Slashdot Mirror
A $251 Million Typo
theodp writes "A Taiwan stock trader is jobless after a typo left her company looking at a paper loss of more than $12 million when what was supposed to have been a small order mistakenly resulted in a $251 million purchase. 'Something like this is difficult to explain to superiors,' a company exec explained."
This is somewhat confusing to me - wouldn't a stock firm have some software (if this is an electronic transaction, which it appears to be) with a CONFIRMATION PAGE or something? Or warnings on massive orders? This just seems like a basic 'good design' feature to me...you can't particularly blame the individual here, it is just her random misfortune to be the one to have made that error - if not her it would have been some other employee.
What is this - dumpest investment bank ever? * They let a trader onto an unsecured system without proper training (unfamiliar with computer system). * The system is ocnfigured/programmed in such a way that there are no max trade orders, no security precautions, nothing at all in place. What is so hard to explain here? I was dump, I did not make sure my trader was property trained and the system we ordered lacked any fundamental security precautions. Poor trader - a dcase of a software/management fuckup and he has to pay.
Looks like a company to never do business with. The article implies that they had a new computer system and didn't train their employees. Uncertainty in the new program caused an incorrect purchase, resulting in their loss. Rather than fix the problem by educating their employee(s), they fire the employee that made a typo.
Sucks that such a costly mistake was made. Next time maybe they should ensure that their employees know what they're doing before putting them live on trades.
Surely a simple pattern recognition system could have caught the fact that she was making a trade way in excess of her usual limits.
or even...
if (amount > big_number) {
if (confirm("This is really big. Are you sure?")) {
I would have fired her too. I would fire anyone who's not able to use a keyboard, or doesn't check their input twice, especially when they are responsible for huge amounts of money.
Also, it is merely a happy coincidence that they will probably profit from the stock. It could be much worse.
I've worked in market data systems for years. I can see how someone unfamiliar could flub an order. Inexperienced staff are typically be put on a rather short leash (ie. system madated spending limits and such). It would be a shame if she were the only person to lose her job over this. There are (or should be) a host of people responsible for making sure this sort of thing doesn't happen. Seems some of them should be sacked as well!
There's also they would need a cover story. If they said they were selling the stock the stock price would drop suddenly. And they'd be screwed. They need to say they are holding and slowly sell it back if they don't want the loss to be really bad.
It is no longer uncommon to be uncommon.
This article exemplifies teh improtance of company culture.
For several years I worked for a US bank with the highest possible bond rating. Though smaller (at the time) than the national banks we all think of today, this bank was well known for its culture of prudence and the quality of our lending.
Why is this important? Because it rolled right over into the IT departments. From suppliers to product purchasing to in house software, everything was done very much "by the book" and we didn't care if we weren't doing things the latest and greatest because we wanted to do things right. And yes, our banking systems had limits on everything so a junior banker could never make a $1,000,000 loan by misplacing a decimal.
It contrasted sharply with my stint in a dot-com where things were fast, furious, and being "by the book" was laughable. Cutting edge might have been cool then, but the bank I worked for is now one of the nations largest, and the dot-com is a dot-bomb.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
Slashdot at its best. Look, if you fuck up so badly that you cause your company millions of dollars in immediate losses and expect the people in charge who enabled you to fuck up (not the ones who actually fucked up, because that's you) to take the responsibility for you instead of you, then you're a fool.
Are there going to be policy changes because of this? Of course, duh (and by the way, the article says that). Should there be recriminations for the people involved who allowed this person to do what was done? Yes, and there almost certainly will be, even if behind the scenes and out of sight. Should the person who screwed up be allowed to continue? Of course not; given the power to make such transactions they failed in a grotesque manner.
Is this person helpless? Is she unable to fend for herself in the world? Is she not responsible for her own actions, positive or negative? She did something, she screwed it up in a major way, and she should suffer the consequences of it. Other heads will roll, but before you chop the heads off of the people who allowed someone to do something massively stupid, you first fire the person who actually did something massively stupid.
