Slashdot Mirror
Coding Flaws Caused Moody's Debt Rating Errors
An anonymous reader writes "The Financial Times has the story that billions in incorrect AAA ratings given out by Moody's were the result of a coding error in its computer models. 'Internal Moody's documents seen by the FT show that some senior staff within the credit agency knew early in 2007 that products rated the previous year had received top-notch triple A ratings and that, after a computer coding error was corrected, their ratings should have been up to four notches lower.'"
Exactly because they need a reason why they rated securities backed by sub-prime negative amortizing loans at AAA. This in turn caused serious miscalculations of risk which led partially to the current economic downturn we are now facing.
The other part was that companies were all too willing to offer these risky products and buyers were all too willing to lie on their loan applications to get approved for them.
This is another example of how good news in the economic field can easily go unchecked because it is beneficial for everyone involved (in the short term) for the world to believe them.
My favorite, and perhaps the most drastic, example is how the US government grossly misrepresents employment stats, the consumer price index, and the GDP. This creates another bubble; not for the New Economy or for the housing market, but for the US as a nation. As long as people keep believing in the "world's strongest economy", investments pay off much as they do in a pyramid scheme - but the point where they won't becomes ever more dangerous the longer the scheme holds.
I for one prefer investments in Europe if only for the seemingly more reliable numbers they have there. Investing in the US is a way too dangerous gamble right now.
blow your mind already
..isn't a bug, it's a feature. Of fraudlent behaviour from management.
Suuuuure... a coding bug is to blame! Nevermind that the agencies selling this financial toxic waste *paid* Moody's, S&P and others to provide good ratings. Software bug or no, there is fraud all around within the US economy--and no one was complaining as long as people at the top were raking in billions of dollars in profits.
This entry at Calculated Risk openly wonders if Moody's jiggered its model expressly so that it would line up with whatever the Standard&Poors ratings were.
Personally, I'm concerned this revelation will result in a concerted effort to blame the whole mess on a computer error, rather than the profoundly bad judgment exhibited by fund managers and investment banks. Expect some hapless programmer to be located and pilloried.
Schwab
Editor, A1-AAA AmeriCaptions
The competent have nothing to fear from formal verification and anyone who is not capable of doing such verification should not be writing software anyway.
This is Slashdot, where everyone just blames management. Because you know, there are no incompetent programmers in existence.
If the errors are as large as it seems they were, wouldn't one or more human analysts notice? When your software says "Buy SCO" you should know that something is wrong.
IOW, they are blaming the coders for generating results that should have
failed even the most basic sanity checking. All of their finance geeks
upon seeing these ratings should have been individually and collectively
scratching their heads.
I'm not sure I buy it really. It just seems like corporate blame deflection.
I dunno. I'm no MBA but I would imagine that the rating of any composite
security should be the lowest rating of the most risky component.
A Pirate and a Puritan look the same on a balance sheet.
... and this bug.. is it not time we started acting like engineers and started building software in a way where we can show it is correct. Well enjoy paying $200k per copy of MS Office, personally I'll take some bugs instead. As an industry, we really need to start growing up and using the tools the mathematicians have provided us, just as other engineers do in other disciplines, to show our programs actually work as advertised. Last I checked mathematicians can't even say if my program will finish running much less if it will work as advertised.They're depending on us believing their media stories to escape responsibility; anyone who thinks about this situation would quickly realize that for a company full of financial analysts to not realize that an error of this magnitude was happening - well, it beggars the imagination.
What almost certainly happened is that they played the same game that so many other financial institutions did during the real estate bubble. But when the bills came due, they chose to deny responsibility and pass the blame on to someone else. The real crime here is that they'll be allowed to get away with this...
security should be the lowest rating of the most risky component. That's not correct in general. Many structured products and derivatives have components that cancel each other out. A really silly example is a portfolio that buys a stock and short sells it at the same time, which will net out to nothing (except lost transaction fees). Obviously CDO's and whatever are ridiculously more complicated, but you get the point.
You can already buy systems like this. You can buy systems that absolutely have to work all the time, no downtime, no crashes, etc. However, there are some major stipulations:
1) It isn't cheap. There is going to me some major engineering to design it, and it will require some major redundancy in hardware to protect against faults. As such, you are going to pay a lot for it.
2) It isn't fast. No you can't have it today, you can't have it this month, you can't have it this year even. The development and testing will take a long time. This can't be rushed, it simply takes lots of time and lots of testing to make sure there are no faults.
3) You can't add features to it. Once the system is in place, it can run only what it was designed for. You can't go and install new software or anything. If you want any changes made, those will have to go through a full set of testing. No unverified code can be running.
4) It must be accessed only in approved ways. You can't just hook it up to the Internet and go wild, input will need to be properly regulated to make sure it doesn't cause an unforeseen problem.
5) You can't mess with it. Your people will not be screwing around trying things with it. It'll be maintained under a support contract only by certified personnel.
