Return of the rogue
Thirteen years after Nick Leeson famously brought down Barings, the rogue trader is back. An individual has once again been able to circumvent the safety controls of a respected bank, this time to lose Société Générale a record €4.9 billion – not enough to bring the bank down, but enough to damage its reputation for risk management and leave it vulnerable to takeover.
As always, the question is: how could this happen? Investigation into the case of Jérôme Kerviel is still ongoing, but the emerging details paint a picture of an elaborate deception starting as long ago as 2005 and including actions such as the creation of false offsetting trades, backed up by fake emails from supposed counterparties.
The extent of Kerviel’s actions serves as a reminder that fraud can never be prevented entirely – merely tackled in an ongoing race in which the truly determined fraudster will always try to find ways around whatever controls are put in place.
The segregation of duties, a fundamental concept in treasury controls, has one crucial limitation which has been illustrated by Kerviel’s actions. While it is possible to segregate duties, it is not so easy to segregate an individual’s past experience. Kerviel’s previous role in the middle office furnished him with detailed knowledge of the bank’s control procedures, which reportedly enabled him to conceal his actions using extraordinarily detailed false trails. Despite no longer working in the middle office he was able to use this knowledge to conceal his actions.
Unlike Leeson’s unauthorised trading, which was made possible by his management of both front and back office functions, Kerviel’s trading activities were governed by a set of controls that, in theory, should have worked. His ability to circumvent these controls by drawing on his own knowledge, draws attention to the need to apply such controls with reference to a particular situation. The spirit of the controls should be upheld as well as the controls themselves.
Most importantly, when controls are in place, the warning signs should not be overlooked. Elaborate as Kerviel’s actions were, it appears that he would never have been able to continue for as long as he did if the proper controls had been fully implemented. An independent report found that 75 alerts were raised between June 2006 and January 2008, which could have alerted the bank to Kerviel’s actions. However, Daniel Bouton, chairman of SocGen, stated that these alerts were nothing out of the ordinary. If this is the case the question has to be asked – if such warning signals have no significance, what is the purpose of having them? And if their significance is routinely ignored, how many other Kerviels might still be operating undetected?
This brings us to another parallel with Nick Leeson. An internal audit highlighted the danger of Leeson’s position in 1994, a year before Barings’ demise. Yet the recommended action was never taken. While it is true that controls cannot ever completely prevent fraud from taking place, they must be implemented properly if they are to have a fighting chance. And warning signs should not be ignored.