Times of crisis or uncertainty often provide a fertile breeding ground for fraudulent trading.
It is no secret that nervous traders can make mistakes and having incurred losses they
sometimes take larger risks to try to recover these shortfalls - only to end up losing even
more money. In this scenario, these traders then become fraudsters to cover their own
tracks. If this sounds a little far-fetched and like a passage from a Hollywood script, then
you'd be correct. Except these Hollywood films, such as "Rogue Trader", are based on
This report is written in light of the rogue trader incident at Allied Irish Bank that was
announced earlier last month. The aim is not so much to investigate the actual incident
but to reflect the opinions of the banking community on the following issues:
Why is this still happening?
Why have the lessons not been learnt?
Who is to blame?
What can banks do to protect themselves against rogue traders in the future?
Most importantly, this report offers a list of the top ten preventive measures that banks
should consider implementing in order to avert rogue traders within their institutions. This
list was compiled on the basis of first-hand suggestions from a wide range of financial
professionals, including risk managers, traders and independent consultants.
Gallery of rogue traders
Ever since the spring of 2001, when the "hi-tech boom" came to an end, the financial
markets have demonstrated an alarming volatility. Losing money, it seems, keeps getting
easier. In fact, some pessimists are already predicting that the “investment banking
bubble” will soon burst in the same manner as the “dot.com bubble” did a few years ago.
This is an unsettled time and as one of the market analysts stated "there are rogue waves
in the world’s financial seas." So, what do banks expect from their risk managers and front
office supervisors during such times? An answer to this question arose in a casual
discussion between Lepus and a risk manger, who laconically answered: “No surprises”.
This shrewd remark gains added sarcastic connotations in the light of the most recent
“rogue trader” incident in the Allied Irish Bank (AIB).
We start this report by highlighting the three biggest occurrences of this kind in recent
times and also outline the chronology of rogue traders over the last decade. The first
name on our list of Rogue Traders is the man behind the latest scandal.
AIB’s US subsidiary, Allfirst Financial, is currently at the centre of an international fraud
investigation, after it was revealed that John Rusnak defrauded the bank of $750m by
generating fictitious foreign exchange transactions.
Although the exact details of the fraud are yet to be released, it is believed that irregular
trading activities had been taking place in AIB for about a year and involved a very large
amount of trades. Rusnak executed a large number of transactions that involved buying
and selling Japanese Yen and US Dollars. He appeared to offset the risk involved in these
deals by taking out options contracts. This is a standard practice amongst currency
traders and provides “insurance” in case markets move in a way not anticipated in the
previous FX transactions.
Allegedly, Rusnak built up big bets that the Yen would strengthen against the Dollar.
Instead, as the graph below shows, it has significantly weakened in the past 12 months.
The losses were quite significant, but they would have been offset by profits from the
options deals. However, as it was discovered by AIB deplorably late, the options were
never purchased. What happened was that the purchase orders were entered into the
bank’s system “artificially”. That is, it was made to appear as if options contracts had been
bought when, in fact, they had not.
Although the general mechanism of the fraud is clear, the investigation still has to clarify
the precise sequence of events and discover whether there was any collusion, if any
individuals personally profited from the fraud and why the internal controls failed. It has
already been confirmed that AIB will not go bankrupt as a result of this fraud, as it is a
retail bank with sufficient capital to cover the incurred losses. However, over the past
decade there have been only two other cases that have caused losses on such a similar
The most famous “rogue trader” to date is Nick Leeson who caused the collapse of
Barings Bank under debts totalling $1.3 billion in 1995. Leeson was involved in
unauthorised futures and options trading on the Singapore International Monetary
Exchange and the Osaka Securities Exchange. He used a special account, bearing the
number 88888 to conceal his losses. This elaborate deception was made possible due to
the fact that as a cost-cutting measure Leeson operated both as a front-office trader and
as a back-office settlement manager.
Suspicions were first aroused in 1994 when Baring's external auditors questioned the
credit from Spear, Leeds & Kellogg, a New York City-based securities trader, offsetting
Leeson's losses. Leeson forged faxes from Spear Leeds & Kellogg, Citibank and one of
his superiors in London reassured the auditors that the money was paid to Barings. The
forged proof was accepted.
Leeson kept up the charade for more than two years while pulling in over $1 million in
wages and bonuses. In 1993, he got an extra $195,000 for his exceptional performance
and was on track to be rewarded a further $689,000 for 1994. Underneath this generous
remuneration, Leeson's losses were secretly escalating. He bet heavily on Tokyo's Nikkei
stock index at the beginning of 1995. He bought and held on to Nikkei futures even after
the January earthquake in Kobe. Over three months he bought more than 20,000 futures
contracts worth about $180,000 each in a vain attempt to move the market. Some three
quarters of the $1.3 billion that Leeson lost resulted from these trades. When it became
impossible to conceal his fraud anymore, Leeson fled. Once caught, he was sentenced to
six-and-half years in prison. Unable to cover the losses, Barings was sold to the Dutch
bank ING - now called INGBarings.
Even greater than this was the £1.8bn loss that the Japanese Conglomerate Sumitomo
incurred due to Yasuo Hamanaka's unauthorised trading over a 10-year period.
Hamanaka was apparently known as Mr. Five Percent because he and his team
controlled at least that share of the world copper market. Hamanaka was given unusual
autonomy within the Sumitomo organisation and this lack of oversight allegedly allowed
him to keep two sets of trading books, one reportedly showing big profits for Sumitomo in
the buying and selling of copper and copper futures and options, and a secret account
that recorded a dismal tale of billion-dollar losses.
Because Yasuo Hamanaka produced huge profits (at least on paper) he was not rotated
into other jobs as most Sumitomo executives were. His books showed that his division
had cash reserves far greater than they actually were and no one dared to look too
closely at his transactions. Finally, it was the pressure of an internal investigation that led
Hamanaka to bow to the inevitable and confess. He revealed to his corporate bosses that
he had been conducting unauthorised trades for the past 10 years in a vain attempt to
cover up snowballing losses. He was sentenced for 8 years.
