The Financial Services Authority (FSA) has reported that
many UK investment banks have reviewed their trading controls,
including IT systems, following the activities of arogue trader at French bank SocGen.
SocGen reported £3.6bn losses after trader Jerome Kerviel
engaged in unauthorised trading activity. Investigations carried
out
by the bank and French finance minister
Christine Lagarde later revealed that lax security of IT
systems played a role.
In an ad hoc report, Market Watch 25, the FSA said it has
engaged with UK banks to understand what they are doing as a result
of the SocGen incident and has outlined some
IT security advice.
"We recognise that, in view of the criminal investigation in
France, and of the ways in which the 'rogue trader' appears to have
disguised his activities, there is likely to be more to learn in
the future," said the report.
During informal conversations with about 50 UK investment banks
the FSA said that most had considered the risks to their own
businesses and already attempted to close gaps following their own
reviews.
The FSA has advised the banks to "consider whether IT security
and access controls are properly implemented to ensure that users
may only access those functions that their duties require".
It also said that banks should consider reviewing access rights
periodically to ensure there are no risks when people move from the
middle or back office to working in the front office or visa
versa.
Kerviel's knowledge of passwords and the back office gave him
knowledge of controls and access to unauthorised system.