Slashdot Mirror
How To Lose $7.2B With Just a Few Basic Skills
Cityslacker recommends a Register piece speculating on how a lowly trader at the French bank SocGen was able to lose billions using only Excel VB. The author freely admits that his story is not based on hard sources, but his experience in the banking industry lends plausibility.
The solution is clearly to blame microsoft for it.
As someone who has spent too many years in financial services... while some traders are famous for thier bubble-gum and duct-tape approaches to things, this article is this biggest pile of BS I've ever read.
Give me $7.2B and I'll conveniently "lose" it for you. And I have no skills!
This guy's the limit!
I may be stupid, but I read the entire article and still don't know what the guy is accused of doing. He traded stocks without permission? Can anyone clue me in?
Buy high, sell low!
In other words, it's like poker in Vegas:
If you are good you can win. If you aren't you will lose. Either way, the house/broker always wins and it's a net loss for the players.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
10 STEAL Money
20 GOTO 10
If you haven't made a developer cry, you've wasted a day.
He pulled this off using insider knowledge. He worked previously in the back office, which oversaw all trading. The bank then moved him into trading, which according to statements I've read from other bankers, was practically a violation of policy.
Since he knew the flow of information through all parts of the bank, he was able to cover his tracks and employ creative accounting. He knew what types of accounts and trades would not raise flags, so he would flow money though those routes.
This type of security risk can exist in practically any business. If you're a developer or IT person, and suddenly find yourself working within the infrastructure you design and maintain, then guess what? You can most likely bend the system around some rules. The same type of rule applies for relatives and spouses. Most businesses will not let an employer be managed or supervised by a relative or spouse for the same reason. They can cover each other's tracks, and have more complete knowledge of the system.
Dan East
Better known as 318230.
Don't mistake the register's humorous undertones and brash site design to mean that site is unreliable. I personally know a couple of the journalists they are highly professional and yes, they tend to skew things to make them more humorous (which I like) but they don't bullshit or flat out lie.
I think some people get the impression they are the online equivalent of National Enquirer but it's simply untrue.
Now excuse me, the BOFH is screaming for my blood..
In a place (bank) I worked a branch had a new trainee employee start and forgot to notify the IT department. When they phoned up and let us know we said we would do it as soon as possible. The answer we got was "That's OK, the branch manager has let him use his password for now".
While this really was a clueless trainee someone with the manager's password could authorise over-limit cash withdrawals, reverse transactions, see all sorts of files and make queries on customers that ordinary staff cannot do.
D'oh! Reading the wrong damned thread! We need an article about multitasking making you stupid.
Moderation Total: -1 Troll, +3 Goat
This - very entertaining book - explains the process better. The characterisation of traders who blow up is particularly damning.
Curiously, Nick Leeson (the man who sank Barings Bank) supplied a soundbite saying how he didn't believe that the losses in this instance could have reached such a size. And that's the problem: he hasn't learned anything from his experience.
The difference between "trader" and "rogue trader" is simply one of the amount of luck the lucky idiot has.
What he did
Basically the guy was "gambling" on stocks and losing - then making bigger bets trying to catch up. He claimed that he was simply trying to get a big bonus and didn't have any malicious intent.
how he did it
He went largely "unsupervised" because he was considered unimportant (and hadn't taken a vacation in a long time - so he covered his own tracks until the whole thing collapsed).
Most financial institutions require mandatory "vacations" so they can check up on people (this guy would have been caught much sooner if someone else had a chance to look at his "trading desk")
the funny part
what I love is that they haven't fired him yet, he has been told to not come to work and they aren't paying him, but France's labor laws require a "sit down" before they kick him out the door.
In the short term he is being looked at as a "Robin Hood" type figure by some people (who think he just ripped off the greedy bankers, not that he committed fraud and stole) - so mark this up as an unintended consequence of ridiculously strong labor unions
It ain't what they call you. It's what you answer to. http://mylyceum.us/
So now Slashdot is carrying articles that are mere speculation. I realize that "serious programmers" love to trash VB everywhere, but can't we at least have facts on our side first?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
"The author freely admits that his story is not based on hard sources, but his experience in the banking industry lends plausibility." Read: "This guy has no proof, evidence, or accounts of what happened, but this sounds good, so lets blame MS" I'm on board with that. This is /.!
I worked a contract gig a few years back for a non-consumer bank. Their average transactions were on the order of tens of thousands to millions of dollars. The IT director was a lady who loathed Microsoft. Not that she ever really explained her hatred of MS, but she stuck to it. As a result, they were using Netware 3.0 for all of their networking needs. Now, that in and of itself isn't a major problem, Netware was a solid system in it's time. The problem though was that while I was working that contract the latest version of Netware had just been released, v6.0. Yup, they were using a 10 year old networking system. Not only that, but it was version 3.0, not the fully patched 3.3. The IT direct railed against MS for their security shortcomings while touting a network that was so archaic that her only security was the obscurity of her software.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
is that anybody with some VBA knowledge will sooner or later get access to other peoples Excel sheets in order to fix problems. This is just a form of social engineering. Once you sit in front of the PC, logged in as another user and telling that gratefull person you get nervous when other people look you on the fingers while you try to solve a complex problem...
Another interesting point is "Rights-creep". Often people are given acces rights as they move between functions, but these rights are never revoked when moving on to the next...
10 ?"Hello World" life was simple then
I interviewed for a senior IT management position at a fairly decent size bank several years ago. Maybe this bank is within the top 25 in the USA.
I met with the CIO, and we had a great discussion in terms of where they were in terms of their systems. The CIO seemed to be an honest, straight-shooting guy. He was new to the bank - he started perhaps 8-12 months earlier.
He stated that the systems of the bank were in danger of total catastrophe. There were internally-built programs without source code. The divide between production, QA, and development environments broke down. Production runtime was manipulated by developers in real time. Some hardware was so old that it was running obsolete operating system software. If the machines failed, recovery would be extremely difficult, at best.
Coming from another class of institution, I found these statements shocking and disheartening. I liked the CIO - he was certainly fighting a huge, dangerous battle... and it was clear that he knew how much trouble he was in.
I ended up turning down the position offered, as their financial compensation wasn't nearly commensurate with the career risks I'd be taking stepping into such a huge minefield.
The CIO said he understood, but his budget was constrained - the bank was in severe cost-cutting mode, looking for a merger.
Nice.
According to Richard Branson, the best way to become a millionaire is to start as a billionaire and found an airline.
Q: Want to know how to make a small fortune in the stock market?
A: Start with a large fortune.
thankyouverymuch. Don't forget to tip the waiter. No stock tips, please.
I have seen several instances where someone that did a little digging on the back end could easily make the system do what ever they wanted. They become more valuable because they can fix the system when it hiccups. "Customer Joe has a weird charge on it. The system won't let us fix it. What are we going to do?" The guy that knows the backend then goes in and changes it right on the database and is a hero. But if he can fix things then he can also break things and cover it up. It goes back to managements desire to wear blinders. They want to put super locks on the physical doors but give the keys to kingdom on the system to anyone that is willing to help.
Is he strong? Listen bud, He's got radioactive blood.
Here in France someone is not guilty until it has been proven.
;)
Just let the justice do its work, we can then speak about it using some hopefully serious investigation to base our comments on.
Several things are unclear:
- Why and How can this man be responsible for a such thing ?
- What gives its employer the right to judge him ? (nothing according to French laws)
- Is it really a fraud or is it a professional mistake ? This point is still unclear according to the justice.
- How are the amount accounted ? According to the latest news the bank itself is responsible for the loss and it was determined by the bank strategy not the trader's.
I think this is a very complicated situation involving various interests (financial places, politics, justice...).
It is not obvious how things will be sorted out, speculating about it will not help.