Other rogue traders
Unsurprisingly, "rogue traders" attract an amount of media attention that is almost in direct
proportion to the amounts of money involved. This is why almost everyone is familiar with
the three infamous incidents outlined above. However, not everybody understands the
extent and frequency of similar frauds, most of which lack publicity only due to smaller
size of the incurred losses. In fact, if we look at the past decade, every year was marked
by at least one or more "rogue trader" incidents. A chronology of trading frauds appears to
be almost uninterrupted until 2002.
Michael Milken, the head of bond operations at US Drexel Burnham Lambert, was
sentenced to 10 years for securities fraud. Drexel filed for bankruptcy after paying $650m
(£458m) in fines.
Allied Lyons Plc (now called Allied Domecq Plc) lost £150m in FX dealing.
Indian banks and brokers were accused of colluding to siphon $1.3bn from the inter-bank
securities market to fuel a boom on the Bombay stock exchange.
German industrial group Metallgesellschaft suffered huge losses on derivatives, forcing
creditors to mount a $2.2bn rescue.
Chile Copper Corp (Codelco), the world's largest copper producer, lost $175m through
one trader's unauthorised activities.
Wall Street broker Kidder Peabody fired its government trading desk boss, Joseph Jett,
after it uncovered a scheme that created phantom trades, resulting in a one-time charge
of $210m after tax.
Orange County, California, was declared bankrupt after investment losses of $1.6bn from
its derivative-heavy investment portfolio.
Barings Bank collapsed under debts totalling $1.3 billion as a result of Nick Leeson’s
Japan's fifth largest bank Daiwa suffered a $1.1bn loss from unauthorised bond trading by
Toshihide Iguchi, one of its US executives. Whenever he lost money as a government
bond trader, he allegedly pulled and sold bonds from Daiwa's own accounts or those of its
customers, and then forged documents to make trades appear as if they are authorised.
During the period of 11 years Iguchi made astronomical 30,000 transactions while trying
to cover his losses. As a result, Daiwa US was closed and the trader was sentenced to
NatWest incurred losses totalling to £90.5m after trader Kyriacos Papouis and his then-
boss Neil Dodgson concealed trading losses by overhauling options positions held on
Common Fund of the United States, which oversees $20bn of funds for educational
institutions, said a rogue trader had caused it to lose about $128m.
The world's biggest copper merchant, Sumitomo, said it lost $1.8bn over 10 years from
unauthorised trades by Yasuo Hamanaka.
Deutsche Morgan Grenfell faced a crisis when it emerged that Peter Young had
breached rules at its UK fund management arm. It cost Deutsche around £400m in
compensation to investors.
Credit Suisse admitted to losses of $10m from unauthorised options trades. An equity
options trader quit the firm as a result.
Griffin, a Chicago-based commodity futures firm, collapsed after London trader John Ho
Park allegedly lost $10m trading in German Bond futures on Eurex, forcing Griffin's
closure in December.
US Chase Manhattan saw fourth-quarter trading revenues cut by $60m because a
currency trader inflated his profits for over a year. The trader was fired.
Canadian TransCanada Pipelines announced a $49m loss from unauthorised trading by a
staff member at its former natural gas trading subsidiary Pan-Alberta Gas
EOTT Energy Partners LP, a US energy group, lost $6.2m to unauthorised trading and
theft by a former employee.
Commodities broker Peter Leonard brought down the Muirpace group after costing it
£32m in trading losses.
American investment bank Merrill Lynch fired two senior executives for failing to supervise
a currency dealer who diverted profits to favoured clients, leaving the bank facing a £7m
Allied Irish Bank incurred losses of $750m on the foreign exchange markets as a result of
John Rusnak's unauthorised foreign exchange transactions.
The list seems to be endless and this has become of increasing concern to a wide scope
of people, including customers/investors, the whole investment banking community and,
of course, regulators. Endless questions arise in conjunction with this sadly incessant
chronology of trading frauds, such as "Why is this still happening?" "Why lessons have not
been learnt?" and "What preventive measures should banks implement?" In order to find
answers to some of these questions, Lepus decided to interview a broad range of
financial professionals, including traders and risk managers (both from the buy-side and
sell-side) as well as independent consultants. This report is the accumulation of first-hand
opinions on the questions raised above.
Why does this still happen?
Every time a new rogue trader is caught, the whole banking community raises their
eyebrows and wonders why these incidents are still happening. Both senior bank
management and regulators are desperately trying to foresee and avert new trading
frauds and yet their efforts have largely seemed to be in vain. From this it is clear that
some factors that contribute towards a rogue trader’s success can be eliminated but
others are inherent to the industry and will unfortunately remain. Although there is an
element of fatalism in this statement, understanding the reasons why rogue traders still
succeed is the first step on the journey to preventing these fraudsters.
Increased complexity of financial firms and traded instruments
The first of many reasons why rogue traders remain undiscovered for so long is
the increased complexity of the current financial marketplace. Following the
recent trend, many investment banks have merged into even larger global
institutions. They are now trading astronomical volumes with multiple
counterparties. Every trader is involved in a complex chain of contacts with
clients, which makes it very hard for a supervisor to control everything that is
happening on the trading floor.
Further complications are caused by the increased complexity of trading
instruments. All of the famous rogue traders (probably excluding Daiwa's
incident) were dealing with exotic products whose price is difficult to determine.
On numerous occasions supervisors failed to understand the complex
instruments used by the traders and left them free to manipulate their trades in
the way they wished.
Insufficient risk management and internal controls
Another pressure that financial firms are currently experiencing is cost-efficiency.
Greater competition and increased market volatility drive banks to cut the
business costs. The discrepancies of this approach are particularly noticeable
where smaller and often overseas branches are involved.
As has been noticed by a number of analysts, most of the rogue trader frauds
happened in remote subsidiaries far away from the head offices. This exposes
one of the main weaknesses that probably most of global banks share - their
inability to conduct the effective supervision of foreign subsidiaries. The internal
controls are normally set up very efficiently in the head offices, where 95% of the
team and resources are concentrated. However, this situation can be quite the
reverse in offshore locations, where supervision is based on bureaucratic rather
than genuine controls.
