In January 2008, the financial world was disrupted by the world's largest financial fraud case known to date. The famous French bank, Société Générale, recorded a loss of 5 billion euros due to false positions taken by a junior trader, Jérôme Kerviel. To fully appreciate how he did this, it's important to know a bit about his background. Kerviel spend several years in the bank's middle office in the area of equity trading compliance. In that time, he gained an intimate knowledge of the systems used to log and reconcile trading activity. In 2005, Kerviel moved out of the middle office role to become a junior arbitrage trader. One of his tasks was to leverage derivatives to exploit small price discrepancies in the value of stocks across various markets. During this period, the markets became more and more efficient, this task has become a real challenge, making equity arbitrage a low margin and high volume trading practice .
[...] Yes No Compliance officer Consolidated security report Reinstate trading ability Update incident Stability Unstable Stable Simple Complex ORGANIC CENTRALIZED ORGANIC DECENTRALIZED MECHANISTIC CENTRALIZED MECHANISTIC DECENTRALIZED SOCIETE GENERALE BEFORE THE FRAUD SOCIETE GENERALE WITH A REAL TIME SYSTEM Complexity Business, Customers, Users Service Desk Incident Management Release management Customer Relationship Management Security Management Network, Systems, DB and Operations Management Problem Management Change Management Configuration management Service-Level Management Availability Management Capacity Management Financial Management IT Service Continuity Management Service Support Service Delivery Director of IS security for the Group Société Générale Director of IS security inside a division Correspondent about security of information Envision A permanent analysis of risk Correlation of events Frequent change of passwords / biometric authentification Create an internal audit team Initiate Inform the different stakeholders: counterparties, funds investors Diagnose Today: no real standardized controls connection between accounting figures and these given by the middle office expected internal controls no continuous risk control no specific software for the different entities Redesign To refer to the rich picture of the real time monitoring process Reorganize Reorganize the sensitive entities : traders have to be aware of the project scope, [...]
[...] The trading activity is a core business for a bank because it earns a lot of money. A trader is autonomous even if he has to inform about his activity to his managers. He takes direction bets while following his feelings. He has some directives from his managers, but most of the time he is his own manager. There are daily feedbacks: the managers do rapprochement between data entered by the traders and the real daily accounting. If the bank decides the implementation of the real time system, the processes must to be standardized, the manually feedback will be reinforce by automated computer processes. [...]
[...] But, if the bank implemented a financial application logs, bank officials could have been alerted when IT access codes were being executed from workstations other than those assigned to back office personnel. As a front office trader, Kerviel would not have been on the privileged user list, hence his execution of such actions would have been flagged. Created fictitious trading operations within financial portfolios Kerviel did false trading, and by doing so, he made it appear that his trades were properly hedged. [...]
[...] He wanted to succeed in the business, impress his bosses, and to lead them to recognize his financial genius. In fact, he was simply manipulating the bank's IT systems and policies. Hence, how a junior trader could avoid all the internal controls as simply as Jérôme Kerviel has explained? In reply to the massive fraud, Société Générale announced in February that it wanted to reinforce controls and security in its systems. It will free up funds for 50 millions euros for his computer security. The bank wants to implement the following measures: A permanent analysis of risk exposure. [...]
[...] Transformation processes for real time system's implementation In order to develop a real business vision and process objectives, the bank can develop a business process reengineering, which is a “fundamental rethinking and radical redesign of business processes to achieve dramatic improvements in critical, contemporary measures of performance, such as cost, quality, service, and speed”. In this case the critical point will be the security inside trading activity. Société Générale has to rethink globally the process. Today, we can found two statements: AS IS, that corresponds to the present IT/IS architecture TO BE, the goals define after the case Kerviel AS IS statement Until now, globally the business structure of Société Générale looks like this: It is obvious that there are not enough controls and interdependency between service desk/incident management/problem management and the financial one. [...]
Online readingwith our online reader
Content validatedby our reading committee