I am giving up my karma on this one
Generally, the economy works better when money circulates...When it has "velocity", which is another one of those words like "multiplier" which I'm going to assume you understand. By dumping surplus money into commodities rather than banks, you're effectively hiding your money under your bed, and dampening the flow of money through the economy. People did this for a long time until a smart guy named Adam Smith pointed out that hoarding gold didn't make anyone especially wealthy; it was trade that built wealth, and that meant the movement of money and goods.
So that's why banks exist, and why we allow things like the multiplier effect to run our economy. The granddaddy of all multipliers (the Fed) has been active for the past few weeks, trying to pump some money into the economy. Bush is hedging his bets, and backing Keynes at the same time with a stimulus package. Historically, these actions have added velocity to currency, and fast currency tends to stimulate the economy.
The reason for the FDIC, and SEC, and Social Security and Welfare, and every other similar system is to basically keep the money in people's pockets. This is important for the reasons above; cash circulating through the economy creates jobs and stimulates the economy. A bunch of people losing all their money (for example, when a bank fails) means you have a bunch of people who suddenly can't buy groceries. Grocery stores start laying people off, because they have to cut costs, which means MORE people can't afford groceries, and so forth. People like you pull their money in and convert it to commodities, instead of putting it into banks, which means banks can't make loans to support people who are trying to start businesses or buy houses, which, again, slows the economy and costs people their jobs.
Basically your thoughts on this stuff fly in the face of all mainstream economic thought for the last several hundred years. I'm assuming you're a Ron Paul guy, because echoing his "economic" beliefs, and Gosh, we'd sure like to move back to the gold standard. I'd almost like to see him get elected, just out of academic interest in the economic chaos that would ensue.
Anyway.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Generally, the economy works better when money circulates...When it has "velocity", which is another one of those words like "multiplier" which I'm going to assume you understand. By dumping surplus money into commodities rather than banks, you're effectively hiding your money under your bed, and dampening the flow of money through the economy. People did this for a long time until a smart guy named Adam Smith pointed out that hoarding gold didn't make anyone especially wealthy; it was trade that built wealth, and that meant the movement of money and goods.
Yes, Adam Smith was correct, that wealth is built on trade. The problem with what you said is that there is a hidden effect from almost every transaction in said trade -- the profit made by the cartelized banks from each and every dollar that they create through the money multiplier effect. They don't actively "give" money out that they've created through the fraudulent fractional reserve banking standard, they loan it out. In fact, they loan out money based on previously loaned out and deposited money, so they're making money on nearly every loan transaction, even though the money doesn't physically exist. This hidden tax that only occurs with fiat money in a fractional reserve banking and monetary system is a form of wealth transfer from the economy as a whole to the cartelized banking institutions, and it actually causes a lag on the economy?
Don't believe me? Look at the GDP figures for the past, oh, 20 years. Subtract TRUE price increases over that time (don't use the ignorant and embarassingly fake CPI figures) from that GDP. We've been in a recession for 20 years, maybe 30 years, even though we may seem to have been strong for a few segments in that time. At almost no time in 30 years have we truly had GDP growth after subtracting the loss of the value of the dollar from the previous time-frame of GDP analysis. This means we're in a permanent recession, and the recession comes from the loss in value of the dollar, which is multiplied many times over due to the hidden tax the banking cartels have created from their money multiplier profit drain.
So that's why banks exist, and why we allow things like the multiplier effect to run our economy. The granddaddy of all multipliers (the Fed) has been active for the past few weeks, trying to pump some money into the economy. Bush is hedging his bets, and backing Keynes at the same time with a stimulus package. Historically, these actions have added velocity to currency, and fast currency tends to stimulate the economy.
No, it doesn't. That's a false statement, and one that a Keynesian spews regularly. Just because the economy may show growth in pure dollar totals, the value of the dollar is decreasing over that time, over and beyond any economic growth shown by more dollars spinning around. If the GDP grows from $10.00 to $10.75 in a year, but the dollar has lost 10% of its value, the actual growth in the economy in dollar terms is 7.5%, but the actual growth in value terms is -3.25%. This is a fact that is readily ignored by Keynesians and other pseudo-economists since these United States have withdrawn from backing the monetary notes with anything of current value. We are in a recession, and we've likely been in a permanent recession since Nixon's time.