Inefficient risk management and internal controls
Apart from their insufficiency, internal controls often prove to be inefficient too.
This may be due to the incompetence of individual supervisors, however the
whole process of controls may fail if there is not enough collaboration between
the different parties involved in risk management and trade supervision. An
independent operational risk consultant that we spoke to suggested that the
main reason why banks still fail to detect and disable rogue traders is that risk
management does not operate holistically in most of banks. Typically several
parties are involved in managing operational risk. For instance, a financial
manager would value risk with the help of financial formulas, whereas an
operational risk manager is more likely to identify potential threats, which a
finance manager would not necessarily see. In some banks risk and financial
groups are not allowed to communicate at all. Hence, information is not
integrated and is not used appropriately.
Even the most efficient internal controls may be disabled by collusion between
traders and supervisors. One of the classic loopholes that used to allow rogue
traders to conceal their frauds is that they were authorised to perform both front
and back office functions. After Nick Leeson's incident most banks have ensured
that the two operations are independent from each other. However, this does not
rule out the possibility of collusion between the employees of the bank
performing each of the now separate functions. This is not the only area where
collusion may occur. Senior managers are often reluctant to disclose to the
authorities and/or regulators an incident of trading fraud. In order to evade the
responsibility and also to save the reputation of their financial firm, they cover up
the rogue trader. This can be viewed as a milder type of collusion, which
nonetheless is just as dangerous, as this gives the rogue trader time and
resources to increase the damage to the institution.
All the deficiencies of the current system named above have the potential to be
fixed in the future. Yet, one of our interviewees from the buy-side sector claimed
that there is a constant hazard imbedded in the investment-banking model.
Investment bank traders do not have a concept of ownership. This is commonly
referred to as “agency problem”, which makes the whole organisation inefficient.
Hedge funds (private investment limited partnerships) on the other hand, have
clear shareholders. The general partner that started the hedge fund performs all
the trading activity. Irrational trading behaviour is very unlikely in such business
model. This has been recognised by many traders in the City. In fact, many of
the most successful traders are moving into hedge funds whereas investment
banks will always remain inefficient in terms of operational risk. It was also
suggested that in the future only the worst traders will remain in investment
Why have not lessons been learnt?
Once we have admitted to ourselves that rogue traders are still a reality and a problem,
the logical question that follows is why have the lessons from some of the aforementioned
examples not been learnt? Nick Leeson, the rogue trader himself, criticised the financial
industry for failing to learn the lessons from his fraud and failing to prevent a new dealing
scandal. He said: “I find it exceptionally frightening because I know how basic the checks
were that should have been done to catch me. If they haven’t been put in place, I think
that is shocking. It is not a great advertisement either for the bank or the banking industry
as a whole.”
But have the lessons really not been learnt at all? The diversity of answers we received is
quite startling. Most top-tier banks and regulators believe that the lessons have been
learnt, whereas independent consultants and smaller banks are less optimistic in their
judgements. The truth probably lies somewhere in-between.
Lessons have been learnt but to a different extent by different institutions
Larger top-tier banks claim that the lessons have been learnt. Budgets have
been allocated, more sophisticated risk management systems have been
implemented and controls have been tightened after the Barings’ collapse.
There is, of course, slightly more uncertainty with smaller financial firms. One of
our interviewees suggested that a lack of resources has contributed to weaker
operational risk controls in the mid and lower tier banks.
Specific lessons have been learnt, yet new loopholes appear all the time
The specific lessons from Nick Leeson have been learnt. After the Barings
collapse, teams of banking and compliance experts released detailed
instructions about how to prevent another such rogue trader. The
recommendations were acted upon and in the UK, the FSA, Bank of England
and clearing banks all collaborated in their attempts to raise the standards of
internal controls and compliance. As a result banks are generally better
capitalised, which makes them less likely to collapse in case of future rogue
trader strikes. Furthermore, most of the UK banks have insured that their front
and back office operations are carried out independently from each other. This
way traders do not have the full authority of both trading and settlement, which
makes it harder to forge trades.
Although the specific lessons have been learnt, new loopholes in the system
seem to appear all the time. The sophistication of trader frauds increases
together with the development of operational risk-management systems.
Professor Ray Kinsella, of the Graduate School of Business at University College
Dublin explained: “The market is always changing in terms of products,
complexity and vulnerability to fraud within, and supervision from outside. The
bottom line is internal controls are always playing catch-up.”
The result of this “risk cycle” is that the whole mechanism becomes increasingly
complex. This, however, helps the rogue traders, who "abuse" the current
complexity of trading operations, systems and controls. Risk managers, on the
other hand, become the victims, as the increased complexity leads to more
loopholes and an upward spiral of surprise events.
Having said this, we are by no means trying to excuse those who failed to stop
Rusnak. The point we are trying to make is that it is necessary to accept the
incomplete nature of any particular risk-management paradigm. Besides, as one
of the risk managers commented, we do not live in a perfect world and this kind
of thing will always happen. It is embedded in human nature to make mistakes.
Sometimes a series of mistakes line up and a serious disaster occurs. Nobody
has the power to completely eliminate this kind of possibility but measures can
be taken to reduce the ease and hence frequency of such incidents. Therefore, it
is more important to concentrate on understanding risk and communicating it.
Many of our interviewees believe that this process has already been underway
since the Barings collapse.
Could the regulators have done more?
Most banks of the banks we spoke to do not think that the regulators should be blamed for
rogue trader incidents. The truth of the matter is that the regulators cannot stop rogue
traders from trying to fool banks’ internal controls. Their function in handling rogue traders
is to come in when the incident has already happened, investigate the matter and issue
recommendations to avoid the same problems in the future. This has been done with
certain success in the past.
The only interviewee that claimed regulators could have done more, suggested that they
should have introduced minimum risk management standards for every branch
independent of its size and volume of trades. This would have prevented AIB from having
such diminutive risk controls in their Allfirst branch. This is a valid point, as the issue of
insufficient controls in the overseas branches had already been raised in relation to Nick
Leeson’s case. However, this new regulation never materialised.
