December 11, 2012

As we digest the latest episode, this time Rochdale Securities, and before that UBS, it is worthwhile looking again at what investment banks can do to prevent and/or mitigate this threat. Specific risk mitigation activities are only one part of the solution, which is nothing less than a shift in company culture and objectives, and technology must play a vital role in that. First, firms need to continue to reshape their culture to reflect the change in business strategy in the post-Dodd Frank world. Management should serve notice to employees, senior and junior alike, that the days of rewarding unapproved risky trading activity are gone.

This includes, for example, deploying claw-backs on traders "swinging the bat" or making profits for trades in breach of agreed limits or outside the scope of their mandate. Additionally, incentive structures for traders whose job is to facilitate client trades rather than trade on the bank's own account, increasingly the norm in investment banks, should reflect their client relationship management objectives more clearly.

Such incentive structures should reflect effective risk management, and reward good citizenship, for example, traders identifying opportunities to improve the control environment or alerting management to risky behaviors on the floor, as well as delivering excellent client relationship management results.

Second, trading systems and controls should be re-designed to reflect this change in culture and objectives. Investment bank systems have traditionally put traders at their logical center, maximizing trading flexibility, and the ability to track trader profit and loss.

System design priorities in a Dodd-Frank world need to reflect the twin priorities of clients and risk management. Putting clients and risk at the center enables systems to organically track client limits and conflicts across the bank's business portfolio. Understanding better, client needs and profitability per client across the platform – M&A advisory, lending, underwriting, asset and wealth management, sales and trading - should also follow and this will help to grow the business as well as manage risk more effectively. Third, banks should review their fraud detection methods and procedures. It is clear from reports publicly available that rogue traders have been able to conceal their activities for several years at banks with, on the face of it at least, fairly well established operational risk functions and controls.

It would seem then that more aggressive or more precise methods are called for. Retail banks and insurance companies have typically established dedicated fraud units and anti-fraud software to fight insurance fraud, cyber crime and other types of fraud. Such methods are worth exploring in the investment banking world.

Harnessing technology is of course already a big part of anti-rogue trading programs in investment banks in the form of trade surveillance, automated trade reconciliation, cancel and correct monitoring and so on. Given the vast amount of data, however, in these different areas, it is not clear how effective such tools can be, on a one-off basis, in identifying suspicious activities. Algorithmic data mining could be very useful in helping banks to connect the dots.

Take for example, a trader with several personal trading policy violations. Perhaps, on their own, these might not be sufficient to warrant any special investigation, but were this same trader also to be identified as someone who had moved from operations to the front office, had not taken their mandatory leave and had also accumulated unusual levels of trading profit on a client facilitation desk, such a combination might easily make him a candidate for a deep dive investigation.

In the large and complex world of the modern investment bank, such triggers can probably only be pulled with investment in intelligent and algorithm based data mining. Fourth, continuously review the checks and balances that have been established to prevent and mitigate rogue trading behaviors. Many banks did just this in the wake of the recent UBS/Adoboli incident in 2011. The key checks include, inter-alia, mandatory vacation policy, system entitlements, segregation of duties, trade limit monitoring, independent valuation and profit and loss reviews, trade account set up and confirmation procedures.

Technology has a big part to play in making such reviews effective and efficient. Take one area, for example, that of system entitlements. Investment banks today deploy so many systems, and within these systems, so many different roles and responsibilities, that without specifically designed tools and automation, it is impossible to track whether an individual has the system entitlements he needs to do his/her job. In such an environment, without well designed exception tracking and reporting, it is easy to see how an individual could accumulate entitlements to systems that will help support a scheme with nefarious objectives.

In summary, the controls against rogue trading in an investment bank comprise a combination of cultural change and intelligent system re-engineering. It is likely impossible to stop rogue trading altogether but significantly reducing the duration of undetected periods of activity and the size of the consequent losses is a reasonable objective.

Executing the strategies discussed here to transform the culture and technology of investment banks will help support the achievement of that goal.

Andrew Waxman is an author and risk analyst who has worked for both consulting and investment banks during his career in the City of London and on Wall Street.