UBS’s CEO resigned yesterday following a failure of the banks management of risk resulting in a £1.5 billion loss. Trader, Kweku Adoboli, was able to combine his knowledge, as originally a back office worker and as a trader, at UBS to circumvent the banks internal controls. In effect the integrity of the banks systems and processes was compromised. It’s also arguable, depending on your interpretation, that a breach of confidentiality has occurred.
The incident highlights the argument about segregation of duties and the vulnerability of moving and /or promoting individuals from one area of a business to another. This vulnerability enables, in this case, the rogue trader, to accumulate sufficient knowledge to bypass process and system security which are core to a businesses system of risk management.
Many may view the UBS incident as a “one off” however modern human resource management and promoting internal talent is a common practice. I do wonder whether these vulnerabilities are commonly understood and whether they play a part in businesses management of risk. Does the process of transferring an employee from one function within a business to another include an analysis of the risks? Particularly, information security risk?
Do you have any thoughts on the issue outlined above? If so please do share them.