Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  2. 2. “No Surprises” Introduction Times of crisis or uncertainty often provide a fertile breeding ground for fraudulent trading. It is no secret that nervous traders can make mistakes and having incurred losses they sometimes take larger risks to try to recover these shortfalls - only to end up losing even more money. In this scenario, these traders then become fraudsters to cover their own tracks. If this sounds a little far-fetched and like a passage from a Hollywood script, then you'd be correct. Except these Hollywood films, such as "Rogue Trader", are based on real life. This report is written in light of the rogue trader incident at Allied Irish Bank that was announced earlier last month. The aim is not so much to investigate the actual incident but to reflect the opinions of the banking community on the following issues: Why is this still happening? Why have the lessons not been learnt? Who is to blame? What can banks do to protect themselves against rogue traders in the future? Most importantly, this report offers a list of the top ten preventive measures that banks should consider implementing in order to avert rogue traders within their institutions. This list was compiled on the basis of first-hand suggestions from a wide range of financial professionals, including risk managers, traders and independent consultants. Gallery of rogue traders Ever since the spring of 2001, when the "hi-tech boom" came to an end, the financial markets have demonstrated an alarming volatility. Losing money, it seems, keeps getting easier. In fact, some pessimists are already predicting that the “investment banking bubble” will soon burst in the same manner as the “ bubble” did a few years ago. This is an unsettled time and as one of the market analysts stated "there are rogue waves in the world’s financial seas." So, what do banks expect from their risk managers and front office supervisors during such times? An answer to this question arose in a casual discussion between Lepus and a risk manger, who laconically answered: “No surprises”. This shrewd remark gains added sarcastic connotations in the light of the most recent “rogue trader” incident in the Allied Irish Bank (AIB). We start this report by highlighting the three biggest occurrences of this kind in recent times and also outline the chronology of rogue traders over the last decade. The first name on our list of Rogue Traders is the man behind the latest scandal. 12/05/10 2
  3. 3. John Rusnak AIB’s US subsidiary, Allfirst Financial, is currently at the centre of an international fraud investigation, after it was revealed that John Rusnak defrauded the bank of $750m by generating fictitious foreign exchange transactions. Although the exact details of the fraud are yet to be released, it is believed that irregular trading activities had been taking place in AIB for about a year and involved a very large amount of trades. Rusnak executed a large number of transactions that involved buying and selling Japanese Yen and US Dollars. He appeared to offset the risk involved in these deals by taking out options contracts. This is a standard practice amongst currency traders and provides “insurance” in case markets move in a way not anticipated in the previous FX transactions. Allegedly, Rusnak built up big bets that the Yen would strengthen against the Dollar. Instead, as the graph below shows, it has significantly weakened in the past 12 months. The losses were quite significant, but they would have been offset by profits from the options deals. However, as it was discovered by AIB deplorably late, the options were never purchased. What happened was that the purchase orders were entered into the bank’s system “artificially”. That is, it was made to appear as if options contracts had been bought when, in fact, they had not. Although the general mechanism of the fraud is clear, the investigation still has to clarify the precise sequence of events and discover whether there was any collusion, if any individuals personally profited from the fraud and why the internal controls failed. It has already been confirmed that AIB will not go bankrupt as a result of this fraud, as it is a retail bank with sufficient capital to cover the incurred losses. However, over the past decade there have been only two other cases that have caused losses on such a similar grand scale. Nick Leeson The most famous “rogue trader” to date is Nick Leeson who caused the collapse of Barings Bank under debts totalling $1.3 billion in 1995. Leeson was involved in unauthorised futures and options trading on the Singapore International Monetary Exchange and the Osaka Securities Exchange. He used a special account, bearing the number 88888 to conceal his losses. This elaborate deception was made possible due to 12/05/10 3
  4. 4. the fact that as a cost-cutting measure Leeson operated both as a front-office trader and as a back-office settlement manager. Suspicions were first aroused in 1994 when Baring's external auditors questioned the credit from Spear, Leeds & Kellogg, a New York City-based securities trader, offsetting Leeson's losses. Leeson forged faxes from Spear Leeds & Kellogg, Citibank and one of his superiors in London reassured the auditors that the money was paid to Barings. The forged proof was accepted. Leeson kept up the charade for more than two years while pulling in over $1 million in wages and bonuses. In 1993, he got an extra $195,000 for his exceptional performance and was on track to be rewarded a further $689,000 for 1994. Underneath this generous remuneration, Leeson's losses were secretly escalating. He bet heavily on Tokyo's Nikkei stock index at the beginning of 1995. He bought and held on to Nikkei futures even after the January earthquake in Kobe. Over three months he bought more than 20,000 futures contracts worth about $180,000 each in a vain attempt to move the market. Some three quarters of the $1.3 billion that Leeson lost resulted from these trades. When it became impossible to conceal his fraud anymore, Leeson fled. Once caught, he was sentenced to six-and-half years in prison. Unable to cover the losses, Barings was sold to the Dutch bank ING - now called INGBarings. Yasuo Hamanaka Even greater than this was the £1.8bn loss that the Japanese Conglomerate Sumitomo incurred due to Yasuo Hamanaka's unauthorised trading over a 10-year period. Hamanaka was apparently known as Mr. Five Percent because he and his team controlled at least that share of the world copper market. Hamanaka was given unusual autonomy within the Sumitomo organisation and this lack of oversight allegedly allowed him to keep two sets of trading books, one reportedly showing big profits for Sumitomo in the buying and selling of copper and copper futures and options, and a secret account that recorded a dismal tale of billion-dollar losses. Because Yasuo Hamanaka produced huge profits (at least on paper) he was not rotated into other jobs as most Sumitomo executives were. His books showed that his division had cash reserves far greater than they actually were and no one dared to look too closely at his transactions. Finally, it was the pressure of an internal investigation that led Hamanaka to bow to the inevitable and confess. He revealed to his corporate bosses that he had been conducting unauthorised trades for the past 10 years in a vain attempt to cover up snowballing losses. He was sentenced for 8 years. Other rogue traders Unsurprisingly, "rogue traders" attract an amount of media attention that is almost in direct proportion to the amounts of money involved. This is why almost everyone is familiar with the three infamous incidents outlined above. However, not everybody understands the extent and frequency of similar frauds, most of which lack publicity only due to smaller size of the incurred losses. In fact, if we look at the past decade, every year was marked by at least one or more "rogue trader" incidents. A chronology of trading frauds appears to be almost uninterrupted until 2002. 1990 12/05/10 4