I mean, really, this is kind of silly. Do you think that this person was authorized to make penny (well, whatever the Taiwanese equivalent is) stock purchases and accidentally typed six or seven more zeroes? No. Obviously this was someone authorized to make major transactions. She, unfortunately for her, accidentally made a purchase even more major than she had intended. You can blame procedures and software and management all you want, but do you really think that someone authorized to make major transactions shouldn't be really, really careful about it while doing it? And if such a person isn't, are they blameless?
Great - you've just fired the one employee you know will always and forever more, triple check everything she ever does.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
Say what you want about unions, but as long as we have companies who treat people like this we need to have something to protect them.
(I know this happened in Taiwan, but I'm they would have been sacked in many other countries as well).
Great - you've just fired the one employee you know will always and forever more, triple check everything she ever does.
Can you be certain that will be true if there's no negative consequence for not doing it?
Hint: No.
I got my Linux laptop at System76.
"Why is she getting fired and not trained?"
She's the scape goat - if she doesn't get fired one of the higher execs will. I work in a large bank and the answer to this problem is business processes. The "head honchos" don't want to get fired for putting place an IT system and a business process that allows a single individual to do this kind of thing by mistake, and so are firing her to save their bacon.
Try NetBSD... safe,straightforward,useful.
Eg, You wish to delete 2,432,495 rows of data. To continue, enter the number of rows:.....
Boris.
Are you sure you wish to continue [OK] [Cancel]
Here's how I would have designed the application:
Are you sure you wish to continue?
[Cancel] [Spend $251,000,000]
Bank web sites suck. All of them. Especially USAA's, if you have the displeasure of using that one.
Tip to would-be bank websites: disable the autocomplete feature on the "Amount of funds to transfer" field. Nothing sucks like a web browser adding an extra 0 to your transfer. For that matter, disable autocomplete on all fields relating to money.
Having just done lots of risk-analysis reviews on multiple banking application, I cannot understand how a company doesn't employ a 4-eyes principle for any transaction above 10 Million, and needs a manager release for above 50 Million.
Eurex is fine, but when the staff using the application is limited, you don't get separation of duties or rotation of duties, and you can still be faced with a setup where 1 user has too much power.
I've had this happen to me before in the banking and financial industry as well. They fire you whether or not you actually were "at the helm". Basically, she was the easiest person for them to let go.
What will make you go "huh?" even more is that normally the person that is fired is someone that really doesn't have a part in the problem. I got fired from one job for non-completion of a project that I wasn't even in control of. But, if all the managers are nodding who's to say that I didn't have anything to do with it? They even told me that they would be giving me good references. Another sign that I really had nothing to do with what had happened. Why would you give good references to a person that you fired unless you are hiding something?
I wouldn't be surprised if they are completely lieing about who made the screwup (something else that this industry does) in the first place. This is just the norm in this industry and it really bugs me that we trust these individuals with our money.
- Mind
Obivously you shouldn't be an UI designer...
[OK][Cancel] are not good UI elements, you should use descriptive buttons, prefereably verbs.
- These characters were randomly selected.
Well, her and the replacement that is going to triple check everything he or she ever does in case of being fired over something just like the previous employee...
Who ordered that?
tell me why firing her saves their asses? If I were the owner I'd fire them regardless..
There are unspoken rules in this kind of thing. In my experience, the only risk of a high ranking exec losing his/her job over this is if there is someone at a similar or higher rank who had it in for them anyway.
How does this work? Someone calls a meeting to explain they've just lost 300 million. In most cases they will all agree that the most important thing to do is to find who seems to be directly responsible and fire them, and once that is done, come up with an "Action Plan" to avoid it happening again. The Action Plan bit is where they fix the real issue, and they will then congratulate themselves on having addressed the issue promptly and efficiently. The only time the question of why "promptly and efficiently" didn't mean before it happened is if the implementation was the work of a single person or small group of people that could also be made into blame carriers. The higher up the ladder those people are, the less likely there's someone higher to point it out, and so often it's the shop floor worker who pushed the light green button and not the dark green one, when in fact the buttons should have been RED and GREEN. This kind of thing happens at all levels of hierarchy, but of becomes more obvious once you reach the levels that can "fire at whim".
