Slashdot Mirror
Coding Flaws Caused Moody's Debt Rating Errors
An anonymous reader writes "The Financial Times has the story that billions in incorrect AAA ratings given out by Moody's were the result of a coding error in its computer models. 'Internal Moody's documents seen by the FT show that some senior staff within the credit agency knew early in 2007 that products rated the previous year had received top-notch triple A ratings and that, after a computer coding error was corrected, their ratings should have been up to four notches lower.'"
In any case, it sounds like they found a new scapegoat and they're going to take it for a test ride.
this is probably more a feature than a bug --- those instruments are rated by multiple agencies, each of which use their own risk evaluation methodologies and software. i find it highly unlikely that s&p would make mistakes, independently, that would cause it to give the same junk paper the same AAA rating that moody's gave.
The problem is that the credit agencies used past data for new types of asset backed securities. While this works with most asset backed securities, the use of CDOs and MBSs caused a perfect storm. They assets they were backed up with were housing values and the AAA ratings they had made them very popular, inflating the housing values. When the housing values took a nosedive, there were no assets to back up these securities.
This isn't a trivial issue. False AAA ratings are what have caused the global credit crunch and mortgage crisis. For those who aren't familiar with a AAA rating, it is considered as good as a US government bond. It is a very hard rating to get and only 8 US companies are rated AAA by all of the credit agencies.
In my opinion, there is a very strong need for regulation of the credit agencies. If they didn't allow for CDOs and MBSs to get AAA ratings, this credit crunch and likely recession wouldn't have occurred.
This is another example of how good news in the economic field can easily go unchecked because it is beneficial for everyone involved (in the short term) for the world to believe them.
My favorite, and perhaps the most drastic, example is how the US government grossly misrepresents employment stats, the consumer price index, and the GDP. This creates another bubble; not for the New Economy or for the housing market, but for the US as a nation. As long as people keep believing in the "world's strongest economy", investments pay off much as they do in a pyramid scheme - but the point where they won't becomes ever more dangerous the longer the scheme holds.
I for one prefer investments in Europe if only for the seemingly more reliable numbers they have there. Investing in the US is a way too dangerous gamble right now.
blow your mind already
..isn't a bug, it's a feature. Of fraudlent behaviour from management.
As an industry, we really need to start growing up and using the tools the mathematicians have provided us, just as other engineers do in other disciplines, to show our programs actually work as advertised.
The competent have nothing to fear from formal verification and anyone who is not capable of doing such verification should not be writing software anyway.
Simon
Suuuuure... a coding bug is to blame! Nevermind that the agencies selling this financial toxic waste *paid* Moody's, S&P and others to provide good ratings. Software bug or no, there is fraud all around within the US economy--and no one was complaining as long as people at the top were raking in billions of dollars in profits.
This entry at Calculated Risk openly wonders if Moody's jiggered its model expressly so that it would line up with whatever the Standard&Poors ratings were.
Personally, I'm concerned this revelation will result in a concerted effort to blame the whole mess on a computer error, rather than the profoundly bad judgment exhibited by fund managers and investment banks. Expect some hapless programmer to be located and pilloried.
Schwab
Editor, A1-AAA AmeriCaptions
If the errors are as large as it seems they were, wouldn't one or more human analysts notice? When your software says "Buy SCO" you should know that something is wrong.
IOW, they are blaming the coders for generating results that should have
failed even the most basic sanity checking. All of their finance geeks
upon seeing these ratings should have been individually and collectively
scratching their heads.
I'm not sure I buy it really. It just seems like corporate blame deflection.
I dunno. I'm no MBA but I would imagine that the rating of any composite
security should be the lowest rating of the most risky component.
A Pirate and a Puritan look the same on a balance sheet.
They're depending on us believing their media stories to escape responsibility; anyone who thinks about this situation would quickly realize that for a company full of financial analysts to not realize that an error of this magnitude was happening - well, it beggars the imagination.
What almost certainly happened is that they played the same game that so many other financial institutions did during the real estate bubble. But when the bills came due, they chose to deny responsibility and pass the blame on to someone else. The real crime here is that they'll be allowed to get away with this...
The Financial Times has the story that billions in incorrect AAA ratings given out by Moody's were the result of a coding error in its computer models.
So one of the top financial services companies in the world, staffed with MBA's and finance professionals, and none of them noticed a coding error that changed debt ratings by that big of a margin? That strains credibility to the breaking point. And on the other side of the table, none of the financial institutions buying collateralized debt instruments ever looked at those ratings and thought they were a little optimistic? Come on. The entire sub-prime mortgage mess was a computer glitch.