  5. 5. Michael Milken, the head of bond operations at US Drexel Burnham Lambert, was sentenced to 10 years for securities fraud. Drexel filed for bankruptcy after paying $650m (£458m) in fines. 1991 Allied Lyons Plc (now called Allied Domecq Plc) lost £150m in FX dealing. 1992 Indian banks and brokers were accused of colluding to siphon $1.3bn from the inter-bank securities market to fuel a boom on the Bombay stock exchange. 1993 German industrial group Metallgesellschaft suffered huge losses on derivatives, forcing creditors to mount a $2.2bn rescue. 1994 Chile Copper Corp (Codelco), the world's largest copper producer, lost $175m through one trader's unauthorised activities. Wall Street broker Kidder Peabody fired its government trading desk boss, Joseph Jett, after it uncovered a scheme that created phantom trades, resulting in a one-time charge of $210m after tax. Orange County, California, was declared bankrupt after investment losses of $1.6bn from its derivative-heavy investment portfolio. 1995 Barings Bank collapsed under debts totalling $1.3 billion as a result of Nick Leeson’s unauthorised trading. Japan's fifth largest bank Daiwa suffered a $1.1bn loss from unauthorised bond trading by Toshihide Iguchi, one of its US executives. Whenever he lost money as a government bond trader, he allegedly pulled and sold bonds from Daiwa's own accounts or those of its customers, and then forged documents to make trades appear as if they are authorised. During the period of 11 years Iguchi made astronomical 30,000 transactions while trying to cover his losses. As a result, Daiwa US was closed and the trader was sentenced to four years. NatWest incurred losses totalling to £90.5m after trader Kyriacos Papouis and his then- boss Neil Dodgson concealed trading losses by overhauling options positions held on their books. Common Fund of the United States, which oversees $20bn of funds for educational institutions, said a rogue trader had caused it to lose about $128m. 1996 The world's biggest copper merchant, Sumitomo, said it lost $1.8bn over 10 years from unauthorised trades by Yasuo Hamanaka. 12/05/10 5
  6. 6. Deutsche Morgan Grenfell faced a crisis when it emerged that Peter Young had breached rules at its UK fund management arm. It cost Deutsche around £400m in compensation to investors. 1997 Credit Suisse admitted to losses of $10m from unauthorised options trades. An equity options trader quit the firm as a result. 1998 Griffin, a Chicago-based commodity futures firm, collapsed after London trader John Ho Park allegedly lost $10m trading in German Bond futures on Eurex, forcing Griffin's closure in December. 1999 US Chase Manhattan saw fourth-quarter trading revenues cut by $60m because a currency trader inflated his profits for over a year. The trader was fired. 2000 Canadian TransCanada Pipelines announced a $49m loss from unauthorised trading by a staff member at its former natural gas trading subsidiary Pan-Alberta Gas EOTT Energy Partners LP, a US energy group, lost $6.2m to unauthorised trading and theft by a former employee. Commodities broker Peter Leonard brought down the Muirpace group after costing it £32m in trading losses. 2001 American investment bank Merrill Lynch fired two senior executives for failing to supervise a currency dealer who diverted profits to favoured clients, leaving the bank facing a £7m bill. 2002 Allied Irish Bank incurred losses of $750m on the foreign exchange markets as a result of John Rusnak's unauthorised foreign exchange transactions. The list seems to be endless and this has become of increasing concern to a wide scope of people, including customers/investors, the whole investment banking community and, of course, regulators. Endless questions arise in conjunction with this sadly incessant chronology of trading frauds, such as "Why is this still happening?" "Why lessons have not been learnt?" and "What preventive measures should banks implement?" In order to find answers to some of these questions, Lepus decided to interview a broad range of financial professionals, including traders and risk managers (both from the buy-side and sell-side) as well as independent consultants. This report is the accumulation of first-hand opinions on the questions raised above. 12/05/10 6
  7. 7. Why does this still happen? Every time a new rogue trader is caught, the whole banking community raises their eyebrows and wonders why these incidents are still happening. Both senior bank management and regulators are desperately trying to foresee and avert new trading frauds and yet their efforts have largely seemed to be in vain. From this it is clear that some factors that contribute towards a rogue trader’s success can be eliminated but others are inherent to the industry and will unfortunately remain. Although there is an element of fatalism in this statement, understanding the reasons why rogue traders still succeed is the first step on the journey to preventing these fraudsters. Increased complexity of financial firms and traded instruments The first of many reasons why rogue traders remain undiscovered for so long is the increased complexity of the current financial marketplace. Following the recent trend, many investment banks have merged into even larger global institutions. They are now trading astronomical volumes with multiple counterparties. Every trader is involved in a complex chain of contacts with clients, which makes it very hard for a supervisor to control everything that is happening on the trading floor. Further complications are caused by the increased complexity of trading instruments. All of the famous rogue traders (probably excluding Daiwa's incident) were dealing with exotic products whose price is difficult to determine. On numerous occasions supervisors failed to understand the complex instruments used by the traders and left them free to manipulate their trades in the way they wished. Insufficient risk management and internal controls Another pressure that financial firms are currently experiencing is cost-efficiency. Greater competition and increased market volatility drive banks to cut the business costs. The discrepancies of this approach are particularly noticeable where smaller and often overseas branches are involved. As has been noticed by a number of analysts, most of the rogue trader frauds happened in remote subsidiaries far away from the head offices. This exposes one of the main weaknesses that probably most of global banks share - their inability to conduct the effective supervision of foreign subsidiaries. The internal controls are normally set up very efficiently in the head offices, where 95% of the team and resources are concentrated. However, this situation can be quite the reverse in offshore locations, where supervision is based on bureaucratic rather than genuine controls. Inefficient risk management and internal controls Apart from their insufficiency, internal controls often prove to be inefficient too. This may be due to the incompetence of individual supervisors, however the whole process of controls may fail if there is not enough collaboration between the different parties involved in risk management and trade supervision. An independent operational risk consultant that we spoke to suggested that the main reason why banks still fail to detect and disable rogue traders is that risk management does not operate holistically in most of banks. Typically several 12/05/10 7
