ذكرى وفاة أم كلثوم 3 فبراير 1975

 

"  لاَ يَرُوقُ الْوُجُودُ مِنْ دُونِها "

" لاَ أَرَى الْعَيْشَ مَا تَفَكَّرْتُ فِيهِا "

A Timely Reinforcement of Points from My Post on SolarWinds

Funny I always thought it was ἀνάμνησις. 
At least that's what I remember.

 

A while back I wrote about the underlying factors that make hacking “events” like SolarWinds possible and weaken information security. If you missed that “gem”, you’ll find it here.

Part of that post dealt with the risks posed by companies with offices in “risky” foreign countries that 

1. might expose them to local government pressure to disclose information;
2. allow local employees—whether pressured or not and one would expect the pressure a local government could exert on its citizens would probably extend to more than a concern for profit—to engage in activities that breached security of information; or
3. provide a local access point for those foreign governments or other malign actors in those countries to penetrate the companies’ security systems and access information without inside co-operation.

In last Wednesday’s FT, Tom Mitchell wrote about the US Department of Justice’s complaint against a PRC national resident in the PRC and formerly employed by Zoom.

Before going further, it’s important to note that at this point the DoJ has only made allegations against the individual as stated in its press release.

The charges in the complaint are allegations, and the defendant is presumed innocent unless and until proven guilty. If convicted of both charged conspiracies, Jin faces a maximum sentence of ten years in prison.

Two other points to note:

1. Companies are subject to the laws of the jurisdictions in which they operate, particularly, where they have offices.
2. The complaint does not allege hacking or surveillance of other than residents of the PRC.

You can read the DoJ press release here.

Here is the accompanying statement by an FBI Special Agent as part of the request for an arrest warrant. The “bits” about the “rectification plan” and involvement of the former employee and other officers of the company are quite “interesting”.

And to round out the picture, Zoom’s perspective on the DoJ complaint.

I think the lessons here are clear. 

On a corporate level, if you are concerned—as well you should—about the security of your corporate information and communications, or if you are worried about the security of your own internal systems: 

1. it’s a wise idea to avoid dealing with companies that have offices in jurisdictions of “risk”
2. in that regard you cannot rely only on the registration or domicile of the company but have to look deeper into shareholding, management as well as location of its network of offices. Not every company in the USA is pure as the driven snow. Nor every company in Switzerland.

On a personal level, if you are using the services of a company with exposure in a jurisdiction of risk, and are concerned about human rights, including your own, it may be equally a wise idea not to use that provider. 

Equally, you might be well advised to inquire whether the provider of a free service/app routinely sells the personal information, contacts, location history, or other aspects of its customers’ life to others. 

There are no truly “free” services, just like there is no free lunch.

It is probably not a good idea to rely on the kindness or conscience of strangers, particularly those focused on their own profitability.

عيد ميلاد سعيد

 

SolarWinds - What's Behind Events Like This?

Not Every Server Needs to Be Connected to the Internet

See additional comments here.

There's a lot in the press about the SolarWinds breach.

What's largely missing from the discussion is a hard look at why events like this happen.

It is more than the fact that there are "hackers" out there. Some very sophisticated. 

What I want to explore are two factors—that are in the control of those being hacked—and that I believe facilitate hacking.

Note I am not saying that curing these will stop all hacking. Any more than locking your door or installing an alarm system will stop all burglars.

But I think it will reduce the damage done.

Largely these factors are a matter of mindset: 

1. responsibility "shifting" associated with outsourcing
2. the private sector's focus on profit maximization.

To the first point, responsibility "shifting" or perhaps more accurately "abandonment"

When services are outsourced, often the responsibility for managing the risks associated with the outsourced "bits" appears to be outsourced as well.

No doubt some checks are performed on the service provider's procedures and controls leading to the granting of access to the outsourcer's systems. Probably the same sort of box-ticking that goes on with AML efforts.

Or in some other way an entity is allowed to use the company's systems based on some determination that the provider is a "trusted" counterparty.

Here I'm thinking of the self-described "secure" portals for the distribution of "safe" apps for smartphones. Or other similar "portals" for PCs.

In the first case, the outsourcer doesn't seem to place redundant controls on its systems to monitor and supervise the service provider's access. Or control the volume of information that is allowed to exit its systems.