If the owners are stockholders, it's even simpler - they won't even care if you can present the bottom line performance in such a way that this doesn't even appear (it's probably a relatively small sum for such a place..) - or better still you can present the action plan to the stockholders in such a way as it will stop this kind of mistake and also make the company more reliable, efficient and therefore competitive and the stockholders won't even care who actually is responsible. SOX404, which has very much a pyramid of responsibilities for many things, including "operational risk control" (of which this is a case) may change this, but we'll have to wait and see. Right now all it's doing is costing companies a great deal of money, and is unfortunately too often being approached in a "cover your ass" manner, rather than as proper risk control.
Try NetBSD... safe,straightforward,useful.
The primary fault lies with the developer who failed to adeqautely validate input. Data validation means more than just making sure you don't have an alpha character in a numeric field; it includes sanity checking to make sure data are within reasonable ranges, and requiring additional confirmation (ranging from "Whoa, dude! That much?" to supervisor approval) when input is outside that.
http://alternatives.rzero.com/
Never worked in the financial industry have you? I've seen people fired for much much less than this. Even people who caused $0 in money loss. Just the possibility of money loss is enough to cause someone to get fired. At my company when you make one of those mistakes you start packing your personal things right away because the security guards won't give you any time to do it when they arrive at your desk to escort you out of the building. "We'll mail your personal things to you. Let's go."
You are trying to spend $251,000,000, which is more than your allocated budget.
[Don't spend $251,000,000][Request confirmation from line manager]
Pressing the second button would pop up a dialog on the line manager's computer giving details of the confirmation and requesting confirmation from someone actually authorised to spend this much money. If the line manager was not authorised to spend this much, then they would be given the same options; abort or escalate.
I am TheRaven on Soylent News
There could have been several easy ways they could have made this system secure:
o Have a maximum transaction limit for each person
o Require the person to enter the number twice
o Require the person to enter the amount in words as well as digits (just like in a personal cheque).
What if they had a disgruntled employee who was determined to collapse the company, or had a gambling addiction?
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
This is not Insightful. Sorry. Management takes blame for not having doublechecks in process. Especially with amounts this big.
Everyone makes mistakes. Especially with manual data entry.
The Wall Street Journal has editors that check their journalists info. Why? You can't doublecheck your own writing. You read what you meant to write as opposed to what you did write.
Developers can't be effective beta testers for their own product? Why? They will not see the holes in their own logic.
Management needs to have processes in place that put more than one set of eyes on work like this. Simple as that.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
They sold NT$5 billion of the NT$7.7 billion to another division of themselves. In other words, they didn't sell it, they shuffled paper so they could make a cheery press release.
Contribute to civilization: ari.aynrand.org/donate
Probably this is just a trick by a Merrill Lynch publicist, who found a way to get free publicity. Or, maybe it is a way to distract people from some fraud involving the Taiwanese firm and Merrill Lynch.
Otherwise the story just doesn't make sense. To believe the story, Fubon cuts loss to NT$50 mil. in NT$8 bil. mistake, as it was written, you have to believe that the Taiwan firm hires inexperienced people, gives them little training, and does not review their large trades.
Do you really believe that a low-level employee spent a quarter billion dollars because of a keystroke error? In any case, the people who should know don't believe the story. Shares of "Fubon Securities' parent firm Fubon Financial Holding rose by 0.47%".
According to the U.S. government's SEC department, corruption of the media is not the only corruption from Merrill Lynch: SEC Charges Merrill Lynch, Four Merrill Lynch Executives with Aiding and Abetting Enron Accounting Fraud.
