Newsletter Old site

Newsletter May 2004

News update 2004-05: May 2004

A monthly newsletter on risk management in financial services,
operational risk and user-developed software from Louise Pryor

Comments and feedback to Please tell me if
you don’t want to be quoted.

Subscribe by sending an email to
Unsubscribe by sending an email to
Newsletter archived at

In this issue:
1. Models and risk
2. Phishing and security
3. FSA update
4. Weather perils
5. Newsletter information

1. Models and risk

The cause of the collapse of Terminal 2E at Charles de Gaulle
airport has not yet been determined, and there is a distinct lack
of instant blame to be found in the press coverage. There are two
main potential sources of problems: either there was something
wrong with the design, or mistakes were made during construction.
One pundit apparently said that since the design had been computer
assisted, the fault was more likely to be in the construction. I
must say I found this comment to be a bit of a non sequitur. It
appears to assume that the use of a computer model in the design
means that the design was fault free, thus showing much more
confidence in computer models than is reasonable.

I am willing to believe that the computer aided design packages
that architects use have few bugs in them. In other words, the
calculations performed by CAD packages are likely to be correct
(but it’s difficult to believe that they are totally bug

One of the major benefits of using models, whether for designing
airport terminals or for financial management, is that they are
simpler than the real world, making analysis much easier. The trick
is to omit the unnecessary detail, while retaining the important
characteristics. Sometimes that’s easier said than done: look at
what happened with the Millennium Bridge. It’s usually the leading
edge projects that show up this type of basic problem. Paul Andreu,
the architect of Terminal 2E, said that it was “bold … but
nothing revolutionary”, thus implying that the model probably
wasn’t being pushed beyond its usual envelope of applicability.

Ove Arup, the engineers responsible for the design of the
Millennium Bridge, have a good web site explaining how they went
about fixing the problem. They developed a new model, but had to
calibrate it by having people walk across the bridge and measuring
the effects. Calibrating financial models can be more difficult, as
you can’t operate a company for a few years under different
conditions to see what happens. You have to use the data that is
available, rather than generating the data that you’d like.

2. Phishing and security

We are all now aware of the phishing scams that regularly appear in
our mailboxes. They usually consist of a slightly ungrammatical
email asking you to go to some web site to verify your personal
details and password. The web site appears to be that of a bank, but
of course isn’t. In response, banks now warn their customers not
to believe emails purporting to come from them that ask for such

But what happens when you get an unsolicited telephone call,
purporting to be from your bank, asking you to answer security
questions before continuing with the conversation? Should you
answer them, or should you suspect some kind of scam? How can you
tell whether the call is really from your bank? You might expect,
on the grounds of consistency, that such calls would never be
genuine. The risk of giving out confidential information over the
telephone would seem to be pretty much the same of giving it out to
a web site.

However, it seems that at least one bank really does behave in this
way. The calls in question turn out to be for marketing purposes,
and it’s not clear why the customer’s identity has to be verified
through security questions. It is my view that the bank in question
is increasing the risk that its customers will be victims of scams
in the future. There is little direct risk to the bank, but the
indirect risks in terms of reputation could be significant.

3. FSA update

Don’t be misled by the title of CP04/08 into thinking that it
contains nothing of interest. Section 8, entitled “Proposed
Amendments to the Listing Rules”, proposes that UK listed companies
should be required to demonstrate the quality of their internal
controls to their auditors. The proposal follows on from the issue
of the new Combined Code on Corporate Governance in 2003 (available
at The FSA are
proposing that auditors be required to review the ten Combined Code
provisions relating to audit and accountability, all of which are
objectively verifiable. They would also like auditors to be
required to consider whether the directors’ “Comply or Explain”
statement has been made after due and careful enquiry, but have
decided not to push ahead with that proposal for the time
being. The latter option would effectively require auditors to
review the processes by which the directors’ review the internal

New consultation and discussion papers out this month:

CP04/7 Lloyd’s: integrated prudential requirements, and changes to
auditing and actuarial requirements – Including feedback on
CP04/8 Miscellaneous amendments to the Handbook (No.14)
CP04/9 Fees issues arising from the regulation of mortgage
business and general insurance broking – including feedback
on CP04/2

Feedback published this month:

PS04/13 Bundled brokerage and soft commission arrangements –
Feedback on CP176
PS04/14 Regulation of long-term care insurance – Feedback on CP200
and made text
PS04/15 Consolidated policy statement on our fee raising

Current consultations, with dates by which responses should be
received by the FSA, are listed at

4. Weather perils

I have now been on three walking holidays running with unseasonably
warm weather: north Italy in May 2003, northwest Scotland in August
2003, and northeast USA in May 2004. At times, in all three places,
it was warm enough to make walking unpleasant. So, if you like the
heat, I advise you to go to the west of Ireland in October, which
is my next planned holiday. Or maybe not.

Another risk of going on holiday is that work builds up while you
are away, and you don’t have time to catch up with everything.
That’s why this newsletter is shorter than usual, and slightly

If you are in Edinburgh this weekend, consider going to the
Edinburgh Bach Choir’s concert on Saturday evening. We’ll be
performing Handel’s Dixit Dominus, Vivaldi’s Magnificat, Bach’s
Cantata no 182, and Purcell’s O Sing unto the Lord. See for more

5. Newsletter information

This newsletter is issued approximately monthly by Louise Pryor
( Copyright (c) Louise Pryor 2004. All
rights reserved. You may distribute it in whole or in part as long
as this notice is included. To subscribe, email To unsubscribe, email All comments, feedback and other
queries to Archives at