Nor apparently does the "portal" check each app it distributes for malware. Admittedly with the number of apps on these platforms that would be quite a task.

What I think underpins a great deal of this reliance on third parties to do there job is the unwarranted belief that the operation of the "free" market results in companies delivering the best products at the most competitive costs. 

Third party suppliers or creators of apps will make sure their security is ironclad—as much as that is possible—because if they fail, a competitor who is more secure and cheaper will displace them.

I also suspect that most governmental customers believe the even greater myth that the private sector is inherently more capable, innovative, and flexible than they are.

Not only will private sector "George" do it, but he will do it perfectly.

Side Comment: There's a lot of focus these days on this or that conspiracy theory or other material misinformation. Of which there seem to be quite a lot floating around.

You don't hear anything about the economic theory on which the assumptions regarding the "free" market and superiority of the private sector are based. A theory whose main proof is a tautological set of assumptions and assertions not related to what has gone on in the past, goes on now, and will no doubt go on in the future in the real world.

Yet, when compared to some of this other rubbish, it is very likely, a more damaging piece of material mis-information than the more discussed others.

Some examples of pathologies.

Example #1 No Due Diligence, Please, They're American 

AA's older and wiser brother relayed to me a recent conversation he had about computer system security.

He noted that the USA firm that his interlocutor used for a key service had a world wide network of staff and offices, including in the Russian Federation and Pakistan.

My brother opined that it was highly likely that employees in those offices had access to the computer network in the USA of the company, and its products and programs. And likely to the confidential information of the interlocutor's entity that was stored with that company.

He noted common perceptions about criminal activity and other security/intelligence risks in those countries.

He also opined that the activities of the interlocutor's entity and the identity of its customers might be of keen interest

He then asked how the interlocutor's company managed these risks.

His clear impression was that none of these risks had been identified much less considered based on the response he received. 

"As a USA company, the service provider is a "trusted counterparty" and is presumed (note that word) to be managing that risk."

As to other due diligence, it seemed to be limited to determining the USA company had the lowest price.  No inquiry into ownership.

Example #2” Sometimes George Doesn’t Do It Even for Himself 

According to recent press reports, Microsoft admitted that the SolarWinds “hackers” had gained access to Microsoft’s source code.

That code is the heart of Microsoft’s products and profitability. 

It would seem that this would be one of the most carefully guarded secrets of all those entrusted to Microsoft’s care.

Probably even more closely guarded than any information they were “safeguarding” for third parties.

Bonus Lesson: So much for the private sector’s presumed superiority over governments. 

Examples #3 Not Every Castle is “ حصن الأبلق “ 

3A ToTok

For some time, both the Apple and Android stores allowed the ToTok chat app to be distribued through their portals because its creators were a "trusted" party.

Some 12 or 13 months ago, the NY Times reported that this app – strangely the only chat app allowed in the UAE—was likely being used by the UAEG to spy on UAE residents, including non citizens.

3B Zoom

Another "trusted" app distributed through self-identified "secure" sites, used at one point by corporations and some governments to conduct confidential meetings due to Covid restrictions on in person meetings. Including HM's PM.

Turns out that at least some of the conversations were routed through servers in the Peoples' Republic of China.

A flaw now "corrected" according to press reports.

To the second point, profit maximization.

Adding to the problem is the private sector's well known focus on profit maximization.

One possible example is the SS7 legacy vulnerability in phone systems that allows "hackers" to track cell phone locations and intercept messages.

Not only to the benefit intelligence services but also of use to common criminals. You can read about it here. 

The SS7 system was implemented some 50 years ago.

The vulnerability has been publicly known since at least 2008.

If AA's arithmetic is correct, that's 12 years. 

During that period, members of the US Congress have raised their august voices in concern. 

The ITU has held meetings. 

The press has reported on repeated use of this vulnerability by foreign governments. Most recently here. 

It has not been fixed.

Why? 

Can you think of a better explanation other than a stubborn reluctance to spend money? 

Stronger Together the 21St Century Case for Scotland and the EU

Leave the Light On

 

The case is quite elegantly expressed in Gordon's piece of some years ago.

Just update it by replacing "Britain" with "European Union" or "EU". 

It's Scotland's!

