Wall Street meltdown linked to 'outsourcing' of regulation to private code

Researcher argues for open sourcing of risk models to improve financial codes, boost transparency

The full depth of IT's involvement in Wall Street's meltdown is unknown, but one plan to stop it from happening again calls upon a growing IT trend: open source.

Erik Gerding, an assistant professor of law at the University of New Mexico who researches securities law and asset price bubbles, said that in agreeing to rely on computer models, the U.S. Securities and Exchange Commission essentially "outsourced" the financial regulation to proprietary codes developed by financial services firms.

The fix? Open source the underlying codes -- much like with open-source software -- to improve the code used by financial services to calculate risk and boost transparency for regulators.

Risk models of financial services have thousands of variables and are as complicated as weather system models. They can take enormous computing power to run, which is evident in some of the spending by the industry. In 2003, financial services firms spent $169 million on high-performance systems. By 2007, research firm IDC said, spending reached $305 million.

As capability and power of the technology increased, so did the complexity of the investments, such as with mortgage securities. Regulator confidence increased in these tools so much so that the SEC made a fundamental change in how to regulate financial services. On April, 28, 2004, the SEC -- at the insistence of financial services firms -- loosened its capital rules, agreeing to rely on financial services' computer models in assessing risk. This meeting, which received scant attention at the time, was recently the focus of a New York Times report.

In a draft paper made available last month, Gerding said regulators may have been comfortable with this increased level of risk because they saw lenders on the hook for the loss. "Lenders and the financial markets, many regulators assumed, accurately priced and managed this risk due to advances in the risk models -- a type of code -- they employed," Gerding wrote.

The SEC was also acting at a time when confidence in technology was high. If there was any reason to be worried about the SEC's action, it wasn't evident in a speech Allan Greenspan, former chairman of the Federal Reserve, delivered in 2005. He said technology and new credit-scoring models gave lenders a means "for efficiently extending credit to a broader spectrum of consumers."

So, who comprised this "broader spectrum" of consumers? Subprime mortgage borrowers. "Where once more-marginal applicants would simply have been denied credit, lenders are now able to quite efficiently judge the risk posed by individual applicants and to price that risk appropriately," said Greenspan, who stepped down in 2006.

But Greenspan's assertion that lenders were technologically enabled to judge the risk was wrong. RealtyTrac of Irvine, Calif., estimates that as many as 1 million people will lose their homes this year due to foreclosure. In 2007, 400,000 people lost their homes. Late last year, Greenspan increased his forecast of a recession.

The financial impact of the bad loans rose up through the financial system. Once the mortgage originator sold the loan, it was then sliced up into other investments, making any understanding of the risk progressively worse. The human elements, such as the number of so-called "liars' loans" (loans based on unverified income), weren't, apparently, part of the risk models. These problems are expected to increase investment in risk management.

Gerding said he believes the answer is to open source the financial codes, which would let the banks and rating agencies see the actual code for models that are used to set capital requirements and how the risk was assessed.

"Just as with open-source software, other users would then be able to copy and modify these models for their own use," said Gerding, who noted studies supporting the premise that open source is less prone to bugs.

Wall Street firms are already major users of open-source software. But Lisa Cash, executive vice president of sales and marketing at DFA Capital Management, a company that develops financial codes, said it will be very difficult to get high-quality products out in the market. "Who would actually spend the money to do it?" Cash asked.

Unlike U.S. regulators, European counterparts audited the risk models, Cash said, which increased transparency and confidence in them. The more transparency, "the better it is for our business," she said. European regulators look at the codes, but agree not to disclose them.

But others suggest that improving transparency will not be as easy as simply opening up code. Peter Teuten, president and CTO of Keane Business Risk Management Solutions, said there were neither common standards in risk management, nor anything like a "universal stress test" for more than a basic set of risk scenarios.

Teuten questioned using open source as a model because it may lead to multiple, noncentralized development. He said he does, however, see standards emerging from the current current crisis.

Copyright © 2008 IDG Communications, Inc.

Shop Tech Products at Amazon