"The matter is still being investigated, but UBS's current estimate of the loss on the trades is in the range of USD 2 billion," UBS says in a statement. "It is possible that this could lead UBS to report a loss for the third quarter of 2011. No client positions were affected."
BBC News reports London City Police have arrested a 31-year-old on charges related to fraud by abuse of position. UBS has not confirmed any connection between that arrest and Kweku Adoboli, a 31-year-old UBS director who oversees electronic funds transfers and Delta One trading for the investment bank. A UBS spokesperson did tell CNBC, "I can confirm that an employee of the bank was arrested in London in connection with the statement."
Jennifer Bayuk, ex-CISO at former U.S. investment bank Bear Stearns & Co., says we can only speculate at this point, but it seems UBS' unauthorized deals were not accidental. "You can't have someone arrested for violating your policies," says Bayuk, now a professor at Stevens Institute of Technology. "The question is, 'What did he do, and was there a policy that would have prevented the activity? Was that policy enforced?' At this point, we don't know what activity contributed to the loss and if that activity was actually part of his job function or not."
Shades of Societe GeneraleThe UBS incident appears hauntingly familiar. In January 2008, French investment bank Societe Generale took a $7.2 billion hit in fraudulent trades after a trader went rogue. In the Societe Generale case, the fraudulent trades were linked to an insider, Jerome Kerviel, who, coincidentally, also was 31 when arrested.
In the Societe Generale case, the gaps in security were obvious. The bank had risk management policies and controls to detect bad trades, but those policies and controls were not enforced, and security practices were lax.
"SocGen was responsible for loose security controls, which really enabled the fraud in that case," Bayuk says. "He [Kerviel] was using passwords from an old job function which had not been changed since he last used them."
Since the Societe Generale scandal, most institutions have implemented new controls to detect and correct what Bayuk calls "toxic combinations" - access authorizations that allow traders to bypass controls for segregation of duties controls. "It is reasonable to expect that UBS had some such program in place," Bayuk says.
Further details are likely to emerge on what already is being called one of the largest unauthorized trading losses in banking history.