×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UBS: Our Risk Systems Did Detect $2bn Rogue Trader

timothy posted more than 2 years ago | from the meant-to-do-that-says-pee-wee dept.

Businesses 151

A few weeks ago, UBS employee Kweku Adoboli (universally described as a "rogue trader") ran up a $2 billion loss for his employer; many readers wondered how it is the systems which allow trades to happen at all aren't better tuned to catch such massive cash flows without triggering alerts. Now, reader DMandPenfold submits a report from Computerworld UK in which the bank claims that such triggers were in place — they were simply not acted on. From the article: "UBS has insisted its IT systems did detect unusual and unauthorised trading activity, Interim chief executive Sergio Ermotti, who is running the company following Oswald Grubel's resignation last month, sent a memo to employees saying the bank is aware that its systems did detect the rogue activity. In the memo, Ermotti wrote: 'Our internal investigation indicates that risk and operational systems did detect unauthorised or unexplained activity but this was not sufficiently investigated nor was appropriate action taken to ensure existing controls were enforced.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

151 comments

What was the security protocol? (1)

Moheeheeko (1682914) | more than 2 years ago | (#37629114)

Hey......dont do that.

Re:What was the security protocol? (1)

blair1q (305137) | more than 2 years ago | (#37630094)

I thought it was rather odd that they had nothing in place to detect this. And odder that the CEO was okay with that.

So here's the next question: if UBS lost $2e9, to whom did they lose it? Have the counterparties been identified, and do those identities still exist?

Re:What was the security protocol? (1)

SydShamino (547793) | more than 2 years ago | (#37630252)

It's hard to say that the money was "lost to" anyone. They bought a security at a given price, so other people sold them at that price, yes. Later, the value of the security went down. Unless the people who sold them knew that the price was going to fall, those people did nothing wrong. (And if they did know and were acting on insider information, then that's a completely separated, basically unrelated crime.)

In the last year I've sold stock whose value subsequently went down, so as far as I know I took some of their money. Stock transactions are anonymous, and I don't know in what the rogue trader invested.

Re:What was the security protocol? (1)

FooAtWFU (699187) | more than 2 years ago | (#37630388)

If you could identify these counterparties, what standing would UBS have to ask for their money back?

I mean, I bought some stocks and the market crashed. Can I go to the prior owner and get my money back? Somehow I think not.

Re:What was the security protocol? (1)

perlchild (582235) | more than 2 years ago | (#37630844)

They detected him
They let him run 2 billion in bad trades
They didn't honeypot him
They didn't stop him at a lower amount...

This is supposed to be good how?

Re:What was the security protocol? (3, Interesting)

Anne Thwacks (531696) | more than 2 years ago | (#37631202)

The entire derivativves trading system is a giant Ponzi scheme - the value of fees charged by bankers for trading in derivatives based on on changes in the value of a security exceeds the value of the underlying security over a relatively short time. (it is MINUTES for gold!)

Someone then "looses" a great deal of money. In reality, the "missing" money has already been paid out in commissions to banks for trading - and "bonuses" for traders. (Anyone who understands differential equations can see that vastly more money is paid out to bankers than is actually invested in stocks and bonds, and the banks are sucking the life blood from the world's economic system).

You might ask "Why do people invest in such an obvious Ponzi scheme?" The answer is "Institutional investors do not care about the long term, and are quite happy to feed the system, so long as they get a percentage, and a "plausible deniability" get out clause when it goes wrong. (Why did people give all their money to someone who "Madoff" with it?

Why did the bank not stop him? Because prior to catastophic disaster, he seemed to be "on a roll", and was winning more than he was losing. Banks do not employ people who understand differential equations in a management role, and most bank directors have only a marginal grip on reality. They say "ooh, profit!" like Homer Simpson and doughnuts.

Re:What was the security protocol? (1)

Genda (560240) | more than 2 years ago | (#37631952)

"You need to understand that everyone is rogue trading these days, and a 2 billion dollar loss hardly even rings a bell around here anymore. I mean if we don't smoke half a trillion, I can't get anybody's attention but the janitor!" -- The Security Manager

Re:What was the security protocol? (1)

Hatta (162192) | more than 2 years ago | (#37631290)

If you're making money, no one cares about security protocols.

Why would they? (1)

Anonymous Coward | more than 2 years ago | (#37629116)

Tax payer funded bailouts are far more profitible the sound management or ethics.

According to the computer ... (1)

Smallpond (221300) | more than 2 years ago | (#37629150)

It can only be attributable to human error.

Re:According to the computer ... (0)

Anonymous Coward | more than 2 years ago | (#37629500)

The IT department was saying this. So in this case, they're saying it can only be attributed to inferior human error. Have you not talked with your IT department lately?

Re:According to the computer ... (2, Informative)

TheLink (130905) | more than 2 years ago | (#37630186)

The other explanation is they were hoping the trader would make money, in which case everyone would share the profits etc.

He lost money so he's a rogue trader.

Reminds me of the cops eating donuts (1)

Anonymous Coward | more than 2 years ago | (#37629188)

Sure we saw the murder, but we were busy chowing down!

