Erik Gerding, an assistant professor of law at University of New Mexico who researches securities law and asset price bubbles, says that in agreeing to rely on computer models, the U.S. Securities and Exchange Commission (SEC) essentially “outsourced” the financial regulation to proprietary codes developed by financial services firms.
The fix? Open source the underlying codes — much like with open source software — to improve the transparency of financial services used to calculate risk.
Risk models of financial services have thousands of variables and are as complicated as weather system models. They can take enormous computing power to run, which is evident in some of the spending by the industry. In 2003, financial services firms spent US$169 million on high-performance systems. By 2007, research firm IDC says, spending reached $305 million.
As capability and power of the technology increased, so did the complexity of the investments, such as with mortgage securities. Regulator confidence increased in these tools so much so that the SEC made a fundamental change in how to regulate financial services.
On April, 28, 2004, the SEC — at the insistence of financial services firms — loosened its capital rules, agreeing to rely on financial services’ computer models in assessing risk. This meeting, which received scant attention at the time, was recently the focus of a New York Times report . In a [draft paper made available last month , Gerding said regulators may have been comfortable with this increased level of risk because they saw lenders on the hook for the loss. “Lenders and the financial markets, many regulators assumed, accurately priced and managed this risk due to advances in the risk models — a type of code — they employed,” Gerding wrote.
The SEC was also acting at a time when confidence in technology was high. If there was any reason to be worried about the SEC’s action, it wasn’t evident in a speech Allan Greenspan, the former chairman of the Federal Reserve, delivered in 2005. He said technology and new credit-scoring models gave lenders a means “for efficiently extending credit to a broader spectrum of consumers.”
So, who comprised this “broader spectrum” of consumers? Subprime mortgage borrowers. “Where once more-marginal applicants would simply have been denied credit, lenders are now able to quite efficiently judge the risk posed by individual applicants and to price that risk appropriately,” said Greenspan, who stepped down in 2006.
But Greenspan’s assertion that lenders were technologically-enabled to judge the risk was wrong. RealtyTrac of Irvine, Calif. estimates that as many as 1 million people will loose their homes this year due to foreclosure. In 2007, 400,000 people lost their homes. Late last year, Greenspan increased his forecast of a recession.
The financial impact of the bad loans rose up through the financial system. Once the mortgage originator sold the loan, it was then sliced up into other investments, making any understanding of the risk progressively worse. The human elements, such as the number of so-called “liar’s loans” (loans based on unverified income), weren’t, apparently, part of the risk models. These problems are expected to increase investment in risk management.
Gerding said he believes the answer is to open source the financial codes, which would let the banks and rating agencies see the actual code for models that are used to set capital requirements and how the risk was assessed.
“Just as with open source software, other users would then be able to copy and modify these models for their own use,” said Gerding, who noted studies supporting that open source was less prone to bugs.
Wall Street firms are already major users of open source software. But Lisa Cash, executive vice president of sales and marketing at DFA Capital Management, a company that develops financial codes, said it will be very difficult to get high quality products out in the market.
“Who would actually spend the money to do it?” Cash asked.
Unlike U.S. regulators, European counterparts audited the risk models, Cash said, which increased transparency and confidence in them. The more transparency, “the better it is for our business,” she said. European regulators look at the codes, but agree not to disclose them.
But others suggest that improving transparence will not be as easy as simply opening up code. Peter Teuten, president and CTO of Keane Business Risk Management Solutions, said there were neither common standards in risk management, nor anything like a “universal stress test” for more than a basic set of risk scenarios.
Teuten questions an open source as a model because it may lead to multiple, non-centralized development. He does, however, see standards emerging from the current crisis.