UBS Blames Internal Gaps for Fraud

Audit: Fraud-Prevention Measures Didn't Detect Rogue Trades
UBS Blames Internal Gaps for Fraud
An assessment of financial controls at Switzerland-based UBS has revealed gaps in internal measures that ultimately resulted in losses totaling $2 billion in unauthorized trades.

In a statement issued this week, UBS says certain internal controls were not effective on Dec. 31, 2010. That's when 31-year-old Kweku Adoboli, a former UBS director who oversaw electronic funds transfers and Delta1 Trading for the investment bank, pushed through $2 billion in fraudulent trades UBS later said would likely result in a third-quarter loss for 2011.

London City Police in September arrested Adoboli. He later appeared before City of London Magistrates, facing one count of fraud by abuse of position and two counts of false accounting.

UBS is required, as an institution operating in the U.S. under the Sarbanes-Oxley Act, to annually evaluate internal controls used for financial reporting, disclosure and procedures. UBS says it has identified two controls that were not effective on Dec. 31, 2010: one requiring bilateral confirmation for trades and the other used in the inter-desk reconciliation process to ensure internal transactions are valid. The gaps have been reported to the Securities and Exchange Commission.

UBS also says financial statements included in its 2010 annual report were not affected by the control gaps. "The financial effect of the unauthorized trading activity is fully reflected in UBS's third quarter 2011 financial report," the bank says. "Investigations are ongoing, and management may become aware of facts relating to the Investment Bank that cause it to broaden the scope of the findings."

Risk Management Strategy

The internal fraud gaps at UBS should serve as warnings to all institutions. Robert Stroud, vice president of innovation and strategy at CA Technologies and a member of the ISACA Strategic Advisory Council, says banks are not going to catch everything, but well implemented risk management strategies ensure certain gaps are less likely to expose huge risk. "Risk management is going to identify primary and fundamental risk," he says.

The UBS incident, unfortunately, rang strikingly familiar to the trading scandal at Societe Generale, where rogue trader Jerome Kerviel got by with $7.2 billion in fraudulent deals.

Eric Fiterman, a former special agent for the Federal Bureau of Investigation and founder of Methodvue, a consultancy that provides cybersecurity and computer forensics, says organizations are learning that simply collecting information is not enough. "You actually need to look at it, interpret it and identify actionable intelligence from the data," he says.

But most organizations, financial institutions included, have difficulty interpreting and analyzing the data they collect. IT auditing applications have, in essence, created a new problem: "I have so much information I can't find what I need to know," Fiterman says. How well organizations shield themselves from internal losses like the one suffered at UBS will rely on their abilities to quickly identify and execute responses, despite of all the data.

"Most organizations have too few people trying to chase too many phantoms," he adds. "You need to have a strategy for filtering out the background noise and getting to the alerts and actionable information hiding in this mountain of data."


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.