In der Bundesrepublik Deutschland
In der Carnaby Straße
The Financial Sector in the GCC
Sejong Cultural Centre, Seoul, ROK
16 January 2005
Nathan East, Bass Guitar
Larry Cartlon, Guitar
Bob James, Keyboard
Harvey Mason, Drums
The news media is full of reports on the Colonial Pipeline ransomware attack.
This isn't the first case of cybersecurity failure by a business.
Sadly it's not likely to be the last until something is done.
Why do events like this happen?
The simple answer is that companies fail to take the necessary steps to protect critical infrastructure despite warnings.
Here’s a February 2020 alert from the US’s Cybersecurity and Infrastructure Security Agency to pipeline operators.
That warning describes:
the nature of the attack, tools used -- apparently an “off the rack” hacking program
the results of the attack
19 mitigation steps -- many of which are "common sense"
The unnamed company in this case, did not think that its BCP need include cybersecurity.
If you look at the attack results, you’ll see that the vulnerability was Microsoft software.
As my elder and wiser brother has remarked more times than I care to hear:
There is no need to worry about “microchips” in medicines. Microsoft has never developed a product that works flawlessly.
If you look at the CISA alert for Colonial Pipeline, guess what you will find?
Significant repetition from the alert above given some 15 months earlier.
And as above a lot of these recommended steps seem fairly easy to implement.
So what causes the failure to prepare?
Management and organization incompetence is no doubt responsible in some cases.
But on its website, Colonial Pipeline states that it is “Committed to Excellence”.
It is a private company reportedly owned by Shell, Koch Industries, KKR with a Korean pension fund, and several other pension funds and financial firms.
You would expect that it has first class management.
And the financial, technical, and human resources to take appropriate measures.
It was quite a profitable enterprise based on its 1Q2019 financials.
It has demonstrated security “awareness” in other areas.
CP’s website has a “captcha gate" to keep out undesirables. I was, however, allowed entrance after performing a few Turing tests.
I don’t know whether this is a new feature installed after the ransomware attack (closing the proverbial barn door) or has been there for a long time.
Even stricter is the security for access to investor information.
You have to submit a request to CP’s Investor Relations Department with personal details and a justification of your need to know.
And they note they just might refuse your request!
Talk about cybersecurity!
At least with respect to financial and corporate information.
Because the ransomware attack was successful, one might infer that similar security measures were not in place to protect pipeline operations.
Improving cybersecurity requires expenditure.
Sometimes management are unwilling to spend the money.
So what is to be done?
Repeated failures in cybersecurity suggest that faith in companies properly managing their affairs is more often than not misplaced.
As well, the invisible hand of the market appears to not only be invisible but also consistently absent in these cases.
If Hometown Deli in New Jersey is shut down by a cyber attack, it’s one thing.
If a major pipeline is shut down, it’s another.
In one case it causes inconvenience.
In the other it harms national security.
In the latter case -- a failure of the market -- the prudent approach is strict regulation along with substantial fines and other penalties.
If a critical infrastructure company cannot figure out on its own that cybersecurity is critical, a statute will make it a requirement and penalize a company financially and otherwise, e.g, revoke its license to operate critical infrastructure, if it fails to develop and implement one.
Related post here.
Greensill
Today’s FT reported on Lex Greensill’s testimony to Parliament’s “Treasury Committee” as follows:
He insisted that his company’s lending was supported by real assets, although he admitted that up to 20 per cent of the group’s lending last year was based on “future receivables”.
If you’re like me, you probably had to stifle a guffaw on the conflation of “future receivables” with “real assets”.
But if you think a bit more, perhaps in the current environment it’s not so far fetched.
Even sober financial analysts and commentators, including some at the FT, have identified crypto currencies as a new “investable asset class”.
In terms of “real assets” are future receivables any less real than Bitcoin, Dogecoin, or their like?
I think not.
If that isn’t a sign of irrational exuberance, I’m not sure if there is any sign.
Fairness impels me--note the choice of that verb—to mention that today Jemima Kelly did opine in those very same salmon-colored pages that crypto currencies were a “joke” and shouldn’t be taken “seriously”.
