Thinking about rogues By Fred Cederholm

Column for on/after January 27th, 2008

I’ve been thinking about rogues. Actually I’ve been thinking about auditors, defalcations/ frauds, Societe Generale, systems of internal control, and convenience. Most of the financial news stories of the prior week focused on the bloodbath that hit the world’s stock exchanges as the current Sub-Prime/ Alternative-A loan debacle continues to unwind. The US markets (closed on Monday for the observance of the Martin Luther King holiday) seemed to get a get a temporary pass from a week of otherwise global carnage. Was it the FED’s emergency rate cut of .75% and all the MEGA media hype surrounding proposals for some “major” $600 windfall for each US taxpayer (“maybe” materializing three to four months down the road) that spared only those exchanges in North America’s Eastern Standard Time Zone from the massive bloodletting? I don’t TH*NK so!

You see as a forensic investigative accountant and auditor, I am fascinated by the unfolding drama in Paris, France involving “the alleged” defalcations/ frauds by ONE single employee which caused losses of at least $7.1 BILLION to the second largest bank in France – Societe Generale. One might ask: why even care about the French story because the US markets obviously dodged the bullet last week? The answer rests in that I don’t see the Societe Generale event as some isolated incident! I fear it is but a harbinger of similar potential horror stories to come anywhere on the planet. Remember the maxim: “don’t be too smug because there but for the grace of God go I”

The forthcoming details of how a solitary 31 year old, lower-level investments’ trader at this huge financial institution could pull off such a devastating illegal pattern of activities for almost two years fly in the face of all logic. Somewhere along the line, one would presume that whistles, sirens and red flags would have been triggered and the rogue’s activities halted. Any comprehensive and working system of internal controls, checks and balances, and safeguards would have precluded this from continuing beyond a few weeks given the dollars (make that EUROs) involved. Such intervention apparently did not happen! Was anyone really minding the store? It doesn’t look like it.

Financial service entities are traditionally inundated with systems of internal accounting control and auditors. They are unique in that there are at least three separate and distinct audit/ auditor forces which should function in related, yet distinct, oversight capacities. First, there are the internal audit teams and management committees who monitor and override potentially damaging overzealous/ excessive individual actions/ activities. Secondly, there are the external regulatory examiners who periodically (at least once a year) show up to verify compliance with mandated statutory guides and limitations. Finally, there are the outside independent public accountants who test/ verify compliance with systems and controls as part of their annual audits. Did all three drop the ball here? Or, is this another case, like ENRON, where nobody was concerned until losses surfaced?

It would appear that the individual in question somehow managed to completely circumvent at least five distinct levels of controls and firewalls. How was this even possible? How would he be privy to the user IDs and individual passwords/ codes for multiple other individuals, at multiple workstations, in multiple departments and locations? Given the amounts and number of transactions, were there no supervisory approvals and co-authorizations simultaneously required? Or, verified?

It is just too convenient to saddle one rogue individual at one institution as some isolated incident in the unfolding drama of the worldwide breakdown of our financial system network. I’m just not buying it. Who will be next? For how big a hit? And… who will be ultimately tapped to “cover” the loss(es)? I’m Fred Cederholm and I’ve been thinking. You should be thinking, too.

Copyright 2008 Questions, Inc. All rights reserved.