Utilizing ISO Standards In Quantitative and Mathematical Finance

Utilizing ISO Standards In Quantitative and Mathematical Finance

Utilizing ISO Standards In Quantitative and Mathematical Finance
 Utilizing ISO Standards In Quantitative and Mathematical Finance 

 
Understand the importance of utilizing ISO standards when leveraging algorithms to create mathematical models for financial returns.Within quantitative and mathematical finance, many financial institutions utilize mathematical algorithms to create financial models that produce investment returns and predict market behavior. Financial models are representations of how the market will respond to specific events or how securities will perform under certain conditions. 
When financial institutions utilize complex algorithms to produce financial models, they expose themselves to operational risks that could lead to adverse effects in the form of financial, reputational losses and non-compliance with regulatory standards. Operational risk represents the probability or likelihood of financial and reputational losses due to failures in internal systems, processes, or human error. 
 
Download Also:
Because poor algorithms and models can result in astronomical losses for financial institutions and their clients, organizations should create operational risk frameworks that ensure that financial models are built, tested and utilized according to industry and regulatory standards such as the International Organization for Standardization (ISO) Standards. When creating their operational risk frameworks, organizations should leverage the following ISO standards listed below. 

-ISO 9000 Family: Create a quality assurance and testing program using ISO 9000 standards to ensure that quantitative algorithms and models undergo quality assurance testing. When performing quality assurance, it is essential that algorithms and models undergo simulation and scenario tests that systematically determine their ability to produce expected results. Because an algorithm represents a process to complete a specific task or produce a specific result, its failure to produce expected results in the form of financial returns represents a form of operational risk. 
For example, the Knight Capital incident in 2012 which led to $440 million in losses serves as an example of how ineffective algorithms and models lead to operational failures in algorithmic and electronic trading systems that result in financial, reputational and regulatory risk. Ultimately, incidents such as the Knight Capital trading error demonstrate the importance of utilizing ISO 9000 standards to detect errors in algorithms and models that could lead to negative results for the organization and their clients. 

-ISO 27000 Family: Protect algorithms and models from unauthorized access and misuse by implementing information security standards utilizing ISO 27000 standards. Mathematical algorithms and models represent highly confidential data and information that is proprietary to the organization. If a data breach occurred where highly confidential information is leaked due to unauthorized access, it could lead to unauthorized use by an internal or external party. 
 
As a result, the organization exposes itself to information security risk that could result in financial, reputational and regulatory losses. In addition to financial, reputational and regulatory risk, the organization could potentially lose competitive advantage if the data breach resulted in an external party such as a competitor gaining access to proprietary algorithms and models. 
To prevent and protect the organization, the organization should implement an information security program utilizing internationally recognized standards such as ISO 27000 family to ensure that the information technology and operational infrastructure protects data and information assets such as algorithms, models, and source codes. For institutions that utilize in algorithmic and electronic trading systems, using ISO 27000 family of standards is essential in ensuring that the organization protect data and information assets that enable the organization to improve profitability.

-ISO 31000 Family: Implement a risk management program utilizing ISO 31000 standards to create an enterprise and operational risk framework that protects proprietary and highly confidential information such as quantitative algorithms and models. ISO 31000 allows organizations to implement and maintain a corporate-wide risk management process as listed below that ensures that algorithmic and electronic trading systems that rely on algorithms and models operate according to industry and regulatory standards. 
 
By implementing ISO 31000 standards, organizations can effectively identify, assess, analyze, mitigate and monitor any internal and external threats in the form of risks on an enterprise-wide level that expose their quantitative trading systems to operational failures. ISO 31000 should be implemented in conjunction should with ISO 27000 family of standards to ensure that the enterprise and operational risk management framework incorporates information security risk management as defined by ISO 27000 standards. 

ISO 31000 Risk Management |Process  

-Identify inherent risks associated with utilizing mathematical algorithms and models. Inherent risk represents the risks intrinsic to utilizing mathematical algorithms and models to produce investment returns or predict market behavior.   
-Assess the internal controls of the organization to protect highly confidential information such as mathematical algorithms and models by conducting the following risk assessments below.
  • Information security: Determine whether the information technology and operational infrastructure effectively protects the confidentiality, integrity and availability of highly confidential data and information assets such as algorithms and models.      
  • Business Continuity/Disaster Recovery: Determine whether the organization has sufficient controls in place to ensure that their algorithmic and electronic trading systems that rely on algorithms and models can continue to operate effectively to meet their strategic objectives in the event of a business disruption.
-Analyze all inherent and residual risks associated with mathematical algorithms and models.   -Mitigate and monitor all residual risks associated quantitive algorithms and models. 
 
Overall, ISO 31000 standards ensure that the enterprise risk management framework encourages sound risk management principles to ensure that algorithmic and electronic trading systems that utilize algorithms and models do not threaten the corporate infrastructure of the organization.

Conclusion

Overall, the use of quantitative methods within finance serves as an example of how financial institutions utilize complex technological processes such as financial algorithms and models to increase their profitability and improve their competitive advantage. Despite the advantages associated with quantitative and mathematical finance, there exist risks associated with using financial algorithms and models that could potentially undermine the strategic objectives of the organization. 
 
Incidents such as the Goldman Sachs trading error that led to $100 million in financial losses show how algorithmic errors lead to poor models that expose financial institutions to financial, reputational and regulatory risk. To protect the firm from the probability and likelihood of financial, reputational and regulatory losses, it is essential that organizations leverage ISO standards to ensure that quantitative algorithms and models perform effectively.
 
Related Topics:
Implementing ISO standards ensures that the organization honors their fiduciary responsibility to clients by ensuring that algorithmic and electronic trading systems and processes act in the best interests of the organization and their clients. 

                                                  Catherine Tibaaga
About:
I am a Risk Management professional who has over seven years of experience working for global firms such as Jones Lang LaSalle, E*TRADE Financial, JPMorgan Chase & Co. and Freddie Mac. I have worked in a variety of roles in third-party risk management, procurement and accounting. To provide value to organizations, I conduct and lead risk assessment activities for corporations that seek to outsource their activities to third-party suppliers. 
 
I also help companies build their vendor, operational, and enterprise risk management programs. Using my expertise in building risk management programs, I work with organizations to ensure that their vendor risk management programs align and comply with regulations (i.e. OCC 2013-29, GLBA and Privacy laws) and industry standards (i.e. ISO 27000 family of standards, PCI and NIST standards). 
My core expertise includes: 
Risk Management: Third-Party Risk, Operational Risk, Enterprise Risk RiskTools: Hiperos, MetricStream, Archer, Agiliance Regulations: OCC, GLBA and Privacy Laws, FRB, FDIC Industry Standards: ISO 31000, ISO 27001, ISO 27002, PCI Compliance, NIST Standards (800-14, 800-37, 800-52), COSO Framework
Previous Post Next Post

Comments