WASHINGTON (Reuters) - Public filings by Knight Capital Group show that the company viewed technology systems among significant risks faced, but the duties outlined for its board members do not specify oversight of technology as a factor that could derail it.
Knight Capital suffered a $440 million loss on Wednesday due to a trading foul-up blamed on software, and the company is now fighting for survival. Coming after the problems with Facebook’s initial public offering and the Flash Crash of 2010, Knight’s problem has put a renewed focus on the level of risk posed by technology.
Oversight of technology risk is not commonly specified as a board responsibility in financial services firms, but that may need to change as the consequences of failure in financial services firms rise, some analysts said.
“If you go back 10 years ago there was no risk committee on these boards. Now all of a sudden everybody has a board-level risk committee. As things happen what you are going to see is maybe we should be looking at these other issues too,” said Bernard Donefer, a financial technology expert and associate director of the Subotnick Financial Services Center at Baruch College in New York.
Knight Capital, which acts as a market maker for buyers and sellers of securities, said Wednesday’s technology breakdown was caused by the installation of new trading software, which led to the company sending out numerous erroneous orders in New York Stock Exchange-listed stock into the market.
Knight acknowledged the seriousness of potential technology risks in its 2011 annual report, referring to “capacity constraints, systems failures and delays” as risks that could ultimately result in “transactions not being processed as quickly as our clients desire, decreased levels of client service and client satisfaction, and harm to our reputation.”
“If any of these events were to occur, we could suffer substantial financial losses, a loss of clients, or a reduction in the growth of our client base, increased operating expenses, litigation or other client claimed regulatory sanctions or additional regulatory burdens,” it said.
Knight’s chairman and chief executive officer, Thomas Joyce, told Congress in June that Knight Capital deployed some of the world’s most sophisticated trading technology to execute client orders. He told lawmakers that trade execution was better than ever.
“Remember that during the course of the last few years, with the exception of two notable exceptions, the equity markets worked flawlessly,” Joyce told Congress, referring to the flash crash and the Facebook IPO.
Nevertheless, Joyce endorsed new standards for market makers, including stricter capital requirements.
Knight Capital’s 2012 proxy statement said the company’s board and its committees met regularly to consider “significant risks” facing the company, but it did not specifically cite technology in that context.
The primary responsibility for managing operational risk lies with operating segments, Knight said in its annual report.
Top company executives with responsibility for risk management, according to the proxy statement, include Chief Financial Officer Steven Bisgay, who was charged with “enhancement of the company’s overall risk management infrastructure.”
Management, the statement said, had a process in place that it used to ”identify, analyze, manage and report“ on all significant risks facing the company.” It went on to list risks as enterprise, financial, operational, legal, regulatory and strategic.
Knight does not list a risk committee by name.
A spokesman for Knight Capital asked for questions regarding the company’s risk management policies to be submitted by email but did not immediately respond.
When trying to limit technology risk, it does not matter how often a board meets if the firm fails to conduct enough monitoring and testing of its technology systems, said John Alan James, professor at Pace University’s Lubin School of Business.
“Again it comes back to how it is managed. It depends on how high a profile the CEO put on this,” James said.
Boards are generally concerned with credit- and market risk, said Baruch’s Donefer, saying it would be unusual for a board to have a risk management process that specifically dealt with technology.
“When they look at technology it becomes a lot harder to try to figure out exactly what is the risks that you are looking for,” he said.
But going forward, technology may be part of the risk management responsibilities of financial company boards, he said.
(Editing by Randall Mikkelsen and Leslie Adler; This article was produced by the Compliance Complete service of Thomson Reuters Accelus. Compliance Complete; here; provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 230 regulators and exchanges.)
This story has been refiled with the Pace University professor's full name in the 17th paragraph