Guess that means cocaine use is alive and well on Wall Street. Because you have to be really, really high to field a whopper like that.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
According to one of the Financial Times reporters on the story, interviewed on my local NPR station, the rating was unchanged AFTER Moody's supposedly found and corrected the error, because they "changed their methodology" between the original flawed rating, and the discovery of the flaw.
This guy didn't sound especially convinced, and no one's mentioned any kind of due diligence requirement on the rating agency to actually make sure that their ratings are correct. Apparently whatever gets spit out of the formula is accepted as official, and in this case, they had a lot of incentive to fail to get around to any due dilligence.
security should be the lowest rating of the most risky component. That's not correct in general. Many structured products and derivatives have components that cancel each other out. A really silly example is a portfolio that buys a stock and short sells it at the same time, which will net out to nothing (except lost transaction fees). Obviously CDO's and whatever are ridiculously more complicated, but you get the point.
It looks like the problem is that these investment vehicles are really hard to understand the intrinsics of, let alone model properly. The FT's awesome finance blog, FT Alphaville goes into a lot more depth on the whole issue - they "explain" the investment thingies themselves, the CPDOs, as well as the failures themselves.
"I'm not sure I buy it really. It just seems like corporate blame deflection."
If anything, the story paints a completely different, much worse picture:
1) Coding bug found to be cause, internally at Moody's
2) Internal docs show adjustment of model factors, ruling out high volatility as part of the model, in order that ratings after the bug fix don't deviate much from those before the bug was found.
That's my understanding of the story, anyway - IANAFinancier. But to me this paints Moody's in a much, much worse light than if they had *just* had a bug in the initial model which they then fixed - after all, that would have resulted in a re-rating...
(Again, I don't quite understand what's going on here, but that was my initial take on the situation)
while (true) {
if (isSECWatching = false) {
commitEgregiousFraud();
}}
Assignment vs. equality check strikes again!
You can already buy systems like this. You can buy systems that absolutely have to work all the time, no downtime, no crashes, etc. However, there are some major stipulations:
1) It isn't cheap. There is going to me some major engineering to design it, and it will require some major redundancy in hardware to protect against faults. As such, you are going to pay a lot for it.
2) It isn't fast. No you can't have it today, you can't have it this month, you can't have it this year even. The development and testing will take a long time. This can't be rushed, it simply takes lots of time and lots of testing to make sure there are no faults.
3) You can't add features to it. Once the system is in place, it can run only what it was designed for. You can't go and install new software or anything. If you want any changes made, those will have to go through a full set of testing. No unverified code can be running.
4) It must be accessed only in approved ways. You can't just hook it up to the Internet and go wild, input will need to be properly regulated to make sure it doesn't cause an unforeseen problem.
5) You can't mess with it. Your people will not be screwing around trying things with it. It'll be maintained under a support contract only by certified personnel.
If that's not ok with you, well then some bugs are something you have to accept. This idea that programmers should be able to easily engineer perfect, bug free software quickly and cheaply is just amazingly ignorant. Especially when people come up with false analogies "Oh well people would sue if cars were made as badly as computers!" No, you'd get arrested (or killed) if you tried to use a car like people use computers. If people treated cars like computers they'd expect to be able to run in to a wall at 80 miles an hour and suffer no injuries to themselves or the car.
Cars work well if an ONLY if they are operated properly (and even then not always). You have to do things like obey proper driving regulations, maintain the engine, and so on. If you don't, well shit is going to go wrong, maybe catastrophically wrong. Yet people do just that with their computers all the time. They install random shit, never perform any maintenance, and expect that the computer will magically protect them from all problems.
They won't go after some low-profile wonk. The French bank with billions of losses from a couple of months ago is trying the same thing. It's not plausible.
This is very quickly how the scam works:
The way bond agencies survive is by acquiring new business. Let's say a utility issues a bond for a new water project. They shop the issuance around. Highest rating gets the business. The higher rating means (roughly) less "insurance" they have to carry and the more they can use free cash to do other things.
The bond agencies are as "financialized" as a low-end broker sweat shop. No one seemed to care when the money was flowing. It's easy to take shots after the fact.
Few people follow the Fed's TAF's and its junk-filled balance sheet. It's worse than the credit agencies situation. Who knows if that will ever blow up like the credit markets.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
failed even the most basic sanity checking. Indeed. This isn't a coding error, it's a testing error. Or perhaps a process design error.
Any professional knows that coding has a certain error rate. So you add practices, like pair programming, unit testing, acceptance testing, external code reviews, parallel implementation, and black-box testing until you get below the error rate you need.
For some part-time e-tailer's web site, you can skip a fair bit of that; if you fuck up badly enough, you might cost them an entire $500. But in the financial world, they know that errors can cost a lot more, like a million times more, and so it's worth spending more on quality-oriented practices.