The reason for the FDIC, and SEC, and Social Security and Welfare, and every other similar system is to basically keep the money in people's pockets. This is important for the reasons above; cash circulating through the economy creates jobs and stimulates the economy. A bunch of people losing all their money (for example, when a bank fails) means you have a bunch of people who suddenly can't buy groceries. Grocery stores start laying people off, because they have to cut costs, which means MORE people can't afford groceries, and so forth. People like you pull their money in and convert it to commodities, instead of putting it into banks, which means banks can't make loans to support people who are trying t
So here is how I understand it. He modified the system so that when a transaction used fractions of a cent, it truncated it and put the fractions of a cent into a new account he had made. However, he must have missed a decimal point, because when he checked the next day, he had 7.2 billion dollars. He lost it by writing a check and putting it under his bosses door when the office was closed.
How to lose this kind of money is SIMPLE! Get married.
I hate to say it, but the Reg might be right. Assuming the linked CV is the real thing, he only claims to have experience with Excel macros and a smattering of VB.
The real part of his hack is probably social engineering and stumbling upon oversights in the trading system. How many IT folks, even the dumb ones, can say "I could take this whole system down if I wanted!" - this guy actually did.
Goes to show that there's a difference between checking off boxes for auditors and actual security. Auditors can make sure the proper safeguards are in place; auditors can't tell if everyone in the department uses the same password.
Well, can't argue with a zealot, so I won't try.
I suggest however, that increases in our relative standard of living and the fact that our purchasing power has remained reasonably constant over the past three decades would suggest that we're not actually all secretly bankrupt, or, if we are, then the whole world is secretly bankrupt with us.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Of course I'm passionate about my hatred of fraudulent policies. A man steals from you, he's a thief. I don't care what anyone calls it, taking from someone against their will is theft.
That being said, we are all bankrupt. What is the average person's net value in the United States? No, don't just count your property and 401Ks, also add in the government's debt (local, state, and federal). Now you're bankrupt, unless you're worth at least $800,000 or so above and beyond your debt.
Our buying power might be more, but that's merely a figment of the imagination, as the quality of what we can buy is surely less. Plus, we're indentured to that debt for many more years than previous generations, and it is hard to say if we are living better because such a subjective comparison is impossible to make without having lived in previous times. Medical opportunity is better, and the chance to eat a healthier diet is also better, so I think we've gained something, but that's notwithstanding the corruption of those who try to prevent such gains in living ability.
Not to get into the rest of your debate, but yes, most people are secretly bankrupt. The current housing crash is a ready sign. If most people sold everything they owned, and tried to pay their debts, they would come out in the negatives. Now, given that the government and media are not going to start reporting that the country is bankrupt, the only reliable data I can use is what I personally have observed.
Coming from a perspective of someone just entering the upper middle class, a good 90% of the people I have talked to about money are worth less than $0. This includes the people "wealthier" and "poorer" than me whom I have had discussions with. I have a very hard time believing that any significant portion of the economically lower class have greater financial worth than the middle class. So, while I cannot speak of the very wealthy, the middle class and poor are as a group bankrupt. That does not include, as your advisory points out, the debt that is held in trust by our government.
Then again, Americans have their share of anti-business, pro-Robin Hood prejudice. One reason everything we do is so bound up in liability concerns ("Do not iron clothes while wearing them!") is that American juries love to sock it to defendants with deep pockets. That attitude is also reflected in a lot of pop culture.
