All online businesses are highly vulnerable to hacking, but the business response to this threat ranges from paranoia to complacency. Banks are among those that are most complacent, and there is a lot that regulators can and should do to change that.
Let me start with an example of a paranoid online business – online pornography. A few days ago a distributed denial of service attack on a large DNS server took down several major websites including Twitter, Spotify, Reddit, Etsy, Wired, and PayPal. While these giants tottered, adult entertainment sites like
pornhub.com withstood the attack. The secret was DNS redundancy; to bring
pornhub.com down, you would have to take down several DNS servers, not just one. Or consider another example:
Wikileaks whose total security budget might be a rounding error for many large banks.
Wikileaks has angered some of the most powerful nation states in the world, but the only disruption that
Wikileaks has suffered is Ecuador cutting off the internet lines to its founder Julian Assange who is holed up in the Ecuadorian embassy for several years now.
Wikileaks claims to have activated contingency plans and its twitter feed has continued to be very active.
Compared to these organizations that run their websites as a serious activity, banks come across as utterly complacent and casual about computer security. Let me give a few examples:
My internet banking passwords are among my weaker passwords not because I am careless, but because most banks do not allow me to use high quality passwords. To combat Moore’s law, I have been increasing my default password length every year or so, and now this default length exceeds the maximum allowed by most banking sites in India. Most banks also disallow various special characters that my random password generator produces by default.
A few days ago it was reported that over three million Indian debit cards had been compromised but the breach was not detected for several weeks. Many banks have tried to turn this into a business opportunity by discouraging their customers from using ATMs of other banks. If some banks are running vulnerable ATMs, they must be publicly identified and their ATMs must be shut down promptly and ruthlessly. A general discouragement of other bank ATMs only helps each bank to save on interconnect charges.
Anecdotal evidence suggests that banks are extremely reluctant to disclose or correct vulnerabilities detected by their own security audits due to fear that it might hurt their business. They find it cheaper to compensate the few customers who do complain loudly enough. Most customers are neither knowledgeable enough to complain, or vociferous enough to succeed.
In banking regulation, there has been a progressive shift towards considering systemic (also called macro-prudential) risks rather than the idiosyncratic risk of failure of a single bank. This lesson has to be applied to cyber risks as well. A breach in any bank opens up a threat surface for the entire interconnected financial system. The regulatory response to the breach must not be based on the loss to the bank in question; it must consider the risks posed to the entire system.
This means that failure to disclose breaches must be punished a lot more severely than the actual breach itself. Undisclosed breaches pose huge systemic risks because of the difficulty of defending against the unknown enemy. For India, I would think that an appropriate calibration of the penalty would require that the fine for unreasonable delay in disclosing a breach affecting a million customers should amount to approximately one year’s cyclically adjusted profits of the entire banking system.
A couple of such large fines would shake the banks out of their complacency and induce a healthy dose of paranoia in the banks. It would also shift the cost benefit analysis towards investing more in security. Perhaps they will hire some personnel from organizations like
pornhub.com who are demonstrably better at running an online business. As Andy Gove wrote in Only the Paranoid Survive:
You need to plan the way a fire department plans: It cannot anticipate where the next fire will be, so it has to shape an energetic and efficient team that is capable of responding to the unanticipated as well as to any ordinary event.
Fri, 28 Oct 2016
Ever since Ethereum forked into two competing cryptocurrencies, I have been thinking about China orchestrating a fork of the leading cryptocurrency Bitcoin. Izabella’s post at FT Alphaville on Bitcoin as a Chinese capital outflow proxy has finally pushed me to write up my wild speculation on this possibility. I do not have as much practice as Lewis Carroll’s Red Queen who claimed to have “believed as many as six impossible things before breakfast.”, but I am willing to indulge myself with some wild speculation once a quarter. (And, it is more than three months since I posted my wild speculation on the 1000 Swiss franc note.)
The starting point of all my speculation is that China is experiencing significant capital flight and Bitcoin is a sufficiently important medium of this flight for the Bitcoin price to serve as a proxy for this capital flight as explained in Izabella’s post. The Chinese financial system is also experiencing severe stress and if this stress goes beyond the tipping point towards a rapid erosion of confidence in the renminbi, it is not inconceivable that Bitcoin becomes a significant parallel currency in China. Instead of getting dollarized, China could get Bitcoinized.
In such a scenario, the Chinese government would of course want to gain control over Bitcoin. There are three factors that make it possible for the Chinese government to succeed:
Chinese miners control a large part of the hashing power of the Bitcoin network. A Chinese fork of Bitcoin will have no shortage of mining capacity.
