The rogue to ruin

The shocking news that Société Générale lost an estimated e4.9bn (£3.75bn) from unauthorised derivatives transactions executed by junior trader Jérôme Kerviel in Paris has provoked a review of regulation to guard against the repetition of such an episode.

Three possible regulatory responses are: the introduction of regulation on industry structure; enactment of requirements for audit and certification of internal systems and controls; and enhancement of systems and controls supervisory policies.

Perhaps the only thing more surprising than the frequency of rogue trader cases with losses exceeding $100m (£50.35m) in the past 15 years is the repetition of many of the same systems and controls failings. Since Nick Leeson brought down Barings Bank in the early 1990s there have been numerous rogue trading scandals, including a Daiwa New York bond trader loss of more than $1bn (£503.52m) in 1995, a Sumitomo metals futures trader loss in excess of $1.8bn (£906.33m) in 1996, a NatWest options traders loss of more than £90.5m in 2000, an Allied Irish Bank Baltimore subsidiary currency trader loss of $690m (£347.43m) in 2002, a National Australia Bank currency option traders loss of more than £150m in 2004, and a Chinese State Reserve Bureau copper futures trader loss of hundreds of millions of dollars in 2005.

In many of these cases the same systems and controls failings appear, namely: a failure to have traders’ positions priced or valued with independent verification; a failure to monitor trade cancellations and corrections for fictitious transactions; and a failure to undertake timely reconciliation of cash and trading book positions.

One regulatory option is to require a structural separation of the legal entity which houses proprietary derivatives trading operations from other investment business and banking services. Such a separation would prevent proprietary trading failures damaging the interests of other investors and depositors.

The US Glass-Steagall Act, which erects a wall between commercial banking and investment banking, exemplifies this approach. However, the global nature of today’s capital markets, the sophistication of traded products and constant product innovation means that this type of structural separation is difficult to enforce and is more likely to lead to competitive anomalies than the protection of investors’ interests.

In Europe the regulatory structure is designed for multi-service conglomerates. In the UK there is a single regulatory authority for all firms and all investment products, which reflects a regulatory philosophy that would be unlikely to support the separation of different types of investment business. And although structural separation may limit the class of people that shoulder any losses, it does not directly address the reduction of the rogue trader risk itself.

A second response might be the introduction of Sarbanes-Oxley type audit and certification requirements where firms have to undertake detailed annual audit and certification exercises in relation to internal systems and controls. However, the Sarbanes-Oxley approach has not been well received in Europe as it is seen as creating a significant administrative burden without corresponding gains.

According to Francis Hounnongandji, president of the French Association of Certified Fraud Examiners, companies may adopt a box-ticking mentality with only “a cosmetic interest in complying with these regulations”. He adds that in practice “incoherent and sub-optimal control systems implemented by many companies have left loopholes that fraudsters [continue to] exploit”.

The cure is not more audit and certification laws, but a better understanding and application of systems by skilled personnel and better trading supervision.

Lastly, and most likely, the Financial Services Authority (FSA) may seek to further develop relevant supervisory policies. This regulatory response may involve a combination of systems, and will control best practice guidance with a strong emphasis on senior management responsibility – but without mandatory Sarbanes-Oxley -type audit and certification requirements.

Indeed, the day after the initial disclosures by Société Générale, FSA chief executive Hector Sants called for senior managers at London investment banks to review their internal derivatives trading systems and controls with talk of imminent FSA guidance on systems and controls requirements.

This approach may also require some change to current FSA enforcement policy, at least if two recent disciplinary decisions are anything to go by. In the Toronto-Dominion Bank (TDB) decision of 16 November 2007, TDB was fined £490,000 for systems and controls failings which allowed a senior fixed income trader to conceal losses of up to £3.5m for nearly three years by mismarking his positions and booking (and cancelling) fictitious trades. The losses came to TDB’s attention only when the trader disclosed them on his resignation from the bank. No action appears to have been taken against any individual member of senior management.

Similarly, in an FSA disciplinary decision against W Deb MVL in January 2007, a fine of £560,000 was imposed for serious systems and controls failures. Yet again, no sanction appears to have been imposed on any member of senior management. Fining firms for systems and controls failings without imposing sanctions on individuals may only serve to damage the interests of shareholders without creating any real incentive for management to qualitatively improve risk-management and trading supervision.

The appropriate regulatory approach to rogue trader risk nonetheless requires consideration of the fundamental rationale for financial services regulation. With the exception of certain commodity derivative businesses, firms which conduct proprietary derivatives trading must already maintain high levels of capital for regulatory, exchange and counterparty credit purposes, which provides a cushion against adverse financial events. There is a significant cost to maintaining such capital.

At the same time, additional investment in systems and controls to reduce rogue trader risk may significantly erode the profit margins necessary to generate sufficient return on capital to economically justify this type of business.

There needs to be a debate whether it is the proper function or objective of regulation to eliminate rogue trader risk or whether and to what extent a degree of risk can be tolerated. There is a balance to be struck between regulatory requirements to reduce rogue trader risk and the legitimate operation of competitive market forces which involve trading firms taking deliberate and calculated risk on a daily basis.

Regulators and market participants should first agree on levels of tolerable risk so that they will be better placed to agree practice standards for internal systems and controls for which senior management should then be held accountable.

Robert Falkner is head of the securities and financial services litigation group at Morgan Lewis & Bockius in London