The “It Almost Worked” Billion Dollar Bank Job

This is a fascinating story in The New York Times of how some clever hackers/thieves were almost able to infiltrate the global banking system and get away with stealing nearly a billion dollars through a Bangladeshi bank:

Until about a decade ago, Bangladesh’s central bank was stuck in the analog age: Staff members sent international payment instructions via a teleprinter, an electromechanical typewriter that sent and received messages over standard phone lines and other channels. But since a new bank governor took over in 2009, the institution had gone digital. Its international transfer orders are now dispatched via Swift, the Brussels-based electronic network used by 11,000 financial institutions in more than 200 countries and territories. Inside a 12-foot-by-8-foot glass-walled chamber, under the scrutiny of closed-circuit security cameras, staff members log into Swift and dispatch the payment orders with encrypted communications. With a few keystrokes, a complex process is set in motion that sends millions of dollars zipping across continents.

On the sophistication of the Bangladeshi job:

The hackers’ approach was masterly in its foresight and complexity, and the malware they used, or variations of it, later turned up in several of the other bank breaches. The intruders most likely entered the bank’s computer network through a single vulnerable terminal, using a contaminated website or email attachment, and planted malware that gave them total control, even a view of the screens they were manipulating. There, hiding in plain sight, they waited for months to gain an understanding of the bank’s business operations. They harvested employee passwords and worked their way to the most tightly guarded corner of the network: the Swift server. Despite Swift’s warnings, the bank had not segregated its Swift server from the rest of the computer network. 

The major reason why the funds didn’t get completely transferred (“only” $81million of the nearly one billion dollars went through) was because the word “Jupiter” was flagged as a suspicious entity in one of the transfers, a huge coincidence.

Yet when it came to the Bangladesh heist, transferring the cash was only the first part of the scheme. It was one thing to use malicious software to tunnel into the bank’s Swift network and send out dozens of phony transfer orders to banks around the world. It was quite another to turn that digital cash into real money and then make it disappear.

Definitely worth reading the entire story. The illustrations accompanying the piece are also great.

Gary Shteyngart Goes Deep on Hedge Funds and Bitcoin

I really enjoy all that Gary Shteyngart publishes (see here and here, for example) . In his latest year-long project, Shteyngart has been researching finance, bitcoin, and has written an interesting article about Michael Novogratz for The New Yorker:

I like how Shteyngart brings his own life events into the story:

As a hungry, insecure kid growing up in eastern Queens, I remember watching the movie “Wall Street” and fantasizing about how I would look in suspenders and a contrasting collar. The men on the big screen did not have to understand themselves; the money made them understood. Although my greed had been expunged at Oberlin, and the financial crisis of 2007-08 had left me with a more or less permanent view of finance as an industry built on fraud, I found it hard to dislike some of my new acquaintances. The more intellectually vibrant ones came with backgrounds in advanced math and physics; they approached their trades like a puzzle, albeit one they were increasingly unable to solve. Others seemed to be flirting with the edges of sociopathy, or, at least, an inability to pass “Blade Runner” ’s Voight-Kampff empathy test.

Reflecting on the competitive nature from high school days:

At Stuyvesant High School, a competitive math-and-science school in Manhattan with a high proportion of first-generation immigrants, my classmates and I would get up every morning to wage battle over a hundredth of a percentile on our grade-point average; my new friends were fighting over so many basis points on their Bloomberg monitors. When we failed, we failed in front of our families, our ancestors, our future and our past.

Novogratz on Bitcoin:

He doesn’t think that cryptocurrencies will replace the dollar or the yen, but he believes that they will be a boon to countries in the developing world, where people don’t have trust in their fiat currencies, and that blockchain can revolutionize the way information is logged and shared and, in our age of data breaches, protected. “I’m good at selling the dream,” he said. “I can get onstage and get people to start saying ‘Hallelujah! Hallelujah!’ ”

Perhaps the most cogent piece of wisdom comes near the end of the piece:

After six years of exploring finance, I concluded that, despite the expertise and the intelligence on display, nobody really knows anything. 

Worth the read if you enjoy Shteyngart’s writing and/or are curious about the evolution of bitcoin and what some hedge fund managers are trying to do in the space.

Paul Ford on Bitcoin

Paul Ford has written an entertaining essay on Bloomberg, in which he shares his thoughts on Bitcoin:

Whenever I hear people talk about Bitcoin’s limitless future, I think about Dow 100,000. I first saw it in the old Borders bookshop at the World Trade Center. A few years later, the store was destroyed, and the book title was a sad joke. The markets lost interest in tech for years. Today all the Borders are gone, too.

I loved this sentence:

Consider Bitcoin a grand middle finger.

Ford’s view on how monetization can possibly happen:

Here’s what I finally figured out, 25 years in: What Silicon Valley loves most isn’t the products, or the platforms underneath them, but markets. “Figure out the business model later” was the call of the early commercial internet. The way you monetize vast swaths of humanity is by creating products that people use a lot—perhaps a search engine such as Google or a social network like Facebook. You build big transactional web platforms beneath them that provide amazing things, like search results or news feeds ranked by relevance, and then beneath all that you build marketplaces for advertising—a true moneymaking machine. If you happen to create an honest-to-god marketplace, you can get unbelievably rich.

###

Also worth reading is Paul Ford’s 2015 Bloomberg piece on “What is Code?”

