Authorised attacks on bank systems may be the best defence against ‘rogue traders’.

All organisations undertake risks in their activities. Take for example the collapse of Enron through fraud, which cost shareholders US$11bn, and BP’s Deepwater Horizon oil spill disaster, where losses are estimated at US$5bn.

When controls fall short

However, unlike many sectors, banks can suffer significant losses from the actions of just one individual – with Kweku Adoboli, UBS (US$2.3bn), joining, amongst others, Jérôme Kerviel, Societe Generale (US$6bn) and Nick Leeson, Baring Brothers (US$1.3bn).

Given the volume of legitimate trading undertaken globally in dealing rooms around the world, losses incurred by individual rogue traders are clearly significant exceptions that require a specific response.

BlackRock has noted that at the end of March 2011 the global ETF industry had 2,605 ETFs with assets of US$1,399bn and the average daily trading volume was US$72bn. In addition, the Bank of International Settlements reports notional amounts outstanding globally in H2 2010 of US$29,363bn for FX currency swaps and options, US$ 413,673bn for interest rate swaps and options, and US$29,898bn for credit default swaps.

Through reducing proprietary trading, increasing capital requirements, fiddling with incentive compensation and potentially ring-fencing business divisions, regulators are seeking to ensure banks are secure, and will in future not require taxpayer bailouts. Banks too have their own systems of internal controls which should guard against losses outside of operational limits.

If risks are properly understood, robust processes established, and individuals work strictly within appropriately-set processes and risk limits within the trading businesses of banks, then the possibility of losses outside pre-approved levels of tolerance are significantly reduced. To mitigate risk, banks already have new-business and new-product committees, middle- and back-office processing and analysis, risk management functions, external audits by accountants and regulators, and internal audits.

The appeal of rogue traders

Periodically, ‘rogue traders’ exploit control weaknesses at some banks. A number of these high profile cases have been due to the actions of traders who had previously worked in the respective banks’ middle-offices.

Regulators and shareholders will be putting renewed pressure on banks to demonstrate they can adequately manage the risks inherent in every line of business. They will be concerned at recent reports from the Institute of International Finance (IIF) which state that significant work still needs to be done by banks, before their risk IT systems can deliver holistic views of potential losses.
It has been reported that banks such as Citi and clearing houses such as the Depository Trust & Clearing Corporation (DTCC) are employing ‘ethical hackers’, who report to the CISOs, to attack their payments and other systems. Therefore why shouldn’t banks consider employing ‘ethical rogue traders’ to attack their trading systems?

To follow through on this, banks need to decide on some critical factors, such as the objectives and terms of engagement, whether they should use independent consultants or their own staff, and who they will be accountable to.

The unauthorized position taking of Adoboli at UBS cost shareholders US$2.3bn as well as Oswald Grübel and others, including the two co-heads of Global Equities, their jobs. Maybe it is time to give ethical rogue traders a seat in the dealing room, before more heads roll.

Dr Paul Aldrich is managing partner at CTPartners in Hong Kong. Pete Metzger is a vice chairman of CTPartners, based in Washington DC.