UBS: A Lesson For BanksBanks Continue to Miss the Risk Management Mark
"You're always going to be at risk in any institution for having somebody who's going to have inside information that will allow them to circumvent the system," says McLeod, partner and co-founder at U.K.-based Forensic Risk Alliance, a dispute analysis and litigation support company.
But investment banks such as UBS struggle with finding that balance between risk management and money making, McLeod says: a cultural imbalance that likely encouraged UBS trader Kwaku [Kweku] Adoboli, suspected of being behind several rogue trades, to take advantage of an opportunity to make money at the expense of the bank. [See How Did UBS Lose $2 Billion?]
Compliance needs to be more than just a "box-ticking exercise," McLeod says. Random testing and highly trained people are needed to mitigate the risk institutions face. "In my mind, there are a lot of very sophisticated systems already in place, in terms of the size and sophistication. It's a question of having those people, even at the management function, having sufficient understanding," McLeod says in an interview with BankInfoSecurity.com's Tracy Kitten [transcript below].
Institutions too often expect compliance systems and controls to pick up all the problems, when they should instead be viewing risk management as an ongoing process. Management needs to make sure employees are acting in a compliant and ethical fashion, and systems need to be tested periodically.
During this interview, McLeod discusses:
- The role volatile economic conditions play in rogue trading;
- How financial institutions can identify potential red flags when employees move from back-office positions to front-office roles;
- How providing employee incentives and bonuses to encourage ethical behavior can pay big dividends in the long-run.
McLeod, one of the three co-founders of Forensic Risk Alliance, is responsible for design and implementation of the claim evaluation and administration systems of the $1.3 Billion Swiss Bank and $2.5 Billion German Slave Labor Holocaust settlements advised by FRA. McLeod advises diverse clients on FCPA/OECD-related issues, both in terms of response to investigations/litigation and in compliance. Having lived and worked in the developing world, the U.S. and Europe, she has first-hand experience in balancing regulatory demands with the working practices of emerging markets. McLeod currently advises on several anti-corruption driven matters.
Analyzing UBS's LossTRACY KITTEN: We don't have all the details about the UBS trading scandal. What we do know is that the $2 billion losses associated with the bad deals will likely push UBS's third quarter earnings into the red. How could a trading loss of this magnitude have occurred?
FRANCES MCLEOD: I would agree with you, it's still early ... and we're not able to have information or the time period over which these things were exercised, the volume and the values of it. Obviously, we're in a little bit a world of conjecture. Also, put it into the context of the fact that we've been undergoing a period of unprecedented market-to-market volatility particular with the movement from the euro, the uncertainty surrounding the Greek and Italian economies and other factors. Obviously, when you get very volatile market issues of this nature, [it] tends to get thrown up. It would appear that the market volatility would be one of the things that allowed this to happen.
If that individual is susceptible to fraud or undertaking fraud, they really have quite a nice opportunity, because they have a very good understanding of how bookings and allocations work. They understand the technical background and it puts them in a unique position to know how to circumvent the system, when they move to the front of it and start executing trades. ... He had that technical background, which would allow him to know exactly what to do to circumvent the systems. At this point, it's too early to say whether this was somebody who was very, very skilled at doing that, or if the systems in place should have thrown up anomalies. ... That is certainly one area one could speculate.
Comparing UBS and Societe GeneraleKITTEN: That's a good point. I was actually going to draw a parallel between what we saw at UBS and the Societe Generale case, but maybe I'm drawing a parallel that doesn't make sense there. When we talk about the Soc Gen case, we do know that Soc Gen Grid Parts had certain policies and procedures in place, but the bank was not enforcing those policies and procedures. We don't know if that was the case of course with UBS, though it seems likely that the bank would have picked up on some of these bad deals had fraud detection been followed. It sounds like there may have been a number of things going on. I don't know what your thoughts are there.
MCLEOD: Yes, I think there's an interesting coincidence. I think post-Soc Gen, there would have been an inspection across the banks and similar banks. ... But I think UBS and Soc Gen are just parallel, similar entities, in terms of their size and in terms of their international reach, and in terms of the variety of the services they offer. ... I think one of the problems is that controls and compliance pick up problems, but, again, they don't always pick up when anomalous activity goes on, and you are only as good as your ability to pursue those anomalies and work out whether they're one of things, whether it's somebody systemically circumventing them.
