How to lose $7.2bn with just a few Basic skills
SocGen: it could've happened anywhere - and still might
Posted in Management, 31st January 2008 12:01 GMT
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
Special report As I swept through Kent and Calais on a Eurostar last week, the financial markets again threw some entertainment my way in the shape of the SocGen debacle.
My last Reg piece explained that the credit crunch was partly fuelled by VBA and that is what appears to have happened again.
However, Eurostar trains don't have Wi-Fi, and my only access to the world was a BlackBerry. So getting Kerviel's number took hours, by which time he had gone to ground. He has my mobile number if he wants a chat...
Nevertheless, in various Paris bars over the weekend, fragments of the story grew in the telling. There were a few common threads, but the consensus was not surprise that this had happened - just that it happened to SocGen, which has an enviable reputation throughout the market as a "smart" bank.
Absolutely no trader or quant has said to me "couldn't happen at my bank". A couple of sharp risk managers correctly speculated that the numbers involved would grow, and that because he had compromised the systems no honest final number would be available soon. Since it appears that it was an external source who complained about the problem, not SG risk management, this seems highly credible.
SG say it is going to sue Kerviel, but according to the lawyer I was travelling with, this could be a six year case if he makes a fight of it. His low rank meant that none of the traders seemed to know him personally, implying that the great bank had been bitten hard by a junior henchman, and he had dug himself in a hole in an attempt to claw himself up from a 75K entry level package.
Most of the media have yet to pick up on the fact that he was supposed to be an arbitrageur, someone who makes riskless profits by spotting things that have been given the wrong price. Instead he bet on prices going up and down. One idea that caused much merriment late Saturday on the Ile Saint-Louis is that his work was deemed to be so low-risk that no one looked all that hard at it.
Oh how we laughed.
Another reassuringly expensive lawyer held the underyling cause to be the "tick box" mentality, whereby every bank produces a thick "compliance manual" which no one ever reads; part of a process where people do what they are told rather than think.
Market Impact
More than one person pointed out that SocGen were likely to lose money just to get out of this mess, as banks spend good money on "market impact models"; confections of hard maths that try to avoid your bidding up prices against yourself. Also, they would be forced to offload regardless of market conditions, so this may end up more expensive than the original foulup.
Qui est cet homme?
No less a figure than the President of the Bank of France called M. Kerviel a "computer genius", which is frankly just about as silly as M. Noyer's apparently blind acceptance of the lines fed to him by SocGen. One can only speculate on what else he has swallowed in this matter. SG's CEO Daniel Bouton referred to Kerviel as a "mutating virus", to bolster the notion of a hi-tech attack by the love child of Lex Luthor and Bill Gates.
But I headhunt people for the high end of banking, and Kerviel's CV is not that of a BOFH. We have quite literally hundreds of PhDs on our books from quantum physics through exotic mathematics, incomprehensible dealings in game theory, and bleeding edge programming in F#, to cruel and unusual C++. A few have made serious money out of poker. Some are fighter pilots. In this field a bit of VBA does not impress.
But I can infer he was a superior tactical programmer because he was promoted out of the wilderness, which implies he can work hard, and so commands some respect. He might have downloaded some scareware, but the idea that he did any hardcore hacking seems like a fanciful attempt to make SG look less negligent. No one would blame a bank that was raided by heavily-armed special forces, but SG was in effect taken by the man who mends their guns.
Next page: Je pense que...
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
COMMENTS
@Cusco
Agree'd there are some *really* big players in the power industry that have appaling procedures for certain aspects and houses built on sand. The previous owner was no different and that one nearly went the same way as enron. probably the only reason it didnt was because it was just not found out.
i work at the station level and here we run a very tight ship but at the corporate level security is a joke, particularily within trading as they seem to think they are 'god' and tend to get away with whatever. the main trainin gpc's have postit notes with passwords on them stuck to the sides of monitors. we castrate people for doing that here but down there it's the norm to share and logon as others!
Could be you are right
Certainly Excel misuse is only part of the problem. Given his skillset it would have been in the mix, but you must be right that he used other tools. Indeed I think the access others PCs "helping" them with Excel may have been far more of a factor.
I hear what you say about entering the offsetting positions, but why weren't any cash flows noticed ? Certainly I stick to the point that either the reporting at SG is totally crap, or that he compromised it (or some combination of those two factors).
Over-emphasis on Excel/VBA
I doubt JK used VBA to hide his positions. More likely he entered false offsetting futures/forwards/swaps trades and/or made risk amendments (in my experience, risk systems allow you to manually "correct" your risk, which is intended for use where a position isn't feeding properly or a trade hasn't settled yet) to make his risk look overall flat. D1 traders' gross asset limits are often v.high (i.e. measured in the billions) - it's the delta (i.e. the sum of the net long/short positions) that's under far tighter limits - hence the name for this type of business, Delta One, which implies no risk.
To give an example, if I'm long £1bn worth of FTSE 100 stocks and short £995m worth of FTSE 100 futures, my gross asset value is £1.995bn but my net position is long £5m.
Rumour has it JK had taken large unauthorised index futures positions. To make himself look flat, risk-wise, all he had to do was make false entries in the opposite direction.
In my experience, Excel/VBA is more used for tactical risk modelling/calculation by traders/quants. The real risk management (i.e. what the controllers look at) are separate systems (either developed in-house or bought from a third-party vendor) which take dumps from the various position-keeping systems at the end of the day to compare against traders'/desks' risk limits and do the number-crunching necessary to calculate the company's overall VaR figure.
It's not at all surprising that a relatively intelligent individual who was both familiar with the risk systems and was determined to circumvent them, was able to do so.
-- The Accidental Trader
Great Article (and comments too)
Enjoyed this article, and it's good to see the author responding in comments too. I've been in banking quite a while and I agree, this could happen pretty much anywhere. What is surprising is that SocGen did not act on warnings from Eurex in Oct/Nov. Seems as though their award from Risk magazine went to their heads!
And I'd agree with The Pimp in stating that Investment Banking is full of very clever, very talented and very hard working people. It's just that some people use those talents in rather odd ways. And that the business demands simply don't tally with development reality.
Gweihir, a question...
Gewhir could you tell me how you teach your students to deal with senior staff telling them to break elementary security ?
I assume you teach social engineering, but what about advocacy skills ?
The new Office:
