CINXE.COM

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"[]> <html xmlns="http://www.w3.org/1999/xhtml"> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("http://www.garp.org/risk-news-and-resources/2010/june--/breaking-down-the-biggest-trading-fraud-in-the-history-of-banking.aspx?altTemplate=PrintStory","20150217000538","https://web.archive.org/","web","/_static/", "1424131538"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" />  <style type="text/css"> div, body, p, span, h5, h4 {margin:0; padding:0;} .print {width: 780px; margin:32px 0 0 20px; font:11pt Arial; line-height:20px;} .print p {margin-bottom:10px; } .print h4 {border-bottom:1px solid #ccc; color:#021C35; font:bold 16px Georgia; padding:0 0 3px;} .print h5 {color:#727272; font:11px Arial; margin-bottom:20px;} .print span {color:#444; font:14px Arial;} </style> </head> <body onload="window.print(); window.close();"> <div class="print"> <form method="post" action="breaking-down-the-biggest-trading-fraud-in-the-history-of-banking.aspx?altTemplate=PrintStory" id="form1"> <div class="aspNetHidden"> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MWRkVzsUztPJ38EXJCXJ9HOo8Exf2519rWfwpVEy/uOalRk="/> </div> <h4>Breaking Down the Biggest Trading Fraud in the History of Banking<br/> <span>In 2008, Société Générale suffered huge losses resulting from fraud allegedly perpetrated by Jérôme Kerviel, a single rogue trader. How did he get away with it, what internal controls did he bypass, and what risk management lessons has this taught us?</span></h4> <h5>2010-06-07T15:43:00, by Sebastian Fritz-Morgenthal and Hagen Rafeld </h5> <p>On January 24, 2008, Société Générale, one of the oldest banks in France, announced that it suffered a severe loss of approximately €4.9 billion caused by exceptional fraudulent trading activities. A single trader by the name of Jérôme Kerviel was allegedly responsible for all of the fraud, which reduced the bank's net income from €5.9 billion to €1 billion for the financial year of 2007. Making matters even worse, as a result of the huge reputational damage inflicted by the discovered fraud, Société Générale lost €12.2 billion in market capitalization during January 2008.</p> <p>The bank published an explanatory note about the fraud on January 27, 2008, and initiated the forming of a special committee composed of independent directors. Subsequently (on January 30, 2008), it hired auditor PricewaterhouseCoopers (PwC) to support its fraud examination.</p> <p>In February 2008, regulators got into the act when the Financial Markets Authority opened an inquiry into Société Générale's financial reporting (as well as the market for SocGen shares since December 31, 2006). What's more, due to the magnitude of the incident, Christine Lagarde -- France's Minister of Economy, Finance and Employment - presented a report on the fraud to the French Prime Minister.</p> <p>Soon after the discovery of the fraud, Société Générale described the caught fraudster, Kerviel, as a rogue trader and computer whiz-kid who worked his trades without the bank's authorization. In response, Kerviel told investigators that his trading practices were widespread in investment banking, and argued that management typically turns a blind eye as long as profit is made.</p> <p>At the time, in January 2008, Kerviel, just 31, was suspected to be responsible for perpetrating the biggest trading fraud in the history of banking, totaling almost €5 billion (or $7.2 billion). This even exceeds malfeasance committed by Nick Leeson at Bearings Bank in Singapore -- the first person ever to be labeled a "rogue trader" -- by a factor of five.</p> <p>Within a few days of the first report of the fraud, a Wikipedia article described Kerviel's career in detail, and he was virtually hunted by journalists and bloggers alike. In addition, a photo was first published in a blog post from the Financial Times, and his curriculum vitae has been published on several news sites.</p> <h6>The Path to Fraud</h6> <p>Kerviel joined Société Générale in August 2000. Like Leeson, Kerviel got his start "behind the scenes" at Société Générale, gaining valuable experience in different back-office units -- including departments that were responsible for trader support and control. Consequently, he had a very good understanding of Société Générale's processing and control procedures (and measures) of market operations.</p> <p>In 2005, Kerviel joined the so-called "Delta One" team as a junior trader in Société Générale's Corporate and Investment Banking department (SG CIB). In this role, he (along with his colleagues) was responsible for arbitrage trading of financial instruments on European stock markets. The arbitrage business normally comprises purchasing a portfolio of financial instruments ("A") and selling at the same time a portfolio of financial instruments ("B") with similar characteristics, but at a slightly different price. These differences in underlying prices are very small and exist only temporarily, which leads to large amounts of operations comprising very high nominal values to generate earnings. Due to the similar characteristics of the traded financial instruments, they nearly offset each other (i.e., they generate only a small volume of market risk).