Swiss investment bank, UBS, announced last month that it had lost billions of dollars due to alleged rogue dealings by a London-based trader. This has led some to ask what further security steps banks should be taking in their IT systems to avoid future rogue activity.
Banks should be looking at improving the quality and availability of data, particularly within the finance and risk operations. The spaghetti nature of aging architectures has led many banks to be reliant on manual workarounds in emergencies. This is despite the fact that most banks have implemented extensive controls to minimise risk in line with Basel II and Sarbanes-Oxley Act requirements. Risk is only increased further by new more complex markets, which carry the highest potential margins but are often initially traded using elements of Microsoft Access and Excel.
As manual elements and end user computing components always create opportunities for error and fraud, the key focus should be changing the disconnected nature of front to back systems. Upgrading systems to support the full range of business activity within a fully integrated infrastructure, thereby avoiding reliance on distributed, uncoordinated and independently governed data, is a precursor to control automation - thus reducing the possibility of rogue activity.
It is important that risk data acquisition and analysis is simplified through more automated and robust mechanisms. In particular, the information silos must be penetrated and ultimately eliminated. The importance of data quality must not be underestimated.
With regard to internal audit processes and procedures, for many, the processes are in place but the technology fails. Drilling down to precise, accurate detail across independent valuation of whole structures and whole businesses at the actual trade level is key for true audibility.
Transparent auditable access to the life of a transaction from the moment it is traded across all its elements, at a profit and loss level, through settlement and against an independent valuation is critical. It is achieving this transparency that should be the focus for those involved in banks' IT infrastructures following what happened at UBS.