More importantly, several banks agreed on the fact that the real responsibility of the
regulators is to ensure the integrity of the system. This is why they would be to blame if
they overreacted to the AIB rogue trader incident and started to needlessly intervene in
the banks’ internal business. The main requirement from the regulators in times like this is
to keep the balance right between being proactive and yet not disruptive.
The area that does deserve regulators’ attention in the light of the recent events is the
high leverage of some first-tier investment banks. For instance, JP Morgan, has $700
billion in assets and only $12 billion in real deposits. If a rogue trader strikes, highly
leveraged banks are more vulnerable and may collapse thus destabilising the whole
marketplace. This is why it is absolutely essential to reduce the balance sheets of such
banks in order to diminish the risk of bankruptcy in case of trading failures.
If a large investment bank files for bankruptcy, this can affect the whole financial market.
In the past, regulators could mitigate the effect of such bankruptcies by negotiating a
merger or a takeover. These days, as a senior operational risk manager suggested, the
market is much more business-driven. A bank would not agree to take over an insolvent
financial firm unless they are offered a very good deal. Regulators would not be able to
significantly influence their decision.
Hence, in order to facilitate financial market stability regulators should look at the
possibilities of providing the global view of the market and register the most dangerous
trades. Financial firms should be able to see prices across all the corporate structure.
Traditionally, people concentrate on equity evaluation but it is important to understand that
equity is the most inert part of the corporate structure and that the evaluation of debt is
just as important, if not more so.
What should be done?
In the light of the recently re-ignited discussions about why rogue traders still exist, Lepus
has come up with a list of key measures that banks should take in order to hinder trading
frauds in the future. Make no mistake; this will never stop the fraudster or the determined
rogue trader due to the reasons that we outlined in the section above. However, the
solutions we suggest can make the objectives of rogue traders very difficult to achieve. In
order to identify these measures, we spoke to a wide range of risk managers, front office
traders and independent consultants. Having aggregated the results of our inquiries, our
suggestions are as follows:
1. Reassign responsibilities
All banks should have a clear distribution of responsibilities for a potential trading fraud.
This issue has already been addressed by FSA in the UK. It issued a regulation by which
all the senior managers should share responsibility for such incidents. There is still a lot of
debate around this directive.
The motives behind it are quite obvious. Most bankers would agree that their present
senior management tend to lack professional knowledge and understanding of the
everyday front office activities. The introduction of shared responsibility might encourage
senior managers to put more understanding into the operational processes. This will also
help them to implement the necessary controls at all levels of the institution.
Although most banks assess this directive as generally positive, there are still some
concerns associated with it. One of our interviewees explained that this directive can be
easily exploited and innocent people may be charged. In extreme circumstances,
regulators may take an aggressive stance, “show their teeth” and severely punish
managers who are only indirectly involved in the incident. Besides, as another risk
manager suggested, he is only responsible for a small segment of the bank’s operations,
yet shares responsibility for the overall enterprise.
Responsibility should ultimately be shared among all the parties involved, including both
supervisors and traders. The proactive attitude towards risk management and fraud
control should be driven from the top of the organisation down to the bottom of the
hierarchy and all levels of employees should be empowered with the authority to prevent
fraud. Clear lines of responsibility and accountability must be established. Senior
Management must be the role models for every employee.
2. Improve your basic risk management standards
Although the importance of risk management seems to be clear to everyone, this still
often remains an unresolved issue in smaller (and commonly overseas) bank branches.
Allfirst appears not to have realised that it was taking on proprietary trading risk. This was
the case with Barings, whose senior managers believed that their Singapore trading
operations were merely “arbitrage” – carefully hedged and virtually risk-free.
Such inadequacies of risk management may stem from the fact that it can still be viewed
as extra expenditure. Banks are reluctant to overspend on something that does not
directly bring in money. However, without well-thought-out and vigorously defended risk
management systems, institutions take unnecessary risks and are gambling. Field
Marshall Erwin Rommell crystallised "risk" wonderfully when he said: "...a risk is a chance
you take; if it fails you can recover. A gamble is a chance taken; if it fails, recovery is
Quite simply, it is vital that any risk management decisions are based on expert
information. Management must understand the exposures that their institution faces at all
levels and locations, the extent of these exposures and, most importantly, how these
exposures are protected. Expert information is the key to successful risk management.
In the last five years, most banks have started using VaR as their risk assessment model.
Before this, risk managers used to rely on daily limits for every trader. VaR is undoubtedly
a more advanced technique as it provides an absolute level of risk. The daily limits model
revolves around P&L and is less sophisticated - hence some banks have dropped it
entirely and retained only VaR. However, as one of the interviewed risk managers noted,
VaR takes 24 to 48 hours to be calculated and consequently does not support intraday
controls. Therefore, some risk managers still believe that in order to facilitate total control,
both of the risk assessment models should be used.
So, while different banks might still disagree about the techniques of risk assessment,
they seem to have reached a consensus about the importance of risk management. After
the Russian and Asian crises, there has been an increasing trend to view risk
management as a revenue enhancement tool. More and more bank managers are now
thinking in terms of risk adjusted returns and prepared to spend more money on leading
edge risk management systems.
3. Reassess your internal controls
Without exception, the most essential measure mentioned by all our interviewees was the
tightening of internal controls. Banks should reassess their current supervisory systems
and introduce further policies that would help to prevent irregular trading activities.
In fact, some banks have already instigated extra reviews of their risk controls since AIB
called in the FBI to investigate John Rusnak’s case. Barclays said: “AIB has and should
act as a wake up call for the controls and checks we have in place. We’ve reviewed ours
and we are satisfied with what we’ve seen”.
In order to reassess their internal controls, banks need to ask themselves the following
What checks and controls should be in place?
First and foremost, it is absolutely essential to ensure that all the controls are carried out
with due diligence, thoroughness and independence. If any of these conditions fail, the
whole point of having controls disappears. Furthermore, all the controls should be routine,
i.e. they should be carried out on a regular basis and without fail.
