FARRER & Co : Briefings archive

Rogue trading has always been a hazard of market culture. Risk-taking is rewarded and minor infractions ignored. There is also an unwillingness to lose face, leading to further losses by traders trying to conceal an earlier error. Compounding these cultural issues, banks are risking ever larger amounts of their own capital on complex products1.

Over the past few months, several financial firms have suffered significant economic losses apparently due, at least in part, to employees who played with "house" money and lost. In some cases, these employees acted as rogues, engaging in unauthorised trading and concealing their losses over a period of time. Sadly, these recent incidents of rogue trading are not new, and they remind us that lessons learned in the wake of past scandals are worth repeating.

On 24^th January this year, one of France's largest banks, Société Générale ("SocGen") disclosed that it was facing losses of €4.9 billion as the result of the activities of a rogue trader. The size of the loss was staggering, yet the words "there but for…" will not have been far away from the lips of many in the UK.

In this article, Martin Day, examines some of the reasons for, and the issues to which, the SocGen case has given rise, and some past examples of incidents where poor systems and controls have been exploited by traders resulting in major, and in some cases catastrophic, losses to the firm concerned.

Most firms can take comfort from the SocGen rogue trading case in that it was caused largely by elementary control failures. Despite this, firms with sophisticated controls systems should not forget to perform basic checks. It is also worth looking at what happened at some other notable rogue trading scandals in the past.

Rogue trader scandals are not a new phenomenon. Indeed, as early as 1884, two rogue traders at the US firm of Grant & Ward caused a national panic by illegally rehypothecating securities that already had been posted as collateral for margin purposes2. The firm failed after this fraudulent conduct was discovered, ending up with liabilities of US$16 million and assets of only US$7 million. More recent rogue trader scandals have generated equal publicity and panic, causing billions of dollars in losses of firm capital3. Some of the more notable cases prior to the SocGen affair are noted in summary below.

The unauthorised activity of trading staff appears to be a regular problem for trading operations. In fact, it has had an impact in many jurisdictions and is not confined to the banking sector alone. In many cases, the traders involved were engaged in deals involving complex derivatives. Warren Buffet has described derivatives as "financial weapons of mass destruction". Derivatives contracts result in complex risks, making it difficult for the firm's control functions and senior management to identify the full extent of the firm's exposure to risk. When risks do crystallise, the scale of the losses can be significant. It is therefore vital that firms have proper control of the activities of their traders in order that they can attempt to monitor and control their exposure to risk and that management understands the products and the risks they involve.

In 1984, Toshihide Iguchi began trading US government bonds at Daiwa Bank's New York branch office. By 1989, he had lost more than $575 million. Iguchi covered his losses by selling bonds the branch was holding in custodial accounts and then falsifying the records. By the time that Iguchi's fraudulent activity was disclosed in 1995, he had accumulated $1.1 billion in unauthorised trading losses. Subsequently, Daiwa Bank was fined heavily, and the Federal Reserve ordered it to end all its operations in the USA.

In the early 1990s, a twenty-seven-year-old trader in the Singapore-based subsidiary office of Barings Bank ("Barings"), Nick Leeson, lost the equivalent of over US$1 billion of the firm's money through transactions in futures contracts. Initially, Leeson had made large profits for Barings by dealing in derivatives and futures. After experiencing losses, however, he used an error account to disguise his bad trades. Because Leeson was involved in the settlement of his own trades, he was able to sustain this scheme until he left the firm in 1995. As a result of Leeson's losses, Barings eventually became insolvent and was sold to the ING Group for a nominal sum

An enquiry by the Bank of England's Board of Banking Supervision found that key control failures exploited by Nick Leeson included the following:

· There was a lack of separation between front office and back office: Nick Leeson effectively controlled both front office and back office, and was able to conceal his unauthorised transactions from Barings' management;

· The reporting lines within the group were unclear, which made responsibility for the oversight of Nick Leeson's activities ambiguous;

· The high level of profits made by Nick Leeson's operations were not queried by management, despite the fact that the trader had relatively low authorisation limits for trading activities;

· Barings' management did not query the high funding requirements of his Singapore operation; and

· Barings' management did not respond swiftly enough to internal audit recommendations to improve the risk management environment within their Singapore operations.

There are certain similarities between the Leeson affair and Kerviel affair at SocGen discussed below in this article, including, most notably, the failures to properly segregate front office and back office functions.

A key regulatory consequence of the collapse of Barings was a new focus upon the role and responsibility of senior management. When, shortly afterwards, the new FSA regime was being established, it saw the introduction of regulatory responsibilities for senior management, together with an approval regime for individuals performing 'controlled functions'. Individuals performing key management functions would therefore become personally liable for regulatory failures, making it easier for the regulator to take enforcement action against those who preside over weak control environments.

