Slashdot Mirror
A $251 Million Typo
theodp writes "A Taiwan stock trader is jobless after a typo left her company looking at a paper loss of more than $12 million when what was supposed to have been a small order mistakenly resulted in a $251 million purchase. 'Something like this is difficult to explain to superiors,' a company exec explained."
This is somewhat confusing to me - wouldn't a stock firm have some software (if this is an electronic transaction, which it appears to be) with a CONFIRMATION PAGE or something? Or warnings on massive orders? This just seems like a basic 'good design' feature to me...you can't particularly blame the individual here, it is just her random misfortune to be the one to have made that error - if not her it would have been some other employee.
What is this - dumpest investment bank ever? * They let a trader onto an unsecured system without proper training (unfamiliar with computer system). * The system is ocnfigured/programmed in such a way that there are no max trade orders, no security precautions, nothing at all in place. What is so hard to explain here? I was dump, I did not make sure my trader was property trained and the system we ordered lacked any fundamental security precautions. Poor trader - a dcase of a software/management fuckup and he has to pay.
Looks like a company to never do business with. The article implies that they had a new computer system and didn't train their employees. Uncertainty in the new program caused an incorrect purchase, resulting in their loss. Rather than fix the problem by educating their employee(s), they fire the employee that made a typo.
Sucks that such a costly mistake was made. Next time maybe they should ensure that their employees know what they're doing before putting them live on trades.
I've worked in market data systems for years. I can see how someone unfamiliar could flub an order. Inexperienced staff are typically be put on a rather short leash (ie. system madated spending limits and such). It would be a shame if she were the only person to lose her job over this. There are (or should be) a host of people responsible for making sure this sort of thing doesn't happen. Seems some of them should be sacked as well!
There's also they would need a cover story. If they said they were selling the stock the stock price would drop suddenly. And they'd be screwed. They need to say they are holding and slowly sell it back if they don't want the loss to be really bad.
It is no longer uncommon to be uncommon.
This article exemplifies teh improtance of company culture.
For several years I worked for a US bank with the highest possible bond rating. Though smaller (at the time) than the national banks we all think of today, this bank was well known for its culture of prudence and the quality of our lending.
Why is this important? Because it rolled right over into the IT departments. From suppliers to product purchasing to in house software, everything was done very much "by the book" and we didn't care if we weren't doing things the latest and greatest because we wanted to do things right. And yes, our banking systems had limits on everything so a junior banker could never make a $1,000,000 loan by misplacing a decimal.
It contrasted sharply with my stint in a dot-com where things were fast, furious, and being "by the book" was laughable. Cutting edge might have been cool then, but the bank I worked for is now one of the nations largest, and the dot-com is a dot-bomb.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
Slashdot at its best. Look, if you fuck up so badly that you cause your company millions of dollars in immediate losses and expect the people in charge who enabled you to fuck up (not the ones who actually fucked up, because that's you) to take the responsibility for you instead of you, then you're a fool.
Are there going to be policy changes because of this? Of course, duh (and by the way, the article says that). Should there be recriminations for the people involved who allowed this person to do what was done? Yes, and there almost certainly will be, even if behind the scenes and out of sight. Should the person who screwed up be allowed to continue? Of course not; given the power to make such transactions they failed in a grotesque manner.
Is this person helpless? Is she unable to fend for herself in the world? Is she not responsible for her own actions, positive or negative? She did something, she screwed it up in a major way, and she should suffer the consequences of it. Other heads will roll, but before you chop the heads off of the people who allowed someone to do something massively stupid, you first fire the person who actually did something massively stupid.
I mean, really, this is kind of silly. Do you think that this person was authorized to make penny (well, whatever the Taiwanese equivalent is) stock purchases and accidentally typed six or seven more zeroes? No. Obviously this was someone authorized to make major transactions. She, unfortunately for her, accidentally made a purchase even more major than she had intended. You can blame procedures and software and management all you want, but do you really think that someone authorized to make major transactions shouldn't be really, really careful about it while doing it? And if such a person isn't, are they blameless?
Great - you've just fired the one employee you know will always and forever more, triple check everything she ever does.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
Great - you've just fired the one employee you know will always and forever more, triple check everything she ever does.
Can you be certain that will be true if there's no negative consequence for not doing it?
Hint: No.
I got my Linux laptop at System76.
"Why is she getting fired and not trained?"
She's the scape goat - if she doesn't get fired one of the higher execs will. I work in a large bank and the answer to this problem is business processes. The "head honchos" don't want to get fired for putting place an IT system and a business process that allows a single individual to do this kind of thing by mistake, and so are firing her to save their bacon.
Try NetBSD... safe,straightforward,useful.
Are you sure you wish to continue [OK] [Cancel]
Here's how I would have designed the application:
Are you sure you wish to continue?