  8. 8. parties are involved in managing operational risk. For instance, a financial manager would value risk with the help of financial formulas, whereas an operational risk manager is more likely to identify potential threats, which a finance manager would not necessarily see. In some banks risk and financial groups are not allowed to communicate at all. Hence, information is not integrated and is not used appropriately. Collusion Even the most efficient internal controls may be disabled by collusion between traders and supervisors. One of the classic loopholes that used to allow rogue traders to conceal their frauds is that they were authorised to perform both front and back office functions. After Nick Leeson's incident most banks have ensured that the two operations are independent from each other. However, this does not rule out the possibility of collusion between the employees of the bank performing each of the now separate functions. This is not the only area where collusion may occur. Senior managers are often reluctant to disclose to the authorities and/or regulators an incident of trading fraud. In order to evade the responsibility and also to save the reputation of their financial firm, they cover up the rogue trader. This can be viewed as a milder type of collusion, which nonetheless is just as dangerous, as this gives the rogue trader time and resources to increase the damage to the institution. Agency Problem All the deficiencies of the current system named above have the potential to be fixed in the future. Yet, one of our interviewees from the buy-side sector claimed that there is a constant hazard imbedded in the investment-banking model. Investment bank traders do not have a concept of ownership. This is commonly referred to as “agency problem”, which makes the whole organisation inefficient. Hedge funds (private investment limited partnerships) on the other hand, have clear shareholders. The general partner that started the hedge fund performs all the trading activity. Irrational trading behaviour is very unlikely in such business model. This has been recognised by many traders in the City. In fact, many of the most successful traders are moving into hedge funds whereas investment banks will always remain inefficient in terms of operational risk. It was also suggested that in the future only the worst traders will remain in investment banks. Why have not lessons been learnt? Once we have admitted to ourselves that rogue traders are still a reality and a problem, the logical question that follows is why have the lessons from some of the aforementioned examples not been learnt? Nick Leeson, the rogue trader himself, criticised the financial industry for failing to learn the lessons from his fraud and failing to prevent a new dealing scandal. He said: “I find it exceptionally frightening because I know how basic the checks were that should have been done to catch me. If they haven’t been put in place, I think that is shocking. It is not a great advertisement either for the bank or the banking industry as a whole.” But have the lessons really not been learnt at all? The diversity of answers we received is quite startling. Most top-tier banks and regulators believe that the lessons have been 12/05/10 8
  9. 9. learnt, whereas independent consultants and smaller banks are less optimistic in their judgements. The truth probably lies somewhere in-between. Lessons have been learnt but to a different extent by different institutions Larger top-tier banks claim that the lessons have been learnt. Budgets have been allocated, more sophisticated risk management systems have been implemented and controls have been tightened after the Barings’ collapse. There is, of course, slightly more uncertainty with smaller financial firms. One of our interviewees suggested that a lack of resources has contributed to weaker operational risk controls in the mid and lower tier banks. Specific lessons have been learnt, yet new loopholes appear all the time The specific lessons from Nick Leeson have been learnt. After the Barings collapse, teams of banking and compliance experts released detailed instructions about how to prevent another such rogue trader. The recommendations were acted upon and in the UK, the FSA, Bank of England and clearing banks all collaborated in their attempts to raise the standards of internal controls and compliance. As a result banks are generally better capitalised, which makes them less likely to collapse in case of future rogue trader strikes. Furthermore, most of the UK banks have insured that their front and back office operations are carried out independently from each other. This way traders do not have the full authority of both trading and settlement, which makes it harder to forge trades. Although the specific lessons have been learnt, new loopholes in the system seem to appear all the time. The sophistication of trader frauds increases together with the development of operational risk-management systems. Professor Ray Kinsella, of the Graduate School of Business at University College Dublin explained: “The market is always changing in terms of products, complexity and vulnerability to fraud within, and supervision from outside. The bottom line is internal controls are always playing catch-up.” The result of this “risk cycle” is that the whole mechanism becomes increasingly complex. This, however, helps the rogue traders, who "abuse" the current complexity of trading operations, systems and controls. Risk managers, on the other hand, become the victims, as the increased complexity leads to more loopholes and an upward spiral of surprise events. Having said this, we are by no means trying to excuse those who failed to stop Rusnak. The point we are trying to make is that it is necessary to accept the incomplete nature of any particular risk-management paradigm. Besides, as one of the risk managers commented, we do not live in a perfect world and this kind of thing will always happen. It is embedded in human nature to make mistakes. Sometimes a series of mistakes line up and a serious disaster occurs. Nobody has the power to completely eliminate this kind of possibility but measures can be taken to reduce the ease and hence frequency of such incidents. Therefore, it is more important to concentrate on understanding risk and communicating it. Many of our interviewees believe that this process has already been underway since the Barings collapse. 12/05/10 9
  10. 10. Could the regulators have done more? Most banks of the banks we spoke to do not think that the regulators should be blamed for rogue trader incidents. The truth of the matter is that the regulators cannot stop rogue traders from trying to fool banks’ internal controls. Their function in handling rogue traders is to come in when the incident has already happened, investigate the matter and issue recommendations to avoid the same problems in the future. This has been done with certain success in the past. The only interviewee that claimed regulators could have done more, suggested that they should have introduced minimum risk management standards for every branch independent of its size and volume of trades. This would have prevented AIB from having such diminutive risk controls in their Allfirst branch. This is a valid point, as the issue of insufficient controls in the overseas branches had already been raised in relation to Nick Leeson’s case. However, this new regulation never materialised. More importantly, several banks agreed on the fact that the real responsibility of the regulators is to ensure the integrity of the system. This is why they would be to blame if they overreacted to the AIB rogue trader incident and started to needlessly intervene in the banks’ internal business. The main requirement from the regulators in times like this is to keep the balance right between being proactive and yet not disruptive. The area that does deserve regulators’ attention in the light of the recent events is the high leverage of some first-tier investment banks. For instance, JP Morgan, has $700 billion in assets and only $12 billion in real deposits. If a rogue trader strikes, highly leveraged banks are more vulnerable and may collapse thus destabilising the whole marketplace. This is why it is absolutely essential to