There will be plenty of talk at the Securities Industry and Financial Market Association’s technology show this week about how firms will need to make operational and technological changes to help regulators tackle systemic risk.

That’s the domino effect the financial woes of one firm can have on the entire market. Firms will have to know where all their data is located to make the necessary calculations to measure one’s own market, liquidity, credit and counterparty risk.

And to be able to provide that data in some format to regulators to see the warning signs.

Keeping track of operational risk is really no different. There were plenty of warning signs to indicate that Bernard Madoff wasn’t really generating the high returns on investments he told his customers about. All someone had to do was analyze the transactions he was reporting to his customers to see if they could generate similar results. If the data was captured electronically, account by account. If that account data had to be reported to a central repository and if that data had been subject to anytime analysis by the Financial Industry Regulatory Authority or the Securities and Exchange Commission.

Apparently too many investors didn’t. Indeed, they couldn’t. The data was not available. But there was another warning sign: the lack of an independent big name auditor, valuation firm, fund administrator and clearing firm. Clearly, Madoff controlled the front, middle and back office of his scurrilous securities investing firm.

Another case in point: the $6 billion loss at Societe Generale, caused by its junior trader Jerome Kerviel.

This pales next to the $20 billion or more that was lost in the Madoff scam. But it rattled a major, respected investment bank to the bones.

And with Kerviel’s trial in the 2008 case now underway in Paris, the questions of who knew what when – or could have and should have known – are taking center stage.

Again, there were plenty of warning signs that went ignored. Kerviel, who has been charged with breaches of trust, computer abuse and forgery, faces five years in jail and a 375,000 fine if found guilty.

According to published reports coming from the trial, Kerviel claims that his supervisors encouraged him to take risks and allowed him to regularly exceed his trading limits without any sanctions.

He filed weekly reports, the same way all the other traders on his desk did. SocGen naturally pleads ignorance and says that even though data on his positions may have been available it would be “operationally unrealistic” to imagine bank officials would know where to look.

Aren’t banks supposed to know where to look for all the data and analyze just what traders are doing?

Isn’t it precisely the point that banks should know exactly what their employees should or shouldn’t be doing?

SocGen naturally has a vested interest in proving Kerviel was a “rogue trader.” But isn’t that what the “security” in “securities” is meant to evince? That the folks who issue or trade in securities can be trusted to know what they’re doing, know how to preclude “rogues” from taking advantage of them and that you can trust in the securities you get, buy or sell from or with them?

If Kerviel is found innocent, the bank would have to admit it has a “systemic failure” in operational controls and it couldn’t collect on any civil suit it brings against Kerviel after the criminal case is settled. SocGen has asked the French court to award it 4.9 billion euros ($6 billion) – the full amount of Kerviel’s loss if he is found guilty.

Kerviel’s job on the “Delta One” futures trading desk at SocGen was to engage in trading activities to arbitrage small price differences between equity index futures and forward contracts. Instead, he took bets on the market’s direction and forged documents to make it appear he had hedged his positions. That meant Kerviel was booking dummy trades to cover his losses.

First possible line of defense: the trading controls unit. Even if his supervisors allowed him to operate freely, he couldn’t have continued to place orders if he exceeded his trading limits. Operations executives say that large banks and brokerage firms typically never allow “junior level” executives such as Kerviel to exceed trading limits even if they can prove a successful track record.

Even if they do, making him report to a separate independent trading control unit would have stopped the practice, in its tracks.

“As a rule of thumb, the higher the trading limit, the greater the potential for market and counterparty risk, which the bank or brokerage firm is supposed to cap for each trader,” says one risk management expert at a New York bank. “The trading control unit would never have questioned the practice.”

Kerviel claims that there was a 125 million euro trading limit applied to him and seven other traders. He says that in the summer of 2007 he borrowed 1 billion when he was in a losing position and paid it back in July, when he was ahead again. But, according to Kerviel, no one questioned his actions because he was making money.

