Five reasons SocGen did not detect $7 billion fraud
How Société Générale ended up in the soup
Computerworld - Paris-based bank Société Générale made headlines in January when it disclosed that one of its traders made a series of unauthorized transactions over the previous few years that ultimately cost the financial institution a staggering $7.2 billion in losses.
SocGen said that a 31-year-old trader named Jérôme Kerviel took massive "directional positions" — transactions that depend on the ability to correctly predict how the price of a security will move over time — that ended up costing the bank about €5 billion.
Kerviel, who had been an IT employee at SocGen before being moved to the bank's front office, made over 1,000 fraudulent transactions dating back to September 2004 (with a massive uptick, according to the report, in March 2007). He concealed the fraud using various techniques that exploited his in-depth knowledge of the bank's computer systems and procedures. His techniques allowed him to bypass, with relative ease, all the IT and process controls the bank had put in place to detect fraudulent transactions.
The bank's general inspection department last week released a 71-page report (download PDF) on the incident, following a 27-page preliminary report released in February (download PDF). The report, called "Mission Green," highlighted five reasons the bank failed to detect Kerviel's activities despite several signs that, in retrospect, should have been obvious.
Supervision was lacking. Despite several internal alerts that should have triggered a closer look at his activities, Kerviel remained largely unsupervised, especially in the early part of 2007, when the bulk of his illegal activity took place. Between September 2004 and January 2007, his direct managers completely failed to detect any fraudulent activity, though there were several internal alerts. Kerviel's direct manager resigned in January 2007, and Kerviel did not have another manager until April. During this period, Kerviel was largely unsupervised and validated the earnings of his operational center himself.
A new desk manager assigned to Kerviel in April 2007 was ineffective and weak, and did not have enough support from his superiors. Kerviel's direct manager had no specific knowledge of trading practices, and no attempts were made to verify his supervisory abilities. During the second half of last year, the desk manager and his immediate superior were caught up with other projects and in dealing with high employee turnover rates; thus distracted, they missed Kerviel's activities. The manager did not carry out an analysis of the earnings generated by his traders — a task that was supposed to be one of his primary responsibilities.
Several alerts by the front office got little attention and less response. Long before Kerviel's activities were unearthed in January 2008, there were several signals that were either simply ignored or not properly responded to. For instance, despite the suspiciously high value amount (59% of his group's earnings) and growth in Kerviel's declared earnings in 2007, no investigation or analysis was ever done. Similarly, between Dec. 28, 2007, and Jan. 1, 2008, there was an unusually high level of cash flow for Kerviel's primary operations center where he traded from. But no one noticed. Even two queries related to Kerviel by Europe's Eurex securities exchange did not receive much attention from Kerviel's direct manager. Neither did two alerts from SocGen's middle office informing Kerviel's manager of anomalies concerning Kerviel that were unearthed during routine reviews.
Kerviel's manager had an overly tolerant attitude toward intraday trading activities. Such trading by Kerviel was "unjustified" given his assignment and lack of seniority as a trader, the report noted. It was this intraday trading that gave Kerviel a context for carrying out his illegal trading activities.
The operations environment was critically chaotic. A "chronically" understaffed middle-office operations group, combined with fast growth and a rapid multiplication in the number of products, contributed to a chaotic operations environment, which made it easier for Kerviel to conceal his activities.
In addition, the report indicated that Kerviel may well have had an accomplice in-house — an assistant who helped enter the hinky transactions. Kerviel has said repeatedly that other traders at SocGen followed the same practices, and that he has been made a scapegoat for others' failings in addition to his own.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts