The vaunted coding error at quantitative fund manager Axa Rosenberg continues to make news. Recall that earlier this month, the firm agreed to pay $242 million for the error in its risk model. Out of the $242 million, $217 million was for restitution and the rest for civil penalties.

This highlights a big issue regarding risk management: how do we know systems are sound and that coding errors will not lead to massive, company-threatening losses?

Compliance pros, according to Securities Technology Monitor, suggest the SEC's action against Axa Rosenberg is reflective of a new regulatory approach to operational risk management. In these times of software complexity and tight federal funds, the agency really has no choice but to be reactive. It cannot check every line of code itself. It would be foolish to try. But someone has to. Some think the SEC's mandate to end naked sponsored access is instructive; it depends on companies to police themselves.

Perhaps the most the SEC can do in this area is take a hard line on software integrity problems by holding executives accountable for their own code. The SEC has indicated it will pay special attention to how business units manage risk and whether "risk management, control and compliance are embedded into the business processes of the brokerage firm."

Broker-dealers should reconsider how they bring code into production and how they might be able to instill better quality at the vendor-level.

For more:
- here's the article

Related Articles:
Risk management remains an imperative
A new call to break down risk management silos
Are you ready to setup a risk committee?
Profile: Citi's chief risk officer