Adam Shostak let the cat out of the bag about our combined blogging that’s going to be going on at http://newschoolsecurity.com/.

I’m pleased an honored to be joining Adam, Alex Hutton and Brooke Paul to continue to expand on the evolving challenges of Information Protection and Risk Management.

Blogging will be even lighter than usual here as a result, but I hope to see all of you, dear readers, over there.

If existence is turtles all the way down, then when it comes to technology and linked infrastructure, John Robb’s latest thought is Cyberhreats all the way down. There’s no good way to excerpt it, so you’ll have to just go read it. But that’s not a Bad Thing.

Still, as you read them, consider that these statements also apply to each component of the infrastructure with generally only syntactic tuning. Within a government or corporate entity, the same framework holds true. Within a business unit. Within a department. On a workstation. Within an application. Within a .dll or .so. etc.

So North Korea’s satellite launch attempt failed

North Korea failed in its highly vaunted effort to fire a satellite into orbit, military and private experts said Sunday after reviewing detailed tracking data that showed the missile and payload fell into the sea. Some said the failure undercut the North Korean campaign to come across as a fearsome adversary able to hurl deadly warheads halfway around the globe.

As I understand it, the failure was caused by a tangle in the string between the tin can on the satellite and the one on the ground.

AIG was a ponzi scheme for risk transfer and, IMHO, should be treated accordingly. We (meaning myself and the rest of the current and future taxpayers of the United States) should no more be bailing out AIG and its counterparties than we should be bailing out Bernie Madoff and his institutional counterparties.* And it, if the hints in the Institutional Risk Analyst article are to be believed, there is a paper trail to prove this.

I read yesterday (I forget where, I’m sorry to say) that the Madoff investigation is now widening to include his institutional counterparties who, basically, were either incompetent to possess their licenses or knew he was running a fraud but decided to ignore it so long as he continued to produce excessive returns.

Anyway, where I started was with a pair of fairly technical articles about risk transfer and re-insurance that summarize quite nicely what was really going on with AIG in particular and risk layering in general with regards to reinsurance and Credit Default Swaps during the past five years. Eventually, the transferred-but-not-really risk blew up and took everyone left holding it along with it.

Robert Waldman set me off about all this by leading me to this article, “AIG: Before CDS, There Was Reinsurance”

One of the first things we learned about the insurance world is that the concept of “shifting risk” for a variety of business and regulatory reasons has been ongoing in the insurance world for decades. Finite insurance and other scams have been at least visible to the investment community for years and have been documented in the media, but what is less understood is that firms like AIG took the risk shifting shell game to a whole new level long before the firm’s entry into the CDS market.

In fact, our investigation suggests that by the time AIG had entered the CDS fray in a serious way more than five years ago, the firm was already doomed. No longer able to prop up its earnings using reinsurance because of growing scrutiny from state insurance regulators and federal law enforcement agencies, AIG’s foray into CDS was really the grand finale. AIG was a Ponzi scheme plain and simple, yet the Obama Administration still thinks of AIG as a real company that simply took excessive risks. No, to us what the fraud Bernard Madoff is to individual investors, AIG is to the global financial community.

As with the phony reinsurance contracts that AIG and other insurers wrote for decades, when AIG wrote hundreds of billions of dollars in CDS contracts, neither AIG nor the counterparties believed that the CDS would ever be paid.

As Waldman cogently observes in his post

Contingent liabilities appear on published balance sheets (I mean Q-10s) at market value and without details. So on the assets side, a CDS has an effect which depends on its notional value and on the liabilities side at it’s market value.

Now I’d guess that regulators can detect and disallow regulatory benefits from positions which exactly cancel by definition. However, different CDSs can be very close substitutes without being identical. If I buy and write CDS on similar tranches of similar pools, I am not running (or insuring) much risk. If one counts at nominal value and one at market value, can I claim that I am insuring a lot of risk ?

No. And don’t let anyone convince you differently because they’re an “expert.” While I’m generally a fan of expertise, I’m an even bigger fan of evidence, and the evidence of unmanaged risk has now been spread across the front page of the paper for six months.

* While I’m moderately sympathetic to the individuals who lost money when Madoff’s fraud unwound, they ultimately need to realize that they were victims of their own greed. Excessive returns always come with excessive risk. In this case, the risk happened to be that the ponzi scheme would end before they pulled their money out. Just because they didn’t know the nature of the risk does not entitle them to be made whole beyond what can be recovered from Madoff and his wife, cronies, etc. I can only think of one case (the guy who tried to get the SEC to investigate Madoff) where anyone said, “This guy is beating the market so much that he can’t be on the level.”

As to participants in the banking system, I’m even less sympathetic. Nationalize, re-capitalize as-necessary, wipe out the equity holders. Again, you didn’t hear them crying when they were seeing excessive returns while things were going well. And I include myself in the group who will be hurt by this move–I still own a few shares in my former employer.