Are rogue traders an inevitable evil?

Experts say investment banking fraud can never be eradicated - even with the most sophisticated software. But a ruthless overhaul of poor banking systems is crucial to putting rogue traders out of business, argues Steve Boyle.

By their very nature, financial markets encourage and reward individuals who profit from taking calculated risks on the movement of the markets. So it's inevitable that individuals see the circumvention of established controls as fair game to beat the markets and make their bonuses.

Exclusive column: The Naked CIO

See what this CIO really thinks…

The Naked CIO: Crunch time for large projects

The Naked CIO: Boardroom stereotypes

The Naked CIO: IT staff disloyalty

The Naked CIO: Cut the bull

In 1999, four years after the collapse of Barings, Futures & Options Week editor Neil Wilson said: "It could happen again because the incentives are the same, if not greater. The rewards are very great and that's a temptation for people." His prediction was ominously borne out by the actions of Jérôme Kerviel early this year.

The sophistication, understanding and acceptance of risk management tools has advanced considerably since the fall of Barings but banks are still much more disconnected than people think. Banking systems are still painfully vulnerable to the determined risk taker.

So how do you avoid large-scale losses caused by rogue traders?

The much-vaunted Sarbanes-Oxley Act passed by the US Congress in 2002 was meant to have a far-reaching effect on Western multinationals, at considerable cost and effort.

The act attempted to prevent a rerun of financial scandals such as Enron and WorldCom by imposing thorough checks and balances across business and IT functions simultaneously.

One example was the mandating of segregation of duties to prevent individuals from trading and settling their own transactions. But a culture of weak compliance - or on occasion, determined collusion to beat the system - has rendered this legislation impotent.

And let's not overlook the contributory pressures that globalisation and shareholder expectations have placed on financial services, which are the engine rooms of the UK and US economies.

Investment banks have had to become more technology-led. Straight-thru-processing (STP) allows an investment bank to process hundreds of thousands of equity transactions without human intervention and cut out the risks that brings.

On the downside however, this can mean far less scrutiny of large, atypical transactions and operations staff having to use multiple business applications to fulfil their role. It follows that effective and efficient exception monitoring then becomes a critical necessity but, all too often, is an after-thought in systems design.

The greatest threat to this is still posed by the trusted employee. Armed with knowledge of the organisation's processes and access to critical systems, employees can obtain an almost god-like power to trade and settle transactions, end to end.

Cheat Sheets

♦ Basel II
♦ MiFID
♦ Sarbanes-Oxley

Often, a lack of process is not at the root of the banking scandals but the failure of organisations to enforce their own controls. Therefore, the key to managing operations is the effective understanding and management of exceptions that fall out of various systems.

Applying an approach that requires you to provide evidence to support your actions places renewed focus on the key milestones to be completed and agreed before the close of business.

This can apply across business lines or a market group, ensuring that all exceptions are monitored and reported correctly, allowing operations management to push back information to the middle or front office if any controls are breached.

So it follows that you must have real-time management information systems and supporting processes in place as your early warning system. A real-time process will show transactions flowing through with the level of problems at an expected and acceptable tolerance.

Once the level of failed transactions rises or you get a high value trade you can't account for, your systems need to tell you immediately.

From my experience, many banks do this in silos, for example, completely separately from one department to another and with a very strong reliance on Excel spreadsheets. But this only brings further risks.

How can you make sure the report is done in exactly the same way every day? And how do you stop staff making subtle changes to a spreadsheet? Excel doesn't tell you when the spreadsheet overflows and the other rows get dropped.

In breaking down the key tasks and ensuring these are completed and agreed each day, management can be confident that operational risk is being clearly monitored and minimised successfully.

Would it have been possible to avoid the problems at Société Générale if, for example, a daily trend analysis report of amended and cancelled trades was produced and thoroughly reviewed by operations management?

The answer must surely lie in getting back to the traditionally high levels of supervisory control that existed before STP and outsourcing came along to weaken it. In the 1980s, supervisors were not permitted to leave for the day until they had signed and confirmed that the day's work was complete.

There is a strong argument that we must go back to first principles if we are to prevent future banking scandals.

Such a meticulous approach provides the belt-and-braces around complex risk management infrastructures and creates a best-practice framework around an increasingly complex and automated operating environment.

That rogue element - the intuition and bravery that can make a trader so successful - does not have to be destructive. Talents can be harnessed to great effect if managers have the processes and controls to keep them in check and most importantly, the determination and tools to do it.

Steve Boyle is chief executive officer at Sutherland Consulting.