Last time: SocGen, this time: UBS

Lovely news today – a massive loss due to unauthorized trading at UBS:

I find this one more distressing than the last time this happened, at Societe General, for a couple of reasons:

1) Didn’t anyone learn anything from the last incident?
2) UBS? Seriously? I bank with these guys!

The solutions to prevent this sort of thing are both technical and business ones.

The technical solutions are good controls over access to sensitive systems, including segregation of duties policy enforcement, to ensure that it takes at least two people to do something stupid.

Of course, I’m biased – we make software that can help with the technical part of the fix.

The business part is more contentious, but perhaps more important. I think part of the problem with controls is the ridiculous volume of transactions that investment banks make, hoping to turn a profit on super-fast trades and arbitrage. I don’t think that stuff actually does the economy at large any good — it’s just a part of the casino mentality in the financial industry. One rule I’d impose, if I magically got the power to do so tomorrow, would be to force entities who purchase any kind of financial instrument to hold it for a while. Say for an hour. Or a day.

That doesn’t sound like a big deal to anyone who is a retail investor, but I bet it sends cold shivers down the spine of big institutional investors. What? I can’t buy some stock and sell it again 20 milliseconds later? You’re kidding?

Oh well. I can’t fix the business problems, so I’ll stick to making technology that helps enforce some basic controls: privileged access management, session recording, segregation of duties enforcement, access certification, approvals workflows, etc. You know, the easy stuff.

— Idan

Comments are closed.