Feeds

Outsourcing fingered as UBS cops £30m fine

Rogue trader should have been spotted in outsourced report

Internet Security Threat Report 2014

The perils of outsourcing have again come under the spotlight after regulators investigating the $US2.3bn loss at Swiss bank UBS pointed to key risk management failings at a third party provider based in India.

The FSA and Swiss regulator FINMA launched a joint investigation into UBS in September 2011 after it came to light that rogue trader Kweku Adoboli had incurred huge losses because he was allowed to make unauthorised trades from the London office of the bank.

The FINMA report (via PTI) explains that the bank’s operations team was responsible “for ensuring the timely confirmation of trades with deferred settlement terms”. These trades were listed on the “T+14 report” maintained by an unnamed outsourcing provider.

The report goes on to reveal that one of the main ways Adoboli hid the true risk exposure of his activities was by generating fictitious trades with deferred settlement dates on the Exchange Traded Fund (ETF) desk where he worked.

It added the following damning conclusion:

Deferred settlement trades should have been identified on the T+14 report. However, this report was non-operational between May and November 2009, and from November 2010 to September 2011 shortly before discovery of the Loss)…

The purpose of the T+14 report was to identify deferred settlement trades, as these posed a greater risk to the Bank than trades settling within the usual T+3 cycle. The importance of this report was not understood. The report failed twice, for extended periods of time, and the second failure of the report went unnoticed by UBS for approximately 10 months.

Although the outsourcing provider is clearly not solely to blame for what happened at the bank, its failings are painted as contributing factor and will call to mind other recent high profile cases from the financial world.

Back in August, New York State Department of Financial Services accused Standard Chartered of hiding $US250bn worth of secret transactions with Iran.

In a damning report, it blamed the UK bank for outsourcing key OFAC compliance processes to Chennai “with no evidence of any oversight or communication between the Chennai and the New York offices".

HSBC also came under scrutiny earlier in the summer after a US probe found issues with its own “offshoring reviewers in India”, who failed to spot issues regarding compliance with money laundering rules. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.