In 1993, John Rusnak was hired by Allfirst Financial Inc. ("Allfirst"), the Baltimore-based subsidiary of Allied Irish Bank. Rusnak was hired to conduct an arbitrage trading strategy between foreign exchange options and the spot and forward markets. He claimed that he could make money by running a large options book hedged in the cash markets. In reality, however, his trading was directional and he sustained substantial losses at some point in 1997 by betting mainly on the Japanese yen. Rusnak hid his losses over several years by using fictitious options contracts. In addition, he manipulated the firm's Value at Risk ("VAR") calculation – the primary measure used by Allfirst to monitor his trading. It took until 2002 before routine checks finally uncovered the true extent of the firm's exposure. By that time, Rusnak had vastly exceeded his trading limit, secretly betting US$7.5 billion of the firm's capital on the yen rising against the dollar.

In the period from November 1991 to March 1994, Joseph Jett, the former head of Kidder's government trading desk, conjured up US$350 million in phantom profits in a scheme to mask US$100 million in losses. Jett was a fixed income trader who was involved in exchanging Treasury securities known as "STRIPs" for whole bonds (or "recon" transactions). He also entered trading contracts that involved the future exchange of STRIPs for bonds. It was through these forward contracts that Jett was able to conceal his trading losses, by extending them again and again and recording phantom profits. He was able to perpetrate this fraud by exploiting a weakness in Kidder's trading and accounting systems, which recognised a profit in connection with recons entered for settlement more than one business day forward. After the scandal, Kidder was sold to the Paine Webber Group.

Over a period of ten years, a Sumitomo copper trader, Yasuo Hamanaka engaged in unauthorised copper trading on the London Metal Exchange, resulting in losses of US$2.6 billion.

In the wake of these rogue trader scandals, there were post-mortem analyses, reports by independent parties, findings by special committees, and even US Congressional hearings. In particular, following the disclosure of Rusnak's fraudulent conduct, Allied Irish Bank commissioned a former US Comptroller of the Currency, to provide an independent report on what had gone wrong. Also, after the disclosure of Jett's wrongful conduct, Kidder commissioned a former Director of the Division of Enforcement of the SEC to provide an independent report. More recently, losses in the financial markets stemming from the sub-prime market collapse have triggered their own series of reports and recommendations on risk management and supervision, most notably the President's Working Group on Financial Markets in the USA and the Senior Supervisors Group (which is an international group of financial regulators, including the SEC, Federal Reserve Bank of New York, and the Office of the Comptroller of the Currency) in the United States.

Through these analyses, recommendations, and findings, several key risk management and supervisory control lessons have emerged which may be summarised as follows:

· Set the right tone from the top: Senior Management and Boards must encourage a Culture of Compliance and Responsible Risk Taking;

· Senior Managers must understand the complexities of the products that their firms trade;

· Management should ensure that Incentive Systems do not encourage excessive risk;

· Operations, risk management, and compliance reporting lines should be separate from business lines;

There have also been some recent examples of losses resulting from activity that was not deliberate, but which nevertheless highlights the risks posed by a failure to properly monitor the activities of individual traders. Notably:

China Aviation Oil, the supplier of nearly all of China's jet fuel imports, suffered losses of US$550 million as a consequence of speculative derivatives fuel hedging strategies in Singapore. The scandal arose due to the absence of efficient controls on senior management, who were able to use the company's funds to make large bets on the price of oil futures.

In 2007, the Bank of Montreal lost nearly US$800 million as a consequence of the trading activities of a natural gas trader, David Lee. The Bank's CEO said at the time that the losses resulted from decisions that "did not adequately recognise the vulnerability of the market to changes in market volatility".

In February 2008 Credit Suisse suspended a team of derivatives traders after losses of US$1.5 billion were revealed in connection with mortgage-backed bond investments. The mis-pricing of the team's positions was attributed to late marking of pricing updates. The Bank has not suggested that there was any deliberate misbehaviour; rather that the traders were merely "tardy" and that they did not comply with the firm's internal procedures.

In summary, the lessons of the past that are identified above highlight important steps that firms might take in order to mitigate the occurrence of unauthorised and/or fraudulent trading and to facilitate the detection of such trading.

Whilst it is true that, in the end, no system of controls will ever be foolproof, it is equally true that a culture of honesty and accountability, robust front-office and back-office controls, and effective risk management systems will help.