[Cancel] [Spend $251,000,000]
Bank web sites suck. All of them. Especially USAA's, if you have the displeasure of using that one.
Tip to would-be bank websites: disable the autocomplete feature on the "Amount of funds to transfer" field. Nothing sucks like a web browser adding an extra 0 to your transfer. For that matter, disable autocomplete on all fields relating to money.
Having just done lots of risk-analysis reviews on multiple banking application, I cannot understand how a company doesn't employ a 4-eyes principle for any transaction above 10 Million, and needs a manager release for above 50 Million.
Eurex is fine, but when the staff using the application is limited, you don't get separation of duties or rotation of duties, and you can still be faced with a setup where 1 user has too much power.
Obivously you shouldn't be an UI designer...
[OK][Cancel] are not good UI elements, you should use descriptive buttons, prefereably verbs.
- These characters were randomly selected.
tell me why firing her saves their asses? If I were the owner I'd fire them regardless..
There are unspoken rules in this kind of thing. In my experience, the only risk of a high ranking exec losing his/her job over this is if there is someone at a similar or higher rank who had it in for them anyway.
How does this work? Someone calls a meeting to explain they've just lost 300 million. In most cases they will all agree that the most important thing to do is to find who seems to be directly responsible and fire them, and once that is done, come up with an "Action Plan" to avoid it happening again. The Action Plan bit is where they fix the real issue, and they will then congratulate themselves on having addressed the issue promptly and efficiently. The only time the question of why "promptly and efficiently" didn't mean before it happened is if the implementation was the work of a single person or small group of people that could also be made into blame carriers. The higher up the ladder those people are, the less likely there's someone higher to point it out, and so often it's the shop floor worker who pushed the light green button and not the dark green one, when in fact the buttons should have been RED and GREEN. This kind of thing happens at all levels of hierarchy, but of becomes more obvious once you reach the levels that can "fire at whim".
If the owners are stockholders, it's even simpler - they won't even care if you can present the bottom line performance in such a way that this doesn't even appear (it's probably a relatively small sum for such a place..) - or better still you can present the action plan to the stockholders in such a way as it will stop this kind of mistake and also make the company more reliable, efficient and therefore competitive and the stockholders won't even care who actually is responsible. SOX404, which has very much a pyramid of responsibilities for many things, including "operational risk control" (of which this is a case) may change this, but we'll have to wait and see. Right now all it's doing is costing companies a great deal of money, and is unfortunately too often being approached in a "cover your ass" manner, rather than as proper risk control.
Try NetBSD... safe,straightforward,useful.
The primary fault lies with the developer who failed to adeqautely validate input. Data validation means more than just making sure you don't have an alpha character in a numeric field; it includes sanity checking to make sure data are within reasonable ranges, and requiring additional confirmation (ranging from "Whoa, dude! That much?" to supervisor approval) when input is outside that.
http://alternatives.rzero.com/
This subject is important. Tens of thousands of employees and investors have lost their entire life savings because of the corporate fraud in the United States. If the corruption isn't stopped, it can happen to you.
Anyone who reads some of the books about the Enron fraud and the WorldCom fraud and the Tyco fraud, will learn that the fraud is accomplished partly by deceptive trading. It is not only the authors of the books who think that Merrill Lynch was involved in deceptive trading; the SEC and FBI think that too, as the links in the grandparent comment, to U.S. government web sites, show.
Look at this quote from the linked article: "Chen Ming-tai, TSE president, said Fubon dealers made the mistake by injecting NT$7.7 billion from one of their international clients [Merrill Lynch] into the market to purchase various stocks issued by 282 companies at the highest prices of the day."
Who selected the 282 companies? If you have read the books about the fraud, it is easy to guess that they were all losing Merrill Lynch investments that the company wanted off its books. That's only a guess, but it is an educated guess, given what has aleady happened. On the other hand, it is not easy to understand some of the deceptions. Sometimes investigators have required months to uncover the sneaky behavior.
Look at this quote from the BBC article linked in the grandparent comment: "A Taiwanese stock brokerage that mistakenly bought $255 [Million U.S. dollars]..." That is more than a quarter of a billion dollars! How is it possible that the financial instruments of 282 companies can be selected by one keystroke error? How is it possible that someone who was "unfamiliar with the company's new computer trading programme" could spend $255,000,000 with a single keystroke error?
A situation has been arranged in which we are not allowed to know the name of the employee who supposedly made the error. My guess is that the employee on whom this is blamed is not aware of any error. That would mean that this could easily be a story invented by his managers.
If you read the books about the frauds, you will read about literally hundreds of deceptive practices such as the one I am suggesting here.
Many people in the U.S. seem to want to be ignorant and stay ignorant about the corruption, as is seen by reading some of the responses to the grandparent comment.