Blaming this on the coder who happened to make the key error (if indeed their was one) is like blaming the Titanic disaster on some guy who missed a rivet on that side. It's the purest bullshit, designed to deflect responsibility from the people in charge. If they set it up right, a single person would be unable to make a mistake of this magnitude.
Any dev worth his salt would be blaming, in order:
1) The Firewall
2) The Load Balancer
3) The Firewall
4) The Network Routers
5) The Firewall
6) The Network Cables
7) The Firewall
8) The Network Engineering Team
long before they figured out it was a Layer 8 issue in the code.
To the extent that different investments in a portfolio (which is what a "composite security" is, in essence, a prepackaged portfolio) have independent risks, there is a leveling effect (this is why, e.g., when you roll two dice, the distribution of the results is tighter proportionate to the range than when you roll one, and tighter still when you roll three, etc.)
OTOH, to the extent they tend to vary together, they don't level each other. Assessing the degree to which two different investments are independent in their risks is, AFAIK, still more art than science to start with, and when the people doing the assessment often have financial interests (even if only indirectly) in promoting the sales of the packaged investments, well, the results are likely to represent those interests more than any rational assessment of reality.
Calculated Risk believes this is a case where S&P decided not to believe their own models and tweaked them to match the results derived by Moody's, which spit out the wrong results in the first place. Call it bug-compatibility, but it's also clear that there were plenty of financial incentives at the time for the rating agencies to deliver results in step with their peers lest they lose out on lucrative "second opinion" business.
Dog is my co-pilot.
Confusing summary aside, this is the biggest load of crap I've read in a long time. The financial world made a really bad guess on just how much "money" was really in the US economy and now they are paying for it. They can't actually be held accountable because then people might catch a glimpse of the fact that the financial wizards who run our lives are really full of shit. So instead of taking responsibility for their mistakes they are blaming it on a computer bug. How effin convienent for them.
"Hey everybody, we aren't fucking idiots. You see, it was the computer! I just told you what it told me on my screen. Hold on... my third trophy wife is on the phone... she's telling me that her and the Lamborghini are stuck in traffic somewhere between my multi-multi million dollar home and the club house where I spend multiple tens of thousands of dollars a year. I'll get back to you right after I blow a few more rails of coke!"
How the hell did these people get to be in charge of society?
I'm no MBA but I would imagine that the rating of any composite
security should be the lowest rating of the most risky component.
Nor are you a statistician (which I'm not either, BTW, but I slept in a Holiday Inn Express last night...). Not dissing you, BTW.
The risk of a portfolio is dependent on the individual components' correlation with each other, as well as their individual risk. You can make a fairly safe portfolio out of relatively risky investments, IF the individual investments are not correlated in their behavior. If you have stocks and bonds in your portfolio, for example, this reduces portfolio risk because prices of stocks and bonds tend to not track each other tightly. Something that trashes the stock market overall may not impact the bond market as much, thus the variability in the overall portfolio is reduced.
This assumption of lack of correlation is what is causing the house of cards to tumble. Risk packagers assumed that there would be no fundamental common fall to the subprime housing market, and priced risk accordingly, which caused interest rates to be too low for the associated risk, which caused over-purchase of the loans. Everyone could have been completely honest, and we would still have this problem.
From my limited understanding of the problem, there are several fun things going on in this situation, any one of which are troublesome:
1) the real estate bubble as a whole, where we lost sight of what a piece of property can really be worth. Regardless of how pretty the house is, the price has to be something that can be paid for out of the income stream of the owner. This was enabled by
2) the mispricing of loans by the industry, in part due the flawed risk assessment, and in part by the complete breakdown of law and morality in the mortgage brokering business, well described elsewhere. These two factors made it cheaper for marginal borrowers to get into property that they couldn't afford, and in that deal (this is subtle) the ultimate lendors endangered themselves because they made loans at an interest rate which did not properly compensate them for the risk they took on. This was enabled by
3) the growth of the securitization of the mortgages into portfolio securities. This was and is I think a good idea, as it allows flow of capital into housing loans from sources that wouldn't otherwise easily be able to supply it. However, apparently the risk modeling that was used to price these was flawed, well before the aforementioned bug surfaced. That meant that these loans were mispriced, as I mentioned before. Since the price was too low, people overpurchased the product. Several somebodies, somewhere, didn't factor in the risk of the bubble in the prices mentioned in one, and what a price collapse would do. That fundamental risk, and the resultant mispricing of the loans is what is bringing the house of cards down. That risk makes this bug trivial in comparison. IMCLTHO
I was taught to respect my elders. The trouble is, it's getting harder and harder to find some.
