How Credit Suisse failed at basic risk management

When Tidjane Thiam was fired as CEO of Credit Suisse in early 2020, the stated reason was his involvement in a spying scandal. Now that an incendiary report has been released by Credit Suisse about the bank's internal risk controls under Thiam's leadership, it looks like he was fired for the wrong reason.

Why it matters: The 165-year-old Credit Suisse, with its trillion-dollar balance sheet and 50,000 employees, is one of the most systemically important financial institutions in the world. The weakness of its internal controls, exposed by the collapse of the Archegos hedge fund, amounts to a major international scandal.

The big picture: Credit Suisse lost $5.5 billion as a result of effectively lending Archegos money that the fund couldn't repay.

• Credit Suisse had multiple layers of risk management designed to avert exactly the kind of catastrophe that ultimately ensued.
• "Every business-side employee is responsible for safeguarding Credit Suisse from loss," notes the report.
• In this case, employees at a host of units spanning the bank — like Prime Services Risk; at Risk Management; at a Counterparty Oversight Committee; at X-Value Adjustment; a Credit Risk Management; at Counterparty Credit Risk; and also at a Hedge Fund sub-unit — were specifically charged with monitoring the kind of risks that Archegos was taking on and preventing them from getting out of hand.

What they're saying: The losses were "the result of a fundamental failure of management," concludes the 172-page report, written by a team of lawyers from Paul Weiss.

• "The Archegos risks were identified and were conspicuous," it says, but "business and risk personnel... failed at multiple junctures to take decisive and urgent action to address them."
• One example: In August 2020, Credit Suisse calculated its "potential exposure" to Archegos at $530 million, vastly higher than the hedge fund's $20 million limit. The bank's "scenario exposure" — a different measure — was higher still. It also knew that the data underlying those calculations could be as much as six weeks out of date. Yet it did nothing.

Between the lines: Credit Suisse is making this report public, StoneTurn risk and compliance advisor Julie Copeland tells Axios, because "Archegos is a stain on Credit Suisse’s name. Short of doing this, they would not be able to satisfy their customers, shareholders, and regulators that they get it."

• My thought bubble: The problem did not just lie with individuals. It was systemic and cultural, and it's not at all clear that the lumbering beast that is Credit Suisse is even capable of changing its ways to ensure that this cannot happen again.

The bottom line: The fear of all macroprudential regulators is that the world's largest banks are all too big to manage. This report will only reinforce their worst fears.