</p> <p>In contrast, Kerviel's alleged trading fraud was based on taking massive unauthorized directional positions on equities, over-the-counter (OTC) options, futures, forwards and forward-rate agreements traded on regulated markets. To hide these unauthorized positions, Kerviel used various fictitious transactions, with deferred start dates as well as pending (internal group) counterparties, concealing the residual market risk of his portfolio.</p> <p>As we have mentioned, Kerviel allegedly orchestrated a series of bogus transactions that spiraled out of control amid turbulent markets during 2007 and early 2008. But how, exactly, did he orchestrate the fraudulent trades? His concealment techniques can be clustered into three main categories. Below, we identify these categories and break them down by modus operandi, controls bypassed and volume of transactions:</p> <p><em>1. Recording fictitious trades, canceling positions and latent earnings generated by fraudulent positions.</em></p> <ul> <li><strong>Modus Operandi:</strong> Kerviel entered one or several false transactions into the system so that they would be taken into account in risk and valuation calculations. He defined the parameters of these transactions so that they covered the fraudulent positions actually taken elsewhere. All transactions combined three characteristics: (1) a significant offset (i.e., a value date considerably later than the transaction date, which - in accordance with market practice - are not confirmed until a few days before the transaction date); (2) a cancellation before the value date; and (3) the use of internal counterparties within Société Générale or small scale external counterparties, with cancellation before the value date in all cases.</li> <li><strong>Control(s) bypassed:</strong> (A) No settlement or delivery due to the cancellation of the transactions; (B) No confirmation until five days before the value date for transactions with a deferred value date; (C) No confirmation for internal transactions, as these are reviewed in the context of intra-group transactions; and (D) No margin calls with small counterparties that do not have any collateralization agreements (only limits or "independent amount").</li> <li><strong>Volume:</strong> 947 transactions of this type were detected by the General Inspection Department. ;;</li> </ul> <p><em>2. Recording pairs of fictitious transactions matching each other on the inverse.</em></p> <ul> <li><strong>Modus Operandi:</strong> Kerviel entered pairs of fictitious reverse transactions (purchase/sale) concerning equal quantities of the same underlying asset for different "off-market" prices in order to conceal the realized earnings without creating a directional position (the balance being zero), executed with the same three characteristics mentioned in the fist category.</li> <li><strong>Control(s) bypassed:</strong> In addition to all of the aforementioned bypassed controls, there was no control over prices for transactions carried out with external counterparties. (Kerviel conducted several forward-rate agreements with an external counterparty at an off-market price.)</li> <li><strong>Volume:</strong> 115 transactions of this type were detected by the General Inspection Department.</li> </ul> <p><em>3. Recording intra-month provision ("flux pro") flows.</em></p> <ul> <li><strong>Modus Operandi:</strong> Kerviel used the option -- in principal reserved for trading assistants (but without any technical protection preventing access by traders) -- to correct modeling bias and to enter positive or negative provisions, modifying the value calculated by the front-office system.</li> <li><strong>Control(s) bypassed:</strong> Because of his back-office experience (gained from 2000 to 2005), Kerviel was aware of the fact that the provisions were only monitored at the end of the month, and he therefore cancelled them before the control took place.</li> <li><strong>Volume:</strong> Nine transactions of this type were detected by the General Inspection Department. The biggest, entered on January 10, 2008, amounted to €1.486 billion, which nearly matches his total earnings of ca. €1.5 billion by December 31, 2007.</li> </ul> <p>In July 2005, Kerviel started his unauthorized trading activities, building up a significant directional position on Allianz shares valuing ca. €10 million. Around this time, the trader conducted the first fictitious transactions in order to disguise unauthorized positions and earnings.</p> <p>In 2006, Kerviel continued taking directional positions on shares, reaching a total amount of €140 million in August 2006. On January 24, 2007, his short positions on DAX futures were around €850 million, reaching €2.6 billion at the end of February and €5.6 billion in March. On July 19, 2007, Kerviel reached a first peak on DAX futures of €30 billion, before the position was unwound and rebuilt (starting in Sept. 20007).</p> <p>By December 31, 2007, total profits of €1.5 billion were realized, as Kerviel unwound his positions on DAX and EUROSTOXX futures completely during the November 7 - December 31, 2007 period. In mid-January 2008, the trader again constituted a long position on index futures valuing €49 billion.