Credit Suisse May Have Learned the Wrong Lesson

Written by Andrew Isbester | Editor

Credit Suisse’s special committee attributed much of the Archegos fiasco to the front-line, but the bank seems to think it was mostly risk management that was at fault.

The special committee report released by Credit Suisse last week highlighted a number of things. Bank systems in prime services that had identified acute, conspicuous risks that were then systematically ignored. A cultural unwillingness to escalate matters or even engage in «challenging discussions». A business focused on maximizing short-term profit to the point of enabling «voracious risk-taking» by Archegos.

Yet, in its response, Credit Suisse seems to put the entire onus of the debacle on risk management alone. On the first page, in a paragraph framed by four stark bullets, it says it has revised limit excess controls and escalation requirements. It says it is reviewing risk governance and reporting, reducing risk thresholds, recruiting additional risk resources, cutting risk-weighted assets in prime services, and shrinking risk appetite across the group.

Almost like in some long-lost Duerrenmatt plot, they seem to have completely learned the wrong lesson.

Allocating Costs Properly

In its list of remedial measures, the special committee recommended adding «teeth» to the first line of defense. Usually, the first line, if it is not the actual business itself, should at least be part of the front office’s organization. The special committee suggested tracking and allocating the financial cost of counterparty risk to the front by a credit valuation adjustment. However, this detail doesn’t seem to be in the management response, raising the question as to whether it was dropped, diluted, or embedded in some hard-to-find place.

The only direct reference to the first line of defense in the management response was the appointment of ad interim heads and the creation of a chief business risk officer for the Investment Bank. That person is expected to «work closely» with the second line of defense, which are typically functions such as compliance, credit, or market risk. Or the ones that outside observers would generally understand as risk management.

Not Quaking In Any Shoes

Other than that, senior management across the bank will get a bunch of «enhanced risk-sensitive» performance scorecards. And any front office challenges or risk decisions «will be tempered» by reporting requirements and escalations to the board risk committee chair.

If I was the business, I don’t think I would be exactly quaking in my shoes.

The Ghost of First Boston

Let’s look at the kind of culture we are talking about – one that still has an undercurrent of investment bank First Boston in its DNA. As late as last autumn, the credit risk manager advocated – not once but twice -while counterparty risk rose, for a temporary increase in risk appetite for Archegos.

It was a «significant relationship», and the bank was «keenly aware» it did trades with other brokers on Wall Street. Any sudden increase in margins could result in «irreversible damage to the client relationship». If even the credit risk manager is talking like that, you have probably lost the battle outright.

Then last February, just a month before the default, when credit risk did venture that Archegos should post an additional $1 billion margin, the front-line responded, saying it was «pretty much asking them to move their business».

Nuclear Option

As the special committee report seems to relay again and again, when it came to analyzing, assessing, and accepting limit breaches, relationship managers, traders and the first line of defense always seemed to take Archegos’s side, not Credit Suisse’s. And even though Credit Suisse had the right to raise more margin at the bank’s discretion on three days’ notice, the business never considered it, saying it was a «nuclear» option that would end the relationship.

Getting rid of that kind of attitude, and the culture that lets it flourish, while not even trying to make the front-line see the very real risk cost for any revenues they generate, is not going to be solved by enforced cooperation, bureaucratically imposed escalation and reporting, or performance scorecards. Not by a long shot.