Risk Management

JPMorgan CFOs Slammed for Risk-Management Failures

Two former JPMorgan finance chiefs could have done more to prevent last year’s massive trading losses in the bank’s chief investment office, an int...
Vincent RyanJanuary 16, 2013

Fresh off a Federal Reserve order that found deficiencies in JPMorgan Chase’s risk controls, loss modeling, and audit functions, two of the firm’s former CFOs were hit with tough criticism by an internal probe Wednesday.

An internal task force report on last year’s “London Whale” trading incident lays part of the blame for the risk-management breakdown on two of the financial institution’s CFOs. The two were singled out for criticism despite the presence of a chief risk officer for the overall bank and a CRO in the flawed trading business.

While JPMorgan’s normally conservative chief investment office (CIO) was dabbling in synthetic credit derivatives, the CFOs missed opportunities to “meaningfully challenge” a trading strategy that led to $6.2 billion in mark-to-market losses and shaved more than $20 billion off the bank’s market value last year, the task force report found.

The 7 Habits of Highly Effective CFOs

The 7 Habits of Highly Effective CFOs

Download our whitepaper to discover the technical and behavioral skills needed to lead your business forward.

The report, released Wednesday, said JPMorgan’s former top CFO, Douglas Braunstein, “bears responsibility” for weaknesses in financial controls related to the investment portfolio and could have asked more questions about changes in its value and its increasing exposure to adverse movements in the financial markets.

The other former finance chief criticized in the report was John Wilmot, who headed the CIO’s finance function. Wilmot and his team failed to set up robust reporting controls, the report said, “including sufficient circulation of daily trading activity reports, [which] made early detection of problems less likely.”

While the task force noted that the “primary control failures were risk management failures,” the finance organizations headed by Braunstein and Wilmot “could have done more.” In the case of the CIO’s finance team, the task force stated that in part it took “too narrow [a] view of [its] responsibilities,” believing the issues related to the CIO’s credit portfolio “were for the risk organization and not finance to flag or address.”

Further, employees at all levels of the CIO failed to escalate the issue to senior management of the bank and the board of directors.

Braunstein stepped down in October 2012 and is now a vice chairman of JPMorgan. Marianne Lake, the former CFO of the bank’s consumer and community banking unit, replaced him. In the CIO unit, former CFO Wilmot, who had “dotted line” reporting to Braunstein, has resigned and is leaving the bank this year. He was replaced by Marie Nourie last May.

JPMorgan CEO Jamie Dimon had a role in the debacle also, the task force found. It said Dimon “could have better tested his reliance on what he was told” about the CIO unit’s losses. The report “demonstrates that more should have been done regarding the risks, risk controls and personnel associated with CIO’s activities, and Mr. Dimon bears some responsibility for that.”

The bank recently announced it had slashed Dimon’s compensation for 2012 by 50%.

JPMorgan’s CIO unit was designed to invest excess deposits to offset the credit risk the bank faced as a lender. But the unit’s traders built up positions in volatile credit-default-swap indices and other derivatives. Losses from the positions cascaded in late 2011 and the first quarter of 2012, even as the firm tried to reduce its risk exposure. The London Whale was a U.K.-based JPMorgan trader who was part of the operation and amassed huge positions in a credit-derivatives index.

On Wednesday morning’s earnings call with analysts, Dimon said the company had fixed the CIO “100%: the people, reporting, risk, controls, committees, guidelines” and that the bank no longer trades synthetic credit in that group.

Dimon originally called the incident a “tempest in a teapot” in April 2012, but then admitted a month later that the CIO unit’s trades were “flawed, complex, poorly reviewed, poorly executed, and poorly monitored.”

The incident at JPMorgan, a commercial bank highly touted for its risk management, has sparked probes by the U.S. Justice Department and the FBI, as well as the U.K.’s Financial Services Authority.

On Tuesday the Fed and the Office of the Comptroller of the Currency issued a cease-and-desist order that gives JPMorgan 60 days to submit a plan to improve its risk management, internal audit, and finance functions.

The task force also found:

Unseasoned risk management. The controls and oversight in the CIO did not evolve commensurately with the increased complexity and riskiness of its trading activities. JPMorgan’s senior management thus continued to view the CIO “as the manager of a stable, high-quality, fixed-income portfolio,” according to the task force.

The task force also said the CIO lacked the personnel and structure to manage synthetic credits. The report pointed out that the CIO risk committee met infrequently and that some risk managers did not consider themselves sufficiently independent to challenge the office’s practices. In addition, a new CIO chief risk officer appointed in early 2012 “was learning the role at the precise time the traders were building the ultimately problematic positions.”

(In the “remedial measures” section of the report, the task force noted that the CIO has refocused on its core mandate: traditional asset-liability management.)

A value-at-risk model on old technology. JPMorgan’s newly installed value-at-risk (VaR) model, which underestimated the risk of a loss on the CIO’s assets, was approved by a risk committee. But the bank’s IT infrastructure was never upgraded to automate the calculations. An internal group that reviewed the model found the computation of VaR was done on spreadsheets and was “error prone” and “not easily scalable.” Data was uploaded manually without sufficient quality control, the task force found, and “frequent formula and code changes were made.”

In addition, the new model was developed by an individual “who had not previously developed or implemented a VaR model, and was also not provided sufficient support — which he had requested — in developing the model.”

Mark-to-market errors. When JPMorgan was preparing its 10-Q for the first quarter of 2012, it reviewed the valuations of some of the positions in the synthetic-credit portfolio. At the time, in consultation with outside auditor PricewaterhouseCoopers, it concluded that the marks on the positions, as of March 31, complied with generally accepted accounting principles.

Shortly after, though, a bank task force investigating the cause of the losses found evidence — in e-mail and taped conversations — that “raised questions about the integrity of the marks” in the portfolio. “After consulting with PwC, the [bank] concluded that it was no longer confident that the March 31 marks reflected good-faith estimates of the fair value of all the instruments in the synthetic credit portfolio,” the task force said.

Understanding Which ERP Modules Your Business Needs – And When