 

" بترول الاسكتلنديين للاسكتلنديين "

Manifest Signs of Irrational Exuberance in the Market

In December, Martin Wolf—for whom I have a lot of respect—wrote an article in the FT arguing that the stock market is not currently overvalued.

To be as fair, I’d note that his argument was based on two premises: corporate earnings would be strong and interest rates would remain ultra-low.

With the right assumptions, of course, just about any assertion can be supported.

I’d like to make a contrary case that financial markets—not just that for equities—are indeed in bubble territory.

Bubbles occur when providers of capital—lenders or investors—underestimate risk and overestimate return.

It’s relatively simple to diagnose contrary to what some “maestros” believe as I now propose to show.

Think of me as your financial Don Ho, but with a focus on larger events.

The size of the bubble is directly proportional to 

1. the acceptance of most outrageous investment theses and valuations and 
2. engagement in unsafe and unsound practices. 

For the last point, the “running with scissors” test is an apt tool.

First, signs in the equity market.

What better poster child for irrational exuberance in the equity markets than Tesla?

One does not have to be as smart as Jim Chanos to see that Tesla’s price is supported by multiple fanciful delusions about the future. “Fanciful” to distinguish these delusions from “normal” investor over optimism.

And Tesla is not the only case, but likely the most outrageous.

To measure the extent of the madness reflect on Tesla’s entry to the S&P 500.

That indicates the extent of the overvaluation of Tesla. 

It also thus suggests we have passed the frontier of “irrational exuberance” to “Brexit” level delusions.

Second, signs in the debt markets. 

Issuers with currently crippled businesses are issuing debt at record levels.

Now I am not advocating refusing loans to all companies in distress. But rather being selective.

And when doing so applying time tested practices.

One should wear a helmet when riding a motorcycle and drive at a sensible speed.

When the road is wet, it’s daylight madness not to wear a helmet and not to drive slower.

But exactly the opposite is happening.

Much of this debt is “secured” by assets that the borrowers currently cannot profitably employ.

There is also a surfeit of such unemployed assets at present.

Additionally, it is unclear what returns these assets may afford in the future. Or when that “future” may be.

The collateral value of an asset that has limited value in use is roughly equivalent to the sound of one hand clapping.

Think of planes and cruise ships.

To that add the wanton abandonment by “investors” of basic common sense credit and legal structuring.

Debt is repaid by cashflow not assets. History suggests that primary reliance on collateral for repayment is likely to be an unhappy affair.

Covenant “lite” structures offer limited legal protection and limited means to pressurize debtors. And will be of limited utility when clouds gather.

Third, signs in private equity. 

Also in December Kate Wiggins wrote an article on how canny private equity General Partners had found a solution to blocked “exits”. 

If there’s no suitable opportunity for a trade sale or an IPO, why not sell a portfolio company to yourself? Or more precisely to a so-called continuation fund.

A suitable “opportunity” is one where one doesn’t have to sell at a loss. Or face the subsequent valuation consequences of failure to sell a duff asset that there was no perceptible demand for.

But sales essentially to oneself can be “structured” to

1. deliver sufficient “return” to LPs to keep them happy
2. generate carried interest for the “deserving” GP, and
3. create the appearance of a suitable return on the selling Fund that will persuade a “sophisticated” investor to sign up for the buying Fund (the continuation fund).

One hopes that LPs from the selling fund are not the major cohort in the buying fund.

But then AA has seen some rather incredible behaviour by so-called sophisticated investors.

Fourth, signs in the retail market. 

Increased activity by the financially illiterate: the rise in the price of Bitcoin, day trading, etc. 

The past suggests that all this is not going to lead to a happy outcome. Though as you know past performance is no guarantee of future results.

Brexit Means BREXIT!!! It also means ...

 

The Sound of the Pipes, The Sound of God's Music

 

En cada escocés un árabe 

En cada árabe un escocés

Wirecard A Series of Unfortunate Regulatory Incidents

 

"Who are the police?
We need a police to catch the police?"

No sooner had I posted about regulatory lapses by Apas in re Wirecard than the weekend edition of the FT landed at my doorstep.

Was für eine Überraschung! (Quelle surprise!)

Olaf Storbeck had another article on German parliamentary hearings on Wirecard.