Ark Innovation – Springs a Leak
The FT reported that Ark had lost one-third of its value since its February “high”.
I’d make the same comment I did regarding Tesla’s loss of value.
More accurately, the price is down by one-third.
Value is intrinsic. Price is a market phenomenon.
Also a shout out to Lex, for noting that:
Data from Morningstar illustrate the pitfalls. More than two-thirds of thematic funds outperformed the broad MSCI ACWI index in the year to end March. But go back five years and that drops to below a third. One-fifth of thematic funds did not even survive. Over a decade, just 4 per cent outperformed. As themes go, this one does not inspire much confidence.
Middle Eastern Democracy – Kurdistan Style
Today’s FT “Long Read”--as its actual length discloses it is apparently designed for those with ADD--discussed authoritarianism in Kurdistan.
Not only was I was surprised and deeply shocked to learn that Jeffersonian democracy was not flourishing in Kurdistan.
But also that corruption was rampant indeed.
Who would ever have thought?
As pointed out in the article, much of the silence on these two topics has to do with geopolitical “considerations”.
So much for making the world safe for democracy or fighting corruption.
At least I suppose one can take comfort that no one has proposed Kuridstan for NATO membership.
At least not yet!
Often there is confusion in media reports on losses
So today I’m here with Muddy Waters to set the record straight.
Manufactured returns can overstate the actual loss investors have incurred.
Early reports were that investors in BLMIS (Bernard L. Madoff Investment Securities, LLC) potentially lost some US$ 65 billion based on the nominal value of their accounts.
Similarly, Wirecard was reported to have “lost” some Euros 1.9 billion in deposits.
In both cases, a lot of the initial speculation focused on alleged theft of the amounts.
But in both cases, the losses were overstated by the amount of manufactured returns.
In the case of Madoff, roughly US$ 19 billion df the US$65 billion was the original investment amount.
The rest US$ 46 billion was fictitious “profit”.
In the case of Wirecard, the Euros 1.9 billion in deposits arose because income was “fiddled” to a corresponding amount.
As Professor Waters (above) has rightly said:
Well, you know, you can't spend what you ain't got
You can't lose what you ain't never had
That doesn’t mean that investors in Madoff’s funds did not have a real loss.
Their loss was opportunity cost of not earning a return on their original investment.
No doubt lower than the US$ 46 billion, but still significant.
Adding insult to injury, the courts ruled that any Madoff investor who received a profit distribution (any amount in excess of the investor’s original investment) had to return it because it was “fictitious”.
Here’s the US Court of Appeals Second District’s decision.
The US Supreme Court refused to hear the defendants’ appeal on 3 May 2020 (20-1382).
At stake was US$ 41 million.
You are capable of doing the math.
Not many of BLMIS “wise” investors were withdrawing their “profits”.
For Wirecard, the losses were to those lenders and stock investors that extended credit or bought Wirecard stock based on manufactured earnings.
Unlike the BLMIS investors, the Wirecard "punters" are going to lose a much greater percentage of their original investment.
It Would Appear They Already Have the Shirt Off His Back |
Julie Segal recently wrote in II that” Infinity Q’s Consistent Alpha Should Have Been a ‘Red Flag’”
There is an old saying in the world of finance that is usually ignored:
If it looks to good to be true, it probably is.
There’s nothing like “profit” (real or manufactured) to dazzle even the biggest of the “big boys”. Or the promise of profit.
Or association with a perceived celebrity.
Here no doubt the breathless closing mantra from the sales pitch was:
These are the same guys who manage David B’s family office!
IQDA also had a “track record” of producing highly consistent excess returns (the “alpha” in its name). Beating its “benchmark” with regularity.
To employ a bit of understatement either of these feats are “extremely rare”.
To manage to do both rarer still.
And to do both consistently, in the realm of myth.
If it’s too good to be true, it probably is.
Yet, self-imagined sophisticated investors (the so-called “big boys”) fall for this over and over.
In part this is explained by the dazzle of outsized returns.
