Who Watches the Automated Watch Watchers?

The French bank Société Générale SA admitted that a "rogue trader" who lost $7.2 billion in trades was able to by-pass five levels of controls for a year before finally slipping up and getting caught.

The trader, by the name of Jérÿme Kerviel, hid the trades by making fake orders to balance each of the genuine orders he placed. Although the bank says he operated alone, many are skeptical. It is known that he used to work in the bank's back office, and therefore had detailed knowledge of how trades were processed and monitored.

Apparently Kerviel spent time hacking the risk control system which enabled him to hide his trades. He was able to do so by using his colleagues' passwords, although how he got them has not been disclosed.

A determined person can probably circumvent any set of automated risk control system, and that the control system itself needs to be monitored for signs of tampering. The UK government financial regulators are now looking at UK banks for such a problem.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City