This time the head of Apas, Mr. Ralf Bose, gave testimony.

Herr Bose admitted that he purchased an undisclosed number of Wirecard shares in April and sold them at an undisclosed loss in May – while Ba-Fin and Apas were in confidential talks about Wirecard.

Bundesminister für Wirtschaft und Energie Peter Altmaier, reportedly found Herr Bose’s comments “disconcerting” (beunruhigend?)

Ba-Fin fresh from its success supervising Wirecard will investigate Herr Bose’s share trading.

In that regard, I would hasten to note that Herr Bose was “long” not “short” Wirecard shares so the investigation may be able to be concluded quickly.

First time an oversight. Second time a mistake. Third time an unfortunate coincidence?

You may recall a post from some years back in which I ridiculed the idea of the imagined superiority of supervision in the “developed” West when discussing l’affaire Abraaj.

I’d offer the WC saga as re-enforcement of that argument.

"Timely" Words to Live By - Lloyd Green The Guardian

 

Recent Photograph of Professor Rovelli

I suppose in some quarters it would considered the equivalent of ordering Kansas-style fish and chips, but there I was reading the 15 December US Edition of The Guardian.

Lloyd Green’s musings on the potential impact of AG Barr’s resignation on the Incumbent US President’s exercise of his power to pardon ended with what appears to be a four word koan: “What comes next remains.”

An allusion to Einstein’s theory of the illusion of time?

Or a subtle advancement of Carlo Rovelli’s more radical theory?

We may never know, if we don’t already.

Wirecard - Great Moments in Regulatory Oversight

 

Wachsam sein --immerzu

On 10 December Mr. Naif Kanwan, executive director for enforcement and market monitoring at Apas, the Federal Republic’s audit “watchdog”, gave testimony at German parliamentary hearings on Wirecard.

Olaf Storbeck has an absolutely delightful (though ultimately disturbing) account on that testimony which appears in the print edition of Friday’s FT (where else?)

Let’s run through the quotes. AA’s commentary in italics.

“My impression was: somebody is on the case, has been looking at the allegations and came to certain conclusions.” He added that this “subconsciously influenced my thoughts about the matter”. 

One reading of this quote is that it is an admission that the apparently aptly named naif was not on the case. And saw little reason to disturb himself. George will do it. 

Perhaps as well, that Mr. Naif’s investigations are conducted based primarily on the operation of the subconscious. If you will, a Freudian approach to regulation. Hence the picture above. The subconscious, as I hope you know, is more active during sleep.

Alternatively, it could just be an attempt to create an excuse. Feigned faulty memories or low intelligence are often proffered to “explain” failures.

Asked if he believed in early 2019 that FT journalists colluded with short sellers, Mr Kanwan pointed to BaFin’s ban and criminal complaint. “These moves were in line with such a picture,” he said.

Indeed, it is certainly well known-at least in certain circles-that short sellers are a nefarious bunch always up to no good bad mouthing fine companies. And that short sellers have never ever pointed out fraud before regulators woke up.

Equally that there really haven’t been any cases of external auditors missing or colluding in accounting irregularities.

It’s also well known that major financial newspapers don’t take action against columnists that collude with short sellers, particularly when a major regulatory agency lodges a criminal complaint.

Shame on you, FT! 

Especially since this also happened with NMC – though to be fair in that case no criminal charges were lodged.

He acknowledged the watchdog at the time was unaware of earlier allegations against Wire-card raised by short sellers in 2016 in the so-called Zatarra report. That only changed in October 2019 after the FT published internal Wirecard documents pointing to a concerted effort to fraudulently inflate sales and profits.

One (at least AA) expects a watchdog to “wachsam sein immerzu” to quote the old song from the East. Though AA admits that he may be ignoring the possibility of “repressed memories”.

As a positive comment, I’ve heard--and not just from short sellers or financial journalists--of a communications service called the “internet” which I am assured allows one to follow news, conduct searches, etc. 

They say it’s quite useful.

I am even also told that one  can set up “alerts” to be advised of news on a particular topic, company, etc. without having to take an active steps –other than setting up the alerts.

Remarkable if true.

On that latter point, he did note: 

 “As a lesson learned, we have improved our press monitoring.”

лучше поздно, чем никогда!

Zulu Alert

 

Hey Boomer, where did you leave your "Christmas" tree?

