How To Lose $7.2B With Just a Few Basic Skills

Cityslacker recommends a Register piece speculating on how a lowly trader at the French bank SocGen was able to lose billions using only Excel VB. The author freely admits that his story is not based on hard sources, but his experience in the banking industry lends plausibility.

Insider knowledge

[Dan+East]

He pulled this off using insider knowledge. He worked previously in the back office, which oversaw all trading. The bank then moved him into trading, which according to statements I've read from other bankers, was practically a violation of policy.

Since he knew the flow of information through all parts of the bank, he was able to cover his tracks and employ creative accounting. He knew what types of accounts and trades would not raise flags, so he would flow money though those routes.

This type of security risk can exist in practically any business. If you're a developer or IT person, and suddenly find yourself working within the infrastructure you design and maintain, then guess what? You can most likely bend the system around some rules. The same type of rule applies for relatives and spouses. Most businesses will not let an employer be managed or supervised by a relative or spouse for the same reason. They can cover each other's tracks, and have more complete knowledge of the system.

Dan East

what he did/how he did it

[mbaGeek]

What he did
Basically the guy was "gambling" on stocks and losing - then making bigger bets trying to catch up. He claimed that he was simply trying to get a big bonus and didn't have any malicious intent.

how he did it
He went largely "unsupervised" because he was considered unimportant (and hadn't taken a vacation in a long time - so he covered his own tracks until the whole thing collapsed).

Most financial institutions require mandatory "vacations" so they can check up on people (this guy would have been caught much sooner if someone else had a chance to look at his "trading desk")

the funny part
what I love is that they haven't fired him yet, he has been told to not come to work and they aren't paying him, but France's labor laws require a "sit down" before they kick him out the door.

In the short term he is being looked at as a "Robin Hood" type figure by some people (who think he just ripped off the greedy bankers, not that he committed fraud and stole) - so mark this up as an unintended consequence of ridiculously strong labor unions

SocGen Credit Briefing

I don't post much on Slashdot (ever), but I read the site a lot. I work in the financial industry and got some feedback from senior Risk Management ppl at SocGen regarding this little fiasco.

This is what they said happened:

As is now well-publicized, JK was able to use his knowledge of SocGen's back office procedures and controls to subvert them. Somehow (SocGen still seems unsure how) he obtained the access passwords of 3 or 4 other middle/back office individuals; but not only that, because these are changed regularly, he obviously managed to keep "updated" with the changes; (*my theory is that he figured out that people use easy to remember passwords like MonthYear and change it every month).

JK was able to hide what would have been massive swings (because of the size of real gross positions he was taking, primarily on Eurex) in his P&L from SocGen's P&L and Risk Management systems;

An alternating pattern of 5 basic types of transactions was used. (I believe these were described in a press release last weekend);

One thing that JK was apparently doing (which gave us an instant "flashback" to Barings and the infamous 88888 account!), was that JK would fail to put the required broker reference on at least some of his transactions, which would cause them to go into an error or suspense account for subsequent reconciliation (i.e., not as part of the overnight routine), allowing JK the opportunity (presumably) to reverse out or cancel the trade before it was spotted and questioned;

JK was hiding a few fictitious transactions in the midst of a slew of real ones. When some of these were picked up by controllers, he was able to find excuses to allay suspicion- e.g., by saying that the size of transaction entered must be an error and he would rectify it

He would cancel forward starting transactions before SocGen's system generated the relevant Confirm; [If I understood JPM correctly, SocGen has stopped the practice of deferring sending these out];

SocGen has combed its books and it believes that it has found all the fictitious transactions; and does not believe there was anyone else acting with JK. JPM stated that the bank was "99% certain" that it knows the full extent of its losses;

There were clear weaknesses in trader management. The Delta One Desk was supposed to have small risk sensitivities and hence a modest net daily P&L movement. JK's superior "reconciled" the daily P&L on a net basis, but never appears to have looked at the gross positions- the clear inference from JPM was that, if he/she had the fact that something didn't add would/should have been spotted;

With regards to margin calls, most of these would have related to positions on Eurex. For administrative convenience, SocGen received a single consolidated account for the whole bank- i.e., no granularity. Given how big a player SocGen is on Eurex, this made it easy to miss individual movements {Altho' this begs the question about control over actual movement of cash/margin];

As JPM pointedly said, SocGen's Market Risk Management never failed, but its Operating Risk Management certainly did;

Boston Consulting Group is now helping SocGen with making changes to its controls and the bank has a number of immediate and short term fixes underway- including reviewing the use of biometric identity checks for at least key controls; looking at gross and not just net positions in reconciling daily P reconciling positions between internal counterparts daily (not monthly as before); tougher and more granular controls on deposit and margin calls and reporting; better enforcement of the holiday policy (e.g., JK was able to find an excuse not to take holiday last November);

As is public knowledge, when JK was found out, SocGen discovered that it had open positions on Eurex (EUR 30BN); DAX (18BN); and FTSE (EUR 2BN), aggregating EUR 50BN. JPM was adamant that SocGen had no choice but to close out those positions, while trying to avoid moving the market. In mitigation of the