Would You Rather Own A Business That Discloses Unusually Bad Operational Losses, Or One Whose Management Doesn’t Tell You Any Bad News At All?

I-OnAsia Risk Advisory Review: HSBC & Hang Seng Financial Sub-Index OpRisks
By James Tunkey & Jacqueline Evers

I-OnAsia’s Risk Advisory team has just completed a study of the most recent decade’s risk management disclosures by the Hang Seng Index’s Financial Sub-Index constituents to investors.  The research, led by our senior associate Jacqueline Evers, has yielded two troubling insights: HSBC has experienced a decade of unusually high levels of losses due to bad business practices; and, the vast majority of other Finance Sub-Index constituents are not being fully transparent in their annual reporting about operational losses.

Our team is reminded of the sick game in 3rd grade, where you give your classmate two bad options (kiss the tail end of a dog, or eat a worm).  We’ve been asking: Would You Rather Own A Business That Discloses Unusually Bad Operational Losses, Or One Whose Management Doesn’t Tell You Any Bad News At All?

Clearly, most people would prefer to invest in good managers who are transparent.

About I-OnAsia’s Risk Advisory Study

For over 15 years, I-OnAsia’s Risk Advisory team has used the Bank for International Settlements (BIS) standards for classifying operational risks, breaking out OpRisks into the following categories:

1.       Internal Fraud
2.       External Fraud
3.       Employment Practices & Workplace Safety
4.       Clients Products & Business Practices
5.       Damage to Physical Assets
6.       Business Disruption & System Failures; and,
7.       Execution, Delivery& Process Management.  

Since 2004, I-OnAsia’s Risk Advisory team has maintained a database of OpRisk losses reported by all Hang Seng Index constituents in their annual reports.  Our database goes back to World War II, and includes both financial and non-financial institutions.

I-OnAsia’s Risk Advisory team uses this database to deliver unique due diligence and risk management assessments.  I-OnAsia’s understanding of historic OpRisks at property companies has helped inform our advisory on build-outs of new regional headquarters for multinationals.  

I-OnAsia’s most recent study has updated OpRisk loss data for the forty-six constituents of the Hang Seng Index in 2018.  

HSBC’s Business Practices: A Major Source of OpRisk Losses

HSBC reported roughly US$11 billion (in today’s dollars) in OpRisk losses between 2009 and 2018, according to analysis of HSBC annual reports by I-OnAsia’s Risk Advisory team.  Nearly three quarters of this amount was from foreign fines, penalties, and judgements.  

There is no doubt that HSBC’s retail and commercial banking networks in Europe and the Americas have opened the company to heavy foreign regulatory scrutiny, but HSBC’s business practices have gotten it into trouble in Hong Kong as well as in western markets.   Key problems have been identified in:

  • Foreign exchange rate fixing;
  • Precious metals trading;
  • Payment protection insurance;
  • Interest rate derivatives;
  • U.S. mortgage securitization activity;
  • U.K. Consumer Credit Act lending; and,
  • Anti-money laundering and sanctions-related failures.

These unusually heavy losses due to internal business practices ultimately resulted in HSBC’s turning to a new external Group Chairman in late 2017.  

The take-away: bad business practices and weak oversight and compliance can cause so much pain for shareholders that it can bring down an executive team.

Concerning Lack of OpRisk Loss Event Disclosure at Eight Hong Kong Listed Financials

China Construction Bank reported a combined US$7.5 billion (in today’s dollars) in non-fraud related OpRisk losses between 2008 and 2018, and a certain amount of OpRisk loss is expected each year at any bank around the world.  During the same timeperiod, HKEx reported a substantial loss event due to business practices.

None of the other eight Hang Seng Finance Sub-Index constituents reported a single significant operational risk loss event to investors in their annual reports between 2008 and 2018:

Hang Seng Bank; AIA Group; Industrial and Commercial Bank of China; Ping An Insurance; BOC Hong Kong; China Life; Bank of Communications; and/or, Bank of China.

Unfortunately it is difficult to say for sure whether this lack of reported losses was due to superior risk management practices at these eight companies.  It is I-OnAsia’s assessment, based on a global review of data submitted by financial industry peers to the BIS, that zero reports of OpRisk losses by eight large institutions over an entire decade is unusual and potentially concerning.

Details disclosed to the public by HSBC in its annual reports about OpRisk losses provided an opportunity for investors to understand the specifics of problems at the bank, and advocate for improvements.  The absence of OpRisk loss reports raises questions about whether public investors have a strong enough grasp on the risks associated with these eight enterprises.

Another take-away: without detailed data on OpRisks, investors in financial institutions may be flying blind to bad business practices.

Exam Cheating + Pre-Revenue Biotech = Fraud Concerns

By James Tunkey, COO

One of the biggest potential challenges for investors in pre-revenue biotech companies preparing to IPO in Hong Kong may be linked to the region’s problem with exam cheating.

The value of pre-revenue biotech companies is directly linked to the quality of their science, and progress through clinical trials to full regulatory approval for human use.  But determining the quality of a biotech company’s scientific research is extremely difficult, even for specialists.