reduce the balance sheets of such banks in order to diminish the risk of bankruptcy in case of trading failures. If a large investment bank files for bankruptcy, this can affect the whole financial market. In the past, regulators could mitigate the effect of such bankruptcies by negotiating a merger or a takeover. These days, as a senior operational risk manager suggested, the market is much more business-driven. A bank would not agree to take over an insolvent financial firm unless they are offered a very good deal. Regulators would not be able to significantly influence their decision. Hence, in order to facilitate financial market stability regulators should look at the possibilities of providing the global view of the market and register the most dangerous trades. Financial firms should be able to see prices across all the corporate structure. Traditionally, people concentrate on equity evaluation but it is important to understand that equity is the most inert part of the corporate structure and that the evaluation of debt is just as important, if not more so. What should be done? In the light of the recently re-ignited discussions about why rogue traders still exist, Lepus has come up with a list of key measures that banks should take in order to hinder trading frauds in the future. Make no mistake; this will never stop the fraudster or the determined rogue trader due to the reasons that we outlined in the section above. However, the solutions we suggest can make the objectives of rogue traders very difficult to achieve. In order to identify these measures, we spoke to a wide range of risk managers, front office traders and independent consultants. Having aggregated the results of our inquiries, our suggestions are as follows: 12/05/10 10
  11. 11. 1. Reassign responsibilities All banks should have a clear distribution of responsibilities for a potential trading fraud. This issue has already been addressed by FSA in the UK. It issued a regulation by which all the senior managers should share responsibility for such incidents. There is still a lot of debate around this directive. The motives behind it are quite obvious. Most bankers would agree that their present senior management tend to lack professional knowledge and understanding of the everyday front office activities. The introduction of shared responsibility might encourage senior managers to put more understanding into the operational processes. This will also help them to implement the necessary controls at all levels of the institution. Although most banks assess this directive as generally positive, there are still some concerns associated with it. One of our interviewees explained that this directive can be easily exploited and innocent people may be charged. In extreme circumstances, regulators may take an aggressive stance, “show their teeth” and severely punish managers who are only indirectly involved in the incident. Besides, as another risk manager suggested, he is only responsible for a small segment of the bank’s operations, yet shares responsibility for the overall enterprise. Responsibility should ultimately be shared among all the parties involved, including both supervisors and traders. The proactive attitude towards risk management and fraud control should be driven from the top of the organisation down to the bottom of the hierarchy and all levels of employees should be empowered with the authority to prevent fraud. Clear lines of responsibility and accountability must be established. Senior Management must be the role models for every employee. 2. Improve your basic risk management standards Although the importance of risk management seems to be clear to everyone, this still often remains an unresolved issue in smaller (and commonly overseas) bank branches. Allfirst appears not to have realised that it was taking on proprietary trading risk. This was the case with Barings, whose senior managers believed that their Singapore trading operations were merely “arbitrage” – carefully hedged and virtually risk-free. Such inadequacies of risk management may stem from the fact that it can still be viewed as extra expenditure. Banks are reluctant to overspend on something that does not directly bring in money. However, without well-thought-out and vigorously defended risk management systems, institutions take unnecessary risks and are gambling. Field Marshall Erwin Rommell crystallised "risk" wonderfully when he said: "...a risk is a chance you take; if it fails you can recover. A gamble is a chance taken; if it fails, recovery is impossible". Quite simply, it is vital that any risk management decisions are based on expert information. Management must understand the exposures that their institution faces at all levels and locations, the extent of these exposures and, most importantly, how these exposures are protected. Expert information is the key to successful risk management. In the last five years, most banks have started using VaR as their risk assessment model. Before this, risk managers used to rely on daily limits for every trader. VaR is undoubtedly a more advanced technique as it provides an absolute level of risk. The daily limits model revolves around P&L and is less sophisticated - hence some banks have dropped it entirely and retained only VaR. However, as one of the interviewed risk managers noted, 12/05/10 11
  12. 12. VaR takes 24 to 48 hours to be calculated and consequently does not support intraday controls. Therefore, some risk managers still believe that in order to facilitate total control, both of the risk assessment models should be used. So, while different banks might still disagree about the techniques of risk assessment, they seem to have reached a consensus about the importance of risk management. After the Russian and Asian crises, there has been an increasing trend to view risk management as a revenue enhancement tool. More and more bank managers are now thinking in terms of risk adjusted returns and prepared to spend more money on leading edge risk management systems. 3. Reassess your internal controls Without exception, the most essential measure mentioned by all our interviewees was the tightening of internal controls. Banks should reassess their current supervisory systems and introduce further policies that would help to prevent irregular trading activities. In fact, some banks have already instigated extra reviews of their risk controls since AIB called in the FBI to investigate John Rusnak’s case. Barclays said: “AIB has and should act as a wake up call for the controls and checks we have in place. We’ve reviewed ours and we are satisfied with what we’ve seen”. In order to reassess their internal controls, banks need to ask themselves the following questions: What checks and controls should be in place? First and foremost, it is absolutely essential to ensure that all the controls are carried out with due diligence, thoroughness and independence. If any of these conditions fail, the whole point of having controls disappears. Furthermore, all the controls should be routine, i.e. they should be carried out on a regular basis and without fail. Most banks have already devised their complex systems of controls. These normally involve several parties and encompass a series of procedures. Supervisory Controls All trading supervisors should have separate clearing and operational duties. This has become a categorical requirement since the Barings incident. Nick Leeson succeeded in concealing his fraud because he was involved both in trading and settlement. By separating the back office operations from the front office trading, supervisors have a better chance of spotting the fraud. Trading sheets should be checked and signed-off daily. Checks of trades against confirmations In order to prevent forgery, checks of individual trades against counterparty confirmations are absolutely essential. When a trade is put into the front office system, a new entry automatically appears in the back office system. The back office system generates a confirmation call automatically or sends a request to the trader. After this, the confirmation call is sent to the client. However, problems often arise as clients do not always respond to the confirmation calls. In this case traders should make a verbal contact with clients. If this fails too, risk managers should be notified. They can try to negotiate with clients and if they 12/05/10 12