The Great Firewall of China would allow China to isolate Chinese Bitcoin from Classic Bitcoin, making it impossible for Chinese nodes to connect to any nodes outside China.
The government could prod the Chinese internet trinity (Alibaba, Baidu and Tencent) to accept Chinese Bitcoin, thereby making it the de facto currency of China.
The translucence of the Bitcoin blockchain would allow the Chinese government to monitor Bitcoin transactions to a far greater extent than it can monitor cash transactions. It could thus become another instrumentality of government control. A process that starts out as a form of rebellion against the government could thus end up strengthening its grip on the society.
What would this do to Bitcoin itself? Chinese Bitcoin could probably reach a market capitalization of several hundred billion dollars (may be even a trillion dollars) very quickly. Through a rub on effect, Classic Bitcoin itself could reach a hundred billion dollars of valuation compared to its current value of ten billion dollars. But that would also provide the motive for powerful nation states to attack Bitcoin. The US would be tempted to use its entire cyber war capabilities to disrupt Chinese Bitcoin, and China would probably throw everything it has to try and destroy Classic Bitcoin. Given Bitcoin’s vulnerability to the 51% attack, it is quite likely that neither of the two Bitcoins would survive such a concerted attack. But if one or both do survive, cryptocurrencies would probably go mainstream very quickly.
Wed, 26 Oct 2016
This is a wonkish post that links together four concepts that are somewhat slippery even in isolation. So let me begin with a quick primer on each of them:
Global banking glut refers to the idea that there is an excess lending capacity on the balance sheets primarily of European banks. Not finding enough outlets in their home markets, this money chases assets elsewhere in Europe and then in the United States. (More details can be found in Hyun Song Shin’s article and paper). I would extend this notion to other institutions – for example Japanese insurance companies chasing US assets.
Original sin is the idea that most lenders are willing to lend only in their own currencies and not in the borrower's currency. Large advanced countries like the US are not subject to this constraint. By holding their foreign exchange reserves in US dollars (invested in US treasury bonds), central banks around the world lend to the US government in the borrower's currency. But a weakened form of this constraint still exists. Banks will lend in a foreign currency only to the extent to which they themselves can borrow in that currency or can otherwise hedge the exchange rate risk. A European bank will have dollar liabilities roughly equal to its dollar assets net of hedges so that it does not bear any exchange rate risk.
Shadow banking refers to non bank vehicles for maturity transformation and credit intermediation. The vehicles most relevant to this post are money market mutual funds (MMMFs) in the United States which invested in short term instruments exposed to some (though small) degree of credit risk, but whose units were regarded as completely safe, cash equivalent instruments. Because of their ability to issue and redeem units at par, MMMFs could hide fluctuations in the value of their investments from their investors.
In the good old days before the crisis, a bank that could borrow euros at the inter bank euro lending rate (EURIBOR), was able to swap these into dollars to get funding at the dollar inter bank rate (LIBOR). Not any longer. A large cross currency basis has emerged making dollar funding through this route significantly more expensive. The BIS paper by Borio and others has details about this phenomenon. I must add though that while Borio and other economists regard the cross currency basis as a market inefficiency or failure of arbitrage, the post-crisis finance literature, no longer regards the cross currency basis as a market imperfection. Since EURIBOR and LIBOR are no longer seen as risk free, the cross currency basis is just another input to calibrate a multi-curve discounting model (See for example, Masaaki Fujii).
Now I turn to the linkages between these diverse phenomena.
For much of the last decade, the supply of credit from the banking glut in Europe was matched by the demand for dollar credit emanating from US and emerging market companies. Some US companies were levering up to fund stock buybacks; some were funding their investment (or losses) in oil fracking and other businesses. Emerging market companies sought to borrow in dollars because they could not borrow in their home currencies (original sin).
Though the banking glut was in euros and the credit demand was in dollars, the US shadow banking system (particularly, the MMMFs) stepped in to solve the currency mismatch. US MMMFs lent to the European banks in dollars and these banks then lent the funds to dollar borrowers. In this solution, the funding was in some sense coming from the US itself, but the credit risk appetite and the capital required to support this risk came from the European banks. With the implementation this year of the post crisis reforms of the US MMMF industry (abolition of stable value accounting for MMMFs), this route to matching euro banking glut and dollar credit demand is coming to an end.
But there was a second solution to the currency mismatch and that was through the derivative market, especially, the cross currency swap. The European banks had abundant access to euros, and they swapped this into dollars to fund credit in dollars. In the good old days before the crisis, a large European bank borrowed euros at EURIBOR, and swapped these into dollars to get funding at dollar LIBOR. The large and rising cross currency basis has made this solution less attractive.
