The Wall Street Journal-20080130-The Fallout at Societe Generale- Banks- High-Tech Security Can-t Keep Up With Traders

来自我不喜欢考试-知识库
跳转到: 导航, 搜索

Return to: The_Wall_Street_Journal-20080130

The Fallout at Societe Generale: Banks' High-Tech Security Can't Keep Up With Traders

Full Text (698  words)

How does a low-level trader burn a 4.9 billion euros ($7.2 billion) hole in a sophisticated French bank?

Computer security experts are trying to figure that out in the wake of the loss Societe Generale suffered at the hands of 31-year-old trader Jerome Kerviel. But the answer might further rattle the financial community.

Experts say the rapid evolution of trading operations and the sophisticated technology that monitors them have opened up new security risks that banks are just now uncovering. "The surveillance technology has not kept up," said Simon Asplen-Taylor, head of market and regulatory services at Detica, a London business and technology consulting firm. "This sort of thing could actually happen anywhere."

In a sign of how jittery other financial institutions are about their own vulnerability, Actimize Inc. said that more than a dozen of its clients had contacted the New York designer of trading-compliance and fraud-monitoring software to ask what they can do to prevent a repeat of what happened at Societe Generale.

Societe Generale's problems appear to be as much a management mishap as a security breach. Officially, Mr. Kerviel's job was to invest by simultaneously taking opposite bets on the direction of the European stock markets. The bets were supposed to mostly offset each other in what is typically a low-risk way to make a small profit.

But prosecutors said Mr. Kerviel actually placed bets in only one direction in an attempt to rack up big gains. In order to hide the real risk he was taking, Mr. Kerviel made fake trades in the opposite direction.

To avoid detection, he had to dupe what are supposed to be two iron- clad security systems. That enabled Mr. Kerviel to figure out exactly when inspections were about to occur on his trades. To prevent fake trades from being detected, he would delete them just as a check was about to be performed, and then re-enter them once the inspection was complete.

Deleting his fake trades should have tripped another security alarm. But because the trades were deleted for only a few moments, the siren failed to sound.

The rapid evolution of trading systems also has made it more difficult for human oversight to be effective, said David Graves, who spent 30 years managing the back-office operations in banks and exchanges including Citigroup Inc. and Drexel Burnham Lambert.

A decade ago, a day's trades would typically be listed on one report, because at the end of a trading day accounts were balanced between banks through clearing houses, which would confirm both sides of the trade. Now trades are done in real time and are balanced against the clearinghouse almost immediately. As a result, trades move within so-called computer tables throughout the day. Anybody who knows when those tables will be checked, as Mr. Kerviel did, can move their trades to a different table.

And because there is no final table of a day's trade, it is harder to spot rogue trades. It is the equivalent of continually moving cash around various bank accounts to satisfy overdraft requirements.

As trading systems have grown in complexity, management oversight hasn't kept pace, according to many experts. Often, the designers of such trading systems don't sufficiently explain to managers how to read trading reports, said Chris Rexworthy, an expert in regulation and systems and controls at London-based IMS Consulting.

Another problem: While financial institutions have become voracious technology consumers, a relatively small chunk of that spending is related to risk management. Risk management ranked ninth in a list of information-technology spending priorities at banks in a December analysis by consulting firm Celent.

While Societe Generale has beefed up back-office teams in recent years as its derivatives business expanded, the bulk of additional resources were added to sections of the trading desk handling more complex products, according to several employees of the bank.

And fancy control systems are still only as good as the people who operate them. "There is an old saying: If you had to choose between an outstanding risk system and an outstanding risk manager, you would always take the outstanding risk manager," said Mark Rodrigues, global head of the strategic information technology and operations practice at Oliver Wyman.

个人工具
名字空间

变换
操作
导航
工具
推荐网站
工具箱