Called it (1, Interesting)

CharlyFoxtrot (1607527) | more than 2 years ago | (#37629206)

From my comment on the original article [slashdot.org] :

"Let's face out out on the terrain no-one is holding these guys accountable. IT may set up the system, Risk Management may generate the reports and they'll be either modified to say what management wants to say or just plain ignored because like all gamblers these guys think they have a system which lets them keep on winning even as they are betting their house (or in this case our houses.)"

This "blame IT" crap has gone on long enough. It's time we stood up for ourselves instead of allowing ourselves to be used as a convenient scapegoat all the time.

Re:stood up for ourselves (1)

TaoPhoenix (980487) | more than 2 years ago | (#37629376)

How exactly do you do that?

Either you write a report that is just plain ignored or you get pegged as a HaxorTerrierist.

I swear, this is just that old childhood playground stuff all over again, where the jocks in the board room and Gov are blaming the geeks.

Re:stood up for ourselves (0)

Anonymous Coward | more than 2 years ago | (#37629576)

I like to put cover letters on my reports stating something to the effect of "please note the parts marked in red, as I am officially informing you that bad shit is happening. If you do not act on it, it is no longer my problem, it is your fault."

Usually the recipient ignores that, too, and I am under no illusions that it covers my ass at all.

But on the plus side, the places the recipient has read it and gotten pissy about it instead of acting on it, I've been able to plan my exit from those companies before they collapsed.

Re:stood up for ourselves (1)

HornWumpus (783565) | more than 2 years ago | (#37629756)

In my case I pulled out the bug report that showed the VAR reports total field was being overflowed when a customer ran it. Bug had been fixed 6 months prior to customer going into bankruptcy (then being made whole by the ratepayer.)

Of course they weren't trying to blame us. They were claiming it was because they couldn't do long term deals. Which is true, but it's true because they had previously engaged in incestuous, non-arms length, long term deals with their open market corporate cousin.

I shouldn't be discussing this, but my former employer is long gone.

Re:stood up for ourselves (2)

AK Marc (707885) | more than 2 years ago | (#37631988)

No, you go walk up to a reporter and say "Hi, I work for UBS and woudl like to get IT's story on the record." Then you paint a picture where IT is told to "detect" such things but never block them. Report them to the people who would then authorize blockage (but never do in a timely manner) and then the system, enforcing bad business processes, is blamed for a business process problem that lies with the upper management not wanting to enforce reasonable rules, knowing they can always blame it on some other department or such.

Unusual activity was discovered and reported to the appropriate management, who then elected to do nothing and then later blame it on the people who detected it and had explicit orders to never block it for not blocking it. The problem is that nobody ever goes on record to explicitly point to the non-IT business decisions as the actual cause of the issue, as the IT people don't understand people, just systems.

Re:Called it (1)

Anonymous Coward | more than 2 years ago | (#37629586)

Yep. It's been my observation when I previously worked in IT for a Fortune 500 company, that when these kinds of safeguards are ignored, it's because ignoring them has become SOP for the company management, who are more focused on increasing stock value and their own year-end bonuses than reigning in the reckless wheeling and dealing of the so-called "go-getters" within the company.

Re:Called it (2)

HornWumpus (783565) | more than 2 years ago | (#37629636)

'Blame IT' is a shallow description of what happened. The original discussion was all about: 'didn't they have risk management in place?' Not: blame the IT guy that wrote the VAR report.

Sounds like they are blaming their risk officer (who should be the CFO or at least report to the CFO).

Re:Called it (3, Insightful)

ackthpt (218170) | more than 2 years ago | (#37629936)

From my comment on the original article [slashdot.org] :

"Let's face out out on the terrain no-one is holding these guys accountable. IT may set up the system, Risk Management may generate the reports and they'll be either modified to say what management wants to say or just plain ignored because like all gamblers these guys think they have a system which lets them keep on winning even as they are betting their house (or in this case our houses.)"

This "blame IT" crap has gone on long enough. It's time we stood up for ourselves instead of allowing ourselves to be used as a convenient scapegoat all the time.

How often have you seen an IT representative in front of the cameras say, "Well, we see this behaviour, the lights are flashing, the klaxons are going like a cat with its tail in a wringer, but the people who collect 7 figure salaries haven't been taking an interest so far."

Should be criminal charges for management negligence -- and I don't mean just giving the the sack. Those protesters on Wall Street have a point, everyone gets hurt when the bank CEOs screw up, but those most responsible. Thanks to their stalwart defenders in the US Congress no stronger regulation get passed. If that's not sign that government is in the bank's pockets, I can't imagine what could be more clear.

Re:Called it (3, Informative)

Wansu (846) | more than 2 years ago | (#37630364)

  Those protesters on Wall Street have a point, everyone gets hurt when the bank CEOs screw up, but those most responsible.

Herman Cain says it's the protester's faults if they don't have job. After all, this is 2011 and what the bankers did was in 2008.

Re:Called it (1)

operagost (62405) | more than 2 years ago | (#37630526)

And Chewbacca is on Endor. That just doesn't make any sense.

Re:Called it (4, Insightful)

Doc Ruby (173196) | more than 2 years ago | (#37631938)

No, the logic of that post is perfectly clear. Someone says bank CEOs screwing up hurts everyone but those CEOs. Like people who have lost jobs, or can't get one, after bank CEO screwups destroyed the economy's growth, and the jobs with it. Herman Cain says it's the jobless person's own fault for not having a job - and even their own fault they're not rich. The contrast is that Cain says it isn't the bank CEO's fault people don't have jobs, it's their own fault.

But that's obvious. Except perhaps to a Republican, er "Libertarian", like you. Who spent the entire Bush era telling us Chewbacca was on Endor whenever people complained that deregulation was killing us.

Re:Called it (3, Informative)

Doc Ruby (173196) | more than 2 years ago | (#37631890)

Actually, what Cain said yesterday [nydailynews.com] was "Don't blame Wall Street, don't blame the big banks, if you don't have a job and you're not rich, blame yourself."

While it's arguable that not having a job is a person's own fault (a losing argument with the economy, but arguable), saying it's the fault of everyone not rich that they're not rich isn't just insane. It's the kind of institutional insanity that is driving the country into nothing but the madhouse, with a corporatocracy of Cains at the wheel.

Re:Called it (2)

AK Marc (707885) | more than 2 years ago | (#37632076)

There's a class war in the US. The "conservatives" (not actually conservative, but self-label as such, so I'll use the tag they put on themselves) firmly believe that in the Land of Opportunity, the inability to succeed indicates a personal flaw, proving the person is inferior and deserves poor treatment. That's simply insane. I can't argue with it any more than someone who insists the sky is red. It's provably not true, but only if they will open their eyes and look at the facts, and that just doesn't happen.

Re:Called it (1)

FishOuttaWater (1163787) | more than 2 years ago | (#37630392)

We need the right amount of regulation. Enough that the game is played equitably but not so much that it is unplayable. I cringe every time there is some scandal like this because I know the next Sarbanes-Oxley overreaction is coming soon so congress can look like it cares.

Anyone that would hire someone name Kweku Adoboli (-1)

Anonymous Coward | more than 2 years ago | (#37629240)

deserves what they get. That $2B is probably sitting in a bank account right now, just waiting for him to find the perfect person in the United States with a bank account to help him move it into the country, for a small fee.

A reminder why computers aren't perfect... (1)

MrCrassic (994046) | more than 2 years ago | (#37629282)

I guess it forgot to 'pick up' the job cuts and absolute chaos this would ensue while it was at it.

They didn't have adequate risk systems (2)

Chris Mattern (191822) | more than 2 years ago | (#37629314)

A risk system that nobody pays attention to is no different from not having a risk system at all, except that you're paying for it. As UBS found out.

Re:They didn't have adequate risk systems (2)

thepainguy (1436453) | more than 2 years ago | (#37629370)

Actually, it's worse because it lulls you into a false sense of security.

I wonder if this was a case of the boy who cried wolf/car alarm problem; a system that isn't calibrated well and that people learn to tune out due to all of the false alarms.

Re:They didn't have adequate risk systems (2)

mikael (484) | more than 2 years ago | (#37629698)

Nick Leeson worked in the IT department before he became a trader. He learned all the phrases traders used when a false-positive alarm was triggered; "Oh, I'm just clearing up a wrong transfer", "Just rolling through some accounts", "sorry, the other guy was logged in at my terminal", "Just tidying up an old account".

Then when he became a trader, he knew about the test accounts to store his losses, as well as how to smooth over the tripwire alarm system whenever IT called him up.

Why would IT call him? (1)

khasim (1285) | more than 2 years ago | (#37629856)

Then when he became a trader, he knew about the test accounts to store his losses, as well as how to smooth over the tripwire alarm system whenever IT called him up.

Well there's your problem.

Why would IT call him? Wouldn't the alarm go to someone managing the people who manage the trades?

Re:Why would IT call him? (1)

mikael (484) | more than 2 years ago | (#37629932)

First level contact was to ask the trader to recheck their transactions, then escalate to supervisors.

Well there's your problem. (3, Insightful)

khasim (1285) | more than 2 years ago | (#37630184)

Sorry for repeating a meme, but in this case it is extremely valid.

First level contact was to ask the trader to recheck their transactions, then escalate to supervisors.

IT should NEVER be involved at that level. The alerts should go to the manager (or the manager of managers) who SHOULD have more insight into the situation than IT.

Having IT in the loop means one more failure point (and an additional delay).

Re:Well there's your problem. (2)

Anne Thwacks (531696) | more than 2 years ago | (#37631358)

You are supposing they want to stop these traders. In reality, the "rogue traders" look very profitable prior to the crash - just like someone who is driving way to fast on the race track is out front till he crashes. There is no way they are going to stop their "star".

The entire system if fundamentally flawed. The banks are expecting to make more money than is in the system to make. Of course the world economy is still screwed. "Its the bankers, stupid!"

Re:Why would IT call him? (0)

Anonymous Coward | more than 2 years ago | (#37630570)

First level contact was to ask the trader to recheck their transactions, then escalate to supervisors.

It goes to security.

Re:They didn't have adequate risk systems (1)

thepainguy (1436453) | more than 2 years ago | (#37629866)

How about, after 10 or 100 or whatever over-rides, somebody does some poking around just to see if anything's up?