Fraud is a big problem for the industry globally.  One fundamental building block for a good biotech company is the quality of its research.  But there is a global problem with fake peer review, where lies are told by people trusted to offer an independent assessment of a company’s science.  Biotech values also skyrocket when a drug progresses through government clinical trials.  Unfortunately, these can also be faked, with investors paying the price.

There is no evidence that Asia’s Ivory Tower has better academic integrity, or that science in Asia is immune to fraud and falsification of scientific results.  Instead, Asia appears to be ground zero for massive cheating scandals.  I-OnAsia has specialized in the investigation of exam cheating syndicates since 2001.  Highly sophisticated fraudsters sell exam results for nearly every exam or certificate imaginable, including health related certifications.  Networked student groups reverse engineer entire exams by collecting individual answers, and trade cheating tips on chat rooms and the Dark Web.  And the problem appears pervasive within the culture.  One 2016 report suggested that academic cheating by international students, particularly Chinese students, was fifty times (50X) worse than cheating by U.S. students.

The problem of exam cheating in the region could be particularly pronounced for Asia’s pre-revenue biotechs, given the importance of academic research to determining corporate value.  Old habits are hard to break, and common (un)ethical practices are likely to threaten the industry.  Fraud allegations have touched high profile western biotech companies such as Theranos, Aveo Pharmaceuticals, AnC Bio, Turing Pharmaceuticals, PixarBio, Innate Immunotherapeutics, and Sterling Biotech.  Asian companies are likely to follow.

Screening for fake degrees and false statements of academic achievement is already a common due diligence practice.  For Asia’s pre-revenue biotech companies is more valuable.

Likewise, pre-investment due diligence typically examines relationships between a company and politicians for compliance purposes.  More of the same activities are now essential to uncovering any untoward relationships with regulators overseeing clinical trials.

It is common for the quality of executives’ historic business relationships with third parties to be tested as part of any due diligence process.  The quality and background of any peers that reviewed early scientific research should be reviewed.

Finally, regulators frequently examine corporate culture when considering whether any firm is fit to sell stock to public investors.  Whether or not a company’s employees tolerate cheating is likely to be an important metric for measuring the quality of pre-revenue biotech leadership teams.

Crisis Management Authority James Tunkey Briefs Compliance Professionals

I-OnAsia’s COO James Tunkey has been asked to present to the Society of Corporate Compliance and Ethics on October 25th on the subject of Crisis Management Best Practices.  Tunkey will draw from his 25 years’ experience, including 4500 cases since establishing I-OnAsia’s office in the Americas.  “In order for compliance leaders to respond to real problems, they must have good intelligence,” says Tunkey.  Fake news has increased the value of accurate and reliable information gathered by trusted sources.  A senior executive cannot handle the worst case scenario, such as a social media PR crisis, without good information.  Tunkey will also present on crisis management issues relating to international whistleblower complaints.  Click here for a copy of the brochure.

The CEO’s Ruminations

I powered up my computer the other day and noticed an interesting article regarding the hackers du jour known as “Fancy Bear”.  Allegedly a sophisticated outfit owned and controlled by the GRU, a Russian military intelligence agency, Fancy Bear apparently attempted to create fake internet domains mimicking conservative Yank political institutions.  Microsoft, the media-proclaimed “Internet Cop”, claims to have thwarted these efforts (https://wsmh.com/news/nation-world/microsofts-anti-hacking-efforts-make-it-an-internet-cop).

Fakes?  Mimicking?  Microsoft as altruistic, Internet saviour?  Hmmm…

“Always judge a book by its cover.” – Derek Elmer

That’s right!  In the world of modern cyber-scams, you always need to accept my new twist on the old idiom “Don’t judge a book by its cover”.

Why should you judge a book by its cover?  The simple answer is to protect yourself against conduct similar to those naughty bears and, in a word phishing or the attempt to obtain sensitive information like username, password, bank details, the details of staff in a position to transfer funds.  For example, the Hong Kong Police recorded 653 cases of cybercrimes in 2005, which was the first year it began tracking such offences.  By 2016, the number of cases reached 5,939 in 2016 and resulted in HK$2.3 billion of losses to the victims!

Ouch…some fairly big winners and losers in this scenario.  Hard to blame the real police as they usually only get involved after the horses have bolted from the barn.  Heck, people (I use the term loosely) even publish information on “how to create a Facebook Phishing Page”.  I did not click on the link, which is www.hackingloops.com/how-to-create-a-facebook-phishing-page…perhaps you are braver (I use the term sarcastically) and want to give it a go.

However, in my never-ending search for a culprit and in view of Microsoft’s apparent, recent defeat of the naughty bears, I decided to have a look at these new Guardians of Cyber World – the likes of Yahoo!, Facebook, Google, Microsoft – as well as some governments’ efforts to protect us.

Are they doing enough or for that matter anything to educate their clients?  Does the average Internet user know anything about how to protect himself/herself?  Are there pro-active, “good samaritan” sites out there?

