What a nice dose of sarcasm - thanks. :-)
How to be a rogue trader As a City headhunter I’m repeatedly asked to explain how lone traders find themselves flushing billions of dollars down the toilet. Rogue traders can pop up just about anywhere, and so I’ll share this curriculum for you to follow, which is not specific to any bank: this is just the way it works. Being a …
What a nice dose of sarcasm - thanks. :-)
i dunno about the sarcasm, the article sums up precisely the environments i've seen at every investment bank i've worked in over the past 11 years.
More dangerous than a plutonium breeders coz the IAEA won't come take a look-see.
But in the end, one can just socialize the cost. Hey John, kickstart that printing press, willya? Someone needs a bailout.
Yep. I've worked from back-office IT, through Risk IT to front-office desk development and backup everything Dominic says - from other things of his I've read he seems to be on the money in the industry. I can also vouch for risk paying poorly - despite doing a fantastic job (appraisals, peer review etc) I got paid shitty money and bonuses because "what you're doing is not high profile and there's another team we desperately need to prevent leakage from". I moved from there to a front-office desk role with a 75% pay-rise.
I can also vouch for the technology stack. Excel/VBA, SQL, and I'd also add a bit of C# these days. Perception is everything. It may be a laudable aim to write excellent flexible code using paradigm XYZ or pattern ABC but traders don't give a fuck. As far as they're concerned you took too long. I'm afraid it is the whims of these sometimes attention deficit seeming individuals that will decide your pay, bonus, and future. If perfection or moral high-ground is what you seek then the front-office is not for you. If high remuneration (with a side-serve of verbal punchbag) is what you seek then it is.
I think it is no coincidence that a lot of rogues seem to have worked their way through the business. This gives them a perfect insight into trade flow, procedures, and system visibility. The fact that their user accounts on these systems never seem to have their privileges corrected also helps.
One of the better articles Ive ever read here. Or somewhere else.
Funny. Witty. The writer knows what he is talking about.
I especially liked this quote
"I emphasise this because El Reg readers are mostly well-intentioned IT people who seem to genuinely believe that building a reliable system and making code elegant and bug-free is somehow useful."
flightily true, all that was missing was the low golf handicap.
But why go the route of rogue trader to fuck up a bank??? Just become a senior executive of a bank, gamble with the banks money, loose nearly all of it, get tens of thousands of people sacked to save money, leave hundreds of thousands of young people without a future because the economy is fucked and get a big pension for doing it. Take your pick of bank, barclays, HSBC, RBS, goldman sachs, bear stearns, etc. etc. etc.
You could argue that the executives are the successful rogues of which he speaks.
During the Spanish civil war, the nationalists had 4 columns of troops attacking Madrid. Their leader broadcast that these troops were helped by a fifth column inside the besieged city. So it is with with IT systems. Every company regards the customers, or non-employees as "the enemy" so far as computer and financial security is concerned, but few take any heed of the underpaid, over-screwed (and not in a good way) people who daily, have access to all the revenue and orders that flow in or out of the company. Be it a financial trader, bank, plumber or local authority. Consequently, almost all security measures are outward-facing and few are designed to slow down the operator/programmer/sysadmin with the root password and the balls to use it.
Even fewer of the internal security measures are ever tested - for the simple reason that they'd almost all be found to be completely ineffectual against an internal attack from someone who knew what they were doing.
And when a discrepancy is discovered, the only place the investigators would look is at the audit trail, on the presumption that the trail, itself, is uncompromised: not a valid assumption against "root" and someone with a well thought out plan. [Although in fairness, there are lots of cases where computer staff have been caught, some even nicked. Generally these are the result of rushed or faulty frauds caused by unexpected opportunistic situations that didn't allow time to plan the crime properly. When doing Unix support I occasionally found myself being "parachuted" into a major credit card/finance company's machine room, logged into root and my "overseer" saying "... be back in half an hour"]
So why don't you hear about rogue sys-admins, who lose their companies millions, or billions? or end up spending their autumn years in the Carribean? Simple: Not because the dishonest ones aren't getting their (unfair) share, but because they've been able to shift the blame onto some "rogue" trader, somewhere.
From my time working on projects for the banks, lots of people are caught, but the thing is do you want the world to know that you expensively created system which trades billions per day can be compromised or are you going to give them a little shutting up money and tell them to feck off out with a good reference ???
I worked for a major private investment company and they had security absolutely all over the place. I remember propping open the door once because I had to go fetch something and had no keypass and within 30 seconds someone was over because their pager had warned them of the breach. They also had "tiger teams" whose job was penetration testing of apps. They had groups solely responsible for authentication and user sign on and security triggers plastered all over the place to detect fraud.
Everyone went through ethics training annually. Everyone was subjected to restrictions on the kinds of trades they could do with severe restrictions on traders (as opposed to programmers / managers). Everyone was required to declare and preferably move all their investments in house where they could be monitored. All gifts had to be declared and there were strict limits on the value of gifts anybody could accept in one year. Failing to comply with any of this was a disciplinary offence, possibly leading to dismissal.
Not to say they were perfect (a dwarf tossing incident paid for a client and a large fine kicked off a lot of the crackdown on ethics) but they really seemed to take it damned seriously. As I said I didn't work on the trading floor but I reckon everyone in the company and every manager had it drummed into them of the dire consequences if they let the company down. It still wouldn't stop a rogue trader but I suspect in the place I was at that they'd be very proactive in trying to find them.
Read Kevin Mitnick's Defensive Thinking. There's a story in there of a guy who was working on a Swiss bank's systems. He persuaded the bank that he needed root access and immediately transferred millions into his own account. And don't forget that one of the biggest fraud's in banking history was perpetrated by a bank's IT dept forging the bank's customer's credit cards.