Re:They didn't have adequate risk systems (1)

aynoknman (1071612) | more than 2 years ago | (#37630046)

he knew about the test accounts to store his losses

Security by obscurity raises its ugly head again

Re:They didn't have adequate risk systems (3, Informative)

quarterbuck (1268694) | more than 2 years ago | (#37630144)

Nick Leeson did not work in IT according to his biography [nickleeson.com] or according to Wiki.
He used an error account, which he realized was unaudited, but that is something you pick up from being a trader or an auditor- not necessarily IT. These things are common in investment banks/brokerages which have a lot of accounts and client trades and errors need to be isolated in an account that does not belong to a client. ie. if a client asked to buy 100 pork belly contracts and you bought him lean hogs instead, you need a place to dump the pork bellies you bought. It does not mean a "test account" in the IT sense.

Operations (1)

alexander_686 (957440) | more than 2 years ago | (#37631374)

Prior to working on the trading desk they worked in operations. While Operations may be the kissing cousin of IT, it is not exactly the same. But in either case, (Leeson or Adoboli) knew what would trigger the compliance office (In those days “Risk Management” tended not a separate department).

In Lesson case, he was head of both trading and operations (which is a no-no - but it was Singapore – a small desk – why can’t one person do both jobs?). So on side he present it as a error account and on the other a client account (loss not to the firm.)

And as somebody who has worked in a similar posistion (Operations / Risk managment) - it's hard. Give me a simple and clear rules with a robust report, and I know it can be gamed. Traders tend to be optimizers. Be careful when you play magic or poker against them. They will test every last loophole and push every last inch.

Good risk management requires human judgment and subjectivity. Alas, the money and the fame goes to the traders who earn the money, not the referrers that keep people safe.

Re:They didn't have adequate risk systems (1)

TubeSteak (669689) | more than 2 years ago | (#37629392)

A risk system that nobody pays attention to is no different from not having a risk system at all, except that you're paying for it. As UBS found out.

Boy are people going to be surprised when they find out the government has all these regulations and very few employees to monitor compliance and initiate enforcement actions.

Re:They didn't have adequate risk systems (1)

HornWumpus (783565) | more than 2 years ago | (#37629830)

Not surprised. Why do you think they pass most of the useless regulation? So the useful regulation is not enforced, just like the limits on feeding cows cornflakes.

Also helps their donors, no better way to preempt competition then put in volumes of regulations and crooked regulators.

Re:They didn't have adequate risk systems (1)

Doc Ruby (173196) | more than 2 years ago | (#37632082)

The most important part is where the government stops collecting taxes, guaranteeing that even agencies with oversight orders and staffing budgets are underfunded and so understaffed. It helps even more to block the appointment of top managers in the agencies, so the whole office is crippled, overburdened, and unfocused without a leader.

Guess who is responsible for undertaxing and blocking agency appointments? Don't strain - it's the Republicans, and maybe enough fellow "Conservatives" in the Democratic Party to muddy the waters.

The solution is to tax businesses, like the financial business, enough to cover their costs to the public in protecting us from their bad work. Who's going to stop a 0.05% tax on financial transactions, as is now applied in the EU? The Republicans/Conservatives, of course.

Underfunded regulators. (1)

sjbe (173966) | more than 2 years ago | (#37631426)

Boy are people going to be surprised when they find out the government has all these regulations and very few employees to monitor compliance and initiate enforcement actions.

That will come as a surprise to precisely no one. The SEC has been purposely underfunded for decades. You think that is by accident? The financial firms and their, ahem, elected representatives want it that way so they can't cause too much trouble. Hard to monitor wrongdoing when you don't have enough manpower. Congress can effectively neuter any regulatory agency simply by cutting their budget. Doesn't matter what laws are actually on the books if they can't be enforced.

Re:Underfunded regulators. (1)

AK Marc (707885) | more than 2 years ago | (#37632272)

Don't forget, "independent" auditing firms, like Accenture and PWC, actively solicit bribes to certify compliance for those not compliant. The accounting firms approved Enron's activities long after the illegal stuff started. Auditing firms are leaches who lie for a living (because if they don't lie, the other firms will come in and get the big account and lie). Die PWC die.

Re:They didn't have adequate risk systems (0)

Anonymous Coward | more than 2 years ago | (#37629676)

A risk system that nobody pays attention to is no different from not having a risk system at all, except that you're paying for it. As UBS found out.

I bet they'll feel the difference when it is mentioned during testimony for the shareholder's lawsuit.

Re:They didn't have adequate risk systems (0)

Anonymous Coward | more than 2 years ago | (#37630002)

A system that does not work or produces wrong outcomes is WORSE than no system at all. Belief in the system makes people grow complacent.

Re:They didn't have adequate risk systems (0)

Anonymous Coward | more than 2 years ago | (#37630558)

if you don't see the difference between having warnings that you choose not to look at and not having them at all, obviously you're not cut out for the street.

You must test (3, Insightful)

TheSync (5291) | more than 2 years ago | (#37629418)

Whenever you have a monitoring or backup solution, it must be regularly tested to ensure a responsive psychology (as well as proper device operation).