It's true that French labor-laws are a little too worker-friendly. (Just as, IMHO, U.S. labor laws are a little too employer-friendly.) But I have to point out that in this particular case the rules aren't that different. In the U.S., an employer can't just walk into an employee's office and tell them "You're fired" without jumping through a few hoops first. Failure to counsel the employee on what they're doing wrong can have various consequences, ranging from a termination-for-cause being converted to a layoff (meaning the employer has to cover unemployment benefits, something they can avoid with a little effort), to getting sued on a civil rights violation, to a hefty fine. And yes, that's even happened when somebody's accused of costing their employer big bucks, either through malfeasance or incompetence. Especially then, because then you have the libel laws and the "innocent until proven guilty" principle come into play.
In this respect, the French are actually a lot less RH-friendly than we are, since suing people is a lot less profitable there.
Better summary: he was a financial derivatives trader at a big French investment bank. Derivatives traders don't buy and sell stocks, but rather, more exotic financial instruments, whose value is tied to stocks. His job was to find mispriced trades when they momentarily occurred, and jump in quickly to make the bank a small profit of them. In general, the way this works is that you have two investments, A and B, whose prices are supposed to stay in the same relation regardless of whether they go up or down; if the prices of A and B are spread too far apart from each other, for example, his job was to spot this, and to simultaneously short sell the overpriced one and buy the underpriced one. This is a form of what's called "arbitrage," because it's supposed to be riskless; if the market goes down, the buy loses money, but the short sale makes you money, and vice-versa. The amounts of the transactions in the pair are set up so that if A and B move the same amount, the losses and gains cancel each other out exactly; you only make money in that example when the prices move relatively closer to each other.
So now, essentially, what he's accused of doing is two things:
One further thing is needed to understand this: derivatives allow one to take huge positions with very little money down, because when you buy, say, a 3-month futures contract to buy on GOOG for $600 (more or less randomly picked number), you don't have to put in $600 for that contract; you only need to put in a fraction of it, as decided by the broker (this is called a "margin requirement"). For the sake of argument, let's say 10%; then with $600, you could buy one share of GOOG, or you could use that as a margin to buy 10 futures contracts on GOOG, that give you, over 3 months, the return of $6,000 worth of GOOG stock. If GOOG goes up, you make 10x as much with the futures contracts; if it goes down, you lost 10x as much.
This is relevant to this case because Kerviel's job was a futures trader. To take positions worth $50 billion USD, he didn't need to procure that much money from the bank; he only needed to obtain much less.
So. apart from a better standard of living, better health, longer life, better nutrition, more leisure time and the ability to experience more of the world than previous generations, we are all worse off. Got it.
I don't post much on Slashdot (ever), but I read the site a lot. I work in the financial industry and got some feedback from senior Risk Management ppl at SocGen regarding this little fiasco.
This is what they said happened:
As is now well-publicized, JK was able to use his knowledge of SocGen's back office procedures and controls to subvert them. Somehow (SocGen still seems unsure how) he obtained the access passwords of 3 or 4 other middle/back office individuals; but not only that, because these are changed regularly, he obviously managed to keep "updated" with the changes; (*my theory is that he figured out that people use easy to remember passwords like MonthYear and change it every month).