</p> <p>That position was discovered on January 20, and unwound in a controlled fashion between January 21 and January 23, 2008. (On Jan. 21, to respect the integrity of the markets, Société Générale ensured not to exceed around 8% of volumes traded on the relevant future indices -- i.e., 7.8% on the DAX and 8.1% on the EUROSTOXX future indices -- leading to losses of €6.4 billion.) Taking into account €1.5 billion profit recorded at the end of 2007, Kerviel's trading activities resulted in a total loss of €4.9 billion.</p> <p>The following chart shows the official (as well as unofficial) profit and loss from Kerviel, from February 2007 through January 2008.</p> <h6>The Forensic Approach</h6> <p>Based on the issued summary report from Société Générale, we can see that the perpetrated fraud was facilitated, and its detection by Kerviel's hierarchy was delayed (from July 2005 until mid-January 2008), by enormous weaknesses in the supervision of the trader and in the bank's controls over market activities.</p> <p>As we have discussed previously, the trader's maneuvers, skills and abilities allowed him to bypass already existing back-office controls at Société Générale. Kerviel also managed to vary his activities sufficiently to reduce the number of contacts where he would deal with the same back-office control agent -- another fine example of his efficient and diverse concealment techniques  In one report, SocGen identified the following findings from its diagnosis of its deficient internal control system:</p> <ul> <li>Fragmentation of controls between several units, with an insufficient precise division of tasks, lack of systematic centralization of reports and lack of feedback to the appropriate hierarchical level.</li> <li>Priority given to the correct execution of trades, which appears to be the primary concern of back and middle offices, in the absence of adequate sensitivity to fraud risks.</li> <li>Insufficient level of responsiveness for the implementation of the corrective actions identified as necessary by internal audit bodies.</li> <li>A lack of certain controls liable to identify the fraudulent mechanisms, such as the control of the positions' nominal value or of the transactions used by the perpetrator of the fraud in order to conceal his positions.</li> </ul> <p>According to the special investigation by the external auditor PricewaterhouseCoopers, many shortcomings were apparent throughout Société Générale's entire operations processing chain - i.e., transaction initiation, transaction recording and monitoring of transactions limits and reconciliation. PricewaterhouseCoopers' examination highlighted the following weaknesses of the bank's internal control system: (1) a mismatch between the resources allocated to support and control functions and the level of front-office activities; (2) a lack of seniority diminished the effectiveness of the backand middle-office teams; (3) information systems were unable to keep pace with the growing complexity of the general trading environment, and did not process transactions effectively; and (4) a heavy reliance on manual processing and the workload of operating staff meant that certain existing controls in place were not operating effectively.</p> <p>What's more, there were many early warning signals and red flags that should have led to investigations that would have enabled the bank to detect the trading fraud much earlier than January 20, 2008, according to a report from Société Générale's General Inspection Department.</p> <h6>The Opportunity Seeker</h6> <p>The most well-known and widely applied model to explain fraudulent activities is the so-called Fraud Triangle, which was recently expanded to the Fraud Diamond.</p> <p>The model, which is also applicable to Kerviel's activities, distinguishes between situative risk factors (i.e., opportunity) and personal risk factors (i.e., motive, capability and rationalization) that in all probability lead into a criminal offense (see Figure 2).</p> <p>In this model, the situative risk factors (i.e., opportunity and occupational circumstances around the acting individual(s)) are key; these factors allow the fraud to occur; because of their existence as a suitable target. Hence, the Fraud Diamond serves as prediction model for occupational fraud in case of the existence of weak and porous internal control systems in which the capable individual(s) -- who are driven by strong motivational (material and/or immaterial) crime-supporting traits -- act.</p> <p>The criminological research focusing on situative risk factors derives two types of fraudsters: i.e., the opportunity taker vs. the opportunity seeker. Based on Kerviel's experience in different back-office units at Société Générale, and considering his sophisticated concealment techniques (described earlier), Kerviel can be clearly classified as an opportunity seeker.</p> <p>We have already shown highlights of numerous malfunctions in the internal control system of Société Générale, as well as several indications for early warning signals and red flags. It should be noted that, in total, 74 single alerts were detected ex-post by the General Inspection Department of Société Générale - 39 of which had a direct link to the fraud.