  13. 13. are still reluctant to confirm trades, risk managers should decide on whether their bank should trade with them at all. Quite unfortunately, some banks do not have this routine check in place, thus having to rely on traders' honesty, which does not work all the time. As one risk manager suggested, in this time of cost control bank managers seem to forget that there are some things you cannot cut corners on. Confirmation checks cannot and should not be circumvented. The easiest way to check whether this routine is in place in a bank is to ask a trader how many unresolved confirmations they currently have and how old the latest confirmation is. Only very few traders would be able to answer these questions. Credit and Trading Limits Controls Credit and trading limits should be issued with diligence and monitored with due attention. It is essential to consistently check whether traders keep within these limits. Quite naturally, traders should not be discouraged to take risks as this is how big profits can be made. However, if traders exceed their limits, this risk becomes unjustifiable and dangerous for the whole organisation. This should be prevented and the traders at fault should be punished. The standard check is the matching of P&L with the credit limits of every individual trader. This can help to expose any forged trades and stop rogue traders before the damage to the bank becomes too serious. Cash flow control Cash should be considered as one of the ultimate safeguards for banks. It is relatively easy for a trader to conceal a loss-making trade on paper by faking the records or forging another position that hedges it. It is much harder to get the cash to pay the counterparty. Therefore, no matter what the paper records or the bank’s trading book say, the bank’s treasury should detect irregular trading activities from the cash outflow and unusual cash requests from traders. This method, however, is not perfectly efficient all the time, as some rogue traders might have a fairly steady level of trading and their cash calls would not necessarily stand out immediately. Yet, sooner or later the rogue trader will be unable to get sufficient cash and give himself or herself away. Anti-Collusion Controls Banks should have internal structures in place that help to avoid collusion. Several measures could be implemented in this area. Traditional "whistleblowers" are one way of handling this problem and the introduction of score-cards for supervisors is another one. Independent supervisors can also be delegated from the Board. In fact, one of our interviewees suggested that the Board should be an independent body in the manner of the Senate with risk management reporting directly to it. This, of course, is a bit of a hyperbole, as the Board normally does and should consist of people who are directly involved in the bank’s day-to-day operations. Hence, we can only speak about the Board’s relative independence. This can be achieved in a number of ways. Firstly, it would be a good idea to have an odd number of members so that there is more chance of a clear decision. Secondly, the Board should comprise a head of every 12/05/10 13
  14. 14. business unit balanced out by a risk representative. Operational, financial, risk and legal sides all have to be represented on the Board. The opposing opinions should counterbalance each other and the independence of arrangements can be achieved. Counterparty Controls Counterparty controls can prove to be very efficient, due to the fact that they are independent and are performed by traders, who have a very good knowledge of the marketplace. Counterparty controls have already become common practice in some investment banks. One of our interviewees recounted an incident that happened to him as early as 1994. He was managing risk for a mortgage company and their normal volume of trades was within $10 -20m range. When the bond market went down, they dramatically increased their trade volumes to $50 -70m. This irregularity was immediately spotted by a Goldman Sach’s trader (the bank which allegedly stopped trading with Rusnak several months before the fraud was revealed), who phoned the mortgage company risk manager and informed him about the unusually large trade. In some cases banks specifically request their counterparties to control their trading activities. Checking cash trades offset with paper gains As has become clear, many rogue traders were offsetting their losses in cash markets with paper gains on other holdings. Hence, banks should be more vigilant to such scenarios and pay special attention to similar cases within their own institutions. How meticulous should the checks be? Even the most general monitoring of individual traders can prove to be fairly effective. As one of the witnesses of the Barings’ collapse commented, it did look suspicious that one trader was making money consistently throughout such a long period of time. It is common knowledge that a trader cannot win all the time and a realistic rating of a good trader is 75% success. So, just by monitoring the irregularities of trading activities, and particularly those that look too good, it is possible to detect fraud. In fact, many bank managers believe that this approach of supervision is very efficient, as it allows them to pass over many complexities and yet still detect potential problems. Detailed checks of balance sheets are just as important and should be undertaken by professional auditors who know the industry well and understand all the intricacies of the particular bank (its operations, organisational structure, etc.) There has been a lot of publicity recently around the poor standards of auditing in this country and this is definitely one area in which the situation might be improved. How often should the checks be carried out? Another issue to be considered is how often checks should be carried out. This should depend on the size and idiosyncrasies of individual financial firms. For second and third- tier banks with smaller volumes of trades, batch-based checks at the close of business might be sufficient. For larger banks intraday checks are probably necessary, as money losses can escalate dramatically within one trading day. The ideal scenario, of course, is constant supervision on a deal by deal basis. 12/05/10 14