Where the hell did you work?? I've worked in front office investment banking IT my whole life and have never encountered a "Tiger Team", let alone anyone who was serious about door security.
It was all implemented in my place which was a privately owned US investment firm. As I said they really cracked down on ethics after getting fined for the dwarf tossing incident. Shouldn't be hard to figure out where it was from what I said.
I'm guessing private ownership made the difference - personal loss vs. shareholder loss.
It also sounds like most of that "education" is based around a transfer of risk from the business to the individual for litigation reasons - "they knew what they were doing was wrong because we gave them XYZ training every year"
(What I need to have text now?)
I think the only question the article didn't answer was 'how the fuck do these people sleep at nights'.
They probably sleep better than us honest shlebs, and on much better bedding
Here here. Best article I have read for along time - truly excellent !
Paris - 'cause its all beyond me...
One of the best written articles I've read on EL Reg for sometime.
Now get back to the UBS DC on the second floor!
Fascinating and scary as hell.
does this mean the end of capitalism?
Fooled by Randomness: The Hidden Role of Chance in Life and in the Markets
"In Fooled by Randomness, Nassim Nicholas Taleb, a professional trader and mathematics professor, examines what randomness means in business and in life and why human beings are so prone to mistake dumb luck for consummate skill. "
A serious eye opener into how these things happen, why they happen and will always happen.
This all presupposes you can get in in the first place. Several overstuffed mailboxes full increasingly desperate attempts to get recruiters even just to answer email or phone calls tell me otherwise. And of course all these places only use recruiters. That alone is reason enough why they get stuck with mediocre personnel. All of them overpaid because none know any better. I guess it's a living... off other people's money.
Brilliant article - (the story was not too bad either) ad should be incorporated in expanded form into BBC's present running of Grossman's Life and Fate.
But! I think prospective rogue traders also need advice about how to make their bonuses increase and how to salt those bonuses away from boss, company security, tax man and police (both pre- and post-crime)/
That sounds like a lot of people I have met in the financial industry. And very insightful in how it all works.
AC. well because.
Don't suppose there's much chance of a series in this vein?
Come on, there must be a heap of plots someone could use to write the traders version of BOFH..
that they are only rogue and accused of bad practice when they lose the bank money
And I expect he'll still get a huge annual bonus.
more in this vein please, esp. on different IT specialities.
I don't know much about banks and trading etc, but from my perspective it appears to be that all our issues regarding such things come from the fact that 99% of the people in these businesses are arseholes.
Good article though, hope there's more.
Maybe I should make this mandatory reading for the new business computing track in our curriculum
Possibly, but you may end up "inspiring" some students to actually follow the "advice" given n the article!
.... I have no desire personally to get onto the desk, but you are absolutely bang on the money with this article. The only thing I would say has moved on is that we've gone from shonky VBA "applications" to shonky .Net "Applications" - all deployed on a random server without BCP with a nice ASP page based on a stolen style sheet hiding a rat's nest of bad code, the source isn't checked in anywhere etc etc.... These little apps get absorbed into the formal business processes until one day the bloke who wrote it leaves, or the server crashes - cue pandemonium.
Excellent article and a some wise words on what's *really* valuable in the banking skillset.
... none of that would go undetected for very long nowadays. And the rate the city is soaking up FPGA and C++ talent at the moment, I wouldn't bank on the usefulness of knowing a smattering of VB for much longer either.
"several have written successful books on C++ and computational finance."
Please amuse us by naming them, those successful C++ book authors who were also traders at some point.
Very well written, funny and all too depressingly believable.
Terminator style opening shots of post apocalyptic mayhem and carnage....
... was it war?
... was it alien(s) invasion?
... did superman decide to take his cape home?
... no, merely the results of economic carnage impacting on western lifestyles.
ps: no need to worry about traders going overseas (China, Russia, Korea and India will probably fill the vacuum easily?)
I've not read anything that good on the Register for years. many years.
That got a genuine laugh from me. What a hideous notion!
Spot on :
"You’ve worked out for yourself that occasionally a rogue must luck out, so have I. Do you imagine they were automatically taken away in handcuffs? I don’t either."
"As a City headhunter I’m repeatedly asked to explain how lone traders find themselves flushing billions of dollars down the toilet."
We don't care none for your sort round these parts pardner.
/spits gob full of tobacco juice on the floor
(damn good read, however it's still nectie party time)
Learned more about the Philberts I work for in 5 mins of lauging, than I have bothered to care for in 10 years of working!
Why is Socialism evil except when of course its tax payer funded bailouts?
Close, but no comedy oversize cigar. You forgot to throw CapGemini and Baringa into the mix there.
This article is bang on the money.. (Well not sure about the rogue dodgy practices, but the general stuff about working in IT for traders it's like the author has been stood over my shoulder the last few years)
Particularly the stuff about skills etc. VBA / SQL etc.. and the visible fixes.. The fact that getting the solution made as quickly as possible ignoring the fact that it'll obviously be buggy and shit.. The fact you get more credit for continually fixing stuff that breaks compared to making something that works.. The almost complete abscence of testing and any form of quality control..
I've worked as a general IT support monkey for traders in small hedge funds the last few years and I'm desperate to get out of it now.. No desire to go into trading, I know I don't have the appetite for risk, trouble is the last few years mean my IT skills can now be summed up as VBA expert but everything else mediocre / forgotten.. It's crap.. I realised the other day I'd forgotten how pointers worked and had to go look them up.
Anyone have any tips how to move out of cowboy coding VBA for traders and into something more interesting / rewarding??