Most banks have already devised their complex systems of controls. These normally
involve several parties and encompass a series of procedures.
All trading supervisors should have separate clearing and operational duties.
This has become a categorical requirement since the Barings incident. Nick
Leeson succeeded in concealing his fraud because he was involved both in
trading and settlement. By separating the back office operations from the front
office trading, supervisors have a better chance of spotting the fraud. Trading
sheets should be checked and signed-off daily.
Checks of trades against confirmations
In order to prevent forgery, checks of individual trades against counterparty
confirmations are absolutely essential. When a trade is put into the front office
system, a new entry automatically appears in the back office system. The back
office system generates a confirmation call automatically or sends a request to
the trader. After this, the confirmation call is sent to the client. However,
problems often arise as clients do not always respond to the confirmation calls.
In this case traders should make a verbal contact with clients. If this fails too, risk
managers should be notified. They can try to negotiate with clients and if they
are still reluctant to confirm trades, risk managers should decide on whether their
bank should trade with them at all.
Quite unfortunately, some banks do not have this routine check in place, thus
having to rely on traders' honesty, which does not work all the time. As one risk
manager suggested, in this time of cost control bank managers seem to forget
that there are some things you cannot cut corners on. Confirmation checks
cannot and should not be circumvented.
The easiest way to check whether this routine is in place in a bank is to ask a
trader how many unresolved confirmations they currently have and how old the
latest confirmation is. Only very few traders would be able to answer these
Credit and Trading Limits Controls
Credit and trading limits should be issued with diligence and monitored with due
attention. It is essential to consistently check whether traders keep within these
limits. Quite naturally, traders should not be discouraged to take risks as this is
how big profits can be made. However, if traders exceed their limits, this risk
becomes unjustifiable and dangerous for the whole organisation. This should be
prevented and the traders at fault should be punished.
The standard check is the matching of P&L with the credit limits of every
individual trader. This can help to expose any forged trades and stop rogue
traders before the damage to the bank becomes too serious.
Cash flow control
Cash should be considered as one of the ultimate safeguards for banks. It is
relatively easy for a trader to conceal a loss-making trade on paper by faking the
records or forging another position that hedges it. It is much harder to get the
cash to pay the counterparty. Therefore, no matter what the paper records or the
bank’s trading book say, the bank’s treasury should detect irregular trading
activities from the cash outflow and unusual cash requests from traders. This
method, however, is not perfectly efficient all the time, as some rogue traders
might have a fairly steady level of trading and their cash calls would not
necessarily stand out immediately. Yet, sooner or later the rogue trader will be
unable to get sufficient cash and give himself or herself away.
Banks should have internal structures in place that help to avoid collusion.
Several measures could be implemented in this area. Traditional
"whistleblowers" are one way of handling this problem and the introduction of
score-cards for supervisors is another one. Independent supervisors can also be
delegated from the Board. In fact, one of our interviewees suggested that the
Board should be an independent body in the manner of the Senate with risk
management reporting directly to it. This, of course, is a bit of a hyperbole, as the
Board normally does and should consist of people who are directly involved in
the bank’s day-to-day operations. Hence, we can only speak about the Board’s
relative independence. This can be achieved in a number of ways. Firstly, it
would be a good idea to have an odd number of members so that there is more
chance of a clear decision. Secondly, the Board should comprise a head of every
business unit balanced out by a risk representative. Operational, financial, risk
and legal sides all have to be represented on the Board. The opposing opinions
should counterbalance each other and the independence of arrangements can
Counterparty controls can prove to be very efficient, due to the fact that they are
independent and are performed by traders, who have a very good knowledge of
Counterparty controls have already become common practice in some
investment banks. One of our interviewees recounted an incident that happened
to him as early as 1994. He was managing risk for a mortgage company and
their normal volume of trades was within $10 -20m range. When the bond market
went down, they dramatically increased their trade volumes to $50 -70m. This
irregularity was immediately spotted by a Goldman Sach’s trader (the bank which
allegedly stopped trading with Rusnak several months before the fraud was
revealed), who phoned the mortgage company risk manager and informed him
about the unusually large trade. In some cases banks specifically request their
counterparties to control their trading activities.
Checking cash trades offset with paper gains
As has become clear, many rogue traders were offsetting their losses in cash
markets with paper gains on other holdings. Hence, banks should be more
vigilant to such scenarios and pay special attention to similar cases within their
How meticulous should the checks be?
Even the most general monitoring of individual traders can prove to be fairly effective. As
one of the witnesses of the Barings’ collapse commented, it did look suspicious that one
trader was making money consistently throughout such a long period of time. It is
common knowledge that a trader cannot win all the time and a realistic rating of a good
trader is 75% success. So, just by monitoring the irregularities of trading activities, and
particularly those that look too good, it is possible to detect fraud. In fact, many bank
managers believe that this approach of supervision is very efficient, as it allows them to
pass over many complexities and yet still detect potential problems.
Detailed checks of balance sheets are just as important and should be undertaken by
professional auditors who know the industry well and understand all the intricacies of the
particular bank (its operations, organisational structure, etc.) There has been a lot of
publicity recently around the poor standards of auditing in this country and this is definitely
one area in which the situation might be improved.
How often should the checks be carried out?
Another issue to be considered is how often checks should be carried out. This should
depend on the size and idiosyncrasies of individual financial firms. For second and third-
tier banks with smaller volumes of trades, batch-based checks at the close of business
might be sufficient. For larger banks intraday checks are probably necessary, as money
losses can escalate dramatically within one trading day. The ideal scenario, of course, is
constant supervision on a deal by deal basis.
In the long-term, a possible solution to preventing rogue traders would be a real-time
settlement that allows for more efficient capital lines. If banks could achieve T+O model
with pure electronic cash and instant delivery, it would be very transparent who has
capital and supervisory functions would be significantly simplified.
Who should supervise and carry out checks?
As was rightly stated by one of our interviewees, the main control is
unquestionably staff with long and relevant experience. Supervisors should
understand all the peculiarities of the front office operations but unfortunately
this is not often the case. This has been pointed out by several interviewees
and thus seems to be a particular cause of concern. Similar comments
appeared in the press recently. David Liddell said: “Part of the problem for
senior management at global banks is they frequently have to control people
who have a more detailed knowledge of the trading and control systems.”
