1

User Password

Sign in to begin:

Sign in

afm241rocks ********

2

Societe Generale The Company

INTR

OD

UC

TIO

N

Founded in 1864

Core Businesses:› Corporate +

Investment Banking› Retail Banking› Global Investment

Services

Global Presence with over20 million customers worldwide

Over 130000 employees

3

Security Basics

Common Security Breaches:› Viruses› Spyware› Phishing/Spoofing› And over 1 million

malware Let’s Compare!

INTR

OD

UC

TIO

N

4

Starting Position: Risk Management Office “The Mine”, Back-office systems & security systems

Education: Masters of Finance, University of Lyon

Age : 31 years

1. Name: Jerome Kerviel

200

8 F

LASH

BA

CK

: R

OG

UE T

RA

DER

Ending Position: Lower-level trader, Delta One- Trade

index futures as a way to hedge company risk and make

small profits Co-workers’ impressions: “quiet and unassuming trader”,

“unimpressive education background”, “motive to impress his seniors”

5

3. What Kerviel Actually Did: Bypassed all internal controls and made high risk unauthorized trades for a total of $87 billion in trades.He bypassed controls by creating fictitious trades in “trading book” to offset his trades.

2. Job Role: Purchase European stock index futures

And sell others as a hedge.

Job Goal: Create small, low-risk profit stream based on

Large volume.

200

8 F

LASH

BA

CK

: R

OG

UE T

RA

DER

6

5. Used other employees passwords.

Took minimal vacation days.

Supervisors ignored over 75 trade errors.

4. HOW DID HE BYPASS CONTROLS:

Learnt internal controls in starting position in back-

office

> Exactly knew the internal checking schedule and

removed all false transaction in books minutes before

check.

200

8 F

LASH

BA

CK

: R

OG

UE T

RA

DER

7

“A cocktail of IT failures”

System Vulnerabilities

IT controls including:› General Controls› Application Controls

Security Policies

KEY C

ON

CE

PTS

8

System Weaknesses

Management | Organization | Technology› Unauthorized Access› Internal Control Breach› Managers’ failure to identify key errors

CO

NTR

OL

FAIL

UR

E

9

Responsibility for losses

Kerviel’s ethical misconduct

Failure of internal controls

Management and Supervisors

IT Audit Controls

“TH

E B

LAM

E G

AM

E”

10

Fraud Prevention Techniques

Randomize internal checks

Track changes in trading books

Effective Supervision and Reviews

Mandatory Vacation Days

PR

OA

CTIV

E

PR

EV

EN

TIO

N

11

Access Controls:› Biometric Sensors› Token fob-keyP

RO

AC

TIV

E

PR

EV

EN

TIO

N

Fraud Prevention Techniques

Management Training:› Understand

importance of data security

› Actually follow Company policies

12

Fraud Reaction Techniques

Crucial to appropriately act upon fraud within company

Conduct strict management reviews

Conduct audit on internal controls and responsible management

REA

CTIV

E

PR

EV

EN

TIO

N

13

Redesigning Internal Controls

General Controls

Application Controls

Access Controls

Recurring Management

Training

MIS Audit Committee

CO

NTR

OLS

RED

ESIG

N

Supervision Rotation

Automate Trading log

HR policies for back-

office

Acceptable Use policy

Oversee MIS audits

14

Allen, P. (2008, January 28). Jerome Kerviel behind Societe Generale fraud. Retrieved July 4, 2011, from The Telegraph: http://www.telegraph.co.uk/finance/newsbysector/banksandfinance/4667707/Jerome-Kerviel-behind-Societe-Generale-fraud.html

Gauthier-Villars, D. (2010, October 6). Rogue French Trader Sentenced for 3 years. Retrieved July 4, 2011, from Wall Street Journal: http://online.wsj.com/article/SB10001424052748703726404575533392217262322.html

Hurst, A., & Leveque, T. (2008). "SocGen Discloses Details". Retrieved July 4, 2011, from Market Watch: http://www.marketwatch.com/story/societe-generale-traders-named-as-jerome-kerviel-report

Parase, N. (2008, January 25). French Bank Trader Says Rogue Trader Lost $7 Billion. The New York Times .

BIB

LIO

GR

APH

Y

15

APPLA

USE…

..

It’s good we found the guy

who lost 5 billion!

That’s him!

Need a little chip in the stock market? might need

180,000 years of life