Despite a series of insider trading cases, including the recent UBS scandal which caused the venerable Swiss bank to lose billions of dollars at the hands of a deviant trader, a new survey shows that banks are still not focused enough on their own risk management practices. A number of banks could be the next one to falter under the sword of a rogue trader.
Most CEOs still do not see insider fraud as an organizational priority, according to a new survey by the Ponemon Institute, which surveyed 700 corporations. Many do not have the right procedures in place or if they do, they are not following them properly.
According to the survey, 75 percent of respondents said privileged users within their own institutions had or were likely to turn off or alter application controls to change sensitive information - and then reset the controls to cover their tracks.
Worryingly, 81% percent said that individuals at their institutions either had used or were likely to use someone else's credentials to gain elevated rights or bypass separation of duty controls.
On average, respondents noted that their organizations experienced more than one incident of employee-related fraud per week - about 53 within a year.
Twenty-four percent of respondents indicated that their organizations experienced more than 100 incidents in the past 12 months.
Even more alarmingly, research showed that once an incident has occurred, it takes organizations an average of 89 days to discover it, and an additional 96 days to uncover the root cause and determine the consequences to the organization.
"This data demonstrates that employee actions across an enterprise are not visible," said Larry Ponemon, chairman and founder of the Ponemon Institute. "While organizations may have policies in place that are meant to curtail insider fraud, what's on paper doesn't necessarily lead to compliance."
In light of the high profile nature of the UBS scandal, some banks are looking to catch investors' attention by publicizing the fact that that they have just upgraded their surveillance systems.
One of these is Renaissance Capital, an emerging markets investment bank, which just announced that it has selected and installed Redkite's trade surveillance solution, Redeye.
The Redeye hosted solution reportedly monitors, captures, analyzes and acts on the fast moving activities within its global equities trading operations.
While recent insider fraud scandals have certainly put the spotlight on surveillance systems, Mark Harris, group head of compliance, Renaissance Group, says it was increased market regulation around the world that made it a necessity for the bank to beef up its fraud prevention system.
"In light of the increasing market regulation taking place around the world, in particular in Russia, it was crucial that we found a next generation market surveillance solution," he says.
"Redkite's Redeye solution provides real flexibility thanks to its modular approach to alerts development within Redkite's hosted environment."
Let's hope a number of other banks follow suit and shore up their surveillance systems, or at least start following the procedures they have in place and take insider fraud more seriously. Particularly if they don't want to be the next Wall Street firm to hit the headlines for all the wrong reasons.