Five reasons SocGen did not detect $7 billion fraud
How Société Générale ended up in the soup
Computerworld - Paris-based bank Société Générale made headlines in January when it disclosed that one of its traders made a series of unauthorized transactions over the previous few years that ultimately cost the financial institution a staggering $7.2 billion in losses.
SocGen said that a 31-year-old trader named Jérôme Kerviel took massive "directional positions" — transactions that depend on the ability to correctly predict how the price of a security will move over time — that ended up costing the bank about €5 billion.
Kerviel, who had been an IT employee at SocGen before being moved to the bank's front office, made over 1,000 fraudulent transactions dating back to September 2004 (with a massive uptick, according to the report, in March 2007). He concealed the fraud using various techniques that exploited his in-depth knowledge of the bank's computer systems and procedures. His techniques allowed him to bypass, with relative ease, all the IT and process controls the bank had put in place to detect fraudulent transactions.
The bank's general inspection department last week released a 71-page report (download PDF) on the incident, following a 27-page preliminary report released in February (download PDF). The report, called "Mission Green," highlighted five reasons the bank failed to detect Kerviel's activities despite several signs that, in retrospect, should have been obvious.
Supervision was lacking. Despite several internal alerts that should have triggered a closer look at his activities, Kerviel remained largely unsupervised, especially in the early part of 2007, when the bulk of his illegal activity took place. Between September 2004 and January 2007, his direct managers completely failed to detect any fraudulent activity, though there were several internal alerts. Kerviel's direct manager resigned in January 2007, and Kerviel did not have another manager until April. During this period, Kerviel was largely unsupervised and validated the earnings of his operational center himself.
A new desk manager assigned to Kerviel in April 2007 was ineffective and weak, and did not have enough support from his superiors. Kerviel's direct manager had no specific knowledge of trading practices, and no attempts were made to verify his supervisory abilities. During the second half of last year, the desk manager and his immediate superior were caught up with other projects and in dealing with high employee turnover rates; thus distracted, they missed Kerviel's activities. The manager did not carry out an analysis of the earnings generated by his traders — a task that was supposed to be one of his primary responsibilities.
Several alerts by the front office got little attention and less response. Long before Kerviel's activities were unearthed in January 2008, there were several signals that were either simply ignored or not properly responded to. For instance, despite the suspiciously high value amount (59% of his group's earnings) and growth in Kerviel's declared earnings in 2007, no investigation or analysis was ever done. Similarly, between Dec. 28, 2007, and Jan. 1, 2008, there was an unusually high level of cash flow for Kerviel's primary operations center where he traded from. But no one noticed. Even two queries related to Kerviel by Europe's Eurex securities exchange did not receive much attention from Kerviel's direct manager. Neither did two alerts from SocGen's middle office informing Kerviel's manager of anomalies concerning Kerviel that were unearthed during routine reviews.
Kerviel's manager had an overly tolerant attitude toward intraday trading activities. Such trading by Kerviel was "unjustified" given his assignment and lack of seniority as a trader, the report noted. It was this intraday trading that gave Kerviel a context for carrying out his illegal trading activities.
The operations environment was critically chaotic. A "chronically" understaffed middle-office operations group, combined with fast growth and a rapid multiplication in the number of products, contributed to a chaotic operations environment, which made it easier for Kerviel to conceal his activities.
In addition, the report indicated that Kerviel may well have had an accomplice in-house — an assistant who helped enter the hinky transactions. Kerviel has said repeatedly that other traders at SocGen followed the same practices, and that he has been made a scapegoat for others' failings in addition to his own.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Cybercrime and Hacking White Papers | Webcasts