They should have had 1 or 2 fake funny trades per month, and if the people who got the alert messages didn't respond, they should have been punished or fired.

Re:You must test (0)

Anonymous Coward | more than 2 years ago | (#37629614)

spot on. there's no difference between this approach and netflix's chaos monkey.

Re:You must test (1)

TheCarp (96830) | more than 2 years ago | (#37629834)

Whenever you have a monitoring or backup solution, it must be regularly tested to ensure a responsive psychology (as well as proper device operation).

They should have had 1 or 2 fake funny trades per month, and if the people who got the alert messages didn't respond, they should have been punished or fired.

Nah, you don't need to punish or fire them in the traditional sense.

All you need is to have some mandatory meetings that kick off to investigate, document, etc. Just make missing them a pain in the balls for the people who should have caught it, and they will make sure it doesn't happen again. Getting fired sucks.... facing repetitive ball busting hell is much worst and an excellent motivating factor.

But also.... thats not enough, and might not even be the right problem. You have to ask, why did they miss them?

Did they miss them because they were fucking off or just didn't care? Ok.... well thats one issue.

Did they miss them because the system catches so much shit, that the alarms are worthless? Thats a whole different issue.

I mean, technically, you could just alert on everything all the time.... send thousands of alerts a day. You will catch the problems... but... it wont matter because the people can't possibly keep up.

We had some issues with swap monitoring. Why? We started out a bit naive and just set thresholds. Lo and Behold, Linux systems will swap stuff out just to increase cache sometimes. We would have hosts with 80% swap usage that... were not swapping in or out and had 90% free memory. So, people were getting pages, alot, often. If we let that just go on...eventually.... no matter how vigilant you try to be... people will start to ignore it...then some day...its going to take a machine down.

Monitoring is great, and you are right but... you have to make sure you are addressing the actual cause rather than a symptom of a larger problem.

Isn't that part of the initial shakedown? (1)

khasim (1285) | more than 2 years ago | (#37629968)

You set up the monitoring system ... and you investigate the events it is reporting.

Then you tune it to get rid of the junk ... and you monitor it again ... and you investigate the events it is reporting.

Then you tune it blah blah blah blah blah.

Once you have it to the point where it isn't reporting junk you start testing it by setting up fake scenarios you want to catch. And investigate the events it is reporting (and the cycle continues).

Not to mention just going through ALL the events on a regular schedule to see if there are circumstances / situations / edge-cases that you did not anticipate.

Re:Isn't that part of the initial shakedown? (1)

HornWumpus (783565) | more than 2 years ago | (#37630512)

The problem is traders see what you did to 'get rid of all the junk' and hide their fun in with the junk. That is exactly what happened here.

The other part is that Traders should not see the risk management system directly. They will still be able to game it (with small test trades to see what gets noticed) but it will be more difficult. Gaming risk management should be fire able.

Re:Isn't that part of the initial shakedown? (2)

TheCarp (96830) | more than 2 years ago | (#37630520)

Exactly. However, not everyone understands that and a lot of people who don't get this.

Its also nearly impossible to get to this point if management doesn't understand the process that is needed and buys in to making everyone play ball.

I remember seeing presentations by a specific monitoring team of positions past. They presented how the decision was made to "just turn everything on". After several years they had hundreds of alerts a day... way too many to even think of turning on paging... and it was another 4 years before they got to the point that they had management buy in to take it seriously, turn on paging, and make people work with the monitoring group to tune down the alerts.

All the while management kept going on about what tools they were using, and looking at different ones etc.... all the time...it was a process issue and a lack of management buy in to work with the tool they had that really hamstrung the whole process.

Exactly.. And even worse. (2)

khasim (1285) | more than 2 years ago | (#37630994)

After several years they had hundreds of alerts a day... way too many to even think of turning on paging... and it was another 4 years before they got to the point that they had management buy in to take it seriously, turn on paging, and make people work with the monitoring group to tune down the alerts.

One place I worked had a problem with an average of 1 alert A WEEK. Because it almost always turned out to be some stupid non-issue ... eventually everyone started ignoring it. Even to the point of ignoring the follow-up emails about WHY the alert was happening.

This supports my belief that security is easy.
But no matter how easy it is, NOT doing it will always be easier.
And somewhere in the chain will be an individual who is lazy enough to break the security.

Re:You must test (1)

perlchild (582235) | more than 2 years ago | (#37631090)

This is worse, as a "rogue" trader is, at least to this speaker of english as a second language, someone who deliberately did wrong.

He was not "making mistakes" he was trying to game the system.

As I posted earlier in this thread, at the very least, he should have been sandboxed/honeypotted, with someone replaying any transactions he made that had value(so he'd NOT know he was being audited for being a crook and facing jail time).

Re:You must test (1)

Doc Ruby (173196) | more than 2 years ago | (#37632130)

Nothing pains the balls as much as being fined your share of the rulebreaking losses. Which should exceed the annual pay.

Unless it's being fined and fired, which implants the pain instrument in the balls. Better yet, fined, fired, and convicted of a crime. That'll put "balls pain" right at the top of your resume.

Re:You must test (2)

tlhIngan (30335) | more than 2 years ago | (#37632222)

You missed other reasons.