Banks should address this problem immediately in order to avoid further
Banks should have a multi-layered hierarchy of supervisors. Supervisors on
the trading desks are normally overseen by a Head of Capital Market Group
(or a similar position). Most of them have separate clearing and operational
Risk managers should undoubtedly be involved in controls and supervision.
Several of our interviewees actually suggested that risk managers should be
on the front floor in direct contact with traders.
However, the extent of their involvement is a very sensitive issue. Risk
managers should not intrude too much into the front office domain, as this
would distort their “supporting” function. Traders should be allowed to take
risks as long as they are within the prescribed limits. Therefore, the
responsibility of risk managers can be more precisely described as “policing”
trading, i.e. detecting where the prescribed limits have been flouted and
identifying the supervisors who failed to detect these problems on the trading
Quite often the back office gets the blame if a rogue trader’s fraud has been
overlooked. However, as was suggested by one of the independent
consultants, traders should share this responsibility too. According to the
current practice, traders do not want to get involved unless there is a
possibility of making money. Supervision is very unlikely to bring them any
profit. If anything, it can make them unpopular and deprive them of much
valued contacts and friendships. Traders do bend the rules occasionally and
may be aware of their colleagues doing the same thing. Attracting the
attention of supervisors to their colleague’s misconduct is not going to benefit
traders. If anything, it can negatively affect them, it might attract unwanted
attention towards their own activities. The bottom line is that the ethics of
traders are not driven by high morals but by the possibilities for material
gains. Hence, some traders would even consider turning a profit out of the
rogue trader activities. If there is no such possibility, many would just turn a
blind eye to what is happening and save their time and energy for more
However, this mentality is somewhat myopic as it only makes sense if short-
term gains are prioritised to the detriment of the long-term effects. Even from
a purely selfish point of view, if a bank loses a lot of money through fraud,
the traders’ bonuses may be cut.
Attempting to change the traders’ mentality is a very difficult task. One of the
ways of doing so is to introduce the rule of “joint responsibility” and the
“score-card approach” which exposes how individual traders participate in
reviewing others. This would incentivise traders to become part of the team,
rather than isolated individuals judged solely on their performance and the
profit they bring to the bank. It is believed that in order to operate efficiently,
the back-, middle- and front office should operate as a team.
Counterparties should recognise their responsibility of external control over
their peer traders. The quality of risk management systems can vary from
bank to bank and if one bank’s systems fail, other banks can raise the alarm.
As it has been publicly announced, Goldman Sachs had refused to trade with
John Rusnak several months before the fraud was officially announced.
Lepus asked our interviewees to comment on this peculiar detail. The fact
that the risk managers from Goldman Sachs managed to detect the problem
certainly gives credit to them. How they knew is still to be unveiled. Our
interviewees had several guesses, any of which could be potentially true.
Rusnak might have put one of his forged trades as Goldman Sachs' and the
confirmation bounced. Another possibility is that traders from Goldman
Sachs knew that Rusnak was betting against the trend for a long time and
started wondering why he was doing this.
Counterparty traders can also detect an irregular trading activity if the size of
trades of an individual trader rises dramatically - as happened with Nick
Leeson. This, however, does not seem to be true in Rusnak’s case, as he did
not make larger trades but instead increased the number of trades. This is
virtually impossible for counterparties to detect.
No matter what it was that indicated to Goldman Sachs that Rusnak was a
rogue trader, the real issue here is that if they did consider him dangerous
enough to stop trading with him, why did they not inform the rest of the
banking community. This, we believe, should become a common practice
and all banks should adhere to it.
Internal auditors from the finance group should closely cooperate with risk
managers in order to effectively trace inconsistencies that might indicate a
trading fraud (also see REAL approach).
External auditors have repeatedly proven to be the weakest link in the chain
of controls. They often fail to carry out comprehensive audits due to the lack
of specialised knowledge of individual banks and their operations. Yet, this is
no excuse and the "big five" may need to raise the standards of their
performance in the investment banking sector.
With all fairness, however, we need to admit that in AIB’s case, their external
auditors Price Waterhouse Coopers were not to be blamed and the banks
officially admitted this fact.
What are the supervisory tools?
As aforementioned, the best supervisory tool is undoubtedly qualified staff with extensive
experience and knowledge of the industry. However, in recent years an increasing
number of functions have been delegated to technology. Can supervisory controls be one
Many banks are already relying on their systems to spot rogue traders. Some of them
have also purchased operational risk management systems that have the capability of
measuring operational risk and computing how much capital should be put aside for
operational risk purposes.
Some more intrusive technology has recently appeared in the market that allows banks to
have direct control over their traders. For instance, Autonomy has come up with the
solution that can automatically recognise the content of various sources, including e-
mails, faxes and even telephone conversations and aggregate all the retrieved
information. If used as an anti-rogue trader tool, this technology has the capability of
“spying” on traders and spotting their irregular activities.
Although potentially quite efficient, this technology raises some ethical issues. Quite
justifiably it can be viewed as breach of privacy unacceptable in any institution, including
investment banks. Autonomy itself refuses to be drawn on this issue and their
representative told Lepus that they are only providing the technology and it is up to banks
to choose whether to buy and implement it. As far as Lepus is aware, no banks are
currently using Autonomy technology for the purposes of catching rogue traders, yet,
nobody knows what future holds.
4. Consider holistic risk management approach
As has been suggested earlier, the internal controls of a bank may fail if risk and finance
managers do not communicate with each other. A possible solution to this problem is the
“REAL” approach, which stands for “Risk Enterprise and Accounting Logic”. It is based on
accounting consistent with economic evaluation of business. If the two parties come up
with different sums, the discrepancies should be detected and investigated. It is very
important to understand that this integration of risk and financial authority should not be
bureaucratic in nature. Instead it should be a “power relationship” between financial
directors and risk managers, targeted towards eliminating managerial loopholes that allow
rogue traders to thrive.