In the long run, this will probably lead to a repricing of credit risk with dollar credit becoming more expensive and euro credit cheaper. The latter process is being accelerated by the ECB’s corporate bond buying programme. Borrowers accustomed to borrowing in dollars will at some stage have to accept the currency risk of euro denominated borrowing. The large reverse yankee bond issuance (US companies borrowing at zero or near zero rates in euros) is the early stage of this process. So far, however, most reverse yankee issuances have been swapped into dollars. Rising cross currency basis will force at least some of them to leave the borrowing unhedged thereby taking on euro exchange rate risk, and the US corporate sector will for the first time get a taste of what original sin looks like. For many emerging market companies, who almost instinctively borrow in US dollars, this is an opportunity to rethink their liability management strategy. The other rather remote (but frightening) scenario is that an implosion of the European banking system eliminates the banking glut in that continent.
Fri, 14 Oct 2016
SWIFT (Society for Worldwide Interbank Financial Telecommunication) is nearly half a century old and was originally built to replace the antiquated telex machine. Telecommunication technology has changed drastically since then and it is unlikely that banks would want to build a bespoke telecommunication network if they were designing the system from scratch today. Cryptographic tools like SSL/TLS/HTTPS allow secure communications over ordinary telecommunication links. Of course, SWIFT is not just a telecommunication company: it also pioneered the standardisation of financial messaging formats like the famous
MT 105. However, over time, this role too has gradually been taken over by the global standard setting bodies (for example,
All this means that if SWIFT did not already exist, nobody would bother to create it today. But SWIFT does in fact exist, and until recently, there was no serious reason not to just let it be. If SWIFT were delivering security and piece of mind, why would anyone disturb it? The problem is that in recent months, the Bangladesh Bank SWIFT hacking and other breaches of SWIFT security in Ecuador, Vietnam and India have shattered the illusion that SWIFT provides unquestionable security. Suddenly, SWIFT is being viewed as a source of risk – a single point of failure. For example, last month, the Bank of England put out a Consultation Paper about the design of the next generation of the large value payment system -- the UK RTGS. Two of the proposals are:
“[I]ntroduce additional functionality to mitigate the impact of an outage in the core SWIFT infrastructure, should it ever occur ... to remove the current single point of failure.”
Use ISO 20022 messaging standards in the new RTGS infrastructure instead of the current SWIFT MT messaging standards. This is designed to increase interoperability, eliminate single points of failure, and enable richer payment data.
Then there is the blockchain, which has helped popularize the hitherto esoteric notion that critical systems must be designed for Byzantine fault tolerance. In other words, the system must function correctly even if a few participants are completely evil (and not just selfish). In a world where even the largest banks could get hacked by rogue nation states or terrorist organizations, it is reasonable to assume that at any point of time, some participants in the global financial network are evil. Even if the blockchain turns out to be a passing fad, the need for Byzantine fault tolerance is not going away anytime soon.
Where does all this leave SWIFT? It is by no means self evident that its half-centenary coming up in a few years’ time will be an occasion for much celebration.
CLS Bank is a much newer organization – less than 15 years old. Yet, it belongs to a different era in which the big global banks constituting the foreign exchange markets confronted national high value payment systems (Real Time Gross Settlement Systems or RTGS) designed to serve their respective domestic markets. The RTGS in each country tended to be open for a few hours each day corresponding to the trading hours in that country and the idea that an RTGS in one country could be interconnected with the RTGS of other countries did not occur to anybody at all. So CLS Bank emerged as a private sector solution that interconnected all the major RTGS by participating in each of them. During the short window of time during early morning in Europe when all the major RTGS are open, CLS Bank achieves a payment versus payment (PvP) settlement – European Mega Bank can pay euros to American Giga Bank and receive dollars in return, with CLS Bank ensuring that both payments happen simultaneously. There is no risk that the euros will flow out, but the dollars will be stuck or vice versa; the so called Herstatt risk is solved.
Over the last decade, payment systems have evolved and in some large countries like the US, the RTGS now closes for only a few hours. In the UK RTGS Consultation Paper, the only question that they are debating is whether the new RTGS should be open for 23 ½ hours a day or for 24 hours. Moreover, national RTGS are becoming more open to the idea of interfacing with another RTGS in a different country. Again the UK Consultation Paper proposes to create a synchronization functionality which “allows each RTGS system to confirm that the funds are earmarked in the system in which the linked transaction will take place, the two systems then simultaneously release the two transactions”.
