SG moves on from Kerviel

jean-pierre-mustier-2011

Two months after revealing a catastrophic loss of EUR4.9 billion on January 24, attributed to the actions of rogue trader Jerome Kerviel, Société Générale (SG) finally has something to cheer about. In the days and weeks following the losses, rumours swirled around the market that SG would become a takeover target, with archrival BNP Paribas emerging as a leading contender. On March 19, BNP Paribas declared it was no longer considering a tie-up with SG, adding that the conditions that would have allowed it to realise shareholder value had not been met.

This means that, rather than having to repel a hostile bid, SG can focus all its efforts on rectifying some of the weaknesses in risk management controls and processes identified in an internal audit published on February 20, as well as by the Ministry of the Economy, Finance and Employment on February 4.

Much of this work is already under way, says Jean-Pierre Mustier, chief executive of Société Générale Corporate and Investment Banking (SG CIB), speaking exclusively to Risk in March. "All processes can always be improved, and we have changed the systems that allowed the trader to bypass some of the controls," he says. "One of the key issues was the risk limits we had on these desks were not designed to prevent a fraud - market risk limits are designed to manage the risk rather than detect a fraud. So we have changed some of the risk limits, as well as incorporated a control aspect."

The internal report alleges that Kerviel was able to rack up huge directional trades on the Dow Jones Eurostoxx 50, Dax and FTSE 100 indexes totalling EUR49 billion by January 18, concealing his exposures by putting on fictitious offsetting trades. The audit claims Kerviel would enter into false trades with counterparties that did not require confirmation or would cancel the transactions before confirmation was due, replacing them with new, fictitious trades - often in different product types, managed by different parts of the operations department.

Specifically, Kerviel purchased or sold securities or warrants with deferred start dates, meaning he had plenty of breathing room before the trades were meant to be confirmed. Another technique was to enter into futures transactions with counterparties described as pending - meaning full details of the counterparty were not entered into the trading system. Kerviel also entered into forwards with internal counterparties within the SG group, which did not require margin payments.

The lack of controls in these areas was acknowledged by SG in its internal report: "No control exists over cancelled or modified transactions or over transactions with a deferred start date, or over transactions with technical counterparties, or over positions with a high nominal, or over non-transactional flows during a given month - all analyses that would probably have allowed the fraud to be identified."

Many of these shortcomings are being addressed. For those trades conducted with internal counterparties, the reconciliation will now be done daily - a step that should close the loophole, Mustier says. Transactions may still be entered into the trading system as pending - it is part of the day-to-day life of the business, says Mustier - but consistency checks will be introduced. "It could be the frequency of pending counterparts on one book, the nominal involved, the cancellation of pending transactions - you need to look for patterns," he adds.

The monitoring of cancelled trades is slightly trickier - on any single day, thousands of transactions can be cancelled. This can occur if additional information on the counterparty is added or if the terms of the trade are modified. As a result, it is impossible to check every single cancelled transaction, says Mustier. Instead, the bank is refining its processes to look for patterns within the cancellations. "You have to first select filters that are going to choose a certain number of transactions that might show a pattern. It could be in terms of nominal, it could be in terms of market risk. We do a few hundred thousand trades a day on the equity derivatives side, so the filters have to be very specific. If you have too many alerts every day, you would not check anything thoroughly," he notes.

One of the major criticisms by the Ministry of the Economy, Finance and Employment and the French banking regulator, Commission Bancaire, was a failure by the bank to monitor nominal outstanding positions - meaning Kerviel was able to build up gargantuan exposures, while the market risk system, which measured net positions, showed zero risk due to the fictitious offsetting trades. This, too, is being changed.

"We always look at nominal exposure, but in terms of our market risk sensitivity, it was done on a net sensitivity rather than gross. The sensitivity was basically zero because he was hiding his transactions from a risk point of view," Mustier explains. "We have now made changes to this specific business, and make gross as well as net checks on the various positions by instrument."

Despite the failings in controls, a number of alerts were triggered internally, either to the operations department, the accounting and financial affairs division, group risk management or the front-office support desks within global equity derivatives, suggesting the fraud could have been identified much earlier. SG concedes that operational staff did not systematically check some of the alerts beyond what was required by procedures, and in some cases, did not inform senior management. The fact the operations department was split by product also meant alerts may have been sent to different parts of the business, with little co-ordination between them.

"Our back office is organised in silos, by product. Alerts were raised, and each time the trader agreed to cancel his transaction. But he was putting it in another product that was controlled by another part of the back office," explains Mustier. "So, we have put in place certain controls that allow for consolidation of alerts across our back offices."

The bank is also strengthening IT security - a task that has become more urgent with the revelation that Kerviel was apparently able to hack into trading and control systems using colleagues' passwords. "We are speeding up the plan we had to strengthen our IT security systems," says Mustier. "We have increased the level of protection on some sensitive applications and are moving from a password system towards a stronger level of protection, like biometric protection."

These improvements to processes and systems will not come cheap - Mustier reckons it could reach EUR50 million. The bank doesn't intend to significantly increase the number of people in the back office, but it will set up an internal fraud group of around 20 people. "They will look at the processes and test the systems to see if they can resist fraud," Mustier explains.

There's still plenty to do - and that's just internally. The bank must also convince customers to trade with it and repair its battered reputation. Mustier acknowledges there is likely to be some impact on its customer business - specifically among distributors of retail structured products, which may be unwilling to sell an SG-branded product.

"Before we closed our capital issue, some clients said 'we would rather wait to see how your capital-raising is going before we fully resume activities with you'. The capital issue has closed successfully and clients have resumed working with us," he notes. "The limited impact we could have is with those counterparties selling into retail networks in some countries."

He claims the impact on the bank's profit and loss is likely to be limited - although more work is needed to assuage the concerns of some clients over the coming year: "It will probably take a bit more effort to bring new clients to SG because they will basically start with a question. So that is what we have to measure and work on. Within the next year, that should be completely gone."

While the scale of the losses has shocked the industry and elicited criticism from regulators over the control processes within the bank, SG has been widely praised by rival bankers for the level of transparency in its disclosures. Mustier says this was vital in rebuilding confidence. "We have been very transparent about everything that has happened, in terms of facts as well as measures we are taking. It is only by being completely transparent that you can bring back confidence and people can see you are not hiding anything."

SG's EUR5.5 billion capital-raising in February was another attempt to restore confidence, Mustier says: "We could have operated with the tier-one capital we were operating with post-fraud, but we were willing to move quickly to restore client confidence and put things behind us. The fraud was an important event for us and we have changed things within the group - we want to adapt and strengthen our organisation, our procedures, the way we work and our culture. But we feel we have all it takes to remain independent and keep growing our businesses."

Read Risk.net's archive content whenever you want -- join our site licence community today!

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Investment banks: the future of risk control

This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here