Thursday, February 28, 2008

What Really Happened at SocGen?

The story[i] from SocGen is that Jerome Kerviel, a former middle-office worker who was promoted to his dream position of a trader on the equity derivative trading desk, was able to, from 2007 to 2008, bypass SocGen’s entire credit, market, and operational risk management systems unilaterally. From an operational risk management perspective, the ability of an employee to hide unauthorized trading on European equity market indexes for over a year by providing fake email trade confirms and manually bypassing built-in transaction monitoring systems through posting phony counter-trades seems so remote that I think the probability of SocGen’s story being true is lower than that of a person winning a lotto and simultaneously getting hit by a lighting, twice. But then again, who knows. Perhaps the SocGen story was based on the 1952 Daffy Duck cartoon, Fool Coverage[ii].

Let’s look at the breakdown in SocGen’s risk management, using their own press release on the “..exceptional fraud.”[iii]:

“…Societe General has put in place a large number of controls designed to monitor the risks involved: controls of operations and control of market risk linked to the changes in the prices of portfolios of financial instruments. The exceptional fraud which we have suffered consisted of avoiding these controls or making them inoperable; the trader inserted fictitious operations into portfolio B in order to give the impression that this portfolio genuinely offset portfolio A which he had purchased, when this was not the case. These fictitious operations, were registered in Societe Generale’s systems but did not actually correspond to any economic reality.”

My comment: I don’t know about the size or sophistication of the controls of operations that SocGen had in place but when a company boasts of “…a large number of controls…,” I tend to think of a number greater than ten. So, if SocGen had “…a large number of controls…” in place for operations, then based on my guesstimate, Jerome Kerviel had to fool at least 10 control points within operations alone and kept them fooled for a year. Additionally, Jerome had to enter false counter trades into SocGen’s systems, which adds more complexity to the equation.

Most I-banks the size of SocGen typically have multiple systems on different platforms ranging from desktop and web-based proprietary third party systems to server and mainframe systems. Typically, a basic trade would feed a (1) Trading Desk system (typically MS Excel or MS Access trade book), (2) Bloomberg or other proprietary trade blotter systems, (3) General Ledger system, (4) Trade Confirm/Affirm system, (5) Trade Limit Monitoring system, (6) Collateral Monitoring system, (7) Counterparty Limit Monitoring system, and (8) VaR calculation system, and (9) Trade Reporting system. So, if SocGen is to be believed, then Jerome had to bypass nine different systems each with different IT safeguards and controls, in addition to the email system.

Knowing that each of these systems performs and generates daily reconciliation reports that go to multiple departments within the bank, that would mean that Jerome Kerviel would had to be a super genius with Administrator access to all these system and had to be able to hack the web-based vendor system. I don’t know if anyone that talented exists in reality. If SocGen is to be believed, then Jerome Kerviel will have a bright future ahead of him with one of many spy agencies, who would just drool at having someone with such talent working for them.

Ed Kim

Sphere: Related Content

No comments: