How To Lose $7.2B With Just a Few Basic Skills

Cityslacker recommends a Register piece speculating on how a lowly trader at the French bank SocGen was able to lose billions using only Excel VB. The author freely admits that his story is not based on hard sources, but his experience in the banking industry lends plausibility.

Stupid?

[scrotch]

I may be stupid, but I read the entire article and still don't know what the guy is accused of doing. He traded stocks without permission? Can anyone clue me in?

Re:Stupid?

The guy invested huge amounts of money (if I am correct - around 50bn EUR), which is much more money than what he is normally allowed to invest. Actually, he did hide those investments from the bank's internal controls.

The 5bn EUR losses came after the bank discovered the fraud and sold his positions.

Re:Stupid?

[Jellybob]

It was his fault because whenever he bought some stocks, he was meant to buy the opposite as well. So if he bought 500 MSFT shares, he should also have bought 500 APPL shares to balance them, on the grounds that if one of them goes down, the other will probably go up. He instead went and bought 1000 MSFT shares, and promptly lost all the money.

Yes, he should have been properly supervised and never allowed to do so in the first place, but in the end it was his responsibility to do his job, not somebody elses.

Re:Stupid?

[Yvanhoe]

Quick summary : He was a trader at one of the biggest French bank, manipulating millions owned by the bank using the usual scheme : buy low, sell high. Except, he managed to fool controls to manipulate more money than he was allowed by several orders of magnitude, allowing him to have a very good overall performance. His objective was _apparently_ only to get higher raises, not to steal that money. So he traded billions in order to make millions of profits. He has been doing this for several months. A few weeks ago, bank officials discover his hidden account with ~50 billions worth of unauthorized stocks on it. They panicked, they sold this as discreetly as possible in a few days at loss (~ 5 billions of loss ), possibly causing a worldwide fall of stock exchanges. The trader admitted that he did something he was not authorized but called the selling a bad decision made in a hurry.

Of course there are many speculation about all that he could have done by bypassing usual controls.

Re:Stupid?

[The_Chicken_205]

What happened was that he was only "authorised" to make "safe" purchases - buy stuff that was undervalued, buy low and sell at normal price.
What he actually did was buy at normal price, and hope that the price would go up.
What then happened was that he bought at normal price, but the price went down.

To compound the issue, he was playing with more money than he was allowed to. e.g. He was allowed to play with [currency of your choice]100,000, but he was actually playing with [currency]10,000,000.

TFA suggests that he had been promoted out of the "lowly lowly trader" position, but was still playing with those accounts (that he shouldn't have had access to).

The IT angle was that he was using "creative" processes within Excel to hide this - devs hardcoding admin passwords into the spreadsheets.

Re:Stupid?

[Orne]

My understanding, in addition to the information above, was that he was a junior trader (newb), and because of that had an artificial limit on his portfolio, which he then circumvented that limit by obfuscating his trades into hidden accounts.

He would then use any profit from the hidden account to make his "official" portfolio look like it was performing well, and he would get bonuses from his employer. However, since Dec 07, the markets have been in a down slide, and the value of the hidden account went negative (more money went in than the value of the shares).

When the losses ware discovered by an auditor (Wed Jan 16), I had read it was valued at a US$1.5-2 billion loss. However, in the haste to clear the loss, the bank began selling (Fri Jan 18) the stocks in very large blocks as they discovered them. This induced a "herd-effect" in the market, where traders looked at X and said, "If Big Bank is selling such big blocks of X, they must know something I don't, so I'll sell too". Suddenly, everyone was selling everything, and the markets slid hard. However, the original bank was still unwinding the hidden accounts over the weekend, and by then time they were ready to sell the last batch, the value of the shares had dropped even lower. Rinse and repeat, and you have the reported $7 billion loss.

This is why the trader scorned the bank for unwinding it so fast, which induced a much greater loss than the original value. The Register author was trying to offer an uneducated guess as to how the trader was able to obfuscate such losses.

-- Scott

they admit currency trading is gambling

[davidwr]

From the "training material" link:

Currency market is sometimes almost unpredictable. You will lose some money, many times. What counts is that in long run you win more money than you lose. [emphasis added] .

In other words, it's like poker in Vegas:
If you are good you can win. If you aren't you will lose. Either way, the house/broker always wins and it's a net loss for the players.

Insider knowledge

[Dan+East]

He pulled this off using insider knowledge. He worked previously in the back office, which oversaw all trading. The bank then moved him into trading, which according to statements I've read from other bankers, was practically a violation of policy.

Since he knew the flow of information through all parts of the bank, he was able to cover his tracks and employ creative accounting. He knew what types of accounts and trades would not raise flags, so he would flow money though those routes.

This type of security risk can exist in practically any business. If you're a developer or IT person, and suddenly find yourself working within the infrastructure you design and maintain, then guess what? You can most likely bend the system around some rules. The same type of rule applies for relatives and spouses. Most businesses will not let an employer be managed or supervised by a relative or spouse for the same reason. They can cover each other's tracks, and have more complete knowledge of the system.

Dan East

Re:Insider knowledge

[dan+the+person]

he wasn't using 'insider knowledge' i.e. information about a company that has not been made public, to trade in that companies shares.

He was using inside knowledge of his employers trader monitoring procedures, to trade with his employers capital beyond his allowed limits.

Re:Reliable?

[sam_paris]

Don't mistake the register's humorous undertones and brash site design to mean that site is unreliable. I personally know a couple of the journalists they are highly professional and yes, they tend to skew things to make them more humorous (which I like) but they don't bullshit or flat out lie.
 
I think some people get the impression they are the online equivalent of National Enquirer but it's simply untrue.

Now excuse me, the BOFH is screaming for my blood..

One thing rings true!

[Chrisq]

In a place (bank) I worked a branch had a new trainee employee start and forgot to notify the IT department. When they phoned up and let us know we said we would do it as soon as possible. The answer we got was "That's OK, the branch manager has let him use his password for now".

While this really was a clueless trainee someone with the manager's password could authorise over-limit cash withdrawals, reverse transactions, see all sorts of files and make queries on customers that ordinary staff cannot do.

Re:One thing rings true!

[afidel]

Yeah when people say things like that to me it's an immediate logoff and new password required along with an email to our it security team and their manager. If it's the second time it's usually cc'd to their departments director/senior vp. Not sharing passwords is covered in new employee orientation as well as the annual IT policy update that everyone has to sign, and it's been like that at ever midsized or larger company I've ever worked at. Where do these people get the idea that sharing their password is ok?!?

what he did/how he did it

[mbaGeek]

What he did
Basically the guy was "gambling" on stocks and losing - then making bigger bets trying to catch up. He claimed that he was simply trying to get a big bonus and didn't have any malicious intent.

how he did it
He went largely "unsupervised" because he was considered unimportant (and hadn't taken a vacation in a long time - so he covered his own tracks until the whole thing collapsed).

Most financial institutions require mandatory "vacations" so they can check up on people (this guy would have been caught much sooner if someone else had a chance to look at his "trading desk")

the funny part
what I love is that they haven't fired him yet, he has been told to not come to work and they aren't paying him, but France's labor laws require a "sit down" before they kick him out the door.

In the short term he is being looked at as a "Robin Hood" type figure by some people (who think he just ripped off the greedy bankers, not that he committed fraud and stole) - so mark this up as an unintended consequence of ridiculously strong labor unions

a common preception

[RingDev]

I worked a contract gig a few years back for a non-consumer bank. Their average transactions were on the order of tens of thousands to millions of dollars. The IT director was a lady who loathed Microsoft. Not that she ever really explained her hatred of MS, but she stuck to it. As a result, they were using Netware 3.0 for all of their networking needs. Now, that in and of itself isn't a major problem, Netware was a solid system in it's time. The problem though was that while I was working that contract the latest version of Netware had just been released, v6.0. Yup, they were using a 10 year old networking system. Not only that, but it was version 3.0, not the fully patched 3.3. The IT direct railed against MS for their security shortcomings while touting a network that was so archaic that her only security was the obscurity of her software.

-Rick

Re:Seriously?

As someone who spent a long year at an unnamed investment bank:

1) they didn't bother using shadow password files (this was around 2000-2001)
2) they did everything with Excel and VBA - my line manager had a box dedicated to running VBA macros on spreadsheets to calculate tons of Equity Derivatives data throughout the day
3) nobody cared that much about telling each other their passwords

This was 8 years ago so they may be using Java for everything now - that was the way things were slowly, slowly heading when I left. But I do think VBA is overused and abused in finance more than some other sectors.