Father's Day Thailand - Commemoration of King Rama IX

 

Over seventy years of service to country and citizens.

Picture and text courtesy of AA's elder and wiser brother, expert in many things Asian.

Aus der Stadt Bochum, NRW, BRD - Welthauptstadt der Flitterwochen (1974) -- ZDF Starparade 5. Dezember 1974

Und vielleicht der Geburtsort von James Bond!

 

Es war ihr Liebeslied - besonders das unserer Mutter

Hey Boomer, a song for you!  He really is a Boomer (in both senses), you know.

Neil Diamond

und noch mehr Peter Kraus, Les Humphries Singers, Marion   

Hochkulturtanzen!!!!

And Now for Something Completely Different - The Financial Times

 

AA at His Rona Rig
Sufficiently Socially Distant so no Mask Required

If you’re one of the select (few) readers of this blog, what you usually find here are posts that focus on the negative. 

Misrepresentation of financial statements, questionable business strategies, other frauds and fakes, financial and economic fairy tales and the like.

That certainly is a “field” offering multiple opportunities to comment.

As the picture above indicates, today it is time for something completely different.

Some kudos to The Financial Times and the no doubt underpaid journalists who work there.

A bit of context.

Overall journalism ain’t what it used to be. 

And since it was never perfect, that’s quite a disappointing development.

Some basic “have to’s” are often missing. 

A breathless review of an exhibition that omits what in the past would have been basic facts: where, when, cost 

Other sloppiness that misses the "meat" of the story.

More seriously is the substitution of mindless partisanship for reporting. The intrusion of the editorial page into the news columns.

The FT is welcome respite from these two frequent lapses.

Some examples to make the case: NMC UAE, Wirecard, H20.

First, there is the uncovering of the basic story. 

Second the pursuit of the story despite pressure. 

Dan McCrum’s experience on the Wirecard story is instructive – working from a windowless office at FT central on an air-gapped PC. 

It is not the only case – NMC is another -- where external pressures were ignored.

Third rigorous smart in-depth analysis.

The report doesn’t stop at the surface of the story but goes into detail. 

It seems that often the chips are allowed to fall where they should. 

Did a “hero” in the Wirecard case have a less “heroic” role in related case in Mauritius? Dan McCrum and Olaf Storbeck report it.

Or BondHack and Cynthia O’Murchu digging through filings at EMCR and discovering that NMC had pledged assets (future credit card A/R). 

Something apparently unknown to folks who might be presumed to have a more serious interest in this disclosure.

“Folks” like equity investors or providers of funds -- other than ADCB.

Fourth, a global network that allows input from journalists around the globe to round out the story with local insights. 

Simeon Kerr weighing in on Wirecard from the UAE.

Is the FT perfect?

No, but it’s very good.

Disclosures:

1. No shareholding in companies related to FT.
2. No compensation for this article.

Adieu Caracalla

Ami, entends-tu le vol noir des corbeaux sur nos plaines?

Ami, entends-tu les cris sourds du pays qu'on enchaîne?

Ohé, partisans, ouvriers et paysans, c'est l'alarme.

Ce soir l'ennemi connaîtra le prix du sang et les larmes.

 

Creditor on Creditor Violence

Annual Leveraged Loan Investors Conference

Over the millennia our ancestors have passed down important life lessons to us in the forms of proverbs and other sayings.

Sometimes the author’s name is known. Most often not.

“Measure twice cut once”. Or in one country measure seven times before cutting.

“Don’t run with scissors” (ascribed, I believe, to Plato by Aristotle).

“Tie your camel first, then trust in God. (اعقلها وتوكّل)” ascribed to the Prophet Muhammad (SAWS) by Anas Ibn Malik via Al-Tirmidhi. (2517)

A recent article by Alicia McElhaney in Institutional Investor under the above title reminded me these and other similar sayings.

She describes how some members of leveraged loan syndicates are suing other syndicate members charging that when the obligor became distressed those lenders converted their “old” loans (those under the syndicate agreement) to “new” loans (outside the syndicate). 

In the process making the old loans subordinate to the new ones.

What those lenders did was take advantage of apparent deficiencies in the loan agreements.

AA finds it hard to have much sympathy for lenders stupid enough to sign syndicated loan agreements with inadequate protective covenants.