SocGen's press release of 24^th January merely announced that Jérôme Kerviel, ("JK") a trader, who specialised in arbitrage between various European stock market indexes, had taken out large unauthorised long positions and created a loss of €4.9 billion. JK is variously described as having worked in the compliance department and on the administrative side of SocGen, processing transactions and developing computer systems to manage positions taken out by traders. In some press accounts he is reported as having moved from the middle office to the trading desk handling proprietary deals in futures for European stock indices. Some commentators have speculated that he had kept up his friendships in the back office and that such friendships may have helped him stay on top of the latest risk-control procedures in place in SocGen's Paris head office.

The sole explanation offered for the affair has been that JK had been at SocGen more than five years and knew its internal controls very well as a result of his former employment in the middle office. He therefore had somehow managed to conceal his positions through a scheme of elaborate fictitious transactions which were described as extremely sophisticated.

In fact, his fraud was discovered on 19^th January, when a compliance officer at SocGen found a trade that exceeded the bank's limits. When SocGen contacted the counterparty they discovered that it was fictitious. The fraud was based on the use of fictitious companies JK had created and used for taking positions which were themselves hidden within other hidden positions. The object was the creation of a fictitious trade to balance each real trade, thereby making the positions appear to be properly hedged. The real trades were then rolled over before they reached maturity.

At the point of discovery, JK had unauthorised open futures positions of €50 billion (more than SocGen's market value), including a massive €30 billion Dax futures bet. This situation was uncovered at a point when global equity markets were entering a turbulent period. In such circumstances, SocGen's ability to close out these substantial open positions was made significantly more difficult, with the result that SocGen sustained heavy losses.

SocGen's chairman Daniel Bouton stated that because of JK's "intimate and perverse" knowledge of the bank's procedures and controls he was able to swiftly shift positions to evade detection at each level of control.

According to Philippe Collas, the head of asset management at SocGen, by the end of December 2007 JK was massively in the money, but since the beginning of 2008 his trades became catastrophically unprofitable.

According to the Wall Street Journal, JK was prone to working long into the night hacking into the computer system to conceal his trades and to disable credit and trade size controls to keep compliance and risk management off the scent. He is alleged to have used the computer log-in and passwords of colleagues both in the trading unit and the technology section. The extent of the fraud began to emerge over the weekend when SocGen's managers interviewed JK. It is thought that he was working alone. SocGen indicated that it took three days to unwind JK's positions and that such a process would have been impossible if the fraud had by then been in the public domain.

The majority of firms should have the correct controls in place to prevent the type of circumvention allegedly carried out by JK. However, it has been reported that SocGen ignored ninety different alerts leading up to its massive losses. It is of course pointless for firms to have systems and controls in place without following up on warnings. Firms need to employ robust management in their front offices in order to question types of behaviour. Direct oversight is needed on a day-to-day basis, as compliance remains only the second line of defence.

The question must also be raised as to whether the Autorité des Marchés Financiers in France shared enough information about the problems at SocGen with its counterparts in the run-up to the announcement of the huge losses. This was allowed to occur despite the existence of memoranda of understanding between regulators.

JK's actions were, by his own admission, deliberate. His motivation appears to have been to make a large profit for SocGen, and thereby secure himself a bigger bonus. Essentially, he was able to act in the manner that he did, due to a failure of the risk management and compliance-monitoring environment within SocGen. He used his knowledge of the firm's IT systems to circumvent built-in precautions and to cover his tracks. When potential issues were identified, it appears that they were not adequately followed up, thereby allowing him to continue acting improperly.

On 4^th February 2008, the French Finance Minister, Christine Lagarde, published a report on the matter. The Lagarde Report criticised the Bank's internal controls. Although the full story has yet to be disclosed, key control failures exploited by JK appears to have included the following:

· JK was able to use his experience and contacts from his previous role working within the firm's back-office to circumvent the automatic security systems in place to raise warnings regarding suspicious or risky behaviour; he even claims that he used his colleagues' computers with their consent.

· SocGen's risk management systems monitored tradings' net exposure, rather than monitoring their gross trading positions; by falsifying hedging transactions, JK was able to hide the fact that he had such significant open positions.

· The margin calls on JK's real trades did not trigger any alarms within SocGen because the margin data provided by the derivatives exchange, Eurex, showed only consolidated positions for SocGen, and did not identify the positions attributable to each trader;

· In November 2007, Eurex did question SocGen on one of JK's purchases. However, JK apparently satisfied his managers that all was above board through the use of false documents.

· JK took barely any holiday in 2007, which assisted in enabling him to avoid any outside scrutiny of his transactions.

