UBS's $2 billion loss to rogue trading provides lessons for all banks. What's missing in today's financial institution culture is a balance between profits, ethics and governance, says risk management expert Frances McLeod.
With the Swiss bank offering new details about the severity of its trading scandal, industry experts share insights on risk management and the failure of systems and staff to detect unauthorized trades.
From 2004 to 2010, Latesha Brown used her privileges to accept and submit forged birth certificates, pay stubs and other documents to obtain loans at several institutions. How did she go undetected for so long?
"You can't have someone arrested for violating your policies," says former Bear Stearns CISO Jennifer Bayuk. "The question is: What did he do, and was there a policy that would have prevented the activity?"
Are executives spending too much time and energy focused on external hacks, sacrificing attention they should be paying to internal threats? It's good that business leaders understand insiders pose risks, but are they taking those risks as seriously as they should?
"If [employees] aren't being treated right and they don't think leaders at the bank are running the bank correctly, they can rationalize committing fraud," says banking/security expert George Tubin on the risk of insider crimes.
Executives in a variety of industries who are in charge of securing their enterprises' IT say they're more anxious about outsiders hacking into their systems than insiders - either maliciously or inadvertently - threatening their digital assets, a new survey shows.
According to FINRA, Citi's negligence in adequately supervising Tamara Moon, a former sales assistant at a Citi branch in Palo Alto, Calif., resulted in $749,978 being skimmed from the accounts of 22 Citi customers.
For John Colley, managing director of (ISC)2 in EMEA, ethics need to be addressed more frequently in the workplace. Organizations can no longer assume information is legitimate or has been gained through ethical means.
"The action and manifestation of risk is not necessarily evident to today's users in the way it was in the past, and that creates a big inherent challenge for a CISO," says Malcolm Harkins, CISO at Intel Corp.
"The first step is for banks to admit there is a problem before they can address it, and many bankers are still in denial," says Shirley Inscoe, author of the book "Insidious: How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them."
"Our role is changing in the fact that we see fraud being perpetrated in a new manner everyday via malicious software, banking Trojans and online theft," says Jean-FranÃ§ois Legault, senior manager of forensics and dispute services at Deloitte.