  15. 15. In the long-term, a possible solution to preventing rogue traders would be a real-time settlement that allows for more efficient capital lines. If banks could achieve T+O model with pure electronic cash and instant delivery, it would be very transparent who has capital and supervisory functions would be significantly simplified. Who should supervise and carry out checks? Supervisors As was rightly stated by one of our interviewees, the main control is unquestionably staff with long and relevant experience. Supervisors should understand all the peculiarities of the front office operations but unfortunately this is not often the case. This has been pointed out by several interviewees and thus seems to be a particular cause of concern. Similar comments appeared in the press recently. David Liddell said: “Part of the problem for senior management at global banks is they frequently have to control people who have a more detailed knowledge of the trading and control systems.” Banks should address this problem immediately in order to avoid further embarrassments. Banks should have a multi-layered hierarchy of supervisors. Supervisors on the trading desks are normally overseen by a Head of Capital Market Group (or a similar position). Most of them have separate clearing and operational duties. Risk Managers Risk managers should undoubtedly be involved in controls and supervision. Several of our interviewees actually suggested that risk managers should be on the front floor in direct contact with traders. However, the extent of their involvement is a very sensitive issue. Risk managers should not intrude too much into the front office domain, as this would distort their “supporting” function. Traders should be allowed to take risks as long as they are within the prescribed limits. Therefore, the responsibility of risk managers can be more precisely described as “policing” trading, i.e. detecting where the prescribed limits have been flouted and identifying the supervisors who failed to detect these problems on the trading floor. Traders Quite often the back office gets the blame if a rogue trader’s fraud has been overlooked. However, as was suggested by one of the independent consultants, traders should share this responsibility too. According to the current practice, traders do not want to get involved unless there is a possibility of making money. Supervision is very unlikely to bring them any profit. If anything, it can make them unpopular and deprive them of much valued contacts and friendships. Traders do bend the rules occasionally and may be aware of their colleagues doing the same thing. Attracting the attention of supervisors to their colleague’s misconduct is not going to benefit traders. If anything, it can negatively affect them, it might attract unwanted attention towards their own activities. The bottom line is that the ethics of traders are not driven by high morals but by the possibilities for material 12/05/10 15
  16. 16. gains. Hence, some traders would even consider turning a profit out of the rogue trader activities. If there is no such possibility, many would just turn a blind eye to what is happening and save their time and energy for more profitable activities. However, this mentality is somewhat myopic as it only makes sense if short- term gains are prioritised to the detriment of the long-term effects. Even from a purely selfish point of view, if a bank loses a lot of money through fraud, the traders’ bonuses may be cut. Attempting to change the traders’ mentality is a very difficult task. One of the ways of doing so is to introduce the rule of “joint responsibility” and the “score-card approach” which exposes how individual traders participate in reviewing others. This would incentivise traders to become part of the team, rather than isolated individuals judged solely on their performance and the profit they bring to the bank. It is believed that in order to operate efficiently, the back-, middle- and front office should operate as a team. Counterparties Counterparties should recognise their responsibility of external control over their peer traders. The quality of risk management systems can vary from bank to bank and if one bank’s systems fail, other banks can raise the alarm. As it has been publicly announced, Goldman Sachs had refused to trade with John Rusnak several months before the fraud was officially announced. Lepus asked our interviewees to comment on this peculiar detail. The fact that the risk managers from Goldman Sachs managed to detect the problem certainly gives credit to them. How they knew is still to be unveiled. Our interviewees had several guesses, any of which could be potentially true. Rusnak might have put one of his forged trades as Goldman Sachs' and the confirmation bounced. Another possibility is that traders from Goldman Sachs knew that Rusnak was betting against the trend for a long time and started wondering why he was doing this. Counterparty traders can also detect an irregular trading activity if the size of trades of an individual trader rises dramatically - as happened with Nick Leeson. This, however, does not seem to be true in Rusnak’s case, as he did not make larger trades but instead increased the number of trades. This is virtually impossible for counterparties to detect. No matter what it was that indicated to Goldman Sachs that Rusnak was a rogue trader, the real issue here is that if they did consider him dangerous enough to stop trading with him, why did they not inform the rest of the banking community. This, we believe, should become a common practice and all banks should adhere to it. Internal Auditors Internal auditors from the finance group should closely cooperate with risk managers in order to effectively trace inconsistencies that might indicate a trading fraud (also see REAL approach). External Auditors 12/05/10 16
  17. 17. External auditors have repeatedly proven to be the weakest link in the chain of controls. They often fail to carry out comprehensive audits due to the lack of specialised knowledge of individual banks and their operations. Yet, this is no excuse and the "big five" may need to raise the standards of their performance in the investment banking sector. With all fairness, however, we need to admit that in AIB’s case, their external auditors Price Waterhouse Coopers were not to be blamed and the banks officially admitted this fact. What are the supervisory tools? As aforementioned, the best supervisory tool is undoubtedly qualified staff with extensive experience and knowledge of the industry. However, in recent years an increasing number of functions have been delegated to technology. Can supervisory controls be one of them? Many banks are already relying on their systems to spot rogue traders. Some of them have also purchased operational risk management systems that have the capability of measuring operational risk and computing how much capital should be put aside for operational risk purposes. Some more intrusive technology has recently appeared in the market that allows banks to have direct control over their traders. For instance, Autonomy has come up with the solution that can automatically recognise the content of various sources, including e- mails, faxes and even telephone conversations and aggregate all the retrieved information. If used as an anti-rogue trader tool, this technology has the capability of “spying” on traders and spotting their irregular activities. Although potentially quite efficient, this technology raises some ethical issues. Quite justifiably it can be viewed as breach of privacy unacceptable in any institution, including investment banks. Autonomy itself refuses to be drawn on this issue and their representative told Lepus that they are only providing the technology and it is up to banks to choose whether to buy and implement it. As far as Lepus is aware, no banks are currently using Autonomy technology for the purposes of catching rogue traders, yet, nobody knows what future holds. 4. Consider holistic risk management approach As has been suggested earlier, the internal controls of a bank may fail if risk and finance managers do not communicate with each other. A possible solution to this problem is the “REAL” approach, which stands for “Risk Enterprise and Accounting Logic”. It is based on accounting consistent with economic evaluation of business. If the two parties come up with different sums, the discrepancies should be detected and investigated. It is very important to understand that this integration of risk and financial authority should not be bureaucratic in nature. Instead it should be a “power relationship” between financial directors and risk managers, targeted towards eliminating managerial loopholes that allow rogue traders to thrive. 5. Escalate processes Banks need to ensure that all the procedures in the front, middle and back office are managed efficiently. One of the interviewees gave Lepus a very vivid example of how sluggish processes can affect the efficiency of controls. The back office of this 12/05/10 17
