Merry Christmas! With more updates

Credits: www.care2.com

A few updates in the run-up to Christmas:

  • Dividends & buybacks
    • Following issues with its latest Galaxy Note, Samsung decided to support its share price by boosting its dividends to 50% of its free cash flow. Samsung is also facing pressure from activist fund Elliott.
  • Unicorns & valuations
    • Stripe joined the unicorn club last month after being valued at $9bn despite raising less than 2% of this amount.
    • Unicorns in need to add liquidity to their shares but not meeting (yet) public market requirements have increasingly relied on secondary markets to trade shares, despite the lack of transparency associated with these semi-private markets. $1.2bn worth of transactions are expected to take place in 2016 at a time where tech company IPOs are expected to reach their lowest level since 2009 and investors are becoming increasingly cautious about overvalued sectors, including on-demand delivery.
    • Uber reported a $800m third-quarter loss although it states it is now cash-flow positive in some mature markets. Consolidated profitability seems far away still.
    • The mayor of Barcelona fined Uber and HomeAway €600k each last month for not complying with local licensing requirements. In France, Airbnb committed to send tax data to French authorities automatically rather than leaving it up to individuals to declare as it used to be the case. Registration will be made compulsory for landlords willing to let their property more than 120 days a year.
  • Cybersecurity
    • Yahoo revealed that 1bn users were stolen personal data in 2013 in an attack dwarfing the one reported in 2014. Compromised datasets may include names, email addresses, telephone numbers, birth dates as well as poorly encrypted passwords. This security issue may thus create vulnerabilities for other websites, as users tend to recycle the same password for multiple websites, according to Lisa Pollack from the Financial Times.
    • Hackers targeted the SWIFT messaging network with the help of Bangladesh central bank officials, highlighting the vulnerability of IT systems to insider fraud.
    • A couple of weeks ago France unveiled its cybersecurity policy. The country aims to build defensive capabilities as well as an offensive arsenal, which could include traditional weapons.
    • Several hedge funds investors warned big data sellers that they were failing to properly hide personal information. Cross-referencing information enables recipients to waive the anonymity of the data.
  • Active & passive investing, bonds & equity
    • The passive investing frenzy seized bond markets, which now ‘host’ more than $600bn of fixed income ETFs, threatening the stability of the financial system, according to experts. The bubble around fixed income is expected to weaken in the coming months given the Fed’s willingness to raise interest rates three times next year – subprime borrowers have already started to feel the heat.
  • Blackberry, LinkedIn, Twitter, Apple
    • Blackberry raised its full-year profit outlook as its software & services business generated more than 50% of its sales over the last quarter. Management expects to bring the company back to profitability on an adjusted basis in the full year.
    • Russian authorities blocked access to LinkedIn for its 6 million users in the country as Russian legislation requires personal data of Russian citizens to be stored on Russian territory.
    • LinkedIn added a robot tool to its chat interface in order to trigger more numerous conversations between individuals and ultimately gathering more data on its users.
    • For its part Twitter suffered another executive departure as its chief technology officer Adam Messinger resigned after 3 years in the job.
    • Apple is the latest investor to express interest in Softbank’s $100bn planned tech fund.

I unfortunately doubt that I will have the time to publish another post before the end of the week, so I wish all readers a Merry Christmas and I look forward to publishing again in the New Year at the latest.

Quitting equities or bonding to bonds? Conundrum for asset managers

In this blog we have already touched on the debate between so-called ‘active’ and ‘passive’ investment strategies. For vehicles investing in public securities, another debate lies in the choice of the asset class mix between equity and bonds.

 

What is the core trade-off between equity and bond?

Credits: Tectona Partnership

If we go back to corporate finance theory, this choice represents a trade-off between risk and expected return for the investor:

  • Bonds are generally safer (because they are repaid first in case of financial distress) but upside is capped in case of great performance as the lender is promised a fixed coupon which is set ‘once for all’.
  • On the other hand, equity holders capture all the upside if the company overachieves but are the first to get swept if the company goes under.
Historical returns for S&P500 (annual and 5-year trailing average) and 3-month US Treasury bills. Source: Aswath Damodaran, NYU

Historically equity returns have tended to be more volatile than bond returns – which reflect the risk that security holders bear. For a particular year, it is difficult to predict which class will perform best, although equity tends to offer a better return when considered over a sufficiently long period of time – equity investors are rewarded in the long-term for their acceptance of short-term risk. This phenomenon is captured in corporate finance theory by the ‘Capital Asset Pricing Model’.

An illustrated summary of the CAPM principles

 

Why is this debate making headlines again?

The general public and the asset management industry have reignited for a few months now. Today’s environment offers a mix of extremely low interest rates (UK 10-year government bonds yield less than 1.5% p.a.) and the lack of worldwide economic growth (3.4% in 2016 according to the IMF’s latest forecasts). In that context asset managers struggle to deliver satisfactory net returns to investors – who claim that the meagre returns they could get are almost entirely eaten by management fees.

