Trading security: 'If I were to say it couldn't happen here, well, that's bullshit'
Sunday 03 February 2008
Banks across the City of London have launched urgent reviews of their security procedures in the wake of the Société Générale scandal.
It is understood that several have contacted the Financial Services Authority (FSA) during the last few days to inform the City regulator of their actions in the midst of growing alarm at the way in which SocGen trader Jérôme Kerviel was able to circumvent internal controls to place multi-billion- euro bets (although in interviews with police he has reportedly claimed that his superiors must have been aware of his activities).
Despite this, the FSA is known to have concerns that some London banks still fail to enforce a demand that traders take at least two consecutive weeks of holiday in a year. This is seen as a key security measure because it means their trading "book" will be taken over by another employee and the timeframe is long enough for any anomalies in their trading positions to be spotted.
The FSA has stopped short of calling for new rules to enforce this requirement, believing that too many regulations could allow banks to adopt a "box ticking approach" that they would be able to use as a shield in the event of a scandal. It prefers a "principles based" approach that requires senior management to be on the ball, and comply with what is seen as best practice.
But the two-week holiday is seen as "best practice" and it is not being adhered to in all cases.
The 31-year-old Mr Ker- viel is also reported to have told police during last week's interviews that: "The simple fact that I did not take any holidays in 2007 should have alerted the management. That is one of the primary rules for the internal controls."
One senior London-based risk manager says he agrees this is a key requirement, adding: "If I were to say it couldn't happen here, well, that's bullshit. You'd like to think it wouldn't – that the culture is strong enough to detect it. But no, you can't say it couldn't happen."
Typically, banks have compliance and risk managers "on the floor" and expect traders to talk to them regularly. These people, however, have a degree of independence from the trading business proper and their reporting lines are different – the former to a bank's compliance department and the latter to more senior risk executives.
The activities of traders are also scrutinised by "external" functions in banks, including human resources, who could enforce the two- week rule. The third line of defence would be internal audit, which could pick up discrepancies.
But the risk manager spoken to by The Independent on Sunday says: "What I would be asking in this case [Mr Kerviel] is what the head of his desk was doing. Ultimately, you can have all the checks and balances you want, but they are there all day and would have been best placed to pick up on anything that went wrong.
"I've seen that he's said people must have known what was going on. Well, he is being advised by his lawyers. But if they didn't know, then they were asleep at the wheel."
The FSA currently expects banks to separate the duties of front-line traders, risk managers and the back-office staff who will be involved in the clearing and settlement of trades. It has no objection to back-office personnel such as Mr Kerviel rising to become traders, but it does insist that security should be strict between departments.
That means measures should be taken to ensure passwords and access to secure systems for the back office, who process trades, are not available to people who move into the front line where the trades are struck. A knowledge of the back office, and access to its systems, could have been vital in helping Mr Kerviel to keep his off-book trades "secret", if indeed they were.
The regulator believes there are three key things banks could do that would minimise the risk of being attacked by a rogue trader (detailed in the box on the right). However, like the risk manager above, senior regulators privately admit that a really determined rogue could still cause chaos from London, just as Mr Kerviel did from Paris.
And with the increasing complexity of derivatives markets, rising volumes and the desire among traders to be seen as "big swinging dicks" who pocket multi -million-euro bonuses for fun, Mr Kerviel is unlikely to be the last to go rogue.
The risk manager says: "Ultimately, it is often about the culture. If you have a culture with a dominant individual in charge, who barks at staff and who people are afraid to take bad news to – well then its much easier for something like this to happen. And a sophisticated and determined individual can always find ways around the rules, particularly if there is collusion with others."
The measures needed to ensure security
The FSA guidelines say that banks should:
t Ensure the clear separation of duties between different parts of its business – such as traders, risk managers and the back office – with separate reporting lines. Staff on the trading desk should not have access to IT and passwords used by the back office.
t Have a system that checks trades entered against confirmation from the external counter party – be it a bank or an exchange. Be aware of trades entered on a provisional basis.
t Ensure that anomalies are identified and followed up, particularly odd looking trades, variations in a trader's usual pattern and breaches of trading limits.
- 1 PlayStation and Xbox hacked by Lizard Squad
- 2 The 'Black Museum': After 150 years, public set to see exhibits from police’s grisly crime museum
- 3 British actor Idris Elba cannot star as James Bond because he is black, says shock jock Rush Limbaugh
- 4 Vagina canoe artist defends herself over ‘obscenity’ charges
- 5 The Queen’s speech 2014: Recap and Twitter reaction to Game of Thrones reference
PlayStation and Xbox hacked by Lizard Squad
Antonio Martin shooting: Black teenager may have tried to ambush patrolman, says police officer's lawyer
Katie Hopkins speaks out on childhood obesity: 'Parents of fat children should be prosecuted for child cruelty'
Boxing Day snowfall set to push even more bargain-hunters online for sales
The 'Black Museum': After 150 years, public set to see exhibits from police’s grisly crime museum
British actor Idris Elba cannot star as James Bond because he is black, says shock jock Rush Limbaugh
Rozanne Duncan: Ukip expels councillor for 'jaw-dropping' comments made in BBC TV interview
Germany anti-Islam protests: 17,000 march on Dresden against 'Islamification of the West'
Ukip member gets into Christmas spirit with Union Flag plea to Santa 'for our country back'
BBC director Danny Cohen: Rising UK antisemitism makes me feel more uncomfortable than ever
Alex Salmond has 'broken his word to the Scottish people' says Scottish Lib Dem leader
iJobs Money & Business
Highly Competitive: Selby Jennings: Our client, a leading European Oil trading...
£43500 per annum + pension + holidays: The Jenrick Group: Night Shift Operatio...
£20000 - £25000 per annum + OTE £40,000 + Car + Pension: SThree: SThree are a ...
£20000 - £25000 per annum + OTE £35K: SThree: We consistently strive to be the...