Far too familiar

Fraud or rogue trading - call it what you will - has a habit of rearing its ugly head on an all-too-frequent basis. Think Barings, Allied Irish Bank and National Australia Bank (NAB). Now, Societe Generale (SG) has revealed that a trader racked up a EUR4.9 billion loss taking directional bets on European equity indexes.

Details so far are sketchy, but the information released by the bank suggests the trader was able to build up massive speculative positions, which he hid by entering fictitious trades into the system. It is too early to speculate on exactly what went wrong, but it certainly suggests massive failures in the bank's risk management systems and controls. Some serious questions need to be answered. For a start, the margin required by the exchange clearing houses on a EUR50 billion exposure would have been huge. Why did this not ring alarm bells?

The bank has stated the fictitious over-the-counter trades did not require margin calls or immediate confirmation, meaning it was unable to spot the discrepancy. But surely fictitious trades should have been caught at some point in the confirmation process? It is a well-known fact that banks have been struggling with confirmation backlogs in equity derivatives - and regulators have repeatedly warned about the dangers this can pose. Was SG's front office simply growing too fast for its middle and back office?

All banks will now look closely at their own control processes and attempt to plug any holes. But we've been here before. In fact, the recent incident is eerily similar to the A$360 million losses revealed by NAB in 2004. Then, a group of traders were able to enter fictitious forex options trades into the bank's systems, exploiting weaknesses in back-office controls. Even then, the traders regularly breached value-at-risk limits, but the VAR figures were dismissed as unreliable by the fraudsters' supervisor and the problem was never brought to the attention of senior management (Asia Risk April 2004, pages 9-12).

No bank is ever completely insulated from fraud, and no risk management system is completely foolproof. Nonetheless, banks need to take a close look at what can be learned from the latest failure. And this means going beyond just reviewing existing policies and procedures to look for similar loopholes. A bank may have the most sophisticated systems in the world, but if the data isn't interpreted correctly, if there aren't enough staff to do the legwork, or if the results are not taken seriously, it matters not a jot. Do banks need to put more emphasis on risk management, to the detriment of profit? Should banks alter compensation structures to avoid traders taking too much risk to bolster bonuses?

It is easy to get carried away and bolt down the risk-taking hatches, but SG isn't a one-off - it's happened before and it will happen again. To avoid even more catastrophic losses occurring in future, banks may need to have to think out of the box and take some unpopular decisions.

- Nick Sawyer, Editor.