Let’s take a look at a small sampling of “free” websites offering education and reporting.  I avoided the plethora of consultants offering to protect you albeit I have to confess many offer some good solutions.

First, as in any new endeavour, I thought it useful to start with education.  Our Guardians of Cyber World are publishing quite a bit of information to get you up to speed on the “do’s” and “dont’s”.  Below is a sampling.


Yahoo!: https://finance.yahoo.com/news/how-to-avoid-phishing-scams-79488548827.html

Facebook: https://www.facebook.com/help/166863010078512?helpref=faq_content

Facebook: https://www.facebook.com/notes/aqib-mehmood-official/12-steps-to-avoid-phishing-scams-/581509021960999/

Google:  https://support.google.com/mail/answer/8253?hl=en

Google:  https://support.google.com/websearch/answer/106318?hl=en

Microsoft:  https://docs.microsoft.com/en-us/office365/securitycompliance/anti-phishing-protection?redirectSourcePath=%252fen-us%252farticle%252fanti-phishing-protection-in-office-365-75af74b2-c7ea-4556-a912-8c48e07271d3

I truly believe, whether for your personal benefit or to assist your employer, that reviewing some of these websites would be useful.

Second, if the horses have already bolted from the barn or you are feeling some of the “good samaritan” vibe, you have many private avenues offered by the Guardians of Cyber World to make a report.  I do not wish to make light of the importance of such reporting.  You may not have solved a problem for yourself, but reporting a website designed for phishing may save someone else…and I believe good deeds often come around full-circle to everyone’s benefit…call it karma.

Yahoo!:  https://safety.yahoo.com/Security/REPORTING-ISSUES.html

Facebook:  https://www.facebook.com/help/217910864998172

Google:  www.support.google.com/faqs/answer/2952493?hl=en

Google:  www.safebrowsing.google.com/safebrowsing/report_phish/?hl=en

Microsoft:  www.support.microsoft.com/en-us/help/930167/how-to-report-a-phishing-web-site

Microsoft:  https://docs.microsoft.com/en-us/office365/securitycompliance/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis

Last, but certainly not least, governments in every corner of the globe are offering educational opportunities and reporting sites.  Frankly, I was extremely happy to see my tax dollars being spent fairly wisely on an important subject!

Hong Kong:  https://www1.erc.police.gov.hk/cmiserc/EGIS-HK-Web_NEW_UI/ereport_details?report=CBR_CRIME&fontSize=100

Australia:  https://www.acorn.gov.au/learn-about-cybercrime/email-spam-and-phishing

UK:  https://www.actionfraud.police.uk/report_phishing

USA:  www.irs.gov/privacy-disclosure/report-phishing

USA:  www.consumer.ftc.gov/articles/0003-phishing

USA:  www.us-cert.gov/report-phishing

Remember the nursery rhyme “The bear went over the mountain / To see what he could see / The other side of the Mountain / Was all that he could see.”

Well, this time the naughty bear went over the mountain and Microsoft apparently stopped him from seeing anything.  I hope you take the time to learn about this dangerous bear and others so you too can smack their little snouts!

I-OnAsia has an extensive bespoke “Anti Phishing Educational Awareness Programme” for all levels of management and all areas of sensitivity. For a consultation please contact us without delay on – info@ionasia.com.hk

The CEO’s Ruminations

As I put my chubby thumbs and forefingers to keys, I could not avoid ruminating about The Donald’s never-ending tweet-screaming at the discredited Russian “collusion” investigation; London Mayor Sadiq Khan’s feeble attempt to explain news that the city’s death rate from knife and gun crime had overtaken that of New York; Japan suffering dozens of sad and, I would have thought, unnecessary deaths from temperatures exceeding 40C; New Zealand’s interim-PM misusing some apparent downtime to whine about Australia “copying” the Kiwi flag; Zimbabwe celebrating a perplexing non-Mugabe era; European tourists mooning the ancient ruins of Machu Picchu; and, well, you get the picture.

The world truly is a tad barmy…

Chew on that thought for a moment…

I-OnAsia eschews ad hominen attacks whilst opening an office in Canada

Whilst The Donald spewed and the Suave Justin politely deflected, I-OnAsia quietly planted a flag in the luvly town of Kelowna, British Columbia, Canada.

Our new office is managed by the no-nonsense Corrine Reid.

Corrine earned a BA in business administration, which prepared her not to suffer any BS during her career in senior positions of the usually all-male world of large sports associations.

She will be responsible for the growing business ties between Canada and Asia. I believe government and private joint initiatives, such as The Canada-Asia Trade and Investment for Growth Program, will create opportunities for Corrine to market I-OnAsia’s myriad of investigative services.

In addition, Corrine will manage our existing business in the western USA, particularly from the growing markets of Portland and Las Vegas.

What happens in Las Vegas may stay in Las Vegas, but Corrine is just the professional to overcome the opaqueness…unless, of course, the client is seeking an alternative solution!