So were others. Moussa Bakir, a former futures broker who worked for Societe Generale’s Fimat brokerage unit said in court that he helped Kerviel place orders at exchanges including Eurex.

However, Bakir says he knew nothing about who Kerviel was placing the orders for other than some client named Matt who worked for a London hedge fund. Bakir never checked into just who Matt was and never questioned the value of the trades Kerviel was executing with him. Why? Kerviel told him they were approved. Bakir had no incentive to question Kerviel. He got a one million Euro bonus in 2007, based on his business with Kerviel.

Second possible line of defense: the operational risk department. Here, nobody apparently checked on whether Kerviel’s hedged trades were confirmed or reconciled with counterparties and who those counterparties were. Kerviel reportedly used forward contracts which settled on a date in the future and are not margined. Firms always have systems that track open forward and derivative contracts.

But Kerviel created bogus confirmations. Could those confirmations have been caught? Maybe not, but they could never have been created if Kerviel hadn’t been given the passwords to gain access to the back office system.

Third line of defense: compliance department. One auditor at a New York accounting firm told Securities Industry News that auditors who have little or no operations experience typically presume that compliance officers would notify them of any fraudulently booked trades so they could conduct a proper audit of a certain unit.

But the compliance officer apparently believed whatever story Kerviel made up. In November 2007, the European derivatives exchange Eurex did inquire about Kerviel’s trades.

But Vincent Duclos, the compliance officer, said they were “requests for information.” He asked Kerviel to answer the questions and took his answers at face value.

Duclos says he didn’t verify any of the information with anyone other than Kerviel because “there wasn’t any reason to suspect” any wrongdoing. And Eurex didn’t warn of any legal violations” that required investigation. Kerviel counters that if Duclos checked anything Kerviel had written, he would have discovered he was lying.

If those three lines of defense didn’t work there is one last radically easy one.

Fourth line of defense: The simplest one of all. The mandatory vacation.

In a 2008 interview with uberpulse.com , Elizabeth Charnock, ceo of Cataphora, a Redwood, Calif software firm, says that if anything should have tipped off SocGen it was Kerviel’s insistence never to take a vacation.

Cataphora specializes in behavior analysis software. That’s software that can detect fraud by changes in employee patterns of behavior or communications expressed through emails and other electronic means. Humans are creatures of habit and when those habits change, something is amiss.

You don’t need expensive software to figure out that it was really out of whack for anyone in France, a country where six week vacations are often the norm, to refuse to take a vacation.

Not taking vacation is actually the oldest trick in the book for getting away with fraud.

“Most cases of operational errors and fraud are discovered when colleagues doing the exact same task just can’t come up with the same results and simply don’t understand just how the guy or gal on vacation did their jobs,” says one former operations executive now a financial services consultant.

During the court proceedings, Kerviel admitted that he was afraid to take vacation because other traders would have to take over this accounts.

His supervisors said that if he took vacation they wanted him always accessible to ask how he managed his strategy. If they were his superiors, they should have had the information available on what his strategies and positions were to repeat what he was doing in his absence. No questions asked.

Even if SocGen pleads ignorance, it still violated one cardinal rule of banking. It allowed Kerviel to become a trader in the first place. The only reason he knew of the bank’s shortcomings in risk management was because he had worked in the back office for several years before moving to the trading desk. Allowing him to move “upwards” removed the separation of duties intended to protect against fraud.

SocGen did have historical precedent to follow: the last mega case of a supposed rogue trader who also worked in the back office: Nick Leeson at Barings. He was in charge of both the trading desk and back office at his bank in Singapore.

SocGen says that it has improved its risk management procedures since 2008 when it discovered Kerviel’s fraud and such a scenario could not be repeated. Hopefully, it will lay out the essential features of its revamp – so other firms can learn. And do the same.

Click here for complete coverage of SIFMA TECH 2010 from June 22 to 24.

This article can also be found at SecuritiesIndustry.com.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access