Furthermore US market indexes all reached all-time highs over the last quarter, which has led investors to believe that the inflection point is approaching. Money has been fleeing equity funds to feed the bond market. The fact that some governments and even companies manage to borrow at negative interest rates only means that investors are ready to take a ‘sure, but small’ slap rather than risking of being hit much harder by leaving their money naked in the unpredictable turmoil of equity markets. In September BlackRock was estimating that $10trn of cash was earning a negative yield while $70trn was staying ‘on sidelines’, waiting for worthwhile investment opportunities.

Historical evolution of S&P 500. Source: Yahoo Finance

Low interest rates are also becoming problematic for ‘defined benefit’ pension funds, which guarantee a certain amount to their contributors. Those guarantees are based on assumptions regarding the evolution of interest rates, inflation, stock market performance etc. whereas the future promises are set in stone. Given the compounding nature of interests, a small drop in interest rates relative to expectations translates in billions of pounds of deficit: £710bn to be precise, according to a recent PwC report quoted by The Guardian.

 

How are investors reacting?

As explained above, to maintain a similar level of expected returns in an environment offering diminishing interest rates, investors need to take on more risks. In particular, following the 2008 crisis financial services regulators have forced banks to withdraw from riskier types of lending (taking the form of ‘high-yield bonds’) and this void is now filled by asset managers ready to finance more financially fragile companies in exchange for a decent return.

More risks from the same expected return, as explained by the CAPM

This obviously does not go without bad surprises. Lenders to the energy sector for instance took a hit earlier this year as commodity prices have suffered ups and (more often) downs.

 

If bonds are such a safe heaven, why are we hearing about a ‘bond market crash’?

Interest rates in developed economies have been running close to 0 for years now. As explained earlier, asset managers have massively bought bonds maturing in years in order to protect their capital. Although interests are indeed protected, the market value of the bond may be at risk if interest rates go up again – a move that the US Fed has already initiated.

To be clearer, let us assume you buy a bond (called ‘Bond A’) for $100 in order to get an annual (fixed) coupon of $1 for the next 10 years. Let us also assume that immediately after you purchase this bond the interest rates go up by 1% and that now for $100 you have a bond (called ‘Bond B’) paying an annual (fixed) coupon of $2. If you try to sell Bond A in this new environment, you will never receive an offer close to $100 – why would an investor pay the same amount to get a $1 coupon and a $2 coupon? In simplistic terms, the yield difference is approximately $1 over 10 years, i.e. $10, so you should expect this $10 difference to be reflected in the initial purchase price. If Bond B is still worth $100, Bond A will now trade around $90, i.e. you will suffer a c.10% loss on your investment.

If you scale this phenomenon up, it is easy to imagine that asset managers do not want to be left with their bonds when interest rates move up. As Central Banks start quivering, investors are preemptively selling their bonds, lowering the value of the existing bonds and possibly precipitating the collapse of the bond market even before Central Banks begin to move – one of the numerous ‘self-fulfilling prophecies’ that markets contain. In this case the situation would be even more difficult to stem as the market for bonds is significantly shallower and therefore more unstable. Although we have not come to this extreme (yet?), the fact that debt trading now represents the largest profit driver for banks should make us think.

 

How will this all end up?

Credits: www.digital-reporting.com

Unfortunately no one knows. Optimistic experts believe in a soft landing where fiscal initiatives would revive economic growth (‘a la Trump‘) while interest rates would go up, progressively drying the excess market liquidity and enabling the markets to come back to more normal levels in a seamless manner. Pessimistic observers do not believe in such a smooth transition and believe that painful losses will have to be taken and bankruptcies will be unavoidable. What is sure, though, is that the world we are evolving in is uncharted territory.

The new warfare: Cybersecurity in a digital era

weak-link
Credits: lexblogs.com

Ashley Madison, Adult Friend Finder, Last.fm, Tesco, LinkedIn, MySpace, Three, TalkTalk, Yahoo, Twitter, the National Lottery etc. all share a common feature: over the last few months these corporations have been the target of successful massive hacking operations aimed at stealing customer data. And the list keeps lengthening every day.

Cybersecurity is first and foremost a matter of education – a formerly blank executive training field that the likes of IBM have now penetrated. Human error represents a godsend for all hackers that no antivirus will be able to correct – “up to 90% of cyberattacks take place because computer users are both busy and gullible” writes Misha Glenny from the Financial Times. In September Russian hackers managed to break into the Democratic Party computer systems. The investigation showed that the attack was based on fraudulent emails sent to around a hundred members of the party. Around 20% clicked on the link despite the obvious risks it could entail. Although antispam filters have become increasingly sophisticated over the last few years, one cannot fully trust the machine (yet?) and blindly open messages landing into his inbox. In the same vein, ‘Ponzi 2.0’ chains can only flourish if the ‘links’ are gullible enough to hand money over to an unknown party. Reusing similar (and often benign) passwords on different websites is also a source of trouble – one of the reasons why ‘behavioural biometrics’ are being experimented. More broadly the analysis of human behaviour will become a cornerstone of the cyber war, both on the assailant and defender sides.