5. Escalate processes
Banks need to ensure that all the procedures in the front, middle and back office are
managed efficiently. One of the interviewees gave Lepus a very vivid example of how
sluggish processes can affect the efficiency of controls. The back office of this
interviewee’s bank is supposed to process 12 to 14 contracts a day. However, this is
hardly ever the case, as many contracts are slowed down by lawyers. As a result, some of
them are five years old. If contracts are not processed efficiently, it is easy to lose track of
individual trades and this makes spotting problems virtually impossible.
The escalation of processes is even more important when control weaknesses are found
or a fraud is detected. Management must act decisively and quickly. Major reputation
damage occurs where situations are not found out for a long period of time. Banks should
be seen to take action and make any risk management statement clear, practical and
6. Reassess your remuneration policies
Traditionally, large bonuses have been the main incentive for improving the performance
of traders. Indeed, performance-based remuneration is a very strong tool that helps to
increase the productivity of traders. However, many frauds have been triggered by this
desire to increase bonuses. This is why it is absolutely essential for banks not to pay the
whole of the bonus upfront. This way, traders would not be able to walk away with the
money, leaving a financial mess behind them. Some banks have already implemented the
policy of paying of some of the bonus amount in company shares. This measure could
help banks to increase the feeling of ownership and belonging among their employees.
Another remuneration problem that banks have traditionally had is the discrepancy of
salaries between the front and the back office staff. The reasons for this are quite obvious.
Traders bring actual profits to the bank, hence they are generously remunerated. Risk
managers secure losses. This is only indirectly reflected in the bank’s balance sheet.
This salary gap is believed to be damaging the collaboration between risk managers and
traders. The salaries should be made more equal in order to close the gap between the
front office and the risk managers. The latter would have a greater incentive and authority
to police traders and increase the security of the bank’s operations.
7. Listen to regulators
It may seem like a pretty obvious thing to state but banks must not ignore regulators. In
the wake of major banking scandals, regulatory bodies around the world have come under
criticism - some of it fair and some of it not so fair. The end result however, has been a
toughening of attitudes and a determination to deliver a better product.
The increased regulatory attention might seem too intrusive and aggressive to some of
the banks. However, banks need to attempt to collaborate with regulators, who should not
be perceived only as watchdogs but also as associates.
8. Protect yourself against Insolvency
In order to protect themselves against rogue traders, banks should not only implement the
preventive measures, but also carefully consider a recovery plan. Bank managers should
understand that despite the very best controls, audits and procedures, operational failures
can and will still happen. Therefore, banks need to have sufficient financial support to
offset these losses. Two main practices exist for these purposes.
Operational Risk Capital Allocation
In its latest version, the New Basel Accord prescribes a capital charge for
operational risk. Once the document is finalised and passed, it will be a
mandatory requirement that all banks should allocate a certain amount of capital
in order to offset losses in case of operational failures. While this document is
still provisional, it is probably a good idea for financial firms to already comply
with this requirement.
Rogue Trader Insurance
Insurance is an external source of funds that can protect banks against the
financial and reputational damage caused by rogue traders. Unfortunately, banks
tend to think about insurance only after a disaster has struck. Shortly after the
AIB incident, a listed Lloyd’s of London syndicate SVB - the key player in the
“rogue trader” insurance market - said that only about 30 banks had taken out
their rogue insurance since it was launched in 1997. However, they received
eight inquiries from banks about their policies in the week after the incident.
SVB’s policy provides coverage for a loss sustained as a result of trading which
has been concealed by the trader or falsely recorded in the institution’s records.
The coverage extends to commitments in excess of permitted limits, trading in
unauthorised instruments, and trading with unapproved counterparties.
Premiums depend on the organisation’s size and track record as well as on
which asset classes and locations it trades, and its trading volumes. Policies
generally cover the client for over $100 million worth of losses, typically paying
out above $10 million.
Another market leader in rogue trader insurance is Swiss Re New Markets. Its
cover is broader and includes protection against unauthorised trading,
employment liability practices, professional indemnity and electronic computer
crime. The policies typically pay out after losses of $50 million to $100 million.
9. Consider outsourcing
An interesting proposition has come from one of our buy-side interviewees. He suggested
that for some investment banks it might be sensible to outsource their trading altogether.
This is hardly an unexplored avenue, as some financial institutions have already started
outsourcing their trading function. Salomon Brothers, after its merger with Citigroup,
“outsourced” its proprietary trading to a hedge fund style operation. This was done in
order to avoid the same operational incidents as the firm incurred prior to the merger.
Another example is the Bank of China, which has an agreement with a US hedge fund on
treasury management outsourcing. If this is good enough for a global bank with $170
billion in assets, this option should be seriously considered.
10. Understand the psychology of your traders
This solution is not for everyone, as not all the financial employees believe in the forces of
psychology to resolve the problem of rogue traders. However, it is useful to remember
that rogue traders are primarily driven by their human weaknesses. Managers should
understand the psychological inclinations of a rogue trader and foresee his/her actions.
Three main factors should be considered according to Emma Soane, research officer and
occupational psychologist at the London Business School. These are dispositions,
experiences and the trading environment.
Dispositions (i.e. inborn personality traits) help define whether someone is a risk taker or
not. In particular, greed and fear are key drivers of behaviour in the competitive and
stressful trading world. Greed leads to a focus on big wins. Fear concentrates the mind on
averting loss. Each results in problems for the organisation and in potentially big threats to
A good example of this theory in practice is that some financial firms, such as
HypoVereinsbank, use trading simulators to test the dispositions of their potential
employees. By reproducing critical trading environments, banks can check their
applicants’ behaviour under pressure. Some job candidates fall into the trap of cheating in
order to impress their potential employers. The trading simulator detects all the minor
frauds and only the right people get employed.
The second factor to be considered by supervisors is traders’ learning experiences, such
as big gains and losses. They shape traders’ views of themselves and their abilities. This
can lead to misperceptions and superstitious thinking. For instance, traders who do well
may consider themselves skilled or lucky. Those who lose money are more vigilant in
looking for problems with the market or their colleagues.
