UBS: Losses Worse Than Reported
$2.3 Billion Lost to 'Unauthorized Speculative Trading'In a statement posted to its website on Sunday, UBS said it lost $2.3 billion - not the $2 billion originally announced - as a result of "unauthorized speculative trading" conducted by a trader in its Global Synthetic Equity business in London.
While UBS does not confirm the suspect's name, London City Police last week arrested Kwaku [Kweku] Adoboli, a 31-year-old UBS director who oversees electronic funds transfers and Delta1 Trading for UBS. On Sept. 15, Adoboli appeared before City of London Magistrates, facing one count of fraud by abuse of position and two counts of false accounting. He will reappear before City of London Magistrates on Sept. 22.
Officials with the London Police and UBS say the investigation is ongoing.
In its statement, UBS said the rogue trader, following internal inquiries, revealed his unauthorized activity on September 14.
"The loss resulted from unauthorized speculative trading in various S&P 500, DAX, and EuroStoxx index futures over the last three months," UBS said. "The positions taken were within the normal business flow of a large global equity trading house as part of a properly hedged portfolio. However, the true magnitude of the risk exposure was distorted because the positions had been offset in our systems with fictitious, forward-settling, cash ETF positions, allegedly executed by the trader. These fictitious trades concealed the fact that the index futures trades violated UBS's risk limits."
UBS now has set up a special committee to conduct an independent investigation of the unauthorized trading activities and their relation to the control environment.
One of the largest trading losses ever reported, the UBS scandal has the industry buzzing about the risk management and anomalous behavior.
"All organizations have to put appropriate risk management into place," says Robert Stroud, vice president of innovation and strategy at CA Technologies and a member of the ISACA Strategic Advisory Council. "Risk management is going to identify primary and fundamental risk, but you're not going to catch everything."
Lessons from UBS?
The UBS incident appears strikingly similar to the trading scandal that came to light in January 2008 at Societe Generale, where rogue trader Jerome Kerviel got by with $7.2 billion in fraudulent deals."I think one of the problems is that controls and compliance pick up problems, but they don't always pick up when anomalous activity goes on," says Frances McLeod, a partner and co-founder at U.K.-based Forensic Risk Alliance, a dispute analysis and litigation support company. "You're only as good as your ability to pursue those anomalies."
The automation of fraud detection helps, but it's no silver bullet. On a deeper level, it's the financial culture that needs more serious examination.
"There is conflict between the front-office and the back-office, and the risk management function," McLeod says. "There also is a perception that risk management is there to stop you from making money."
Banking institutions, especially on the trading side of the house, have been reluctant to ask too many questions when money is coming in. That's a cultural perspective that has to change.
"A basic risk posture needs to be adopted, so that organizations have the right processes and checks and balances in place," ISACA's Stroud says. "Whistle-blowing is a very good technique, by the way, whether it's whistle-blowing in your corporate environment or reporting a strange package on a train."
Employees and individuals at large organizations should not be afraid to raise a red flag when they notice something suspicious. "Whistle-blowing should provide a safe-haven for people to tell things when they think something is out of place or odd," Stroud says.
But banks need to be more vigilant, especially when it comes to basic in-house practices. Monitoring employees is critical. And when employees move from one department to another, organizations need to take notice.
"Traders or employees with knowledge of how back-office and internal risk controls work are able to circumvent those controls over a period of time to hide unauthorized trading activity," says James Heinzman, managing director of Global Compliance Solutions for NICE Actimize.
Job movement should always be noted, because employees who have worked in more than one department have greater knowledge about an organization's overall structure, policies and operations. "They have a good understanding of how booking and allegations work," McLeod says. "They understand the technical background. And it puts them in a unique position to know how to circumvent the system when they move to the front-office and they start executing trades. It would appear that the individual at UBS fell into that category. He had that technical background."
One area for improvement: Automation to raise a red flag on employees who could use experience from one department to exploit opportunities in a new group.
"I think the first thing we are going to do is reinforce that every organization needs to go back and look at their controls and processes and make sure that they are not just being implemented, but that they are being enforced," Stroud says. "Look at the controls. If they are violated, then automate those alerts and made sure that the technology is reviewed."
The main lesson: Risk management is fluid, and must be consistently reassessed and altered. "Once you put a risk management regime in play, you do need to go back and review it on a regular basis, so that you can be sure that the controls are effective and that they change as the world changes," Stroud says.