</p> <p>(There were also 25 alerts with an indirect link to the fraud and 10 alerts with no established link to the fraud). What's more, adequate structural measures, such as an effective environment of different key risk indicators (KRIs) and key performance indicators (KPIs), could have lead to the early detection of Kerviel's activities. Keeping all of these deficiencies in mind, PricewaterhouseCoopers suggested a variety of improvements for frontoffice controls, middle- and back-office controls, information security and internal control system monitoring.</p> <h6>Regulatory Action and Psychology</h6> <p>In a direct regulatory response to the fraud, in mid-December 2009, the Committee of European Banking Supervisors (CEBS) published a consultation paper on the management of operational risks in market-related activities; this paper featured 17 dedicated principles on governance mechanisms, internal controls and internal reporting systems. Nearly all 17 principles are adopted from direct situative risk factors tied to Kerviel's activities at Société Générale.</p> <p>With regard to personal risk factors, the current discussion about prevention mechanisms against economic crime is unfocused from a criminological perspective. Recently published criminology textbooks present only a selective and limited information basis about the personality of a fraudster, and merely reflect facts based on police-reported economic crime.</p> <p>There may be something to gleem from forensic profiling and from examining the peculiarities of a fraudster's personality However, Gisèle Reynaud, one of Kerviel's former university lectures at Lyon, stated during an interview that Kerviel was simply an average student who "didn't distinguish himself from the others." Kerviel's main motive was definitely greed. This is evident in his unauthorized activities to - at any cost - increase his own bonus, something which is clearly identified as a main trigger for the current financial crisis and expressed in all discussions about compensation models, underlying components and triggering behaviors of bankers.</p> <p>In 1995, Charles Tittle published his Control Balance Theory, which postulates that deviant behavior (e.g., crime) is likely when people are either much more controlled than controlling (control deficit) or much more controlling than controlled (control surplus). In other words, the total amount of control people are subjected to, relative to the control they can exercise, will affect the probability and type of their deviant behavior.</p> <p>This can also be applied to the corporate universe, where Tittle's theorem is not only a reasonable and valid explanation for employee fraud (control deficit) but also for top management fraud (control surplus). A balanced control ratio is decisive for successfully limiting occupational fraud.</p> <h6>Future Actions</h6> <p>Taking into account all of the lessons learned in the Kerviel fraud case, financial institutions should seriously consider the following enhancements:</p> <p><strong>1.</strong> Implementation of minimum control principles, such as (a) independent controls, like independent price verification (ensuring transparency and complete risk adjustment of inter-nal and external prices) and four eyes (or even Six Eyes) control to mitigate collusive actions ("acting in concert"); and (b) control redundancies, which set up the control environment in accordance with robust business continuity strategies, serving as multiple lines of risk defense.</p> <p><strong>2.</strong> Implementation of resilient processes with error tolerances.</p> <p><strong>3.</strong> Implementation of lessons learned processes and foren forensic root cause analysis - i.e. mistakes and near misses (internal as well as external) should be analyzed, lessons learned should be drawn, and process amendments should be evaluated to avoid making the same mistakes in the future.</p> <p><strong>4.</strong> Implementation of a Six Sigma and straight-through processing approach in process optimization.</p> <h6>Parting Thoughts</h6> <p>Société Générale's response to the lessons learned from the perpetrated fraud required the work of nearly 200 persons and represented an investment in excess of €100 million.</p> <p>While that is a significant amount (though low compared to the overall damage) experience shows that such investments are money well spent, because resilient risk management processes help to keep an institution on track, especially in turbulent times.</p> <p>Société Générale (like UBS, Citibank, Merrill Lynch, Lehman Brothers, and others) had to learn it the hard way. Their business models were at least partly efficient when the sea was calm, but apparently not resilient enough to weather a storm in the capital markets.</p> <p>More details on the biggest trading fraud in the history of banking and associated roles and responsibilities will probably be open to the public in June 2010, when legal proceedings against Kerviel will start in France.</p> <p><em>Sebastian Fritz-Morgenthal (PhD) is the Global Head of Group Risk Management and Chief Market Risk Officer of HSH Nordbank in Hamburg. He is also the finance director at Frankfurt School of Finance & Management in Germany. he can be reached at sebastian.g.fritz@gmx.de.</em></p> <p><em>Hagen Rafeld is the assistant vide president of operational risk management at a Frankfurt-based financial institution. Rafeld, who is also an associate member of the Association of Certified Fraud Examiners (ACFE), can be reached at hagen.rafeld@gmx.de.</em></p> </form> </div> </body> </html>