Stringent controls needed to prevent another SocGen event

Additional controls are unlikely to prevent a similar breach event to SocGen being carried out in a different way. What is the real answer to preventing people bucking the system in banks?

Share

Undoubtedly, banks across the city will now be reviewing their controls to see what they have in place to catch events like the Societe Generale, the French bank rocked by over $7bn of losses from unauthorised trading.

SocGen itself has said that it has already put additional controls in place to prevent any recurrence of this specific kind of breach. So once again, banks are likely to be layering on more plasters and bandages in an attempt to hold their processes together.

This response is likely to prevent an exact replica of the SocGen event, but it is unlikely to stop a similar event being carried out in a different way.

The Barings loss was also caused by an over zealous trader trying to be clever. The control solutions put in place to prevent that re-occurring was a segregation of duties to prevent both front and back office controls being manipulated by the same person. This time the trader simply prevented the second individual from looking at the trade or control. By using a different method, the additional controls put in place to prevent another occurrence of the first event, did not prevent the occurrence of one very similar.

Banks cite increasing volumes, complexities and pressures to reduce costs as the reasons for difficulties in identifying the control weaknesses.

It is true that cost pressures have driven responsibilities to become highly fragmented between departments organised by products as well as off shore or outsourced operations. But we have heard these excuses for the last 20 years. Instead of making identification easier, the banks response of layering on more controls and dispersing responsibilities has contributed to the complexity and does not stop these events happening.

In reality, this added complexity reduces the amount of people who actually understand more than their specific area or who can identify faults in a transaction when they occur. This dynamic will not change, and product complexity and volumes are likely to increase steadily for the next 20 years, as they have done in the past.

Banks need to look for an alternative approach. Other industries have tools to monitor their activities. Airlines, for example, do not loose track of their planes, or advertise fictitious flights. Nuclear power stations know how much energy is being generated at all stages of the process. Even supermarkets are aware of how many cans of beans they have on their shelves.

Find your next job with computerworld UK jobs