The French Banking Commission is now conducting an inquiry into the inadequacies of SocGen's internal controls and it is likely that more will be revealed in due course. In particular, it will be interesting to see whether there is any substance to JK's claims that his actions were sanctioned by his colleagues and management.

In France in the summer of 2007 President Nicolas Sarkozy launched an initiative to decriminalise French company law and business life. His theme, "la dépénalisation de la vie économique", was based on the premise that to remove the threat of criminal interference would help companies work more efficiently. A working group on decriminalisation which the Paris Court of Appeal chairs was established and has recently (but not publicly) reported. JK, SocGen's rogue trader, was placed in criminal custody on the order of the same Paris court.

In the UK, in contrast, recriminalisation is now the popular sentiment. For example, the FSA has commenced its first criminal insider dealing prosecution for over seven years, and over the past year UK boards of directors have been coming to terms with the advance of criminal law into the boardroom as the UK government introduces a raft of new criminal laws designed to curtail other undesirable business activity. (If this policy is successful no doubt the City of London will be invited to finance a new prison for its miscreants.)

In terms of preventing major frauds and their consequences, the existence and use of criminal penalties is still regarded as a deterrent in both France and the UK. For the individual, the rationale is that those who might be tempted to manipulate figures and hide trades where the consequences are only civil or regulatory (i.e. being sacked or being banned, with perhaps also a fine), would be less likely to do so if the consequences were criminal (i.e. with the risk of being sent to prison). For the institution, the aim is to deter it from being the one that employs rogues. That, however, is a much less certain and more difficult aim, particularly when firms are seeking to employ inventive and resourceful individuals. Even if limited to the immediate financial loss and adverse publicity, the deterrent factors for the institutions concerned remain high. To what extent should they go beyond that? Is it justifiable to hold the institution to account for the actions of its rogue traders, or is the institution itself simply the victim of crime?

The most recent FSA guidance is in the case of a senior fixed income trader at Toronto Dominion Bank (London Branch) who resigned from his post and, in doing so, revealed to his employers that he had been attributing false values to his trading positions for over two years to hide losses. He had also entered a number of fictitious trades in the two weeks prior to his resignation. The losses, which the Bank bore, amounted to C$8.8 million (£4.5 million). The Bank informed the FSA as soon as was practicable, cooperated fully with the investigation and launched its own internal audit investigation.

Toronto Dominion Bank was the only party to have lost any money as no clients or third parties suffered a loss in this case. However, the FSA imposed a fine of £490,000 (including a 30 per cent discount for early settlement) on the basis of three identified system and control failings, the most important of which was the failure to have in place a system of independent price verification on the trader's trading book. The trader also agreed to a settlement with the FSA and received a prohibition order. There were no criminal consequences in the case. In other cases the FSA has felt able to distinguish the actions of an individual from the systems and controls responsibilities of the firm, with the result that it has been only the individual that has faced sanction.

In FSA -v- Sean Pignatelli, (discussed in more detail in an article Principles-based discipline: an unwelcome development? in the March 2007 issue of Financial Services Briefing) a US equities salesman, embellished information he had received in passing it on, giving the impression it was inside information, which it was not. The firm in this case was not held responsible for the salesman's failure to consider the implications of the information he received and passed on.

In the case of FSA -v- Roberto Casoni (discussed in more detail in an article Market misconduct: investment analysts be warned, in the May 2007 issue of Financial Services Briefing) a research analyst, made selective disclosures prior to publication of an analyst's report. Again the FSA took the view that this was a case of adequate systems and controls being ignored or circumvented by an individual, and so pursued the individual only.

In terms of financial consequences, in the USA, probably the major deterrent for institutions in an equivalent situation is the probability of facing a class action. In the UK, despite the recent reforms in the latest Companies Act, that deterrent does not yet exist to the same extent. The issue of the compensation of victims, however, still remains an important and unresolved issue.

Class actions are a core feature of US securities law that has provided the means for private enforcement. The record class action settlements in the early 2000s following the collapse of Enron and WorldCom also acted as an added incentive for publicly listed companies to put in place adequate systems and controls to prevent large scale fraud.

In Europe in contrast, Germany introduced in 2005 a law that allowed for test cases to be brought for mass capital markets transactions.

In 2006 in France, President Sarkozy advocated a form of class action as part of his electoral platform – although no law has yet been passed in France.

The debate in the UK and other EU member states has been about "opt-in" and "opt-out"; in an opt-out class action system every person that falls within the defined class is deemed to be a member unless they actively seek to "opt-out". By grouping potentially thousands of members under defined classes without requiring them to take any steps until after judgment or settlement, the opt-out system is what gives teeth to class actions in the USA.