Those Silly Frogs

[fm6]

so mark this up as an unintended consequence of ridiculously strong labor unions

I'm not current on the French labor scene, but somehow I doubt that there's a union for financial analysts. The strong labor unions in France are more of an effect than a cause: French society is suffused with an us-versus-them mentality that makes Rush Limbaugh look like a Quaker.

Then again, Americans have their share of anti-business, pro-Robin Hood prejudice. One reason everything we do is so bound up in liability concerns ("Do not iron clothes while wearing them!") is that American juries love to sock it to defendants with deep pockets. That attitude is also reflected in a lot of pop culture.

It's true that French labor-laws are a little too worker-friendly. (Just as, IMHO, U.S. labor laws are a little too employer-friendly.) But I have to point out that in this particular case the rules aren't that different. In the U.S., an employer can't just walk into an employee's office and tell them "You're fired" without jumping through a few hoops first. Failure to counsel the employee on what they're doing wrong can have various consequences, ranging from a termination-for-cause being converted to a layoff (meaning the employer has to cover unemployment benefits, something they can avoid with a little effort), to getting sued on a civil rights violation, to a hefty fine. And yes, that's even happened when somebody's accused of costing their employer big bucks, either through malfeasance or incompetence. Especially then, because then you have the libel laws and the "innocent until proven guilty" principle come into play.

In this respect, the French are actually a lot less RH-friendly than we are, since suing people is a lot less profitable there.

Re:Seriously?

[HangingChad]

Nothing what he said sounds even remotely improbable.

And it's not limited to the financial service sector. I worked at one mid-cap company using Excel linked spreadsheets to do all their quarterly numbers. A massive, bloated pile of VBA that would lumber through the reporting cycle every quarter. It was backed up by the auditors so it couldn't have been too far off. That was before SOX, not sure that audit trail would pass today.

I'm never surprised about what I find being done in Access or linked spreadsheets anymore.

Re:Seriously?

[ILuvRamen]

how can you read it? This is one of the most poorly written articles ever. The guy can't even form a sentence properly. I'm through the whole first page and I'm not even sure what this article is about. Some guy was trading a bought the wrong stocks and then something about programming?

SocGen Credit Briefing

I don't post much on Slashdot (ever), but I read the site a lot. I work in the financial industry and got some feedback from senior Risk Management ppl at SocGen regarding this little fiasco.

This is what they said happened:

As is now well-publicized, JK was able to use his knowledge of SocGen's back office procedures and controls to subvert them. Somehow (SocGen still seems unsure how) he obtained the access passwords of 3 or 4 other middle/back office individuals; but not only that, because these are changed regularly, he obviously managed to keep "updated" with the changes; (*my theory is that he figured out that people use easy to remember passwords like MonthYear and change it every month).

JK was able to hide what would have been massive swings (because of the size of real gross positions he was taking, primarily on Eurex) in his P&L from SocGen's P&L and Risk Management systems;

An alternating pattern of 5 basic types of transactions was used. (I believe these were described in a press release last weekend);

One thing that JK was apparently doing (which gave us an instant "flashback" to Barings and the infamous 88888 account!), was that JK would fail to put the required broker reference on at least some of his transactions, which would cause them to go into an error or suspense account for subsequent reconciliation (i.e., not as part of the overnight routine), allowing JK the opportunity (presumably) to reverse out or cancel the trade before it was spotted and questioned;

JK was hiding a few fictitious transactions in the midst of a slew of real ones. When some of these were picked up by controllers, he was able to find excuses to allay suspicion- e.g., by saying that the size of transaction entered must be an error and he would rectify it

He would cancel forward starting transactions before SocGen's system generated the relevant Confirm; [If I understood JPM correctly, SocGen has stopped the practice of deferring sending these out];

SocGen has combed its books and it believes that it has found all the fictitious transactions; and does not believe there was anyone else acting with JK. JPM stated that the bank was "99% certain" that it knows the full extent of its losses;

There were clear weaknesses in trader management. The Delta One Desk was supposed to have small risk sensitivities and hence a modest net daily P&L movement. JK's superior "reconciled" the daily P&L on a net basis, but never appears to have looked at the gross positions- the clear inference from JPM was that, if he/she had the fact that something didn't add would/should have been spotted;

With regards to margin calls, most of these would have related to positions on Eurex. For administrative convenience, SocGen received a single consolidated account for the whole bank- i.e., no granularity. Given how big a player SocGen is on Eurex, this made it easy to miss individual movements {Altho' this begs the question about control over actual movement of cash/margin];