Perhaps said trader got annoyed at all the alerts and simply told them "I'm a hot shit super trader. if there's any odd trades coming from me, it's because I know stuff you idiots don't so screw you and let me do my trades!" This is espeiclaly true if the trader has a reputation of oddball trades but makes tons of money back.

The other possibility is said trader simply causes alarms constantly but they're small ones and they up the threshold for his alarm. Eventually the threshold is pushed extremely high and while being detected, won't be acted upon as that sort of trade usually happens.

Either way, hiding a bunch of trades becomes easy. The system has to adapt to different trading patterns constantly so there's no real way to not hae false positive alerts, and prima donna traders who think they're above it al and think the alerts are just a nuisance as the trades they do will constantly trigger it.

Many reasons why this was not detected. (0)

Anonymous Coward | more than 2 years ago | (#37629502)

I used to work on a NASDAQ trading floor, and once in a while (especially when trading bonds) someone would put the amount of shares in wrong into the Profit & Loss monitoring system. If it was us, we would get a 'friendly' visit from floor manager as to why we were 2 billion dollars in the red. We would just calmly explain that the mark on the bonds was entered wrong and give him a more accurate estimate of our position, and it was good enough. Unless you are bleeding money day in and out for a month, you could usually get by with a simple conversation.

Its a sham security system ... (0)

Anonymous Coward | more than 2 years ago | (#37629564)

The point of those systems isn't to actually stop anything ... it's to give the impression that the company has some sort of safeguards and place the blame of something going wrong on some unfortunate employee. I'm sure there was some sort of alert. I'm also sure there's 30 alerts a day and the guy who's eventually going to be blamed for this had absolutely no possible chance of actually stopping Adoboli, but he's going to be blamed for this anyway and prevent any lawsuits from ever actually punishing the company for negligence.

Re:Its a sham security system ... (1)

perlchild (582235) | more than 2 years ago | (#37631148)

Your monitoring system doesn't stop your web site from going down either... It's to give you a whack in the head at 3am so you're fired up to do something about it...

Same here, management didn't do anything, IT didn't do anything, risk management was either hamstrung incompetent or complacent or a mixture of all three...

I can't say I'm surprised. (1)

idontgno (624372) | more than 2 years ago | (#37629568)

I've actually had leadership-types ask me, straight-faced and very upset, "Why did you let me ignore those warnings you've been sending me?"

There is, of course, no answer. (Well, there are answers, but they're pretty dickish: "I tried mind control, but apparently you have no mind." Or "I'm not your mommy, Major." And by "dickish", I mean "likely to get my uniformed ass into correctional custody." To quote Coulton, "Code Monkey not say it out loud; Code Monkey not crazy, just proud")

Re:I can't say I'm surprised. (0)

Anonymous Coward | more than 2 years ago | (#37629672)

I've found, "I'm not your boss, but if you're offering..." works rather well without coming off as insubordinate.

Re:I can't say I'm surprised. (1)

mbkennel (97636) | more than 2 years ago | (#37631264)

"Why did you let me ignore those warnings you've been sending me?"

"for the same reason that you did let me let you ignore those warning's i've been sending you."

The corporate "Check Engine" light is on again! (1)

Megaweapon (25185) | more than 2 years ago | (#37629648)

Exec: "Eh, it's still running, probably just a glitch or something."

The question is... (1)

Oswald McWeany (2428506) | more than 2 years ago | (#37629662)

The question is- why had IT not got a monitoring device that checked to see if people received warnings acted on the warnings.

It seems to me if you send a report out- there needs to be a report that reports on whether or not anyone read the report. If management had such a tool- they would have known they received a report and didn't act on it.

Re:The question is... (0)

Anonymous Coward | more than 2 years ago | (#37629880)

But they would need another system to check if the report about the report had been acted on!

...that's worse. (0)

Anonymous Coward | more than 2 years ago | (#37629722)

So you knew about it and didn't act on it? You deserve every cent you lost.

Rogue trader my ass (1)

Vaphell (1489021) | more than 2 years ago | (#37629816)

It's all CYA tactics.
if the loss alone was 2billion imagine how much money was on the table. I don't see how a trader could have access to such obscene amounts of resources without any authorization and oversight.
I am sure that the management knew about everything and was very happy because the bets on rising swiss franc were extremely profitable and pretty much printed money. They had to be smiling at the thought of fat christmas bonuses coming their way. Everything was peachy... until the swiss central bank intervened and announced pegging to euro at fixed 1.2 : 1 rate (6th of September). Nobody saw that (and the subsequent instant 8% drop) coming so bets placed to earn on rather minute upward movements blew up with full force when such a massive change occured.

Re:Rogue trader my ass (1)

Orga (1720130) | more than 2 years ago | (#37629982)

Very very true. You know they made a lot off of those trades, everyone was into it. If this guy likely had some authorization since this profitabel trade sprang up on short notice. If they had made billions you'd have never heard about it, but they lost it and needed a scapegoat. Enter "rogue trader".

Re:Rogue trader my ass (1)

Warskull (846730) | more than 2 years ago | (#37630130)

I am willing to bet a good deal of it goes on. Allow a trader to engage in activity you claim you don't participate in, if he gets caught then you play the rogue trader card. It just massively backfired this time.