In the case at hand failing to insist that the loan agreement contain what were once standard covenants requiring:

1. 100% lender agreement to allow material changes to the loan conditions (rate, repayment, maturity, collateral)
2. pro-rata sharing of any repayments received by one or more syndicate member among all syndicate creditors 
3. limitations on market purchases of debt, along with a careful definition of what constitutes a “market purchase” etc.

While not the case here, this failure to “tie one’s camel” is similar to covenant lite loans that impose no real controls on the borrower. That is, no real triggers for creditors to call a default and accelerate the loan.

Both are “sins” in every kind of loan.

But more so for much riskier leveraged loans.

This asset class is supposedly where sophisticated investors—those able to analyze and bear the risks--”play”.

One might forgive a retail investor on the Robin Hood platform a “wise” investment in Tesla as a rookie mistake.

But “sophisticated” institutional investors with access to high-priced “elite strike force” legal teams?

I think not.

This is yet another cautionary tale--like that of Golden Belt Sukuk, Bernie Madoff, Abraaj, Wirecard, etc--for those who cling to unfounded myths about the innate wisdom of markets.

Kamkars - Rubayyat // کامکاران // رباعيات عمر الخيام

 

GFH Bahrain - Less to 3Q2020 Reported Income than Meets the Eye

For the first nine months of 2020, GFH reported net income of roughly USD 30.3 million down roughly 50% from the comparable period last year.

That’s not surprising. COVID-19 is casting a pall over many firms’ financial results.

But, neither is the full story.

That’s why one has to read the entire financial report and not just the Income Statement.

By my calculation the true economic performance of GFH over the period was a loss of roughly USD 66 million.PPA “swing” of some USD 96 million from the reported number!

Where does AA’s performance number come from?

The Consolidated Statement of Changes in Owners’ Equity page 4 in GFH’s Third Quarter 2020 interim financials.

The Retained Earnings column is the appropriate locus of focus for our attention.

Why?

Because it’s where economic gains and losses that are not required to be included in the Income Statement appear.

Despite their being excluded from the Income Statement, they are as real a loss as the charges that appear in the Income Statement. And, at times, gains are recorded here that are not included in the Income Statement.

To be very clear there is nothing inherently wrong with these entries.

Equally at times company management may use the discretion allowed under accounting principles to shift a “loss” from the Income Statement to the Statement of Changes in Shareholders’ Equity in order to present a “better” picture of performance.

Motives might be the desire to pay dividends, particularly for a regulated firm like a bank. Management bonus. Share price.

That’s why looking a comprehensive income or loss over a period is a better measure of the firm’s performance. 

Let’s review the pertinent charges to Retained Earnings.

There are three significant “losses” disclosed here.

First up is a USD 59.9 million charge arising from GFH’s underwriting of the entire BD 72 million (equivalent to USD 191 million) AT1 capital increase at Khaleeji Commercial bank. Note 1 on page 9 contains a detailed explanation if you’re interested.  GFH's carrying value of equity in KHCB is based on its share in the net assets of KHCB.  Not the purchase price.     

Next USD 13.9 million arising from “modification of terms” of financiing GFH has provided. That is, an easement of repayment terms on the debtor which decreases the amount GFH will ultimately receive (assuming the debtor pays) and thus the value of the related asset. Think of this as the recognition of a likely loss on the related financing.

Following that USD 22 million which represents the difference between the cost of Treasury Shares GFH sold (USD 108.7 million) and the amount it received (USD 86.7 million).

I’ve heard of “buy low sell high”, but not the opposite. Perhaps, an alternative investment strategy?

These transactions result from what GFH calls “market making” and AA calls a failed attempt to prop up its share price.

Not much evidence of a positive prop for the price of GFH’s shares. They began the year at USD 0.23 per share and were at USD 16.0 as of end of 3Q. As of 16 November trading at USD 14.9.

Of course, COVID has depressed markets.

But a look at previous posts analyzing this activity over several years suggest that GFH shareholders receive scant benefit from these “market making” activities.  

You'll find these using the search tool on the right hand side of the page and the words "treasury shares".

As noted above, if we adjust GFH’s reported Net Income for these three items, GFH had an economic loss for the period of some USD 66 million.