What Constitutes A $7B Control Failure?
The media yesterday (Wall Street Journal, Associated Press, Economist, etc.) were all over 31-year-old Jérôme Kerviel, the trader at France’s Société Générale who has apparently confessed to fraudulent trades resulting in an estimated loss of roughly $7.2 billion.
In further coverage, we hear that the bank has apologized to share holders, filed legal claims against Kerviel, and promised the public that the incident does not suggest any larger issues with the company’s risk management. The Wall Street Journal however, follows up with a story questioning the effectiveness of regulatory oversight that can let something like this transpire despite Société Générale’s claims that controls were adequately tested and did not fail.
There will certainly be much more to follow on this story. From initial coverage, it seems that the bank had enforced proper trade limits for this employee, and the control failure occurred when he was able to circumvent security systems and escalate his trading privileges. As organizations continue to focus on developing their enterprise risk management programs, this story reminds us that it requires an understanding of how the various types of risk (operational, market, credit, etc.) are often intertwined.