Re:Rogue trader my ass (1)

quarterbuck (1268694) | more than 2 years ago | (#37630696)

The stories at the time of arrest indicate that it was Equity Index [nytimes.com] linked securities that the trader was gambling on, not Swiss Franc like it was widely assumed.
That was also the time when European indices, emerging market stocks and to a lesser extent US stocks crashed. But otherwise you are right - apparently Adoboli had done hidden trades starting as far back as 2008 and they were generally profitable. http://www.guardian.co.uk/business/2011/sep/17/kweku-adoboli-ubs-fraud-charges [guardian.co.uk]

Paraphrase (2)

Torodung (31985) | more than 2 years ago | (#37629898)

Paraphrase: "We had (have) severe operational problems. Kweku Adoboli is a scapegoat. We can't explicitly say that because of liability issues."

Awesome!! (0)

Anonymous Coward | more than 2 years ago | (#37629942)

I love it when these stories happen, for several reasons, no. 1 being - I don't mind banks loosing money, 2 - I think it is pretty cool that someone can "lose 2 billion dollars", as the flip side is someone might have made 2 billion dollars, 3 - it just sows again how bad the system as a whole is when several people control the wealth of nations.

Not a rogue trader (3, Interesting)

steamraven (2428480) | more than 2 years ago | (#37630054)

If they detected it, and didn't do anything about it, doesn't that mean they approved of it?

My comment from the previous article (1)

smooth wombat (796938) | more than 2 years ago | (#37630168)

This is what I said in the previous article about this situation when commenting about someone who said they couldn't monitor every trade:

Yes, they do. Every trade is supposed to be monitored. Even if it means a few bad trades get through, they can and are supposed to review the accounts, timing, etc that go in to every trade to determine legitimacy and adherence to trading rules.

It's one thing to say you can't check an instantaneous trade. It's quite another to say you can't look at multiple trades your traders make and not pick up on improprieties.

This comes down to willful ignorance. So long as the guy was doing well, it didn't matter if the both internal and external rules were being violated. It is only when trades go bad that, "Oh my! How could that have happened?" comes into play.

For a short time I worked at a brokerage firm and I can tell you, everything you do is watched.

So yes, UBS' systems did detect the trades (as I said they would). It was the people who failed.

It's the same thing where I work. When people turn off their PCs at night, rather than restart as they've been told, our CIO talks about getting Wake-on-Lan implemented. When she and our Security head couldn't remember two passwords to sign on to their laptops (SafeBoot first then domain sign-on) she had us change to autoboot.

In both instances she was advocating a technical solution to resolve an issue of human failure. Same with UBS. The technical side worked as planned. It was the human side that failed.

Risk Management != IT (1)

zerofoo (262795) | more than 2 years ago | (#37630286)

When I worked for a bank, we had human review of any large transaction that would move money out of the bank. Sure, IT was involved in that, but the process was 90% policy and human activity.

Dumping risk management practices on automated IT systems is just plain lazy and stupid.

It was a measly 2 billon dollars. (1)

140Mandak262Jamuna (970587) | more than 2 years ago | (#37630354)

Yeah, yeah, yeah. We detected the unusual activity. But it was a measly 2 billion dollars. Our high and mighty CEO is not going to break his golf game for such a trivial thing. Heck, forget the CEO. The underling to the assistant deputy sub vice president would not break his Angry Birds practice to take a look at it. If you want these things to be attended to quickly you need to raise their pay enough to motivate them.

it's all a scam (1)

recharged95 (782975) | more than 2 years ago | (#37630414)

" they were simply not acted on"

Likely cause UBS was trying to figure out how to make money for themselves from the transaction. So typical of these banks.

Why stop a transaction when you can also skim/make some cash on the side as well. That's the name of the game and why self-regulation failed in the financial industry the last 10yrs.

Unfortunately what applies here, someone once said, don't blame the player, blame the game.

Re:it's all a scam (1)

Doc Ruby (173196) | more than 2 years ago | (#37630654)

Blame the player, too. They don't have to play that blameworthy game. In fact, banks as big and influential as UBS are the best positioned to change the game. During the past few years since UBS helped crash the world's economies, UBS has been playing the same game as the other banks in keeping the same reckless risk game running, interfering with efforts to regulate the game. Instead it could have helped regulate the game in a way that let it do legitimate business without overwhelming competition from banks that do illegitimate business.

UBS is to blame for keeping the game going when it had its best chance in generations to change it.

Computers can't always do the job for you (1)

nine-times (778537) | more than 2 years ago | (#37630510)

I'm not sure who to blame here, but I've seen something like this several times in my career: Someone sets up a big elaborate system to detect security threats, monitor their systems, or enforce a workflow. Then the people in charge cheer how this system is going to solve all of their problems, and they cede all responsibility to the computer. They don't check whether the system is working the way it should. They don't pay attention to the alerts the system kicks out.

Having seen it so many times, I've learned a valuable lesson: there is no replacement for a smart and diligent person who is paying attention and exercising good judgment. I don't care how advanced your computer system is, it won't do your job for you.