The U.S. government's Justice Department says, Three Top Former Merrill Lynch Executives Charged With Conspiracy, Obstruction Of Justice, Perjury In Enron Investigation.
There is general agreement that there has been no serious change in the U.S. government and big corporations like Merrill Lynch and Citibank. Apparently the only change is that they will be more careful in the future when they engage in deceptive practices. For an example of what has been written about this, see Iraq Could Produce Another Enron, by Nomi Prins. Ms. Prins wrote an excellent book about corporate and government corruption in the U.S., Other People's Money. At Powell's: Other People's Money.
Apparently most of what is written about the financial markets is fradulent in some way. Generally it fits into the category of "What we want you to think so that we can make more money". Employees and investors in the U.S. have lost billions of dollars due to fraud in the last few years.
The corruption is extremely widespread. Here are short reviews of 35 books and 3 movies about conflict of interest in the U.S. government: Unprecedented Corruption: A guide to conflict of interest in the U.S. government. (To those who think there is little or no corruption: If you can't give any example of a book or article you have read that supports your view, please consider not commenting this time.)
This subject is important. Tens of thousands of employees and investors have lost their entire life savings because of the corporate fraud in the United States. If the corruption isn't stopped, it can happen to you.
Anyone who reads some of the books about the Enron fraud and the WorldCom fraud and the Tyco fraud, will learn that the fraud is accomplished partly by deceptive trading. It is not only the authors of the books who think that Merrill Lynch was involved in deceptive trading; the SEC and FBI think that too, as the links in the grandparent comment, to U.S. government web sites, show.
Look at this quote from the linked article: "Chen Ming-tai, TSE president, said Fubon dealers made the mistake by injecting NT$7.7 billion from one of their international clients [Merrill Lynch] into the market to purchase various stocks issued by 282 companies at the highest prices of the day."
Who selected the 282 companies? If you have read the books about the fraud, it is easy to guess that they were all losing Merrill Lynch investments that the company wanted off its books. That's only a guess, but it is an educated guess, given what has aleady happened. On the other hand, it is not easy to understand some of the deceptions. Sometimes investigators have required months to uncover the sneaky behavior.
Look at this quote from the BBC article linked in the grandparent comment: "A Taiwanese stock brokerage that mistakenly bought $255 [Million U.S. dollars]..." That is more than a quarter of a billion dollars! How is it possible that the financial instruments of 282 companies can be selected by one keystroke error? How is it possible that someone who was "unfamiliar with the company's new computer trading programme" could spend $255,000,000 with a single keystroke error?
A situation has been arranged in which we are not allowed to know the name of the employee who supposedly made the error. My guess is that the employee on whom this is blamed is not aware of any error. That would mean that this could easily be a story invented by his managers.
If you read the books about the frauds, you will read about literally hundreds of deceptive practices such as the one I am suggesting here.
Many people in the U.S. seem to want to be ignorant and stay ignorant about the corruption, as is seen by reading some of the responses to the grandparent comment.
There's an old saying - "If it sounds too good to be true then it probably is". People should stop looking to the government to bail them out when their greed gets excessive. If you invested in Enron and got burned, I feel bad for you, but I don't really think that it's a federal matter. We have 100 years of market data that suggests that anything over an 11% return is risky. So just because your broker or the company CEO tells you that they're going to make you millions of dollars, you have to turn on the common sense filter to see if it's right. This is why I didn't buy Netscape or Enron, and have no plans to buy Google. I'm thrilled with an 8% return on a stable issue rather than a 100% return on an unstable one.
Don't get me wrong - I don't think that we shouldn't indict people who cheat the system. I'm just saying that a con artist is only as good as those people who are willing to trust them. Anyone who has been swindled has to accept the fact that they were a willing participant in the scheme. Once you're willing to admit that you were wrong, then you'll look at future "opportunities" with much more discretion.
If you don't want crime to pay, let the government run it.