There is a link between the class action jurisdiction and regulatory sanction. In the USA it is because of the exposure to litigation that most regulatory sanctions are agreed without admission of liability. In the UK, with one exception, regulatory sanctions have required recognition of culpability even where they are the result of settlement. In France in contrast, the settlement of regulatory actions has not yet been introduced (although that, too, formed part of President Sarkozy's proposed reforms). Part of the debate now is whether a settlement regime should or should not involve admission of culpability.

In the UK, currently over 80 per cent of the FSA's regulatory actions are settled with recognition of culpability. If the balance of litigation risk was to change in the UK, as well as elsewhere in the EU, that could well impact significantly on the willingness of firms to settle regulatory actions. It might also start to threaten what is currently a more open relationship in the UK between the regulator and the regulated than in the USA if whenever the FSA asked for documentation and information the regulated firm had to ask itself about the potential use to which litigants might put that same documentation or information.

Litigation is not the only route to the compensation of victims. The same can be achieved by regulators. In a retail context, where the class of consumers who have suffered is known, compensation via regulatory intervention is well established. The FSA does this most frequently by agreeing redress with the firm as part of a regulatory settlement, or by its ability to make or apply to the courts for, restriction orders. In a wholesale context where the class of victims is less clear, the same approach has yet to be followed. This is not to say it could not be. Certainly the FSA has, for example, frozen the proceeds of suspected market abuse at the outset of an investigation.

Criminal cases in the UK also offer scope for compensation. For example, in the FSA's successful criminal prosecution of two company directors in November 2005 for making misleading statements in company announcements, both private individuals and fund managers who had bought the company's stock following the announcements successfully claimed compensation as part of the criminal process.

The SocGen affair has had, and will have, worldwide consequences. However, responses and reactions will tend both to be local and to be influenced by different factors. It is in France that the most immediate political consequences will be felt and where the issue of "punishment" will need to be addressed. Elsewhere, the main focus may well be more on other issues, such as compensation and redress. For the market, the fallout in different jurisdictions in relation to what is ultimately the same shared issue, is not particularly satisfactory. Inevitably somewhere in the regulatory response will be the thought that this might all be so much easier if there were a single European financial regulator. For example, there seems to have been a markedly different interpretation of the Market Abuse Directive in the UK, where the Bank of England said it was constrained from acting behind closed doors in relation to Northern Rock, and in France where SocGen was afforded three days to close out positions before the news of JK's actions was announced.

On 24^th January 2008 when SocGen announced to the market an exceptional loss of €6.9 billion comprising losses attributable to unauthorised equity derivative trading and to write‑downs on its sub‑prime portfolio, it was said that the sub‑prime losses were €2 billion, the unrealised loss of JK's positions was €1.4 billion on discovery, and the realised loss was €4.9 billion by the time the positions were closed out in a falling market. That however may not be the full story, since there is an argument that relates to the massive further negative cost of poor risk management. Over and above the crystallised losses from JK and its sub‑prime business, the reputational cost to SocGen shareholders of the failure to have had in place even remotely adequate risk management and controls may have cost SocGen many € million more. There are also the costs incurred in having its own management and PricewaterhouseCoopers investigate how things were supposed to work, who did what and when, who did not do what and when, how to make things better for the future, and also in supporting the regulatory investigations of the Banque de France, the Autorité des Marchés Financiers, and the French government itself.

SocGen has denied that management failure was an issue in the JK case, instead characterising the problems as "procedural". In the absence of a detailed explanation it is impossible to correctly guess what went wrong. Whatever the eventual outcome, however, it is safe to assume that there will be much to interest students of operational risk management. The litigation which has already started with a shareholder action, will also keep securities lawyers busy for some time to come.

The impact will be felt most immediately by the company's senior management. Monsieur Bouton, the Chairman of SocGen, has stated that he and chief executive Philippe Citerne will not take any salary for the first half of this year and they will also forego their bonus payments for 2007. The Chairman also offered to resign, but his offer was rejected. Meanwhile, the steps taken by SocGen to recover its financial position have apparently succeeded in hitting the Basel Tier 18 per cent target ratio. (This was resolved by means of a board decision to raise €8 billion via a rights issue of preferred shares.)

SocGen has indicated that despite JK's fraud and further losses in the sub‑prime sector it is nevertheless planning to post a profit for 2007 in the US$880 million to US$1.2 billion range and to pay out 45 per cent of its profit in dividend.

SocGen has also now filed criminal charges against JK who has been suspended and subjected to SocGen's dismissal procedures4.