As JPM pointedly said, SocGen's Market Risk Management never failed, but its Operating Risk Management certainly did;

Boston Consulting Group is now helping SocGen with making changes to its controls and the bank has a number of immediate and short term fixes underway- including reviewing the use of biometric identity checks for at least key controls; looking at gross and not just net positions in reconciling daily P reconciling positions between internal counterparts daily (not monthly as before); tougher and more granular controls on deposit and margin calls and reporting; better enforcement of the holiday policy (e.g., JK was able to find an excuse not to take holiday last November);

As is public knowledge, when JK was found out, SocGen discovered that it had open positions on Eurex (EUR 30BN); DAX (18BN); and FTSE (EUR 2BN), aggregating EUR 50BN. JPM was adamant that SocGen had no choice but to close out those positions, while trying to avoid moving the market. In mitigation of the

Re:SocGen Credit Briefing

I'm not very sure of the details, but I'll five it a shot.

1) As far as the forwards go, I believe these were fictitious, used to hide his original trades. He needed to roll them before expiry so they wouldn't go on the books. So in essence, he entered into another fake forward contract to hide both his original trade and the previous forward.

2)I believe they did notice right away. He only started going south in the last few weeks of the trading activity. He was up A LOT during 2007, an his positions went bad along with the markets in '08. So when he started losing real money, people started catching on. His exposure was huge, but he was up most of the time. If he only unwound his positions in 2007, he could have possibly MADE the bank billions. Pretty crazy.

Re:Beyond trusting sources, don't trust the author

All right, but apart from the sanitation, the medicine, education, wine, public order, irrigation, roads, a fresh water system, and public health, what have the Romans ever done for us?

Re:Beyond trusting sources, don't trust the author

[dada21]

So where are you getting your figures for inflation from? I really would like an answer, this is not a rhetorical question. How do your generate your figures for inflation, and what makes your figures better than the CPI?

I run a private microsite where about 8 dozen people for the past year have been helping me keep track of money inflation's attack on prices. The site may never go public, but it might. We were originally hoping to create a database site where registered users can submit prices of things they've bought (including sales taxes), and then allowing people to enter what they normally buy to see how prices have changed.

6 months into the deal, we noticed a problem: cereal prices had not gone up as they should have. After poking around various grocery stores, a store manager let me in on WHY prices didn't go up -- some cereal boxes were getting smaller. Instead of 32 oz for $2.99, the boxes were 28.9 ounces for $2.99. Oops. We missed that. So now we're plotting prices based on the standard box size, PER unit of measurement. Of course a 64oz box of Cheerios will be cheaper per ounce than the 32oz size, but if we call "32oz Box" standard, and it becomes "28.9oz Box" eventually, we call that standard, and continue to price it based on ounces per dollar.

It's VERY confusing, because it's only a few of us who are working together to get prices together. Yet just based on my own measurements, based on nearly 8 years of entering receipts into Quicken (now we scan the receipts in), my yearly dollar loss is equal to nearly 17%. That's right, over 8 years, my dollar has lost on average 17% of value based on what I use daily. I include gasoline, insurance, highway tolls, utilities (water, electricity, gas, garbage), landscaping, etc.

About a year ago I started actively hoarding money rather than spending it, saving it in the bank, or investing it. I am much happier for it. Of course, I hoard in a basket of currencies (USD, EUR, YEN, gold), but it has kept up better with price increases here in the States, yet still lost some value over that time. Thankfully, my gold has generally kept value, although in the past year it has appreciated more than what I would call inflationary price pressures.

Some day, maybe soon, I'll register a site dedicated to letting people enter prices of items and services they use, and make it public.

I believe there is a site called ShadowStats that has SOME inflation figures that are more realistic, but I haven't really spent time there.

Re:Seriously?

[DCFC]

I wrote this piece and I was at pains to say that I was joining the dots to work out how it might have come about.
It's based upon many years in big banks, and the kind and anonymous help of people who are trading big numbers in derivatives every day, as well as IT people in banks.

Inevitably unfolding events will show that I joined some wrong dots, and missed some.

Indeed, my focus has drifted away from Excel a little and towards SunGard. Although not the most distinguished of investigative journalists (I'm really a headhunter these days), I smell something bad there.
At first I thought that their involvement was peripheral, since if M.Kerviel had the right passwords, their system could not be blamed for any misreporting of the state of SocGen's position.

However their PR people are certainly giving me cause to question an assumption that I now suspect betrays me.