If responses to the Societe Generale (SocGen) scandal sound familiar, it's because they are. The usual remedies -- new guidelines for derivatives trading, tighter trading controls and higher fines -- have been trotted out after every debacle since Enron. Unfortunately, they will be no more successful this time than last, because they all mistake a managerial failure for a systemic one.
The truth is that current regulatory and risk management systems are designed to retrospectively identify at what point a thief stole your money, not to alert you when he is actually stealing it. Asking a group of investment bankers to investigate a fraud perpetrated against systems designed by investment bankers is unlikely to generate a new approach. Rather than saying "it won't happen here" (as the French did after Parmalat), or "it won't happen again" (after Enron, WorldCom, et al), we should be asking: Are there lessons to be learnt from other industries?
"The gambling known as business looks with austere disfavor upon the business known as gambling," wrote Ambrose Bierce in The Devil's Dictionary. Gambling is highly regulated, but does not rely on regulation to manage its internal risk; it takes that on itself.
With risk as its primary product, gambling works on the assumption that, given the chance, everyone wants to take money out of it -- customers and staff. It also assumes most robberies are inside jobs. Consequently, it concludes, the organization should be watching the people with working knowledge of the systems -- such as Jerome Kerviel and Nick Leeson, who were familiar with their back-office set-ups -- and not the systems themselves.
Casino surveillance cameras are trained on croupiers as well as punters. Watching the croupiers are the "pit bosses," who are also being watched. All are monitored for behavioral changes and unusual patterns, whether winning or losing. When a change is seen, managers investigate until they are satisfied with the explanation. Some large insurance companies are doing something similar, using "stress-detector" technology to screen claims. Only claimants whose voice patterns exhibit anomalies are investigated.
When Kerviel's behavioral anomalies were reported, he was apparently able to shrug them off with minimal explanation, as Leeson had at Barings. Management wasn't managing: Those in charge were either "player-managers" more concerned with their own performance, or so far up the chain as to be disconnected from the game.
Perhaps the most damning comment in the Barings affair was that of a very senior official who saw no reason for concern because Leeson's trading showed "nothing extraordinary." Actually, his results were so contrary to both his own previous results and that of his peers that he warranted immediate investigation. The senior manager had no idea his results were unusual -- he just saw them as good. The same was true of John Rusnak, the currency trader who lost ?354 million (US$689 million) at Allied Irish, of Kerviel, and no doubt many others.
According to the investigation by the governor of France's central bank, Christian Noyer, SocGen's controls were "not followed up appropriately." In other words, there were no "floor walkers" or "pit bosses." Even if the surveillance systems were effective, management's actions were not.