They built a better idiot (1)

sirwired (27582) | more than 2 years ago | (#37630586)

And again, a basic software axiom has again been proved true:

"When you build a piece of software to be idiot-proof, your user base will find a way to build a better idiot."

They weren't brought down by anything as prosaic as a bug... they lost money because they completely ignored the output from a system specially designed to warn them of activity like this.

Same as It Ever Was (1)

Doc Ruby (173196) | more than 2 years ago | (#37630620)

UBS and the rest of its banking industry crippled the global economy by doing exactly this: IT systems and business rules showed unsupportable risks were being executed by their traders, but the execs did nothing to stop or slow it.

Something like 2-10 $TRILLION in losses later, after years of the worst recession possible since the reforms installed after the Great Depression, UBS hasn't changed. There is no reason to believe any of these banks have changed, since they all act the same way to compete with each other: ignore risk, because they're too big to (be allowed to) fail.

UBS should forfeit every penny of the public money given it to bail it out. And face the stiffest penalties possible under the laws we now have. And cause new laws to be passed that actually prevent, not just promise to punish after the fact, this reckless risktaking - with frequent audits and financial requirements to continue operating. Once slamming UBS is up and running, that government office should go after the rest of the banks that are surely guilty too.

That's almost worse... (1)

Mysticalfruit (533341) | more than 2 years ago | (#37630944)

If you have a rogue trader who games the system, you can look at UBS and say "geez, I guess you'll be investing in a better risk management system!"

But if you have a good risk management system that throws alarms and nobody looks at them, or follows up on them, then it's all on their heads.

They only had to look over one of their borders into France to see what a rogue trader could do. This isn't a novel problem, rogue traders taking positions, then losing money and then taking crazier positions to get back what they lost isn't a new problem.

asymmetric risk management (1)

przemekklosowski (448666) | more than 2 years ago | (#37631122)

It's curious how we never hear about rogue traders caught _earning_ 2B$. The hedge traders are supposed to run balanced trades that do not have large downside risks, but consequently aren't supposed to earn fantastic profits---so a trader who suddenly earns a lot of money was likely to have violated his guidelines, and the risk management people in theory should police it just as vigorously. In practice, I can't remember anyone being fired for extra earnings, so I suspect that those controls are purposedly kept vague and/or easy to circumvent.

au contraire (0)

Anonymous Coward | more than 2 years ago | (#37631518)

UBS guy: So our systems -were- actually in place, but they weren't. If that makes any sense.

Reporter: That doesn't make sense, sir.

UBS guy: .... (runs off stage)

Agenda (1)

C_Kode (102755) | more than 2 years ago | (#37631568)

$2B in losses. There had to be an agenda there. Kill the company? Maybe. Funnel money to someone else is quite likely too. Friends? Terrorist? I think they should look more into where the losses went. Not just how they were lost.

of-course it's nonsense (0)

roman_mir (125474) | more than 2 years ago | (#37631586)

As I said [slashdot.org] of-course this is nonsense.

Earlier it was reported that $2 Billion was lost in some shady trading transactions by Kweku Adoboli, a UBS trader. This of-course ran all sorts of alarm bells, having worked in banking it's difficult to imagine that it would be possible for a single trader to be able to trade with so much money without anybody noticing. It's much more likely that there is higher management involved in this and the poor sap, who will be set up for this will receive a few years of jail time, just like Jerome Kerviel of Societe Generale, who supposedly singlehandedly lost 4.9 Billion Euro in unauthorized transactions. Well, Jerome is serving a 3 year sentence, and it's unclear what will happen to Kweku, but what is clear is that what is being reported is just not the reality.

A bank does not just allow a trader to lose billions of Euro or Dollars. The most likely scenario is a robbery, likely done with knowledge (or at initiative of) one or more of banks' managers. I believe we are coming to a point, where it will become more dangerous to hold one's money at a bank, we are at a point in time that has never been tested before in history of human civilization, where all of the countries are on fiat currencies that are being devalued all at the same time. Anybody with real bank deposits (gold and otherwise), may want to think what is the most likely scenario that is going to play out when the proverbial fecal matter hits the rotary impeller device. It's likely that people closest to the funds will simply dump them into a truck and skip town, that is my contention.

Another interesting point to mention: in the same comment from 15 September, 2011, it is noted that 4 national banks (US Fed, UK, Swiss and Japanese national banks), have announced that they will devalue their currencies further to buy all sorts of short term sovereign debt (mostly 3-month US bills), and as was mentioned, DOW went up on these inflationary news, while the monetary commodities (gold/silver) took a sharp dive. As was explained, the commodities were most likely depressed on that day based on selling related to margin calls and leveraged trading, so it was predicted that the prices of these monetary metals are now going to go up higher on these bullish news (bullish for real money), and now the results are clear: gold and silver are sharply up. Obviously the traders realize what is in the bag - more inflation.

All of this combined together with more "weaker than expected" news on employment (who are these so called 'economists', that can never expect what is so obvious?), is yet another indication and proof that the fiat money based economies, and especially vendor financed economies are moving closer to the edge of the proverbial cliff.

Watch out and watch those banks, if you have real deposits, don't leave them there thinking that they are going to be safe.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...