System Reliability

GEDS's transaction systems also had serious deficiencies:

• Faulty security protocols allowed Kerviel to continue to access and change system records after he was promoted from the middle office to the front office.

• Chronic accuracy, reliability, and timeliness problems predisposed operations and risk personnel to expect system errors to be the cause of processing exceptions, not suspicious activity.

• Daily reports of cash movements from margins and broker commissions were aggregated across portfolios, hindering identification of the unusual levels of activity created by Kernel's unauthorized trades.

Risk-Sensitive Culture

The investigations also identified cultural deficiencies, specifically citing that DLP's trading oversight and control personnel were not trained or instructed to be alert for fraud and were slow and lax in responding to and resolving queries.

Action Plan

PwC reviewed and endorsed Societe Generale's two-part remedial action plan, consisting of a series of immediate fixes and longer-term structural changes. The key elements of this action plan were:

• Immediate strengthening of GEDS's front office supervision across all equities, fixed income, derivatives, and commodities trading desks, by means of heightened awareness of responsibilities, introduction, and use of formal monitoring tools

• Immediate strengthening of GEDS's middle and back office controls by means of remedying controls found to be missing or ineffective

• Immediate strengthening of system access controls and information technology (IT) security

• Immediate strengthening of governance by specifying roles, responsibilities, and escalation protocols across all relevant positions

• A four-part transformation strategy to improve GEDS's control infrastructure, culture, and IT security, consisting of:

1. More control-sensitive operations processes

2. Creation of a cross-divisional operational surveillance program designed to identify and rectify anomalous situations and chronic conditions that could be symptomatic of or conducive to fraud

3. Long-term IT security improvement plan

4. Professional ethics and accountability education program for traders and their support staff

• Formation of two committees tasked with ensuring implementation of these four initiatives

< Prev   CONTENTS   Next >