Forget complex computer software, psychological testing or even morality: Rogue traders can strike anytime, anywhere.

/Home/Rogue Trader's Hall of Fame/List of trading losses over $100 million

Rogue traders can strike anytime, anywhere

By Jim Finkle ReutersPublished: January 30, 2008


BOSTON: Forget complex computer software, psychological testing or even morality: Rogue traders can strike anytime, anywhere.

"All of the things that make a great trader make a great fraudster, too," said Mark Rasch, a specialist with FTI Consulting who previously ran the U.S. Justice Department's computer crimes unit.

Even the regulator who helped calm U.S. financial markets after the terrorist attacks of Sept. 11, 2001, worries about the terror that a lone trader might wreak on the world's biggest banks and securities companies.

"There are no foolproof systems," said Harvey Pitt, who was chairman of the U.S. Securities and Exchange Commission in 2001 and 2002. "You always worry about the possibility of rogue traders."

There is reason to worry: Bankers, regulators and investors are shocked at how a midlevel employee's unauthorized stock trading led to a loss of €4.82 billion, or $7.1 billion, at French bank Société Générale and sent European markets into a temporary tailspin.

It is impossible to root out all potential troublemakers, say former regulators and risk management consultants. But banks can take preventive steps. These include regular reviews of credit files and other easily accessible reports, such as real estate purchases or even divorce papers.

"It ought to include a whole variety of checks, even if somebody has passed whatever kinds of reviews," Pitt said.

Many frauds require constant attention by the perpetrators so they can maintain the appearance that nothing unusual is going on. That is why the banks with the best controls require employees to take one or two full weeks off per year where they have no contact with the office. Auditors have a chance of identifying long-term fraud if the perpetrator is not around to cover it up. The Société Générale trader, Jérôme Kerviel, hardly took any time off.

There are also measures that do not work. Many experts agree that these include psychological testing, because rogue traders often share a mathematical genius with brilliant money makers, and the tests can be overly intrusive and demoralizing.

It is impossible to identify the very best criminals because they are so good at hiding what they do, said Louise Borke, a former State Street risk management executive who now teaches banks how to spot fraud.

Also, given the right circumstances, 9 out of 10 employees might commit fraud at some point in their careers, Borke said. Factors that raise the chances include pressure to succeed on the job, financial problems, and gambling and drug addictions.

"The same person might be at risk for fraud in different environments and at different times in their lives," Borke added.

If routine reviews turn up red flags, the bank can follow up with whatever measure seems appropriate: from more thorough trading oversight to a full investigation.

Full-scale inquiries cost more than $100,000, so they are reserved for cases where it is almost certain that something is wrong. That is when computer experts are called in to examine the suspect's personal computer and Blackberry, looking for evidence.

"If you want to survive, you better make sure you are trying to stay at least one step ahead of the bad guys," Pitt said.

As the details emerge in the Société Générale fraud, many banks will check their systems for weaknesses.

They have to act quickly because perpetrators learn from others' mistakes. The wires light up with more people trying to emulate what has happened, said Sandeep Vishnu, managing director of enterprise risk management at BearingPoint, a consulting firm.

Banks should also thoroughly review computer systems designed to identify unusual trading. These may need to be recalibrated to make them more sensitive to unusual behavior.

The system may also be vulnerable to abuse by insiders who know how they work. Kerviel, for example, worked in the bank's back office before becoming a trader, giving him knowledge of the computer systems used to audit his trading.

One options trader at a New York bank who has a background similar to Kerviel said he knew of employees who did not lose access to computers used to audit trades, even after moving to trading floors from the back office.

Even when stripped of those credentials, it can be easy to hack into supposedly secure computer systems.

"I could probably do it," he added, speaking on the condition of anonymity.

Those are the loopholes that many banks are desperately trying to find and plug. They spend millions of dollars on risk management systems - and the computer systems to use them - to identify potential fraud.
They mostly do it on their own, with advice from a select group of consultants, to make it tougher for outsiders to learn about their operations. They also consider risk management part of the secret potion that gives them an edge over rivals.

"There will be people who say: 'We have confidence in our controls. That happened there and not to us,' " Vishnu said. "In our mind, they are the more naïve performers."