The global financial crisis of 2007-08 did little to lessen the vulnerability of the U.S. financial markets, leaving it open to cyber attacks by individual or groups of criminals, terrorists or states. The “glitches” in High Frequency Trading (HFT) cost billions to investors, leading them to seek slower but safer trading systems. Not all “glitches” were caused by a malfunctioning computer or by erroneous algorithms. Chris Cook, a Senior Research Fellow at the Institute for Security and Resilience Studies at University College London and aformer director of the International Petroleum Exchange, concluded “the only difference between an economic terrorist and a hedge fund is motive and current policies simply serve to concentrate market risk further in a single point of failure.”
A new paper on “Cyber-Crime, Securities Markets and Systemic Risk,” published jointly by the International Organization of Securities Commissions (IOSCO) and the World Federation of Exchanges (WFE), investigates the evolving nature of cyber-crime and proposes a framework for determining under what circumstances cyber-crime could pose a systemic risk to securities markets. The paper warnsthat “Cybersecurity in securities markets has not yet produced ‘systemic impacts,’ a ‘reliance on an out-dated understanding of what cyber-crime entails; a perception of safety due to containment of past cyber-attacks; or assumption around the limited capabilities of cyber-criminalstoday-may mean we end up ‘bringing a knife to a gun fight’ in the future. Worse, a presumption of safety (despite the reach and size of the threat) could open securities markets to a cyber ‘black swan’ event.”
Mr. Cook, a former regulator and an astute observer of the markets, voiced his concerns in 2005 at a meeting that the ACD helped organize. Here is his take on current market vulnerabilities:
Such a discontinuity is quite possible today, particularly in the market in crude oil, which has been the subject for years of a macro manipulation by producers who obtain cheap finance from the ‘inflation hedger’ funds mentioned above. Essentially the producers lend oil to passive investors using derivatives or the prepay contracts rediscovered by Enron while the passive investors lend dollars to producers.
The prepay mechanism is now in routine use. For instance, Russia’s Rosneft is unwilling to sell ownership (equity) while banks are unwilling to lend to Rosneft (debt). So we now see, as a third way between equity and debt, the major trading houses Glencore, Trafigura and Vitol entering into crude oil prepay contracts with Rosneft, where they buy crude oil at a discounted price for cash now and delivery later.
These trading houses borrow the necessary dollars from banks and then offload their market price risk onto the relevant clearing houses. In my view, the transparent and direct use of prepay instruments for financing (Peer to Peer credit) and funding (Peer to Asset credit) will lead to a resilient networked financial system.
But the current opaque use of prepay instruments by intermediaries notoriously pioneered by Enron–is an accident waiting to happen, exacerbated by the wave of demutualisation of exchanges and the fragmentation of clearing houses into proprietary siloes.
This is because Risk is akin to Energy: it cannot be destroyed: it can merely be moved around and change state. The market risk formerly taken by banks has now been outsourced to Clearing Houses which are not in my view capitalised for the true risks they run.
Many of those investors who were worried enough about inflation to hedge it using ETFs are now selling their units and buying into asset classes like stocks and property which offer at least some yield.
As this fund money drains out, the financialisation comes to an end and commodity price bubbles will deflate: the only question is the rate at which this fall in price will occur, and I believe that there is a significant possibility that a market price discontinuity like that in the 1985 tin market could well be the next shoe to drop.
Not only are the regulators failing to address this systemic risk: the centralising policies they have been developing might almost be designed to create it.