Once the other areas which is kind of a problem within banking, particularly in the trading spot of banking, is the conflict between the front-office and the back-office, and between the risk-management function and virtually looking at growing revenue. Trading departments are geared toward making money, and there's also the perception that the risk-management function is there to stop you from doing that. So, I think there's a little bit of conflict in the cultures there, and I think that also refers to the way people are centralized, when I look at other industries that have had to go through huge makeovers in terms of compliance. So, say for example, not in the same area, but if you look at industries like oil and gas, which have been based on environments that often turn to corruption and so on, the way they have addressed created a much more compliant culture is to link compensation toward actually following the rules and being compliant. Now there's an increasing trend to bonuses and compensation to also be able to demonstrate that you're following through. I think that's something in the wake of these types of scandals that banks are going to have to really look at, and not just allow these star-trader results to continue to make money without questioning whether they are really doing it in a fair and compliant in fashion, and whether they are keeping an eye out for the risks associated with that.
Addressing ApathyKITTEN: That's a great point and one of my questions actually delves into that a little bit. It seems that someone within the institution must have noticed that something was going on, perhaps was shady, but they said nothing. How can banks address this internal apathy or are investment houses doing enough to encourage and support whistle blowing for instance?
MCLEOD: I think that's a very, very good point to really push that compliance down the food chain, because I think that if only they book a box-ticking exercise, people are going to circumvent that. [Do] more random testing and have people really who are trained to really look at [this]. In my mind there are a lot of very sophisticated systems already in place in terms of the size and sophistication. It's a question of having those people, even at the management function, having sufficient understanding and thoughts when they're issues and anomalies you really understand how the reports that are generated out of that system work, rather than just leaving that to the risk management and compliance functions. I think it's a question of making the responsibility for that broader and making it really institutionalized. I think it's interesting to see invariably new cases when you do have that rogue trader. It's very much the trend to pursue that individual.
Employee SegregationKITTEN: You also talked a little about in the UBS case you may have had an employee who knew things that allowed him to take advantage of the situation, and I'm wondering if institutions are doing enough when it comes to the segregation of employee duties. Do you think that more segregation would have made a difference in the UBS case?
MCLEOD: I think so, although to be honest I think you're always going to be at risk in any institution for having somebody who's going to have inside information that will allow them to circumvent the system. You frankly expect your compliance systems and controls to pick up problems which really is a question of what you do and whether you understand how wide reaching those companies are and what kind of remediation you take. It has to be due to a sort of ongoing process with the question of constantly testing and showing up the avenues for abuse. It needs to be a culture-wide compliance culture. Whether there was something in the individual's background or character that should have raised alarm bells and he should have been [marked as] a risk, whether one should consider the risk of moving people who have knowledge that could allow them to circumvent the system into another function. Know that there are thousands of people trading everyday, so I think you do need to be aware that people making that move do have a level of knowledge, technical and accounting, which could put them in a position where they could abuse the system and that will be maybe it's worth keeping an eye on them a little more closely.
KITTEN: That's a good point, and you've probably answered this question although I would like for you to expand on it a bit. I wanted to ask in closing, what steps should investment banks be taking to ensure they catch and prevent these kinds of unauthorized deals in the future. It sounds like from what you're saying that it just needs to be more a holistic understanding from management all the way down to the fraud detection department for instance. Everyone needs to be involved.
MCLEOD: I think it can't just be entirely driven by picking your numbers or exceeding your numbers. It's got to be also ensuring that you in the management position are comfortable that the people below you are acting in a compliant and ethical fashion. Then I think it's a question of testing. It's a question of testing up systems that need to tested periodically, because in any type of fraud, there are always new tricks of the trade that are coming up. If you close off one avenue, there are certain types of people who will find another avenue, and you just need to keep testing your systems, examining those reports and tweaking things to ensure that you're keeping up with the times and you're closing down those avenues.