That actually is (used to be?) a tax dodge.
Take the money you want sheltered. Spend all of it on buying stock and selling an equivalent amount short. If the stock plummets, write the purchase off on your taxes. If it soars, write the short off on your taxes.
Step 3: Profit. Anyone taking notes should question why we have such a screwed up tax system.
DATABASE WOW WOW
This entire story is bullocks, and your analysis is accurate. We aren't talking about a trivial error here. The models were spitting out obviously false results, and Moody's (and everyone else) gladly accepted those bad results. For at least 3+ years now, several analysts have pointed out ratings were too high and that they didn't pass the "smell test". If Moody's is not responsible for their models, then why shouldn't I write some half-assed model of my own, demonstrate to lenders how in the short term it will make them money, and then when I get caught, just point out that I never claimed my models were accurate.
Actually, that's not a bad idea.
To put it in a language slashdotters will understand.
1. Invent model.
2. Lie about model's accuracy.
3. (Sell model)???
4. Profit.
These structured products are broken into what are known as tranches.
Even if you know you're holding a pile of dog crap mortgages, you know that most will be able to make first months payment. Each successive monthly payment pool is likely to have more defaults, and thus uncertainty grows. If you take 1000 loans, and group the payments together, you can theoretically predict the risk of each band of payments. If you buy the first band, aka tranch, you're far more likely to get paid than if you buy the junior tranches that are expecting payments 30 years from now.
Here's where the fun stuff happens. Those earlier tranches that are more likely to get paid will usually be given very high credit ratings, as it's likely that the owner will collect the income from the pooled debtors. Since the security their holdings is so highly rated, perhaps AAA, then other institutions are willing to accept that AAA security as collateral for additional borrowing. This all continues on in a crazy cycle of leveraging until you have hunders of dollars of leverage to cents of actual income. All the while, these leverage products maintain a high credit rating, because it's all based off of AAA securities.
What happens when people start to default on the orignal loans and the person who bought that orignal pools of loans doesn't get paid? They can't pay their interest to a person who in turn can't pay their interest to a person who gets screwed and has to bring this "safe" security onto their balance sheet and write it all off as a loss. TADA! Credit crunch.
It's more complicated than simply reducing correlation. To hugely simplify: let's take 10 mortgages of equal size, and sell 2 securities related to them:
* The "senior" security is the size of 5 mortgages, and pays it's buyer as long as *any* 5 of the 10 mortgages are paid.
* The "junior" security is also the size of 5 mortgages, and assumes all the risk for all 10 unless 6 or more of them go unpaid (but pays a really nice interest rate).
How reliable is the senior security? If you look through all historical American data and see that failure of 60% of mortgages has never happened (assuming here that we're taking the mortgages from different markets in theis simple example) then you have created a security that, based on all available historical data, is quite reliable.
Of course, the reality of thse securities is far more complicated, but this gets the basic idea across: in order for the AAA rated securites to fail, we'd need a fall in house prices unprecedented in American history. A few of have been predicting such a fall for years, but so what? There are always some loonies predicting doom and gloom, and the hard data supported the ratings.
Socialism: a lie told by totalitarians and believed by fools.
Therein lies the problem: the senior 100000 of 2 million piece of crap mortgages that their holders can't pay still has a high likelihood of some or all of those mortgages defaulting. So if the pool overall is no good, the seniority does nothing to solve that problem. And that's before CDO^2 nonsense is used to claim that the senior of lots of junior tranches of various pools are as good as the senior tranches of a single pool...
So the senior tranches of CDO's have to be based on the risk ratings on the whole mortgage pool, and this is precisely where Moody's and S&P bamboozled the public and are now trying to blame it on a bug. They would bless the claim that the top of nearly any pool was great stuff, no matter what the contents of the pool were. As others have observed, that's no coding bug, it's a policy to willfully ignore reality to facilitate the sale of more securities.
The mortgage market was hardly unserved when the securitizers entered it - rather it was full of banks offering conventional mortgages at rates that properly priced the risk (and the banks took care to do that, since they held on to the risk at that time, and federal insurance laws require them to have sane risk holdings). The introduction of securitized mortgage products flooded the market with much cheaper debt. That meant that the pools kept getting progressively worse and worse as the lenders headed down-market to try to sell mortgages to people who didn't already hold more than enough debt.
And as for the loonies, as asset bubbles go, the runup in housing has only one precedent in American history: the speculation before the Great Depression. Now there are a lot more safety valves in the finance system these days, but to claim that it is or was doom and gloom to be concerned about the size of the bubble is pretty a blinked view of the world.