SocGen has taken great pains to characterise JK as a fraudster and his trading as fraudulent, but it appears that the French police have not been entirely convinced and have only brought lesser charges. In his first public comments since the scandal broke, JK told Agence France Presse that he recognised his "share of the responsibility", but he would not take all the blame. "I was designated [as being solely responsible] by [SocGen]. I accept my share of responsibility but I will not be made a scapegoat for Société Générale," it is reported he has said in an interview at his lawyer's office in Paris.

Subsequently, the SWX Swiss Exchange ("SWX") has fined SocGen SFr30,000 (€18,500) in May of this year for failing to monitor its traders properly and allowing an unregistered user to access its systems. The fine adds to SocGen's compliance problems following the January €4.9 billion rogue trading scandal. The breach, however, relates to events in July 2006 when five traders in SocGen's Paris office were absent and their personal identification numbers were used to access the exchange system. SWX issues identification numbers to individual traders to prevent misuses and asks for a log of registered traders who deputise for other traders. A 2007 audit of SocGen discovered that in four of the cases entries were made by registered traders who failed to record their actions in the log book. In another case an entry was made by an unregistered person. SWX is reported as having said that SocGen had been warned about the misuse of trader identification numbers previously. (It is not thought however that these breaches were the result of fraudulent activity and in particular did not relate to actions of JK.)

It is frequently the case when a rogue trader appears on the scene the financial institution concerned faces a wide range of subsequent legal actions which flow directly from any losses incurred. It has been reported that a lawyer for a group of SocGen shareholders, has now launched a lawsuit against SocGen for insider dealing and market manipulation over the way that it unwound its positions. An action has also been commenced against a SocGen non‑executive director for selling a large parcel of SocGen shares ahead of the announcement.

The case against the director looks relatively straightforward - just an accusation against a corporate insider of trading ahead of bad news by selling shares in the company, but the case relating to the unwinding of JK's positions by SocGen is less straightforward.

Inside information is characterised in the Market Abuse Directive ("MAD") as "…any information of a precise nature which has not been made public, relating, directly or indirectly, to one or more issuers of financial instruments or to one or more financial instruments. Information which could have a significant effect on the evolution and forming of the prices of a regulated market as such could be considered as information which indirectly relates to one or more issuers of financial instruments or to one or more related derivative financial instruments."

It is arguable that the information that a major bank has placed a huge unauthorised and uncovered open long position in a falling market for index futures might come within this definition. The Directive, however, also provides that: "The mere fact that bodies authorised to act as counterparties … confine themselves to pursuing their legitimate business of buying or selling financial instruments should not in itself be deemed to constitute use of such inside information."

The basis of the claim as reported is that SocGen should have informed the market before engaging in such a trading strategy. This is a highly contentious area. If one assumes for the purposes of argument that the information is inside information, while MAD prima facie requires transparency with regard to announcements that concern inside information, this is not an absolute requirement, but is hedged around with defences - as was apparent in the Northern Rock case and the emergency liquidity aid that bank received from the Bank of England.

The Directive provides that member states shall ensure that issuers of financial instruments inform the public as soon as possible of inside information which directly concerns such issuers. It also qualifies this too, however, by indicating that an issuer may, under his own responsibility, delay the public disclosure of inside information so as not to prejudice its legitimate interests, provided that such an omission would not be likely to mislead the public and provided that the issuer is able to ensure the confidentiality of that information. Member states may require that an issuer, without delay, informs the competent authority of the decision to delay the public disclosure of inside information. It appears that this was done by SocGen.

It is also reported that the SocGen shareholders concerned are also bringing an action against SocGen for market manipulation, but there is no indication as yet as to the precise basis for this. Market manipulation is now fully within the MAD regime in France as elsewhere in the European Economic Area - a point which was raised in the European Court recently (Case C 391/04). (That case concerned a share support scheme in Greece based on wash trades of shares in various companies in a connected group carried out by corporate insiders. The Court found that it fell outside the scope of the first EU Insider Dealing Directive but that it would have fallen within the scope of the new regime which explicitly outlaws such manipulative practices.)

On 11^th March 2008 the FSA published a commentary on systems and controls in light of the SocGen rogue trader affair, in MarketWatch 25 (its occasional newsletter on market conduct and transactions reporting), which focused on firms' reviews of their systems and controls in light of the SocGen incident. The background to this was that since SocGen's announcement on 24^th January 2008, FSA supervisors had spoken informally to forty‑eight of the largest trading banks in London. Many had already put in place reviews to identify and correct gaps that may exist in their trading controls. MarketWatch was used to highlight the measures firms should consider when reviewing the systems and controls which protect them against 'rogue trader' risk.

