Newsletter Old site

Newsletter Feb 2004

News update 2004-02: February 2004

A monthly newsletter on risk management in financial services,
operational risk and user-developed software from Louise Pryor

Comments and feedback to Please tell me if
you don’t want to be quoted.

Subscribe by sending an email to
Unsubscribe by sending an email to
Newsletter archived at

In this issue:
1. $1.6 billion loss
2. Events
3. Bugs
5. FSA update
6. Pirates ahoy!
7. Newsletter information

1. $1.6 billion loss

In May 1995 Carolyn Whittaker of Alabama took out a life insurance
policy for $25,000 with Southwestern Life through insurance agent
James Perry. The premiums were $50 a month. The policy lapsed in
October 1996, but Perry continued to collect the premiums until
December 2001, when he suggested that she let the policy lapse.
Whittaker was suspicious and contacted Southwestern, who told her
that her policy had expired in 1996. Whittaker sued.

She sued Southwestern as well as Perry, claiming that Southwestern
should have known that Perry was dodgy (I paraphrase slightly; he
had a prior verdict against him of $5 million for the same
conduct). She was awarded $10 million in compensatory damages and
$800 million in punitive damages from each party, making a total of
over $1.6 billion. Note that her actual loss was presumably between
$3100 (the premiums she was defrauded of) and $25,000 (the value of
the policy).

Southwestern, which is now owned by Swiss Re, plans to appeal.
Apparently under Alabama law punitive damages are limited to three
times compensatory damages, which would bring the total loss down
to $40 million each for Southwestern and Perry.

However, even a $40 million operational loss falls into the high
impact bucket. And however much is eventually awarded, the legal
costs are hardly likely to be insignificant. How would you have
assessed the risk of not vetting your intermediaries properly?

2. Events

The actuarial profession is holding a seminar on Financial Risk on
23rd March. Details are available at It looks
as if it will be an interesting day, with a good line up of
speakers, and certainly not over actuarial in nature.

On 22nd March a paper on “Quantifying operational risk for general
insurance companies” will be presented at a Sessional Meeting of
the Institute of Actuaries
I can whole-heartedly recommend this excellent paper, as I am one
of the co-authors. Much of the paper is applicable to operational
risk in general, rather than being specific to any sort of
insurance company. It will be available at from
early March.

3. Bugs

Remember those power outages in the US last August? Guess what! A
software bug helped to cause them. It turned out there was a
previously unknown bug in an energy management system supplied by
General Electric. “It had never evidenced itself until that day,”
said spokesman Ralph DiNicola. “This fault was so deeply embedded,
it took them weeks of poring through millions of lines of code and
data to find it.”

The bug was triggered by a unique combination of events and
alarm conditions on the equipment it was monitoring, DiNicola
said. When a backup server kicked-in, it also failed, unable to
handle the accumulation of unprocessed events that had queued up
since the main system’s failure. Because the system failed
silently, the operators were unaware for over an hour that they
were looking at outdated information on the status of their portion
of the power grid.

You may remember that in March 2003 there were a series of system
failures at Danske Bank, some of which were caused by a hitherto
unknown bug in the DB2 database software – see my April 2003
newsletter at;
the relevant item is entitled “Troubles come in threes (or more)”.

Both incidents involved bugs that had not been discovered in the
presumably thorough testing performed by the vendors, or in the
years of use in many installations. To me, the lesson here is that
you can never assume that there are no bugs. Just think of all the
bugs in Excel (see the last couple of newsletters for details). It
would be a big mistake to believe that any software that you write,
including spreadsheets or models developed with specialist
packages, can buck the trend. Performing more testing is never
pointless (although it may not be cost-effective).

4. FSA update

This is the first time since this newsletter started that there
have been no new consultation papers between issues. Admittedly,
that’s only just over a year, but it really does seem as if the
flow is drying up. This probably shouldn’t surprise us, as there
have been so many issued on so many topics that they must have
covered a large part of the possible ground. It looks as if the
start up phase is finally coming to an end.

New consultation and discussion papers out this month:


Feedback published this month:

CP188 PS04/3: Clarification and revision of Financial Promotion
Rules and Guidance – Feedback on CP188

Current consultations, with dates by which responses should be
received by the FSA, are listed at

5. Pirates ahoy!

Are you using unlicenced software? Maybe an evaluation copy that
you have never bothered to register? Or using more copies than you
have paid for? If so, you could be in big trouble if FAST, the
Federation Against Software Theft have their way
( They have recently announced that they
will use criminal proceedings to crack down on organisations
misusing software. Up to now they have tended to use civil
proceedings. Geoff Webster, CEO, said “The message to company
directors is clear – check your software licenses! Until then you
cannot be 100% certain that you’re not acting illegally and on the
way to receiving a criminal record. Software publishers who are
members of The Federation will not tolerate anyone making illegal
use of software.”

Meanwhile, the Business Software Alliance (
say that organisations from within the IT sector are the biggest
offenders. This is not surprising when you realise that they
probably use more software than organisations in other industries,
but on the other hand you’d think that they’d be more conscious of
the issue. After all, they’re the ones that lose out.

6. Newsletter information

This newsletter is issued approximately monthly by Louise Pryor
( Copyright (c) Louise Pryor 2004. All
rights reserved. You may distribute it in whole or in part as long
as this notice is included. To subscribe, email To unsubscribe, email All comments, feedback and other
queries to Archives at

The next concert of the Edinburgh Bach Choir will be in Greyfriars
Kirk, Edinburgh, on Saturday 20th March at 7:30 pm. The programme
includes: Vittoria Mass O Quam Gloriosum est Regnum – Tavener Two
Hymns to the Mother of God – Britten Hymn to St Cecilia – Bruckner
Four Motets – Bach Jesu, Meine Freude. Details at Tickets from the Usher
Hall, Queen’s Hall, Assembly Rooms, or members of the Choir.