Inter-RTGS synchronization would provide a settlement system with much lower risk than the CLS Bank solution. I remember in 2008, the principal Indian fixed income CCP (Central Counter Party) was accessing CLS Bank through a European settlement bank that needed a bailout from its home country governments. For a significant period of time, Indian entities settling through CLS Bank via this TBTF (Too Big To Fail) settlement bank actually faced a greater risk than bilateral settlement with Herstatt risk. Even in normal times, the CLS solution is too demanding in terms of timelines and liquidity needs to really solve Herstatt risk. The system functions only with the liberal use of so called In/Out Swaps that reintroduce Herstatt risk.
In fact, I think this is an area where the IMF has a legitimate role to play. Articles III and VIII give the IMF access to every currency in the world and it is also the issuer of its own quasi-currency, the SDR. It is possible for the IMF to run a global multi-currency RTGS allowing simultaneous exchange of any currency for any other currency on its own books virtually round the clock. Participants could move the money from IMF books to the respective central bank books at any time when the respective central bank’s RTGS is open. Alternatively, if it is desired to run all settlement only in central bank money, the IMF could run an SDR RTGS that allows synchronization with each national RTGS. European Mega Bank can then exchange euros for SDRs through a linked transfer between the IMF RTGS and the European TARGET2 RTGS. American Giga Bank can then exchange these SDRs for dollars through a linked transfer between the IMF RTGS and the US Fedwire RTGS. (Since the IMF is the issuer of SDRs, it is clear that SDR balances at the IMF count as central bank money).
The point is that CLS Bank was a second best solution to Herstatt risk that made sense at a time when the world was struggling with third best and fourth best solutions. Indeed CLS Bank is a solution by TBTF banks, for TBTF banks, and of TBTF banks: it makes little sense in today’s post crisis world. Advances in technology and changes in mindsets have made a first best solution feasible. I think that CLS Bank is now living on borrowed time, but the lobbying power of the TBTF banks cannot be underestimated.
Mon, 10 Oct 2016
More than three years ago, as a member of the Financial Sector Legislative Reforms Commission (FSLRC), I wrote a note of dissent in the FSLRC Report which argued that an expansive definition of financial services “creates the risk of regulatory overreach” and “creates scope for needless harassment of innocent people without providing any worthwhile benefits”. I also wrote that “regulatory self restraint ... is often a scarce commodity”. At that time, most people thought that I was paranoid and that regulators can generally be trusted to behave sensibly.
Last week, the Securities and Exchange Board of India put out a “Consultation Paper on Amendments/Clarifications to the SEBI (Investment Advisers) Regulations, 2013” which shows that my fears were not at all misplaced. The document proposes that:
- No person shall be allowed to provide trading tips, stock specific recommendations to the general public through short message services (SMSs), email, telephonic calls, etc. unless such persons obtain registration as an Investment Adviser or are specifically exempted from obtaining registration.
- No person shall be allowed to provide trading tips, stock specific recommendations to the general public through any other social networking media such as WhatsApp, ChatOn, WeChat, Twitter, Facebook, etc. unless such persons obtain registration as an Investment Adviser or are specifically exempted from obtaining registration.
If everybody needs a license from SEBI to post any stock specific thing on any social media, SEBI would quickly become one of the richest regulators in the world with a market capitalization rivalling that of Facebook.
Let me deliberately give a non Indian example of the kind of thing that SEBI now wants to censor. Last week, Aswath Damodaran wrote a post on his widely respected blog, Musings on Markets, arguing that Deutsche Bank was now undervalued. He stated that he had bought it himself and also wrote: “I have set up my valuation spreadsheet to allow for you to replace my assumptions with yours. If you are so inclined, please do enter your numbers into the shared Google spreadsheet that I have created for this purpose and let’s get a crowd valuation going!” This is social media is at its best trying to disintermediate the analysts who are licensed by the regulator. The blog post was also posted on Twitter (with more than a hundred retweets), on Facebook (with more than a hundred likes) and on Youtube (with more than 3,000 views). This is the kind of carefully reasoned analysis that SEBI now wants to shut down. Thankfully, Aswath Damodaran, teaches at NYU, Stern, safely out of reach of SEBI's censorship.
Everybody wants to become a censor because censorship is the most powerful weapon in a democracy. It is so in India and it was so in ancient Rome where the Censor was one of the most powerful and feared officials (More than two millennia after his death, we still refer to the great Roman writer, Cato, as “Cato the Censor” and not by the numerous other military and civilian offices that he held).
It is therefore extremely important in a democracy to thwart the desires of regulators to become censors. A financial regulator is there to defend the right to property and any day, anywhere the right to free speech overrides the right to property. If there is a conflict between the right to life and the right to free speech, we can have a debate about what reasonable restrictions can be placed on free speech. But the right to property can never be a ground for stifling free speech.