The trading environment is also important. Management reward systems usually
encourage traders to meet targets by taking a controlled amount of risk, cutting loss-
making positions and repeating winning strategies. Sometimes behaviour deviates from
this pattern. Traders may, for example, set their own agendas and seek or avoid risks
accordingly. Managers need to be aware of the goals traders are pursuing and ensure
appropriate control systems are in place.
Although some trading activities are carried out with clearly criminal intentions, a rogue
trader is not always someone with a relentless desire to make money and a criminal mind.
Indeed, in the right circumstances and with the right incentives, almost anyone could be a
rogue trader. If the problem is to be controlled, managers need to continually monitor
traders’ learning, their experiences of losses and gains, patterns of risk-seeking and risk-
averse behaviour. Misperceptions and inappropriate actions can then be redirected to
ensure the goals of traders and the organisation are aligned.
To conclude, it is important to restate that no banks should ever become complacent
about their internal controls simply because it is impossible to test them against every
possible fraud or other operational failure scenario. The best that banks can do is to
establish a multi-tiered robust system of controls and hope that they will not all fail
simultaneously, which always remains a possibility.
Banks should also continuously reassess and improve their risk management systems. If
the worst happens to an institution and a major fraud is perpetrated, then its reputation
and that of its management can be defended. This can be done if that institution can
visibly demonstrate to the outside world that active risk management systems are working
within the institution. If it can be shown that the institution has done all that is reasonable
to prevent fraud, "prudent man" and "business judgement" rules could be brought to the
defence. If it cannot do so, the institution leaves itself at the mercy of regulators, press
and counterparty banks that will be quick to attack and criticise it.
This report has highlighted the most noteworthy of rogue traders, examined their
chronology over the past decade and put forward several ways that may help banks to
protect themselves against this type of fraud. If even some of these methods can be
adopted across the industry then the hope is that Hollywood may have to look wider for its
next "Wall Street drama" script.
In addition to the Research Report Lepus has a number of other practice areas. These
Competitive Market Research
We have undertaken a number of projects recently where we have been asked to carry
competitive market research. This has typically been where a bank has developed a new
strategy/plan in an existing or new business area. The objective tends to be two fold -
firstly to see how the banks strategy compares to the market and if different why, and the
second to help justify the proposed spend/budget.
IT Cost Reduction
In today’s markets banks are looking at how they can achieve their goals and at the same
time reduce their IT Expenditures. Lepus can help in a number of areas including:
Optimisation of the Organisational Structure – central versus distributed
Project Reviews – optimisation of the plan and people
Optimisation of resources – looking at the usage of permanent vs. contractors
vs. near sourcing vs. far sourcing vs. outsourcing vs. consultancy
Given the current pressures on banks, this provides a very fast return on any investment
System Evaluation and Implementation
Many banks are having to look at the moment on making big decisions on future
generation of systems. It is not simply a case of buy vs. build anymore. Banks are having
to look at a number of different options including:
Licensing an off the shelf solution
Using a component based financial toolkit
Implementing an Application Framework which has all the common services
Adapting and evolving the present system
Building from scratch
Lepus has relationships with over 150 major and upcoming software vendors in all the
major areas covering front, middle, back office, risk and other corporate systems. Our
experience covers all asset classes including Treasury (FX/MMkt), Fixed Income, Credit,
Derivatives, Equities (Cash/Exchange/OTC Derivatives) and Commodities. We are able to
perform a fast evaluation (within 4 to 6 weeks or less) in a cost effective manner. We are
also able to implement these systems quickly and reliably.
E-Commerce Development Experience
We have a number of experienced development teams (comprising of over 50
experienced development people) who have undertaken a number of projects including:
Internet Based Retail Debt Trading
Internet Based Capital Market Trading System
Front-end Credit Risk
Equities Exchange (ECN)
Emerging Markets Trading Desk
Risk Exposure System
Real-Time Data Aggregation
Our team has experience in development of applications and infrastructure using I-Mode,
GPRS, 3G technologies, as well as Digital TV.
Our teams have experience in setting these areas up from scratch, handling business
expansion, and re-engineering of the system environment, including system
evaluation/design and implementation.
We have capabilities in the following areas:
Implementation of full STP Solutions
Redevelopment of banks architecture for OO/Java based STP implementation
General architecture re-engineering using leading edge technologies
Lepus has added new capability in the infrastructure area for the design and
implementation of Windows 2000. Our team has recently designed and implemented the
first full Windows 2000 installation (in a major Investment Bank) in Europe, and is
available to help you as needed whether in design, review, implementation or roll out
Our team has extensive experience in optimising business processes to maximise the
effect of CRM, as well as system evaluation and implementation
E-Commerce Help Desk
We have recently completed an extensive study of Help Desks being used to support E-
Commerce focused environments. We have the ability to carry out evaluation and
implementation of business processes and systems.
Our teams have experience in setting these areas up from scratch, handling business
expansion, and re-engineering of the system environment, including system
evaluation/design and implementation.
Lepus can provide a full review of current risk policies looking at how the current risk
infrastructure compares to current industry practice, and what changes will have to be
made with the upcoming BIS proposals.
Lepus has undertaken a number of selections in this area, and has also got the capability
of developing highly parallel real time web based risk systems. One of our particular areas
of specialisation is what system changes you will need to make with the upcoming BIS
Lepus can review the Operational Risk policy of your bank, breaking it down into 2 areas
– Operations (Production) and Operational (Strategic) Risk. We can look at how to
monitor and reduce Operations Risk and the different options available with how to handle
Web Site Development
Besides the electronic trading capability mentioned above, Lepus has also undertaken the
development of the overall look and feel of banks web sites - the 'marketing' side of the
Lepus has undertaken the review of a number of business plans including ASP's. We
have also set up relationships with a number of key suppliers to offer a complete ASP
Lepus has undertaken a number of studies in this area and has undertaken a number of
studies in Operations and Operational Risk
For further information, please contact Lepus at:
5 St John's Lane
Phone: 020 7250 4792
Fax: 020 7251 4648