Five billion euros is real money. Whether your bank took a trading loss of that size or not, you certainly want to know one thing: how? As the investigation into the Société Générale rogue trader scandal develops, there is significant interest from all corners of the financial services industry in all regions about the details of what Société Générale chairman Daniel Bouton described as "unbelievable”.
Still, no one is waiting for all the facts to come out to ask another question – how can we avoid it happening at our bank? This is the question being asked in war-rooms around the globe filled with senior management, trading executives, and risk and compliance experts. The problem is that systems and procedures only go so far, and at some point human fallibility is the ultimate culprit.
In this case, we are talking about a trader, Jerome Kerviel, whose logic was faulty. Somehow in his calculus it was worth running up billions in bank trading losses for a personal bonus. This is simply not a character trait you find every day, and is certainly not detectable by a risk management system. Perhaps a psychological evaluation is needed.
Also, it seems from the early information emerging from the investigation that the risk systems were doing their job. Reportedly, there was more than one warning sign. Eurex, the European derivatives exchange, had contacted Société Générale about what it perceived to be technical issues that ultimately could be traced to this rogue trader's activity. As you can imagine, the bank's directors were furious to hear about that one. Worse, the supervisors that investigated the inquiry were satisfied with Kerviel's explanation, which, of course, was reportedly based on fraudulent documents. What risk management system is going to prevent that? Clearly, a well-conceived and executed fraud has a chance of succeeding, which to some degree it did here.
There is a lesson here about having too much information. Kerviel had intimate knowledge of the systems designed to catch him in what he was doing. He may also have acquired access to systems needed to perpetuate the fraud. There is also the unanswered question of whether others were required to make the fraud work, and whether any such people were complicit or "social engineered." This will all be discussed in detail as the facts emerge. But where does this leave an industry so proud of its risk management systems technology and automation?
Risk management is a hot area in financial services technology. This debacle will only make it hotter. Spending in risk management technology is forecasted to grow to $3.7 billion in 2008, according to Financial Insights, an IDC company. Banks everywhere are engaging with risk solution providers to talk about the issue and see what can be done. Our research shows that banks are establishing a new, higher bar for risk management systems, and that should lead to a short-term bump in spending for these systems. The pressure is simply too great for banks to be able to prove that they have the monitoring capabilities in place that represents the best possible effort to avoid a Société Générale situation.
This increase in spending will be incremental for one important reason: conventional wisdom in the market is that the culprits here are human fallibility and sophisticated fraud, not risk management systems. No one we have spoken with in our research has indicated that what this problem calls for is an additional layer of risk management monitoring. On the contrary, it looks like the machines did fine and the people really blew it. Still, if there can be a silver lining in this at all, it would have to be that risk vendors could hardly expect higher awareness of their value if they had spent the five billion euros on advertising.