It explains the Dotcom boom, the 2008 Almost a Second Great Depression, Bernie Madoff, SPACS, Bitcoin, Tesla, etc.
And Hometown International the OTC-traded owner of a small NJ deli that attracted investments from prestigious universities! HI not the deli.
Celebrity connections play a role. Even if their financial knowledge is small.
Think Dogecoin, Bitcoin.
Sometimes it can be a bit darker.
A belief that the fund manager’s success is based on less than legal methods, e.g., insider trading, rigged markets, corruption, etc.
And that it’s best not to inquire too closely lest one incur the legal obligation to “blow a whistle”.
Or perhaps more accurately find oneself with unwanted legal “exposure”.
What makes the IQDA fund saga even more interesting is a typical attribution of returns analysis could not account for the stellar performance.
An attribution of returns analysis seeks to identify the factors (more on that below) responsible for total returns and their relative contribution to the total.
Here’s a quote from an MPI (Markov Process International) report.
In the case of Infinity Q Diversified Alpha, our [dynamic style analysis] suggests that the majority of the fund’s returns over the past 6+ years remain unexplained, quantitatively speaking,” MPI said in the report. “Reviewing these quantitative results would leave many advisors and analysts wondering ‘is this performance too good to be true?
Here’s a link to more details on MPI’s analysis.
If time constraints mean you have to choose between continuing reading my post or reading MPI’s analysis, read theirs.
It is a brilliant demonstration of the sort of analysis that should be done.
Truly sophisticated investors (admittedly a small select group) and their professional advisors (a similarly small group) typically look behind the headline return and any return attribution provided by a fund.
They perform their own attribution analysis, isolating responsible “factors” and their contribution:
strategy/style, including drifts therein from what was promised
sector and individual asset selection
risk assumed
financial engineering as opposed to investment skills, e.g. leverage both direct and indirect (futures, options, etc)
They (should) also look for valuation engineering.
Where a fund’s performance is evaluated against a benchmark, one should determine that the benchmark is and remains appropriate.
Even more so, if the fund is compensated by “beating” the benchmark or a set hurdle rate. Think PE.
IQDA’s benchmark was the Credit Suisse Hedge Fund Index which reportedly follows the results of 9,000 hedge funds and asset weights their performances.
Is this an appropriate benchmark?
No.
There are significant differences in strategy among hedge funds: long-short, volatility convertible arbitrage to name just three. Leading to significant difference in their results.
Not all of the 9,000 hedge funds in the CSHFI have the same strategy or strategies. The creation of this index therefore “mashes together” the results of different strategies.
Therefore, it’s not meaningful to measure IQDA’s performance against it.
Would it be meaningful to compare the results of a (real) football player against a performance index composed of cricket, rugby, American football, Australian football, and tennis players?
There is no benchmark that fits IQDA.
CS is not the only provider of HF performance indexes.
Other FI’s provide them. Often with sub indices for a particular strategies.
These could be used to prepare more meaningful assessments of IQDA’s performance.
A related issue is valuation of assets – the other side of the “beating the benchmark”.
If asset value is inflated, the over performance (alpha) is as well.
That can occur from selection or tweaking of “inputs” into models. Or “adjusting” the models.
This is particularly the case where the strategies are based on complex hard to value instruments or transactions. So called Tier 3 assets or transactions.
Absent clairvoyance, one would not be able to detect such fiddling.
But one can identify opportunities for fiddling. And that should be a sign to be vigilant.
The MPI analysis shows how to do this quite quickly.
IQDA’s former CIO has been accused (but not convicted) of “playing” new tunes on the fund’s valuation model.
The “big boys” apparently didn’t perform their own attribution analysis and didn’t look at the appropriateness of the benchmark.
Or use other HF sub index benchmarks to analyze performance.
Or hire a qualified firm to do it for them.
Perhaps they did and then ignored the results.
I’d like to be able to categorically discount that possibility.
But sadly I have seen the most egregious behaviour during my storied career.
With IDQA the “big boys” appear little different from retail investors, except of course for the amounts of money they could throw at their delusions.
History suggests that this was not a one-off aberration.