JK was able to hide what would have been massive swings (because of the size of real gross positions he was taking, primarily on Eurex) in his P&L from SocGen's P&L and Risk Management systems;
An alternating pattern of 5 basic types of transactions was used. (I believe these were described in a press release last weekend);
One thing that JK was apparently doing (which gave us an instant "flashback" to Barings and the infamous 88888 account!), was that JK would fail to put the required broker reference on at least some of his transactions, which would cause them to go into an error or suspense account for subsequent reconciliation (i.e., not as part of the overnight routine), allowing JK the opportunity (presumably) to reverse out or cancel the trade before it was spotted and questioned;
JK was hiding a few fictitious transactions in the midst of a slew of real ones. When some of these were picked up by controllers, he was able to find excuses to allay suspicion- e.g., by saying that the size of transaction entered must be an error and he would rectify it
He would cancel forward starting transactions before SocGen's system generated the relevant Confirm; [If I understood JPM correctly, SocGen has stopped the practice of deferring sending these out];
SocGen has combed its books and it believes that it has found all the fictitious transactions; and does not believe there was anyone else acting with JK. JPM stated that the bank was "99% certain" that it knows the full extent of its losses;
There were clear weaknesses in trader management. The Delta One Desk was supposed to have small risk sensitivities and hence a modest net daily P&L movement. JK's superior "reconciled" the daily P&L on a net basis, but never appears to have looked at the gross positions- the clear inference from JPM was that, if he/she had the fact that something didn't add would/should have been spotted;
With regards to margin calls, most of these would have related to positions on Eurex. For administrative convenience, SocGen received a single consolidated account for the whole bank- i.e., no granularity. Given how big a player SocGen is on Eurex, this made it easy to miss individual movements {Altho' this begs the question about control over actual movement of cash/margin];
As JPM pointedly said, SocGen's Market Risk Management never failed, but its Operating Risk Management certainly did;
Boston Consulting Group is now helping SocGen with making changes to its controls and the bank has a number of immediate and short term fixes underway- including reviewing the use of biometric identity checks for at least key controls; looking at gross and not just net positions in reconciling daily P reconciling positions between internal counterparts daily (not monthly as before); tougher and more granular controls on deposit and margin calls and reporting; better enforcement of the holiday policy (e.g., JK was able to find an excuse not to take holiday last November);
As is public knowledge, when JK was found out, SocGen discovered that it had open positions on Eurex (EUR 30BN); DAX (18BN); and FTSE (EUR 2BN), aggregating EUR 50BN. JPM was adamant that SocGen had no choice but to close out those positions, while trying to avoid moving the market. In mitigation of the
...and the wine! Don't forget the wine!
I think your point is valid if we accept the statement that CPI and Price Level figures are fundamentally off by huge margins. However, you say Subtract TRUE price increases over that time (don't use the ignorant and embarassingly fake CPI figures) from that GDP. So where are you getting your figures for inflation from? I really would like an answer, this is not a rhetorical question. How do your generate your figures for inflation, and what makes your figures better than the CPI?
So where are you getting your figures for inflation from? I really would like an answer, this is not a rhetorical question. How do your generate your figures for inflation, and what makes your figures better than the CPI?
I run a private microsite where about 8 dozen people for the past year have been helping me keep track of money inflation's attack on prices. The site may never go public, but it might. We were originally hoping to create a database site where registered users can submit prices of things they've bought (including sales taxes), and then allowing people to enter what they normally buy to see how prices have changed.
6 months into the deal, we noticed a problem: cereal prices had not gone up as they should have. After poking around various grocery stores, a store manager let me in on WHY prices didn't go up -- some cereal boxes were getting smaller. Instead of 32 oz for $2.99, the boxes were 28.9 ounces for $2.99. Oops. We missed that. So now we're plotting prices based on the standard box size, PER unit of measurement. Of course a 64oz box of Cheerios will be cheaper per ounce than the 32oz size, but if we call "32oz Box" standard, and it becomes "28.9oz Box" eventually, we call that standard, and continue to price it based on ounces per dollar.
It's VERY confusing, because it's only a few of us who are working together to get prices together. Yet just based on my own measurements, based on nearly 8 years of entering receipts into Quicken (now we scan the receipts in), my yearly dollar loss is equal to nearly 17%. That's right, over 8 years, my dollar has lost on average 17% of value based on what I use daily. I include gasoline, insurance, highway tolls, utilities (water, electricity, gas, garbage), landscaping, etc.
About a year ago I started actively hoarding money rather than spending it, saving it in the bank, or investing it. I am much happier for it. Of course, I hoard in a basket of currencies (USD, EUR, YEN, gold), but it has kept up better with price increases here in the States, yet still lost some value over that time. Thankfully, my gold has generally kept value, although in the past year it has appreciated more than what I would call inflationary price pressures.
Some day, maybe soon, I'll register a site dedicated to letting people enter prices of items and services they use, and make it public.
I believe there is a site called ShadowStats that has SOME inflation figures that are more realistic, but I haven't really spent time there.