In January 2008, the financial world was disrupted by the world's largest financial fraud case known to date. The famous French bank, Société Générale, recorded a loss of 5 billion euros due to false positions taken by a junior trader, Jérôme Kerviel. To fully appreciate how he did this, it's important to know a bit about his background. Kerviel spend several years in the bank's middle office in the area of equity trading compliance. In that time, he gained an intimate knowledge of the systems used to log and reconcile trading activity. In 2005, Kerviel moved out of the middle office role to become a junior arbitrage trader. One of his tasks was to leverage derivatives to exploit small price discrepancies in the value of stocks across various markets. During this period, the markets became more and more efficient, this task has become a real challenge, making equity arbitrage a low margin and high volume trading practice .
[...] In order to proceed to the TO BE statement, it should have several stages. So, if we draw a process map, the TO BE situation appears like below: Today, it is undeniable that IS is a core business in any company. In this case, we have shown that a bank has to protect his data, flows in order to be protected from threats, and to reply to French regulation. A bad IS setting up can be fatal to a bank, and it could involve a loss in corporate image, stakeholders' and shareholders' trust, who decide about the future of the bank officials, hence indirectly decide about policies of the bank. [...]
[...] He was sure of his position; hence he had increased the size of his bets, and hedged his positions on paper with falsified documents and e-mail messages. Until the 31st December 2007, he accumulated several winning positions, which will be fatal after the 1st January 2008. He had a long position, which means that he was a buyer. In the mean time, he took seller positions in order to avoid risk control. Within the first fortnight in January, the index sharply decreased, it was the beginning of the end for Jérôme Kerviel. [...]
[...] It will free up funds for 50 millions euros for his computer security. The bank wants to implement the following measures: A permanent analysis of risk exposure. For this, it will strengthen controls about the directions bets taken by its traders. These will be daily and will concern absolute amounts and not only global balance. Do a correlation of events: the operations cancelled will be verified in order to determine rigour in relation to the context of the others operations. Changes of passwords every month. [...]
[...] But, if the bank implemented a financial application logs, bank officials could have been alerted when IT access codes were being executed from workstations other than those assigned to back office personnel. As a front office trader, Kerviel would not have been on the privileged user list, hence his execution of such actions would have been flagged. Created fictitious trading operations within financial portfolios Kerviel did false trading, and by doing so, he made it appear that his trades were properly hedged. [...]
[...] The solution can be in building a real-time fraud and risk monitoring based on Security Information and Even Management (SIEM) technology. This kind of technology provides a platform for analysis and response to business transactions and event log data from a wide variety of information systems. It allows organizations to build real-time fraud and risk management system, which detects immediately a high-risk activity. When the correlation engine identifies such activity, it can : Trigger automated workflows to notify authorized personnel Limit suspicious user activity Prevent damage associated with the purchase of speculative financial instruments. [...]
Source aux normes APA
Pour votre bibliographieLecture en ligne
avec notre liseuse dédiée !Contenu vérifié
par notre comité de lecture