Matthew Collins of Brookings has performed a "deep dive" analysis of client information "hacked" from Cayman National Bank and Trust, Isle of Man, a subsidiary of the Cayman Island-based Cayman National Corporation.
Here's a link to the teaser article which outlines his key findings.
And a link to the longer 55 page article.
Lots of (great) detailed analysis: the leaked data spans the period 2008 to 2019.
Even though CNB&T Isle of Man is a relatively small institution in the Isle of Man, the article is well worth the read.
Some additional investigation on King & King via another electronic visit to Companies House. A closer look at two GFG Alliance companies audited by K&K.
SUMMARY
Findings
K&K and its associates received at least GBP 124,111 in audit fees for three years audit work between 2018-2020. (this post)
As noted in my earlier post, of the K&K companies I was able to identify two were dormant and one had net assets of GBP 685. (previous post)
A related company, Relans, had a larger balance sheet. (previous post)
Unanswered Questions
Is there another K&K entity that received the fees? If so, what is it?
Who are the “associates” who receive a part of the audit fees?
What was their role? Did K&K employ outside personnel to conduct the audits? Or subcontract some of its work to another firm?
DETAILS
LIBERTY STEEL GROUP HOLDINGS UK LTD Company number 10702565
40 Grosvenor Place, 2nd Floor, London, United Kingdom, SW1X 7GG
Here’s the link to LSGH’s filings with Companies House, including its financial statements. Please refer to that link for copies of the financials.
King and King acted as statutory auditor on the LSGH’s annual reports for 31 March 2020 (auditor signed 26 February 2021) and 2019 (auditor signed 12 September 2019)
HW Fisher and Company acted as auditor on the 31 March 2018 annual reports.
According to Note 3 to the 2020 financials, the auditors fees of GBP 17,600 for 2020 and GBP 16,000 for 2019 “is borne by a subsidiary of the company.”
Also note it states that the “audit fees were paid to the auditors and associates”.
Unclear what that means.
Who are the associates? What was their role? How much did they get?
Looking at the 31 March 2018 audited financials (signed by HW Fisher on 30 November 2018), note #3 says that “audit costs were borne by Liberty Pipes Hartpool”. No amount disclosed.
That leads us to a look at:
LIBERTY PIPES (HARTLEPOOL) LIMITED Company number 09931472
40 Grosvenor Place, 2nd Floor, London, United Kingdom, SW1X 7GG
Here’s the link to LPH’s filings at Companies House.
K&K has been the auditor for this company since 2018.
Prior to that the company filed micro accounts for 2016 and extended its 2017 fiscal year to 31 March 2018.
For fiscal 2018 (auditor’s report dated 8 Feb 2019) and 2019 (auditor’s report dated 22 Nov 2019) , the company paid its auditor King & King GBP 24,500 (each year). In these two years, the term “auditor and its associates” is used.
For fiscal 2020 (auditor’s report dated 18 Dec 2020), it paid GBP 75,111 (note #4). No mention of associates of auditor.
If we assume that LPH has continued to pay the audit fee for LSGH (and therefore those fees are included in the amounts in LPH’s financials), King & King and “associates” has received at least audit fees of GBP 124,111.
The question is what K&K entity received payment.
A few other items from the financials.
LSGH has a recurring loss of GBP 60,000 a year for the past two fiscal years.
LSGH has 15 subsidiaries.
LPH eked out a modest GP 395,995 profit in FYE 2020 following total losses of some GBP 5,159,917 the prior two fiscal years.
2 May 1957
“ من زمن الرجولة والرجال “
“كيف أنسى ذكرياتي“
The timing raises questions about the due diligence that the Exim Bank and Pefco, its funding partner on the deal, conducted on Greensill, whose German banking subsidiary was under investigation by regulators last year.
I think the questions raised can be answered: no.
Summary:
Eximbank and PEFCO have no financial exposure (credit risk) to Greensill in this transaction. As such, their due diligence was appropriate at the time it was conducted.
Eximbank’s primary focus in this transaction and others is (a) the promotion of US exports and (b) creation of US jobs.