If that's not ok with you, well then some bugs are something you have to accept. This idea that programmers should be able to easily engineer perfect, bug free software quickly and cheaply is just amazingly ignorant. Especially when people come up with false analogies "Oh well people would sue if cars were made as badly as computers!" No, you'd get arrested (or killed) if you tried to use a car like people use computers. If people treated cars like computers they'd expect to be able to run in to a wall at 80 miles an hour and suffer no injuries to themselves or the car.
Cars work well if an ONLY if they are operated properly (and even then not always). You have to do things like obey proper driving regulations, maintain the engine, and so on. If you don't, well shit is going to go wrong, maybe catastrophically wrong. Yet people do just that with their computers all the time. They install random shit, never perform any maintenance, and expect that the computer will magically protect them from all problems.
failed even the most basic sanity checking. Indeed. This isn't a coding error, it's a testing error. Or perhaps a process design error.
Any professional knows that coding has a certain error rate. So you add practices, like pair programming, unit testing, acceptance testing, external code reviews, parallel implementation, and black-box testing until you get below the error rate you need.
For some part-time e-tailer's web site, you can skip a fair bit of that; if you fuck up badly enough, you might cost them an entire $500. But in the financial world, they know that errors can cost a lot more, like a million times more, and so it's worth spending more on quality-oriented practices.
Blaming this on the coder who happened to make the key error (if indeed their was one) is like blaming the Titanic disaster on some guy who missed a rivet on that side. It's the purest bullshit, designed to deflect responsibility from the people in charge. If they set it up right, a single person would be unable to make a mistake of this magnitude.
To the extent that different investments in a portfolio (which is what a "composite security" is, in essence, a prepackaged portfolio) have independent risks, there is a leveling effect (this is why, e.g., when you roll two dice, the distribution of the results is tighter proportionate to the range than when you roll one, and tighter still when you roll three, etc.)
OTOH, to the extent they tend to vary together, they don't level each other. Assessing the degree to which two different investments are independent in their risks is, AFAIK, still more art than science to start with, and when the people doing the assessment often have financial interests (even if only indirectly) in promoting the sales of the packaged investments, well, the results are likely to represent those interests more than any rational assessment of reality.
Confusing summary aside, this is the biggest load of crap I've read in a long time. The financial world made a really bad guess on just how much "money" was really in the US economy and now they are paying for it. They can't actually be held accountable because then people might catch a glimpse of the fact that the financial wizards who run our lives are really full of shit. So instead of taking responsibility for their mistakes they are blaming it on a computer bug. How effin convienent for them.
"Hey everybody, we aren't fucking idiots. You see, it was the computer! I just told you what it told me on my screen. Hold on... my third trophy wife is on the phone... she's telling me that her and the Lamborghini are stuck in traffic somewhere between my multi-multi million dollar home and the club house where I spend multiple tens of thousands of dollars a year. I'll get back to you right after I blow a few more rails of coke!"
How the hell did these people get to be in charge of society?
Except that all lenders are required to provide a Truth in Lending statement, and comply with it. If they misled the borrower, then they have broken the law; there's no two ways about it.
Tubal-Cain smokes the white owl.
This entire story is bullocks, and your analysis is accurate. We aren't talking about a trivial error here. The models were spitting out obviously false results, and Moody's (and everyone else) gladly accepted those bad results. For at least 3+ years now, several analysts have pointed out ratings were too high and that they didn't pass the "smell test". If Moody's is not responsible for their models, then why shouldn't I write some half-assed model of my own, demonstrate to lenders how in the short term it will make them money, and then when I get caught, just point out that I never claimed my models were accurate.
Actually, that's not a bad idea.
To put it in a language slashdotters will understand.
1. Invent model.
2. Lie about model's accuracy.
3. (Sell model)???
4. Profit.
Therein lies the problem: the senior 100000 of 2 million piece of crap mortgages that their holders can't pay still has a high likelihood of some or all of those mortgages defaulting. So if the pool overall is no good, the seniority does nothing to solve that problem. And that's before CDO^2 nonsense is used to claim that the senior of lots of junior tranches of various pools are as good as the senior tranches of a single pool...
So the senior tranches of CDO's have to be based on the risk ratings on the whole mortgage pool, and this is precisely where Moody's and S&P bamboozled the public and are now trying to blame it on a bug. They would bless the claim that the top of nearly any pool was great stuff, no matter what the contents of the pool were. As others have observed, that's no coding bug, it's a policy to willfully ignore reality to facilitate the sale of more securities.
The mortgage market was hardly unserved when the securitizers entered it - rather it was full of banks offering conventional mortgages at rates that properly priced the risk (and the banks took care to do that, since they held on to the risk at that time, and federal insurance laws require them to have sane risk holdings). The introduction of securitized mortgage products flooded the market with much cheaper debt. That meant that the pools kept getting progressively worse and worse as the lenders headed down-market to try to sell mortgages to people who didn't already hold more than enough debt.
And as for the loonies, as asset bubbles go, the runup in housing has only one precedent in American history: the speculation before the Great Depression. Now there are a lot more safety valves in the finance system these days, but to claim that it is or was doom and gloom to be concerned about the size of the bubble is pretty a blinked view of the world.