Firms should consider the importance of the quality of the routine management information and exception reports available to trading management.

Firms should also consider whether the front office culture is designed to prevent 'rogue trader' activities. In particular, firms are encouraged to consider requiring traders to take two-week continuous holidays, and also to consider the use of 'desk holidays' whereby traders take a break from marking or valuing their own books while a colleague takes over.

Firms should consider implementing trading mandates for each trader and the level of detail of such mandates. Firms should also consider using the mandate as the basis for monitoring the activities of the trader by both the front office and the control functions.

Firms should consider whether their control functions are staffed by people with sufficient understanding, skill and authority to challenge front office staff effectively when limits are breached or suspicions are aroused.

Firms should consider whether they have mechanisms to monitor traders' positions by reference to trader's mandates and overall desk positions.

Firms should consider the monitoring of key performance indicators at a trader level (as opposed to simply at a product or market level), to account for the fact that individual traders may operate on multiple markets.

Firms should also consider aggregating performance information to enable senior control and front office management to assess a trader's performance across different areas (so that, for example, multiple 'yellow' flags in different areas would produce a 'red' flag overall if they identify common control concerns with a particular trader).

Firms should consider the appropriate escalation of concerns raised by bodies outside the internal control network (such as an investment exchange) and the aggregation of such information with other control management information.

Firms should consider assessing more closely where the firm's profits and losses come from in relation to its trading activities.

Firms should consider the extent to which they reconcile information between the firm's own systems (including front office, risk management and back-office systems) and the outside world (including custodians, exchanges and brokers).

Firms should consider their arrangements for tracking and analysing outstanding confirmations of trades and for escalating to senior management breaches of the firm's standards for outstanding confirmations.

Firms should also consider ensuring that confirmations from external counterparties are sent directly to the middle- or back-office and not routed via the front office.

(The FSA notes that, in the near term, oral confirmations between operations to confirm the existence and key economic factors of trades can be a useful control tool, pending the completion of full confirmation processes.)

Firms should consider their reconciliations of margin and collateral calls to a trader or book to ensure the calls are correct.

Firms should also consider the analysis of gross and net cashflows and whether these can be understood in the context of the trader's mandate, positions and reported profit and loss.

Firms should consider the proper implementation of IT security and access controls to ensure that users can only access the functions that their duties require. In particular, firms should consider the need to periodically review access rights, and to implement specific precautions when staff move from the middle- or back-office to the front office.

The FSA has thus highlighted some priority areas for firms that are reviewing their systems and controls in the light of the SocGen affair. The British Bankers' Association is reported as commenting that this issue of MarketWatch can be seen as a "fair warning" to firms to review their systems and ensure that they are working. Further output from the regulator might now take the form of a high‑level "thought leadership" speech by one of the FSA's directors or its chief executive, aimed internationally, as well as at FSA-regulated firms.

Perhaps the FSA suggestion that has attracted the greatest attention is that traders should be forced to take two weeks of continuous holiday. The FSA has said a two‑week holiday would allow other colleagues to inspect a trader's books and ensure they were valued correctly.

A "security conscious" culture could also combat the sharing of passwords, which might allow individuals to circumvent controls.

Other suggestions made by the FSA included ensuring that bespoke trades were confirmed over the telephone with a human being at each counterparty firm.

JK had previously worked in SocGen's middle office, the department partly responsible for checking the valuations calculated by its traders. His trades were not voice‑confirmed and he had taken only four days of holiday in the previous eight months when his trading activities came to light. However, we cannot assume, as the FSA seems to, that these were the prime reasons for the fraud. He probably also regarded himself as underpaid and unappreciated by his superiors, whom he may well have regarded as a lot less intelligent than himself.

The FSA has said employees with control functions should have "sufficient understanding, skill and authority" to challenge traders when suspicions were raised. The new whistle‑blowing powers proposed by the Chancellor of the Exchequer for the financial services sector may also assist in this context.

Banks also need systems for escalating awareness of suspicious activity to senior management. The FSA stressed, however, that its suggestions are for discussion only and are not formal guidance.

The FSA's suggestions in MarketWatch 25 are undoubtedly full of common sense. However, they add a little substance to what is contained in the SYSC rulebook. In particular, the suggestions regarding the strengthening of internal control functions, the monitoring of individual traders' positions, and the implementation of specific controls for staff who move from back office to front office would, if they had been adopted by SocGen, have reduced the likelihood that JK would have remained undetected for so long.

