Matwyshyn on Finance Hackers

There has been a series of hacking attacks on financial infrastructure, including Nasdaq. Andrea Matwyshyn predicted these problems and has provided invaluable legal commentary on the issue. As she explains:

97% of NYSE trades are executed using electronic communication networks. . . . [T]rading reliant on computer algorithms has dramatically increased: high frequency trading accounts for approximately 60% of trading volume, and this number is expected to rise.

[T]he information security of the transactions and the management of the machines performing them create potential for serious market disruption and provide an attractive target for information criminality. In a business environment where even the most sophisticated technology companies fall victim to information criminals compromising their source code, the securities industry is certainly not immune from information security risks. Further, as a whole, because of the current shallowness of the information security talent pool, it is also likely to be less skilled in defending itself than would be a sophisticated technology company. . . .

Hackers have successfully stolen sensitive information from securities firms, including logins and social security numbers, and have executed unauthorized trades . . . In fact, the
list of entities that have experienced information security breaches during the last five years includes firms engaged in high frequency trading. . . .

Particularly if we consider these information security failures in historical context—in the context of an industry known to have a history of deficient recordkeeping and management practices that have already once caused the multi-billion dollar Books and Records Crisis. . . —market integrity concerns arise. There is reason to question whether stringent information security practices are in place with respect to these companies’ proprietary trading platforms. Additionally, some of the companies engaging in high frequency trading and making markets are private companies not subject to extensive SEC oversight.

High frequency trading with inadequate information security presents a meaningful risk of market instability. . . . Thus, the securities industry demonstrates the unsustainable tension of many corporate cyborgs: while seeking to generate feelings of trust in consumers and striving to put forth a human face on their enterprises through spokespeople such as the popular character of the eTrade baby, the last five years demonstrate a dramatic shift in the industry toward eliminating humans from the equation in favor of reliance on autonomous and automated computer systems.

Legal theory is starting to catch up to these trends; I eagerly await the release of Samir Chopra and Lawrence White’s work on autonomous artificial agents. But I am also afraid that Matwyshyn is set to join the cavalcade of Cassandras who decried Wall Street’s recklessness last decade: the state regulators, compliance teams, 11,000 appraisers, independent economists, and journalists described on pages 8-18 of the FCIC report as repeatedly, vehemently warning about an impending crisis well before it happened. If anyone wonders what can happen to a firm insider who happens to push systemic risk concerns to his management and board, the story of Richard Bowen might be instructive:

At Citigroup . . . Richard Bowen, a veteran banker in the consumer lending group, received a promotion in early 2006 when he was named business chief under writer. He would go on to oversee loan quality for over $90 billion a year of mortgages underwritten and purchased by CitiFinancial. . . . In June 2006, Bowen discovered that as much as 60% of the loans that Citi was buying were defective. Bowen told the Commission that he tried to alert top managers at the firm by “email, weekly reports, committee presentations, and discussions”; but though they expressed concern, it “never translated into any action.” Instead, he said, “there was a considerable push to
build volumes, to increase market share.” . . .

He finally took his warnings to the highest level he could reach—Robert Rubin, the chairman of the Executive Committee of the Board of Directors and a former U.S. treasury secretary in the Clinton administration, and three other bank officials. He sent Rubin and the others a memo with the words “URGENT—READ IMMEDIATELY” in the subject line. Sharing his concerns, he stressed to top managers that Citi faced billions of dollars in losses if investors were to demand that Citi repurchase the defective loans.

Rubin told the Commission in a public hearing in April 2010 that Citibank handled the Bowen matter promptly and effectively. . . . According to Citigroup, the bank undertook an investigation in response to Bowen’s claims and the system of underwriting reviews was revised. Bowen told the Commission that after he alerted management by sending emails, he went from supervising 220 people to supervising only 2, his bonus was reduced, and he was downgraded in his performance review.

Matwyshyn gives many important policy recommendations at the end of her piece. But I am increasingly doubtful that the finance system, as currently constituted, can cooperate with authorities to protect itself from shadowy forces. Even as serious computer errors are found in programs, hedge funds try to block elementary efforts to permit some neutral third part to “look under the hood” and understand what they are doing. Even extraordinary accusations like those in the Empresas suit fail to make waves. The recent Madoff trustee suit against JPMorgan elicits a yawn from a seasoned financial journalist:

Far from shocking, this is really just an appropriate plotline in a story that is finally becoming clear beyond argument: Those lines between criminal fraud and legitimate banking have been blurry for a long time. One can reasonably argue that they pretty much got erased during the Internet bubble and into the real-estate boom.

One recent story warns that “the art of subtle manipulation could slowly turn electronic markets on their heads by corrupting their very legitimacy.” As Scott Patterson puts it toward the end of “The Quants,” “Mom and Pop’s retirement dreams, meet Ninja Hedge Fund.” Is it any wonder why gold and many commodities are priced so high?

You may also like...