class.  Unfortunately, they had not read the clause in their contract, standard for real estate funds, that said that the manager could not be forced to sell property in order to meet a redemption request.  I don’t know if they ever got their money out.

Buying a house also is not a straightforward financial transaction:

…  if housing were simply a financial investment, buyers might be clearer-eyed in their decision-making. People generally do not fall in love with government bonds, and Treasuries have no other use to compensate for a fall in value. Housing is different. Greg Davies, a behavioural-finance expert at Barclays Wealth, says the experience of buying a home is a largely emotional one, similar to that of buying art. That makes it likelier that people will pay over the odds.

Perhaps some of this will finally sink in.