However, to an extent, the FSA is merely stating the obvious. It is unlikely that there are any major banks that are not aware of best practice for establishing internal controls for managing rogue trader risk. As indicated earlier in this article, this is not a new problem. More pertinent is the willingness of senior management to implement such controls and enforce them rigorously in times when the markets are strong. There are potentially lucrative benefits, both to a bank and to individual traders, in allowing traders to take big risks in a rising market. This becomes problematic when the market starts to fall, and the need for tight controls suddenly becomes acute. A culture of bullish risk-taking on the trading floor, motivated by personal self-interest, with little respect for the personnel who are charged with monitoring compliance, can be difficult to change once it has been allowed to develop. In particular, if previously successful individuals suddenly find that they are making losses, they may be inclined to be less cooperative with compliance. Where risk managers and compliance officers have not been given sufficient management support in the good times, it may be difficult for them to suddenly assume 'authority' in the bad times.

With this in mind, it must be asked whether the FSA's soft-touch approach, as demonstrated by MarketWatch 25 is the right approach. The FSA has made much of its 'principles‑based' approach to regulation over the past year or so. Indeed, the SYSC rules now go little further than to 'copy-out' the requirements that have been established at the EU level. MarketWatch itself is merely an ad hoc newsletter on market conduct issues, issued by the FSA's Markets Division. It is not a particularly high-profile publication and, the industry's awareness of its contents is probably still rather low.

Of the four statutory objectives of the FSA, two are particularly relevant in this context:

· reducing the extent to which it is possible for a business to be used for a purpose connected with financial crime.

The previous scandals described above demonstrate that the consequences of unauthorised dealing can be significant, not only for the individual banks, but also for the wider financial system. At the time of writing this article, the banking system is still in the midst of a global credit crisis and banks are increasingly unwilling to lend to one another for fear that they may not be repaid. Financial shocks affecting individual banks, such as large losses and write-downs resulting from the activities of rogue traders, do nothing to improve confidence in those banks.

"The current volatile market circumstances significantly heighten the chances that inappropriate practices could quickly lead to record losses, so early discovery and remedial action are even more important than in 'normal' times."

It is difficult to dissent from that assertion. Certainly the SocGen affair could well have happened here.

Certainly, firms need to ensure that they have robust procedures in place to constrain the activities of their trading staff. Traders should always be subject to appropriate limits and there should be arrangements in place to ensure that if those limits are breached, alarms are triggered and the matter appropriately investigated. (As noted above, the FSA's MarketWatch 25 sets out some useful suggestions for additional controls.)

However, it is unlikely that any form of controlled environment will eliminate the risk of rogue trading. Traders, by their nature, are risk takers. The rewards offered to successful traders are significant enough to justify, for some (in their eyes), the bending of the rules (whether those rules derive from regulation or from the firm's own internal controls). Furthermore, these individuals are typically intelligent and capable of circumventing any established control structures within their firms.

On top of this, one must consider the 'trader's option', that is, that the firms encourage risk taking among their traders. Success is rewarded by larger and larger bonus payments; the cost of failure is to be fired. Once a trader has incurred sufficient losses to justify the loss of his (or her) job, there is little incentive not to cover up the losses or to take greater risk in an attempt to get out of trouble (the 'double or quits' mentality).

The key to minimising the risks of rogue trading is to ensure that the internal control environment is supported by the firm's senior management. In particular, it is crucial to ensure that the control functions (risk management, compliance and internal audit) are sufficiently empowered to challenge the trading staff. On the trading floor, where the traders are regarded as the most important component of the business, it is vital that where issues are identified by the control functions, they are given the support of the firm's senior management to raise these issues with the trading staff and follow them up to a satisfactory conclusion.

Whilst the FSA's comments set out in MarketWatch 25 are helpful, this is not an issue where further regulatory detail is necessarily going to help. It is in the interests of the financial services industry to ensure that appropriate controls are in place. Arguably, the focus of the regulator should be upon ensuring that senior management of authorised firms are taking seriously their responsibilities to maintain an effective control environment: in both bad times and good. That way, we may avoid the SocGen type of scandal in the UK in the future.

1 The Top Rogue Traders, Financial Times 24^th January 2008

2 See J.W. Markham, Guarding the Kraal – On the Trail of the Rogue Trader, 21 Journal of Corporation Law 131, 136(1995).

3 For further details of these scandals, see Rogue Traders, 31^st March 2008, WilmerHale Publications, Briefing Services.

4 According to a report in The Times on 3^rd April 2008, JK is now suing SocGen for wrongful dismissal on the ground that SocGen has failed to prove he did anything wrong.