Credit Suisse and the Archegos collapse – lessons in Risk Management and Governance for all

In March 2021, Archegos Capital Management, a family office founded by Bill Hwang, defaulted on its loan relationships with Credit Suisse (the Firm) after significant falls in the value of its positions. The default resulted in losses of around $5.5 billion for the investment bank, leading to job losses, resignations, regulatory action, and significant reputational harm.

Credit Suisse were not the only bank adversely impacted by Archegos’ default. Nomura announced in April 2021 that it anticipated a $2 billion loss from the Archegos default, while Goldman Sachs, Union Bank of Switzerland, and Morgan Stanley also had working relationships with Archegos. However, these banks’ risk management systems allowed for sufficiently timely responses to mitigate the impending risk posed by Archegos. Goldman Sachs CEO David Solomon highlighted the bank’s “prompt action” to avoid losses resulting from Archegos’ implosion, noting that he was “pleased” with the response. This comes in stark contrast to events at Credit Suisse.

The investment bank commissioned an independent external investigation into the events surrounding the fund’s collapse. The resulting report, the Paul Weiss Report (the Report), was published on 29 July 2021.  The report’s findings contain a multitude of cautionary tales for risk managers and Board members across the financial services sector.

This is the first in a suite of articles examining the key issues identified within the report and considering the lessons that can be taken from the debacle. The key issues identified include:

• Inadequacies in the Risk Management Framework: Credit Suisse’s Credit Risk Management Unit received regular and comprehensive management information in respect of Archegos and its portfolio. Further risk management was provided by the risk team within Credit Suisse’s Prime Services business unit. The bank therefore had a good level of visibility and oversight of the risks posed by its prime brokerage clients. However, a lack of empowerment of those tasked with managing the bank’s credit risk hindered the operational effectiveness of a theoretically well designed framework. The firm’s risk managers intended to ask Archegos for additional margin to reflect the increased credit risk associated with its portfolio, but were prevented from doing so as this was deemed not to be in the interests of the bank by those responsible for managing the relationship. Concerns had also previously been raised internally at Credit Suisse regarding the effectiveness of the Prime Services Risk Team, specifically a lack of staffing, failure to replace senior staff, and a lack of risk management experience in its leadership.
• Failures of Governance: In 2020, Credit Suisse established its Counterparty Oversight Committee (CPOC) after incurring losses in a relationship with a hedge fund called Malachite Capital Management. The Report noted that CPOC had identified issues and recommended solutions relating to Archegos as early as September 2020. The committee drew up an action for the Credit Risk Management unit to monitor for changes in the risk profile of Archegos and to discuss again at a future meeting. However, CPOC failed to establish deadlines and assign ownership for the actions it recommended, with the result that substantive measures were not taken, and that Archegos was not discussed at committee level again until March 2021.
• Further failures of governance: The Firm’s CEO and CRO “only became aware of the bank’s exposure to Archegos in the days leading up to the forced liquidation of the fund.” We can speculate that the Firm’s C-Suite was not closer to Archegos because, from a revenue perspective, this was not a significant client. It’s worth noting that Credit Suisse made just $17.5 million in Archegos fees in 2019 for exposure to a potential $20 billion loss (at the peak of the fund’s activities) – suggesting commercial considerations had become entirely untethered from an assessment of risk.
• Client Due Diligence: In 2021, Archegos founder Bill Hwang Sung Kook pleaded guilty to charges of wire-fraud in the US. Subsequently in October 2014, a Hong Kong market misconduct tribunal banned Hwang from trading securities in Hong Kong for four years after he was found guilty of insider trading. The Report found no evidence that Credit Suisse had taken any mitigating actions in response to the risk posed by Hwang’s previous transgressions. This was despite the bank being made aware of the adverse news through a 2015 compliance review. Furthermore, the Prime Services business unit sought to resume trading with Archegos in Asia following the lifting of Hwang’s ban in Hong Kong in 2018. Another reputational risk review was conducted in response, but Compliance’s concerns regarding Hwang were dismissed with no substantial rationale.

The Report essentially concluded that the design of the risk management data, systems and framework was effective. However, it did not operate effectively because no one within the firm was empowered to act on the basis of the information the framework provided. Senior managers must be empowered to take swift and decisive action to protect the firm when key risk indicators point to outsized risk developing, even against the commercial imperatives and strategic objectives of the Firm. Furthermore, considerations of risk should be at the heart of commercial decisions and should not be contemplated in isolation – risk is return.

From BDO’s perspective, we have certainly seen elements of the issues identified within the Report crystallise within some of the firms we work with. In recent years, we have seen vast improvements in the design and structure of Risk Management Frameworks (RMFs). The level of detail and insight of MI gathered, in particular, has advanced significantly, particularly since the introduction of SMCR. The ongoing challenge for firms is around ensuring the second line has a strong voice at the Board and the risk perspective is included in strategic and commercial decision-making. The most effectively governed firms are those that understand that the second line is as vital to the success of the business as the first line. Risk is not working against the commercial imperative or putting the brakes on a Firm’s ambition, they are a key driver of sustainable and well-managed growth.

In subsequent articles we will examine the key failings at Credit Suisse more closely and consider the lessons that financial services firms should glean. We will look at the role of the second line specifically and how firms can ensure that Risk and Compliance are sufficiently empowered to drive effective risk management at your firm.

BDO has a wealth of experience supporting firms in ensuring their Board and oversight frameworks are robust enough to exercise effective control. We would highlight the importance of revisiting your risk management arrangements in order to ensure they continue to work effectively as many firms move to a hybrid model of working post-pandemic. If you have concerns about risk management and Board effectiveness, please reach out to our team of specialists to discuss the support services we can offer.

If you have any queries relating to the information above, please get in touch with our team or speak to Richard Barnwell.