When Banks Pay Borrowers’s Mortgage Interest, Europe Edition

Falling interest rates in Europe have put some banks in an interesting position: owing money on loans to borrowers.The Wall Street Journal reports on the curiosity:

At least one Spanish bank, Bankinter SA, the country’s seventh-largest lender by market value, has been paying some customers interest on mortgages by deducting that amount from the principal the borrower owes.

The problem is just one of many challenges caused by interest rates falling below zero, known as a negative interest rate. All over Europe, banks are being compelled to rebuild computer programs, update legal documents and redo spreadsheets to account for negative rates.

Interest rates have been falling sharply, in some cases into negative territory, since the European Central Bank last year introduced measures meant to spur the economy in the eurozone, including cutting its own deposit rate. The ECB in March also launched a bond-buying program, driving down yields on eurozone debt in hopes of fostering lending.

So in Spain, Portugal, and Italy, the base interest rate used for many loans, especially mortgages, is the euro interbank offered rate, or Euribor. The rate is based on how much it costs European banks to borrow from each other. Banks set interest rates on many loans as a small percentage above or below a benchmark such as Euribor. If the spread plus the Euribor is below 0, the Bank pays the borrower.

JPMorgan Chase Has More than 1,000 Models in Production

This afternoon, I spent some time reviewing the annual shareholder letter from JPMorgan Chase. The most interesting bit to me was this section on Model Risk Management (“Model review”) at the Bank:

More than 300 employees are working in Model Risk and Development. In 2014, this highly specialized team completed over 500 model reviews, implemented a system to assess the ongoing performance of the 1,000+ most complex models in the firm, and continued to enhance capital and loss models for our company.

So there at least 1,000 models currently in production at JPMorgan Chase, which doesn’t include the non-complex models…

I also thought Jamie Dimon’s comments on the Comprehensive Capital Analysis and Review (CCAR) were illuminating:

We believe that we would perform far better under the Fed’s stress scenario than the Fed’s stress test implies. Let me be perfectly clear – I support the Fed’s stress test, and we at JPMorgan Chase think that it is important that the Fed stress test each bank the way it does. But it also is important for our shareholders to understand the difference between the Fed’s stress test and what we think actually would happen. Here are a few examples of where we are fairly sure we would do better than the stress test would imply:

  • We would be far more aggressive on cutting expenses, particularly compensation, than the stress test allows.
  • We would quickly cut our dividend and stock buyback programs to conserve capital. In fact, we reduced our dividend dramatically in the first quarter of 2009 and stopped all stock buybacks in the first quarter of 2008.
  • We would not let our balance sheet grow quickly. And if we made an acquisition, we would make sure we were properly capitalized for it. When we bought Washington Mutual (WaMu) in September of 2008, we immediately raised $11.5 billion in common equity to protect our capital position. There is no way we would make an acquisition that would leave us in a precarious capital position.
  • And last, our trading losses would unlikely be $20 billion as the stress test shows. The stress test assumes that dramatic market moves all take place on one day and that there is very little recovery of values. In the real world, prices drop over time, and the volatility of prices causes bid/ask spreads to widen – which helps marketmakers. In a real-world example, in the six months after the Lehman Brothers crisis, J.P. Morgan’s actual trading results were $4 billion of losses – a significant portion of which related to the Bear Stearns acquisition – which would not be repeated. We also believe that our trading exposures are much more conservative today than they were during the crisis.

The last point is important because the way the scenarios have worked in the recent years for CCAR, the assumption was that there was a one-time (one day to less than a month-long), massive shock to the equity markets (50 to 60% drop in the severely adverse case).

Early Retirement and the Paradox of Success

This is a good piece in The New York Times on the paradox of success:

Similarly, to succeed in the N.F.L., it is not enough to be strong and fast. Witness all the college players who exhibit all the physical skills they need in the league’s draft who never succeed as professionals. Rather, the best players display a certain manic competitiveness such that they keep playing. The Denver Broncos’ quarterback, Peyton Manning, has won a Super Bowl and made $230 million from football alone, and he looked to be in profound physical pain at the end of last season. Yet with his intensively competitive streak, he intends to come back next season at age 39.

The paradox of success is this: The mental wiring that enables a person to claw to the tippy-top of Corporate America or sports or entertainment or any other field that offers vast wealth is the same mental wiring that most of the time leads people not to retire before they have to — no matter what the diminishing marginal utility of money would suggest.

More here.

On Bad Investments and Marathons

This week, The New York Times launched Upshot , described as “a plainspoken guide to the news” and in essence, similar to two other explanatory new sites that have recently launched (Vox.com and FiveThirtyEight.com). My favorite piece so far on Upshot is Justin Wolfers’s “What Good Marathons and Bad Investments Have in Common” (because it combines two of my interests: finance and running):

In the usual analysis, economists suggest it’s worth putting in effort as long as the marginal benefit from doing so exceeds the corresponding marginal cost of that effort. The fact that so many people think it worth the effort to run a 2:59 or 3:59 marathon rather than a 3:01 or 4:01 suggests that achieving goals brings a psychological benefit, and that missing them yields the costly sting of failure.

But in other domains, this discontinuity between meeting a goal and being forced to confront a loss can lead to bad economic decisions. Because losses are psychologically painful, we sometimes strain too hard to avoid them.

For instance, when you sell your house, your goal may be to get at least what you paid for it. But this simple goal has led to disastrous decisions for those who bought homes in Florida or Nevada during the housing bubble. Too many homeowners set their selling prices with an eye on recouping past investments rather than on current market conditions, and as a result, their homes didn’t sell, deepening their financial distress.

Well worth the read in entirety.