Trading and Internal Fraud

Employee fraud is potentially the most damaging security issue where compliance risk is concerned. Fraud strategists, analysts and investigators have known for a long time that it is a significant and growing threat. Those on the front line, across a range of financial institutions and roles, report that serious problems such as rogue trading and money laundering are still not under control.

Despite the FSA’s rules and regulations there are no detailed guidelines to implementing a correct solution, and organisations still appear not to be focusing on the issue sufficiently. This is especially apparent when it comes to communication between the various systems in place. An effective employee surveillance programme, together with an overall process of governance, must cover employee behaviour from a number of perspectives, as attempts to evade detection by one process will often show up as anomalies in another business area.

The current financial crisis has exacerbated the situation as, not only as it caused financial losses and job cuts but it has also fuelled an increase in employee fraud and misconduct. Last year saw a dramatic rise in serious employee fraud, with losses totalling around £567 million. The trouble is, the problem is pervasive, and increasingly complex. Fraudsters are becoming more creative and finding sophisticated ways of committing fraudulent activity.

Andrew Cumming’s case, a former client adviser at the London branch of UBS AG (UBS), is a very recent and relevant example. He found a way around various internal controls by inventing a brand new way of hiding exceptional losses on his trading activity. Paperwork signed by Cumming, who worked in UBS’ international wealth management business, helped to document false loans that were used to conceal losses arising from unauthorised trading. Following an FSA investigation, the organisation received an £8 million fine for systems and controls failings and Cumming was banned and fined for his role in the activities.

Incidents such as Cumming in the UK, the Kerviel affair in France and the Madoff affair in the USA have seriously undermined the confidence of customers and markets. After all, confidence is the cornerstone of our entire financial structure. Any deficiencies in data security lead to an immediate backlash from businesses and the public, which can prove even more devastating than any direct losses resulting from fraud.

These high profile cases of trading fraud and the associated financial losses by rogue traders have also highlighted the strategic vulnerability in financial institutions. While the potential for large losses is at the core of the problem with this type of activity, the real threat is to the institutions’ ability to establish a system of governance that extends to all aspects of its business strategy. A financial institution that enforces operational risk policies efficiently is one that tries to manage risk in order to achieve profitability. An institution that allows trading fraud to occur exposes itself to the pure luck involved in simple betting.

Monitoring risk

A common characteristic of employee fraud incidents, not just the Kerviel case but also the numerous smaller events that happen every year, is that these incidents are often identified by one of the -many siloed systems of control currently in place at the company. When a trader uses unauthorised system access to erase evidence of the high-risk position he/she has taken, evidence of that system activity is logged by the organisation. In addition, for many types of traders, it is possible to compare different aspects of their trading behaviour, physical and systems access patterns and risk profiles with other similar traders in order to refine further an analysis of trading that is not simply odd but likely to be part of a fraud scheme.

Many top tier organisations have invested millions of pounds in trading, risk management, control and compliance systems. However, these systems often do not share information in a meaningful way, nor do they focus on internal trader activities and profiling, thus exposing organisations to significant employee trading fraud risks that can result in financial loss and reputational damage.

Key indicators or signals will usually be triggered on various systems to alert compliance officers of any suspicious activity. An employee logging in on a different terminal from that which they usually use, operating outside trading hours, systematically trading above their threshold or excess cancel and collects and forward value trades will all create key indicators. The trouble is, these signals are triggered by separate parts of the organisation and, without a single-case management platform in place, are quite often not cross-referenced against each other.

To monitor and prevent fraud adequately, investigators need to be able to access and connect to a huge amount of data, and the right information, across an entire system, from HR and operations to compliance and trading activity. Communication between the systems is absolutely essential to detect any type of fraudulent activity.

Monitoring and investigative tools need to combine detection scenarios from multiple functional areas to present a unified, comprehensive view of trader information and activity. From this it would be possible to spot any abnormal fluctuations in trading, activities typically missed when looking at one silo or line of business. This breadth of monitoring mitigates the risk that fraudulent activity will go unnoticed.

The latest generation of technology digests information from all systems – a single platform and workflow tools automatically executing analytics and data monitoring to detect defined and unknown patterns across databases and systems – without the need to restructure a financial system. Key indicators can be entered into the platform, and if those indicators signify a suspicious sequence, then it is more than likely that a fraud is about to be, or has been, committed.

The right tools for the job

A solution that can automatically record and review all investigator activity, creating auditable records, combined with employee and transactional level monitoring, enables organisations to achieve compliance with FSA and other global regulations. Getting the right solution for such an important facet of compliance is essential, and a number of factors should be considered when making that decision.

Behavioural, peer and historic profiling should be included to simultaneously monitor multiple areas/layers of data to detect problematic patterns. This type of analysis enables a more thorough review of individual trader activity and makes proactive and early detection possible.

A powerful detection methodology is required to thoroughly examine trader activity and develop a risk score based upon warning and fraud predictor aggregation with multiple levels of alerts. Each ‘flagged’ event can then be scored and recorded internally. As additional events occur, the detection algorithm can evaluate the cumulative impact and develop an aggregated risk score. The resulting alerts can then be pulled from multiple systems into a single, consolidated interface for management review.

A good solution will also be able to detect suspicious trading patterns by developing and referencing sophisticated trader profiles which have been built upon dimensions including historical trading data, peer-group comparisons and policy-based rules. Best-practice analytics can then use these profiles to compare and identify suspicious behaviour.

The use of analytics is important not only because it is an effective way to identify employees engaged in some of the newer and more sophisticated frauds, but because it enables a reduction of false positives. One of the greatest challenges introduced by a system of employee surveillance is that, according to regulatory guidance in the UK and Europe, financial institutions are obliged to investigate any evidence of illegal activity by an employee of which the audit or security organisation is made aware. One of the core missions of a comprehensive governance process is, therefore, to generate evidence without exposing institutions to huge volumes of innocuous false alarms.

While scenarios and rules are an important part of an employee surveillance program, only a system that employs analytical models including profiling can resolve the false positive dilemma faced by internal fraud investigators. An analytical solution able to answer these questions enables investigators to spend more time investigating a smaller number of high-risk employees and resolving the operational, risk and fraud loss challenges inherent in the problem of false positives.

Connecting the dots

Employee fraud or internal controls are typically seen as something that should deliver an immediate ROI, stopping smaller, immediate, day-to-day internal losses. While these systems should catch the simple internal attacks, and will definitely improve investigation productivity, this should not be their sole focus. Senior executives need to be better able to estimate the risk of a major internal fraud event. While large, or ‘once in a career’ events are less likely, how would they affect the balance sheet and company reputation?

The industry needs to move to better, more ‘enterprise-wide’ monitoring tools, both for internal and external threats. A realistic approach is to exploit existing alert systems wherever they may reside – from group to enterprise level. Organisations need to integrate information from across the enterprise within an intuitive investigation and case management environment as well as analytics that ‘connect the dots’, calculating the operational risk that a particular trader or set of trades exposes to the organisation.

Correlating information from multiple silos, whether in risk management, operations, trading compliance or corporate/IT security, as well as putting in place several layers of analytics to spot specific anomalies characteristic of fraudulent activity, an organisation can take a practical approach to employee surveillance across the enterprise. This positions it well to spot employee fraud early on, and critical to the success of monitoring and controlling compliance risk.