The corporate world has become increasingly aware of the threat over the last few years, even if in some cases the learning curve involved paying a high price. Small businesses, which have less budget to spend on ‘cyber-defences’, are particularly targeted. A third of small British businesses suffered a breach in the past year according to a UK government study, while insurer Beazley predicts a 400% increase in ransomware breaches this year – a particularly efficient attack as the corporate target is prevented access to all data unless it pays. In France, cybersecurity consultancy Wavestone showed that 100% of 128 large corporate websites were showing security loopholes, 60% of which could allow the hacker to download a batch of commercially sensitive data. More generally, the emergence of new technologies, such as driverless cars, will greatly rely on the ability of manufacturers to convince the general public that the ‘computer at the wheel’ cannot be corrupted. Poor security infrastructure design, resulting from a lack of time and budget, is pointed out as a root cause. A few days after the news were made public, the French government passed a law requiring all businesses to map their data and ensure appropriate protection and access by May 2018. In the US, a similar directive aimed at the financial services industry – the most affected by data loss – has been issued.

Large institutions are not immune either. Tesco Bank suffered a carefully planned and heavily publicised attack in early November. Money was stolen from 20,000 accounts (out of 136,000) and led all the bank’s customers with no access to their money for more than 24 hours. The investigation subsequently showed that management had been previously ignored warnings from third parties highlighting weaknesses in the Tesco and Tesco Bank mobile apps. Two of Russia’s largest banks suffered DDoS last month. Even the SWIFT messaging system, which governs financial transactions between banks across the world, has faced attacks. French newspaper Les Echos recently highlighted that cyberattacks had little impact on share prices, although this could likely change in the future.

Irrespective of size, the cost of replacing the entire software framework can be prohibitive for a business. Countless firms still run their operations on Windows XP, despite Microsoft not offering any security update since 2014 and security breaches having already been identified since then. For those favourite targets, the aim is less to prevent attacks than making the reward unattractive, by physically isolating critical data in separate infrastructures.

For a long time their basic features and limited memory space made smartphones unlikely candidates for cyberattacks. With the rise of open operating systems (Android and iOS) making devices accessible to third party app designers and the continuous development of new capabilities this is not the case anymore – one could even say that because we spend our life with smartphones in our pockets the potential risk of hackers accessing personal data through these devices is higher. Standard solutions have been recently developed – messenger app Whatsapp now offers encrypted communication protocols – and a handful of brands are now offering ‘military-grade security’ – at a (hefty) price.

The ‘internet of things’ is also adding further risk to the balance. These recently launched devices are numerous (6.2bn today and 20bn by 2020 according to Gartner) and usually designed with a time and money focus on tech specifications and push security into the background (or do not even bring it on their agenda), with no or weak default passwords. In September French web hosting company OVH suffered a ‘Distributed Denial of Service’ (or ‘DDoS’) cyberattack led by a network of more than 140,000 Web-connected video recorders, a significant figure but still very short of the 10m+ devices mobilised on 21st October to create the largest DDoS attack ever recorded.

A pernicious characteristic of successful cyberattacks lies in the fact that very often they remain unspotted. In the Financial Times Violet Blue, a cybersecurity expert, explains for instance that he “keeps a little sticker over the cameras on all my devices to prevent unauthorised spying”. Your camera may be on without you knowing.

For all those reasons, cybersecurity has become a serious matter for intelligence services. In the UK, the government’s National Security Strategy elevated cyber security to the “tier 1” risk category and the MI6 has announced its intention to recruit more than 1,000 new staff by 2020, a 40% rise, primarily to foster their still rudimentary IT capabilities. As mentioned by Nigel Inkster, former director of operations for MI6, in the Financial Times: “The days in which intelligence officers could plausibly adopt different identities and personas are pretty much coming to an end. […] The challenge of having a credible digital footprint is significant.” Cyberattacks could impact traditional warfare; Chinese hackers for example tried to steal military data contained in nuclear-powered aircraft carrier USS Ronald Reagan. As a result, undercover moves usually belonging to the secret sphere emerged last month when US vice-president Biden publicly hinted that the USA could launch a retaliatory cyberattack against Russia while Angela Merkel later warned against this kind of attacks – symptoms of the unbearable tension this new type of war has triggered.

Not far from the debate around cybersecurity lies the one around the veracity of information found on the Web. In a world where anyone can publish and share information across the globe in seconds and where the content of the most visited encyclopaedia can be freely edited, we must become increasingly critical against the flow of data that we receive.

Defence against cyberattacks will represent one of the pillars of individuals’ and businesses’ security in the coming years and possibly decades. Fortunately or not, this post intended to show that we, as Internet users, largely hold the cards in that fight: let us make sure that we use them wisely.