  18. 18. interviewee’s bank is supposed to process 12 to 14 contracts a day. However, this is hardly ever the case, as many contracts are slowed down by lawyers. As a result, some of them are five years old. If contracts are not processed efficiently, it is easy to lose track of individual trades and this makes spotting problems virtually impossible. The escalation of processes is even more important when control weaknesses are found or a fraud is detected. Management must act decisively and quickly. Major reputation damage occurs where situations are not found out for a long period of time. Banks should be seen to take action and make any risk management statement clear, practical and public. 6. Reassess your remuneration policies Traditionally, large bonuses have been the main incentive for improving the performance of traders. Indeed, performance-based remuneration is a very strong tool that helps to increase the productivity of traders. However, many frauds have been triggered by this desire to increase bonuses. This is why it is absolutely essential for banks not to pay the whole of the bonus upfront. This way, traders would not be able to walk away with the money, leaving a financial mess behind them. Some banks have already implemented the policy of paying of some of the bonus amount in company shares. This measure could help banks to increase the feeling of ownership and belonging among their employees. Another remuneration problem that banks have traditionally had is the discrepancy of salaries between the front and the back office staff. The reasons for this are quite obvious. Traders bring actual profits to the bank, hence they are generously remunerated. Risk managers secure losses. This is only indirectly reflected in the bank’s balance sheet. This salary gap is believed to be damaging the collaboration between risk managers and traders. The salaries should be made more equal in order to close the gap between the front office and the risk managers. The latter would have a greater incentive and authority to police traders and increase the security of the bank’s operations. 7. Listen to regulators It may seem like a pretty obvious thing to state but banks must not ignore regulators. In the wake of major banking scandals, regulatory bodies around the world have come under criticism - some of it fair and some of it not so fair. The end result however, has been a toughening of attitudes and a determination to deliver a better product. The increased regulatory attention might seem too intrusive and aggressive to some of the banks. However, banks need to attempt to collaborate with regulators, who should not be perceived only as watchdogs but also as associates. 8. Protect yourself against Insolvency In order to protect themselves against rogue traders, banks should not only implement the preventive measures, but also carefully consider a recovery plan. Bank managers should understand that despite the very best controls, audits and procedures, operational failures can and will still happen. Therefore, banks need to have sufficient financial support to offset these losses. Two main practices exist for these purposes. Operational Risk Capital Allocation 12/05/10 18
  19. 19. In its latest version, the New Basel Accord prescribes a capital charge for operational risk. Once the document is finalised and passed, it will be a mandatory requirement that all banks should allocate a certain amount of capital in order to offset losses in case of operational failures. While this document is still provisional, it is probably a good idea for financial firms to already comply with this requirement. Rogue Trader Insurance Insurance is an external source of funds that can protect banks against the financial and reputational damage caused by rogue traders. Unfortunately, banks tend to think about insurance only after a disaster has struck. Shortly after the AIB incident, a listed Lloyd’s of London syndicate SVB - the key player in the “rogue trader” insurance market - said that only about 30 banks had taken out their rogue insurance since it was launched in 1997. However, they received eight inquiries from banks about their policies in the week after the incident. SVB’s policy provides coverage for a loss sustained as a result of trading which has been concealed by the trader or falsely recorded in the institution’s records. The coverage extends to commitments in excess of permitted limits, trading in unauthorised instruments, and trading with unapproved counterparties. Premiums depend on the organisation’s size and track record as well as on which asset classes and locations it trades, and its trading volumes. Policies generally cover the client for over $100 million worth of losses, typically paying out above $10 million. Another market leader in rogue trader insurance is Swiss Re New Markets. Its cover is broader and includes protection against unauthorised trading, employment liability practices, professional indemnity and electronic computer crime. The policies typically pay out after losses of $50 million to $100 million. 9. Consider outsourcing An interesting proposition has come from one of our buy-side interviewees. He suggested that for some investment banks it might be sensible to outsource their trading altogether. This is hardly an unexplored avenue, as some financial institutions have already started outsourcing their trading function. Salomon Brothers, after its merger with Citigroup, “outsourced” its proprietary trading to a hedge fund style operation. This was done in order to avoid the same operational incidents as the firm incurred prior to the merger. Another example is the Bank of China, which has an agreement with a US hedge fund on treasury management outsourcing. If this is good enough for a global bank with $170 billion in assets, this option should be seriously considered. 10. Understand the psychology of your traders This solution is not for everyone, as not all the financial employees believe in the forces of psychology to resolve the problem of rogue traders. However, it is useful to remember that rogue traders are primarily driven by their human weaknesses. Managers should understand the psychological inclinations of a rogue trader and foresee his/her actions. Three main factors should be considered according to Emma Soane, research officer and occupational psychologist at the London Business School. These are dispositions, experiences and the trading environment. 12/05/10 19
  20. 20. Dispositions (i.e. inborn personality traits) help define whether someone is a risk taker or not. In particular, greed and fear are key drivers of behaviour in the competitive and stressful trading world. Greed leads to a focus on big wins. Fear concentrates the mind on averting loss. Each results in problems for the organisation and in potentially big threats to profits. A good example of this theory in practice is that some financial firms, such as HypoVereinsbank, use trading simulators to test the dispositions of their potential employees. By reproducing critical trading environments, banks can check their applicants’ behaviour under pressure. Some job candidates fall into the trap of cheating in order to impress their potential employers. The trading simulator detects all the minor frauds and only the right people get employed. The second factor to be considered by supervisors is traders’ learning experiences, such as big gains and losses. They shape traders’ views of themselves and their abilities. This can lead to misperceptions and superstitious thinking. For instance, traders who do well may consider themselves skilled or lucky. Those who lose money are more vigilant in looking for problems with the market or their colleagues. The trading environment is also important. Management reward systems usually encourage traders to meet targets by taking a controlled amount of risk, cutting loss- making positions and repeating winning