French bank Societe Generale expects to have remedies in place by year end for the technical and procedural flaws that allowed rogue trader Jerome Kerviel to build a fraudulent trading position that cost the bank Euro 4.9 billion (AUD$8 billion).
Late Friday, the bank published the final report of a special committee that investigated the fraud, along with a summary of auditor PriceWaterhouseCoopers' review of the new controls the company plans to implement, and another study by the bank's general inspection department.
That department said it has found evidence that points to Kerviel having an accomplice in the bank's middle office, but that it has been unable to question the employee concerned because of the ongoing criminal investigation into Kerviel's activities.
Kerviel's job as an arbitrage trader was to make transactions in pairs, buying and selling similar assets to exploit the minute and fleeting differences in prices that exist in markets. Instead, he took massive bets on the market moving in a particular direction, faking the paired transactions. He was discovered when those bets went wrong, exposing the bank to massive losses.
The special committee concluded that Kerviel was able to fake the transactions because he was inadequately supervised, and because his direct supervisor lacked the necessary trading experience: When challenged, Kerviel had been able to allay suspicion by producing what ultimately turned out to be faked e-mail messages justifying his position.
Nevertheless, the bank's risk control, financial and compliance departments, and its middle and back offices, generally followed the required procedures, the committee found -- although the procedures themselves were flawed, as they did not identify or stop Kerviel's activities. Kerviel, having previously worked in the back office, knew how to avoid many of the controls. For example, knowing that certain transactions were only verified at the end of the month, he would cancel the fictitious part of a pair of trades just before the check, replacing them with new ones before the bank's risk management system noticed the unpaired trades.
Within weeks of discovering the fraud, the bank put in place a 10-point plan to reinforce control procedures and has since decided on further steps to prevent a repeat occurrence. Many of these controls are now in place and the bank expects to have the others ready by the end of the year, according to the committee's report.
In the future, the bank will regularly change the passwords on sensitive applications and will reinforce access controls on the most sensitive. It will also introduce controls on the cancellation or modification of transactions and prevent front-office workers from changing the parameters of the middle-office applications that monitor them.
An early proposal to introduce biometric authentication of Windows log-ins has now been downgraded to a pilot exercise for one specific technology in the middle office, according to the PriceWaterhouseCoopers report.
Beyond the technology, the bank plans to improve training and recruiting to ensure that mistakes are not made again.
In April, Kerviel was reported to have started working at an IT consultancy on the outskirts of Paris, prompting the bank's lawyer to remark, "I'm glad he's found a job: That will help him to reimburse Societe Generale."
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Charles Sturt University Commences Unified Communications Deployment With Interactive Intelligence 2008-12-04 08:30:00+11
AOC Launches 18.5” Widescreen Green 16:9 LCD Monitor in Australia and New Zealand 2008-12-03 15:30:00+11
FrontRange Solutions eases software license management with new License Manager 3.0 2008-12-03 14:56:00+11
Progress Software's Cure for Managing Services-based Applications 2008-12-03 14:42:00+11
S3 Graphics Unleashes Full OpenGL® 3.0 API Support with Beta Driver for Chrome 500 Series GPUs 2008-12-03 14:08:00+11
Achieving the impossible: Unlimited application scalability
Learn how provide applications with significantly higher throughput and lower latency for data operations while retaining the appropriate levels of data quality with clustered caching. Read on to improve your application scalability now.
Buying Guides
Latest Products