Or in other words, Eximbank's customer here is Freeport. Greensill is a service provider.
At this point, the ability of Greensill to fulfill its obligations under the transaction are in question. Eximbank is no doubt looking for a replacement.
That raises two issues: (a) finding an FI able to handle the supply chain invoice processing and (b) one willing to take risk (10%) on Freeport.
Detailed Argument
Now to the details that support those contentions.
At its 29 September 2020 Board of Directors Meeting ,US Eximbank approved a 90% guarantee under its Supply Chain Finance Program for transactions involving Freeport LNG Marketing LLC as the obligor. (Eximbank reference AP089370XX).
Note that date. Eximbank issued its commitment in September 2020.
At this point concrete news about Greensill’s situation was much different than in January 2021. So if there is an issue with Eximbank’s due diligence, it has to be focused on the period before 29 September 2020.
Eximbank lending is highly rules based. Procedures for approval are more complex and thus more time consuming than in a typical financial institution.
The board approval package would have been prepared, reviewed, and finalized well before the board meeting.
You can well expect that as well preparation and approval of transaction documentation is similar. That explains the time taken to finalization.
Some key points about this transaction.
Freeport is the obligor on the loan. Eximbank's credit risk lies squarely here.
US Eximbank guarantees to pay the lender 90% of principal if Freeport doesn’t pay.
The lender bears the risk of the unguaranteed 10%.
US Eximbank is providing a guarantee not funding.
If the lender does not or can not lend, then Eximbank has no exposure to either the obligor (in this case Freeport) or any obligation to the lender (Greensill).
Eximbank reviews the documentation for each transaction under an approval for compliance with (a) the terms and conditions of its approval and (b) US content requirements. Then and only then it issues a “guarantee” for that transaction.
Clearly, then the primary focus of Eximbank’s due diligence would be on Freeport.
Due diligence on the lender would focus on its ability to handle a supply chain transaction both in terms of systems and experience as well as no "blocking" issues.
Those would include legal prohibitions, e.g., US sanctions, etc.
Greensill passed those tests at the time of due diligence.
If the bar were set to exclude those FIs that engaged in reckless banking practices (imprudent lending, over concentration of risks, market manipulation) or illegal behaviour, then the set of "acceptable" banks for US Eximbank would appear to be fairly limited. And exclude a large number of the G-SIBs.
PEFCO is a specialist private sector owned lender that provides primary and secondary funding for loans guaranteed by US Eximbank. It also does a very minuscule business in other sovereign guaranteed loans. Roughly 1.4% of total loans.
Eximbank exercises “oversight” on PEFCO’s operations beyond that it does with other financial institutions to which it may give a guarantee.
Given the nature of its business, PEFCO is able to access both fixed and floating rate funding at very attractive rates.
In the Freeport transaction, PEFCO reportedly acquired a 100% “participation interest” in the Eximbank guaranteed portion of the Freeport loan.
That would mean that Greensill remained at risk of non payment on the unguaranteed 10%.
For the same reasons as above, PEFCO has no credit risk exposure to Greensill.
Given the Eximbank guarantee, it has none to Freeport.
Its decision to enter the transaction was almost certainly based on the US Eximbank guarantee.
PEFCO’s s role in the transaction would be to provide competitively priced funding in the form of a lower discount rate than Greensill could obtain in the market
That is, when Greensill presented PEFCO an Eximbank approved (guaranteed) supplier invoice, it would buy the invoice from Greensill at an agreed discount rate.
To reiterate: Eximbank's guarantee is evidenced by its issuance of a document after it examines the invoice and any supporting documents to ensure that (a) US content and other requirements have been met and (b) the transaction complies with the conditions of that approval.
PEFCO would make sure to confirm the guarantee.
Greenill’s compensation would be potentially a mixture of (a) the difference between its discount rate and PEFCO’s (b) any upfront fee it charged Freeport, and (c) any fees it charges Freeport for the processing of the supplier invoices.
What is to be done now?
Now there is a question as to what Eximbank “should” do now that Greensill has crashed or when the probability of its crash became apparent.
As noted above, Eximbank’s mission is to promote US exports and US jobs.
So it would be rather reluctant to throw the Freeport "baby" (its customer) out with the Greensill "bathwater" (a service provider).
As a general rule, Eximbank tends to very "high church" in honoring commitments/approvals it has given.
Part of this is institutionally motivated to maintain market confidence in its "word".
Part is concern that its customer may have made financial commitments and would therefore incur a loss, if Eximbank were to walk away.
Eximbank and Freeport are no doubt looking for a replacement institution with the capacity to process supply chain finance.
And the willingness to hold 10% of the risk of any outstandings within the US$ 50 million.
Two other key considerations for Eximbank.
The SCF program has been in existence for a few years. Frankly, usage has been disappointing.
Eximbank has also domestic political considerations given its recent close encounter with the grim reaper.
Spot the Link to Scotland |
A relatively large amount of ink – both real and electronic-- has been spilled of late over Standard Life Aberdeen’s adoption of a “new” trendy identity.
Just the step you’d probably expect “futurists” would take.
I have my own opinion on this sad affair.
When I think of the Scots, I picture thrifty, hard working, sensible people, who can have a bit of fun. “Laugh with the devil” and be as “gentle and prickly as our own downy thistle”.
“arbdn” doesn’t “fit” that impression.
Contrary minds might cite “Irn-Bru” to counter my ill-tempered judgement..
But that (the name not my judgement) arose for copyright and brand identity concerns. Sensible marketing..
Rather than piling on abrdn, I want to focus on the apparent pernicious effect of marketing in this matter. Because the name doesn’t seem to be accompanied by typical consultancy advice on strategy or structure.
But rather merely placing the old wine in new skins.
To set the stage a quote from a recent FT article on the topic.
But Manfred Abraham, joint chief executive of Yonder Consulting, said Abrdn was the first branding change in wealth management “befitting of the fintech revolution”.
He added: “Asset management brands are all very homogenous and traditional.
“Abrdn has the feel of a Monzo or Starling — and that opens the door to the inner workings of the company modernising too.”
And my reaction.
I’m not sure what abrdn or its new logo have to do with fintech.
It could just as well be a competitor to Airbnb. Or a new fast food restaurant. Perhaps the result of a corporate “coupling”.
Or perhaps signage in an airport or tube station. This way to the "abrdn".
There is a reason why why asset management firms have traditional names. To convey the impression that they are sensible careful people who you can trust with your money.
That being said, there is clearly a market for investments for those who like to take a punt on delusion. Hopefully, abrdn is not targeting this group.
As to other names …
When I hear the name “Monzo”, I think of “gonzo”. Or perhaps the nickname of a loan shark. Not a proper bank.
In the former North American colonies, starlings are about as well respected as their “cousins” pigeons -- “rats with wings”.
Whatever one’s view of this species, it’s hard to connect either bird with “fintech” or finance. Perhaps with bicycles?
That leads to the name of the company commenting on the change: “Yonder”.
A firm with this archaic name would not appear to be on the “bleeding edge” of the marketing “space”. One not inhabited by “tiger teams”.
It’s not a legacy name.
There is no eponymous founder, Anthony Charles Brakewell Yonder, OBE, the English David Ogilvy.
Yonder is of more recent vintage.
Formed in October 2020 out of four companies to “create a new consultancy proposition”. Whose truth value perhaps remains undetermined to this day. At least it’s not a conjecture.
After the apparent application of their unique skills and insights, they actually chose this name. It may come then as no surprise that “abrdn” also is melodious to their ears.
It is not a unique name. Not an Exxon or Exelon.
Rather you will find a variety of other “Yonder” companies across the globe. Or as we might say surveying the field “yonder lea, yonder lea”.
So much for brand identity.
Physician, heal thyself.
“YNDR”? Redyon? Ekeipera?
I don’t know how to react to the last comment about these names “opening the door to the inner workings of the company modernising too”.
Many of the great advances in business babble have come to us from the “science” of marketing and consultancy. As well I will admit valid insights, but perhaps less often.