strategies. Sometimes behaviour deviates from this pattern. Traders may, for example, set their own agendas and seek or avoid risks accordingly. Managers need to be aware of the goals traders are pursuing and ensure appropriate control systems are in place. Although some trading activities are carried out with clearly criminal intentions, a rogue trader is not always someone with a relentless desire to make money and a criminal mind. Indeed, in the right circumstances and with the right incentives, almost anyone could be a rogue trader. If the problem is to be controlled, managers need to continually monitor traders’ learning, their experiences of losses and gains, patterns of risk-seeking and risk- averse behaviour. Misperceptions and inappropriate actions can then be redirected to ensure the goals of traders and the organisation are aligned. Conclusion To conclude, it is important to restate that no banks should ever become complacent about their internal controls simply because it is impossible to test them against every possible fraud or other operational failure scenario. The best that banks can do is to establish a multi-tiered robust system of controls and hope that they will not all fail simultaneously, which always remains a possibility. Banks should also continuously reassess and improve their risk management systems. If the worst happens to an institution and a major fraud is perpetrated, then its reputation and that of its management can be defended. This can be done if that institution can visibly demonstrate to the outside world that active risk management systems are working within the institution. If it can be shown that the institution has done all that is reasonable to prevent fraud, "prudent man" and "business judgement" rules could be brought to the defence. If it cannot do so, the institution leaves itself at the mercy of regulators, press and counterparty banks that will be quick to attack and criticise it. This report has highlighted the most noteworthy of rogue traders, examined their chronology over the past decade and put forward several ways that may help banks to 12/05/10 20
  21. 21. protect themselves against this type of fraud. If even some of these methods can be adopted across the industry then the hope is that Hollywood may have to look wider for its next "Wall Street drama" script. 12/05/10 21
  22. 22. Lepus Services In addition to the Research Report Lepus has a number of other practice areas. These include: Competitive Market Research We have undertaken a number of projects recently where we have been asked to carry competitive market research. This has typically been where a bank has developed a new strategy/plan in an existing or new business area. The objective tends to be two fold - firstly to see how the banks strategy compares to the market and if different why, and the second to help justify the proposed spend/budget. IT Cost Reduction In today’s markets banks are looking at how they can achieve their goals and at the same time reduce their IT Expenditures. Lepus can help in a number of areas including: Optimisation of the Organisational Structure – central versus distributed Project Reviews – optimisation of the plan and people Optimisation of resources – looking at the usage of permanent vs. contractors vs. near sourcing vs. far sourcing vs. outsourcing vs. consultancy Given the current pressures on banks, this provides a very fast return on any investment made. System Evaluation and Implementation Many banks are having to look at the moment on making big decisions on future generation of systems. It is not simply a case of buy vs. build anymore. Banks are having to look at a number of different options including: Licensing an off the shelf solution Using a component based financial toolkit Implementing an Application Framework which has all the common services Adapting and evolving the present system Building from scratch Lepus has relationships with over 150 major and upcoming software vendors in all the major areas covering front, middle, back office, risk and other corporate systems. Our experience covers all asset classes including Treasury (FX/MMkt), Fixed Income, Credit, Derivatives, Equities (Cash/Exchange/OTC Derivatives) and Commodities. We are able to perform a fast evaluation (within 4 to 6 weeks or less) in a cost effective manner. We are also able to implement these systems quickly and reliably. 12/05/10 22
  23. 23. E-Commerce Development Experience We have a number of experienced development teams (comprising of over 50 experienced development people) who have undertaken a number of projects including:   Internet Based Retail Debt Trading  Internet Based Capital Market Trading System  Arbitrage Engine  Front-end Credit Risk  Equities Exchange (ECN)  Emerging Markets Trading Desk  Risk Exposure System  Real-Time Data Aggregation Wireless Our team has experience in development of applications and infrastructure using I-Mode, GPRS, 3G technologies, as well as Digital TV. Equity Derivatives Our teams have experience in setting these areas up from scratch, handling business expansion, and re-engineering of the system environment, including system evaluation/design and implementation. STP/Overall Architecture We have capabilities in the following areas:  Implementation of full STP Solutions  Redevelopment of banks architecture for OO/Java based STP implementation  General architecture re-engineering using leading edge technologies Windows 2000 Lepus has added new capability in the infrastructure area for the design and implementation of Windows 2000. Our team has recently designed and implemented the first full Windows 2000 installation (in a major Investment Bank) in Europe, and is available to help you as needed whether in design, review, implementation or roll out 12/05/10 23
  24. 24. CRM Our team has extensive experience in optimising business processes to maximise the effect of CRM, as well as system evaluation and implementation E-Commerce Help Desk We have recently completed an extensive study of Help Desks being used to support E- Commerce focused environments. We have the ability to carry out evaluation and implementation of business processes and systems. Credit Derivatives Our teams have experience in setting these areas up from scratch, handling business expansion, and re-engineering of the system environment, including system evaluation/design and implementation. Risk Policy Lepus can provide a full review of current risk policies looking at how the current risk infrastructure compares to current industry practice, and what changes will have to be made with the upcoming BIS proposals. Risk Development Lepus has undertaken a number of selections in this area, and has also got the capability of developing highly parallel real time web based risk systems. One of our particular areas of specialisation is what system changes you will need to make with the upcoming BIS proposals. Operational Risk Lepus can review the Operational Risk policy of your bank, breaking it down into 2 areas – Operations (Production) and Operational (Strategic) Risk. We can look at how to monitor and reduce Operations Risk and the different options available with how to handle Operational Risk. Web Site Development Besides the electronic trading capability mentioned above, Lepus has also undertaken the development of the overall look and feel of banks web sites - the 'marketing' side of the site. ASP Lepus has undertaken the review of a number of business plans including ASP's. We have also set up relationships with a number of key suppliers to offer a complete ASP implementation service. 12/05/10 24
  25. 25. IT Security Lepus has undertaken a number of studies in this area and has undertaken a number of studies in Operations and Operational Risk Further Information For further information, please contact Lepus at: Lepus 5 St John's Lane London EC1M 4BH Phone: 020 7250 4792 Fax: 020 7251 4648 12/05/10 25