The French bank Société Générale SA admitted that a "rogue trader" who lost $7.2 billion in trades was able to by-pass five levels of controls for a year before finally slipping up and getting caught.
The trader, by the name of Jérôme Kerviel, hid the trades by making fake orders to balance each of the genuine orders he placed. Although the bank says he operated alone, many are skeptical. It is known that he used to work in the bank's back office, and therefore had detailed knowledge of how trades were processed and monitored.
Apparently Kerviel spent time hacking the risk control system which enabled him to hide his trades. He was able to do so by using his colleagues' passwords, although how he got them has not been disclosed.
A determined person can probably circumvent any set of automated risk control system, and that the control system itself needs to be monitored for signs of tampering. The UK government financial regulators are now looking at UK banks for such a problem.
Comments (2)
As a note, stating that he "lost $7.2 billion in trades" may or may not be accurate. This amount was lost when the Society Generale decided to liquidate his position.
Posted by Cyril Iskander | February 1, 2008 9:57 AM
Posted on February 1, 2008 09:57
In many organizations, even large financial institutions, lax maintenance of security profiles results in individuals who change positions retaining access and permissions related to their old roles. I don't know if that played a role here, but this is exactly the type of scenario that could arise when this happens.
Posted by Timothy Woods | February 4, 2008 10:35 AM
Posted on February 4, 2008 10:35