Five reasons SocGen did not detect $7 billion fraud
How Société Générale ended up in the soup
Computerworld - Paris-based bank Société Générale made headlines in January when it disclosed that one of its traders made a series of unauthorized transactions over the previous few years that ultimately cost the financial institution a staggering $7.2 billion in losses.
SocGen said that a 31-year-old trader named Jérôme Kerviel took massive "directional positions" — transactions that depend on the ability to correctly predict how the price of a security will move over time — that ended up costing the bank about €5 billion.
Kerviel, who had been an IT employee at SocGen before being moved to the bank's front office, made over 1,000 fraudulent transactions dating back to September 2004 (with a massive uptick, according to the report, in March 2007). He concealed the fraud using various techniques that exploited his in-depth knowledge of the bank's computer systems and procedures. His techniques allowed him to bypass, with relative ease, all the IT and process controls the bank had put in place to detect fraudulent transactions.
The bank's general inspection department last week released a 71-page report (download PDF) on the incident, following a 27-page preliminary report released in February (download PDF). The report, called "Mission Green," highlighted five reasons the bank failed to detect Kerviel's activities despite several signs that, in retrospect, should have been obvious.
Supervision was lacking. Despite several internal alerts that should have triggered a closer look at his activities, Kerviel remained largely unsupervised, especially in the early part of 2007, when the bulk of his illegal activity took place. Between September 2004 and January 2007, his direct managers completely failed to detect any fraudulent activity, though there were several internal alerts. Kerviel's direct manager resigned in January 2007, and Kerviel did not have another manager until April. During this period, Kerviel was largely unsupervised and validated the earnings of his operational center himself.
A new desk manager assigned to Kerviel in April 2007 was ineffective and weak, and did not have enough support from his superiors. Kerviel's direct manager had no specific knowledge of trading practices, and no attempts were made to verify his supervisory abilities. During the second half of last year, the desk manager and his immediate superior were caught up with other projects and in dealing with high employee turnover rates; thus distracted, they missed Kerviel's activities. The manager did not carry out an analysis of the earnings generated by his traders — a task that was supposed to be one of his primary responsibilities.
Several alerts by the front office got little attention and less response. Long before Kerviel's activities were unearthed in January 2008, there were several signals that were either simply ignored or not properly responded to. For instance, despite the suspiciously high value amount (59% of his group's earnings) and growth in Kerviel's declared earnings in 2007, no investigation or analysis was ever done. Similarly, between Dec. 28, 2007, and Jan. 1, 2008, there was an unusually high level of cash flow for Kerviel's primary operations center where he traded from. But no one noticed. Even two queries related to Kerviel by Europe's Eurex securities exchange did not receive much attention from Kerviel's direct manager. Neither did two alerts from SocGen's middle office informing Kerviel's manager of anomalies concerning Kerviel that were unearthed during routine reviews.
Kerviel's manager had an overly tolerant attitude toward intraday trading activities. Such trading by Kerviel was "unjustified" given his assignment and lack of seniority as a trader, the report noted. It was this intraday trading that gave Kerviel a context for carrying out his illegal trading activities.
The operations environment was critically chaotic. A "chronically" understaffed middle-office operations group, combined with fast growth and a rapid multiplication in the number of products, contributed to a chaotic operations environment, which made it easier for Kerviel to conceal his activities.
In addition, the report indicated that Kerviel may well have had an accomplice in-house — an assistant who helped enter the hinky transactions. Kerviel has said repeatedly that other traders at SocGen followed the same practices, and that he has been made a scapegoat for others' failings in addition to his own.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts