Yumm
What a nice dose of sarcasm - thanks. :-)
How to be a rogue trader As a City headhunter I’m repeatedly asked to explain how lone traders find themselves flushing billions of dollars down the toilet. Rogue traders can pop up just about anywhere, and so I’ll share this curriculum for you to follow, which is not specific to any bank: this is just the way it works. Being …
Yep. I've worked from back-office IT, through Risk IT to front-office desk development and backup everything Dominic says - from other things of his I've read he seems to be on the money in the industry. I can also vouch for risk paying poorly - despite doing a fantastic job (appraisals, peer review etc) I got paid shitty money and bonuses because "what you're doing is not high profile and there's another team we desperately need to prevent leakage from". I moved from there to a front-office desk role with a 75% pay-rise.
I can also vouch for the technology stack. Excel/VBA, SQL, and I'd also add a bit of C# these days. Perception is everything. It may be a laudable aim to write excellent flexible code using paradigm XYZ or pattern ABC but traders don't give a fuck. As far as they're concerned you took too long. I'm afraid it is the whims of these sometimes attention deficit seeming individuals that will decide your pay, bonus, and future. If perfection or moral high-ground is what you seek then the front-office is not for you. If high remuneration (with a side-serve of verbal punchbag) is what you seek then it is.
I think it is no coincidence that a lot of rogues seem to have worked their way through the business. This gives them a perfect insight into trade flow, procedures, and system visibility. The fact that their user accounts on these systems never seem to have their privileges corrected also helps.
flightily true, all that was missing was the low golf handicap.
But why go the route of rogue trader to fuck up a bank??? Just become a senior executive of a bank, gamble with the banks money, loose nearly all of it, get tens of thousands of people sacked to save money, leave hundreds of thousands of young people without a future because the economy is fucked and get a big pension for doing it. Take your pick of bank, barclays, HSBC, RBS, goldman sachs, bear stearns, etc. etc. etc.
During the Spanish civil war, the nationalists had 4 columns of troops attacking Madrid. Their leader broadcast that these troops were helped by a fifth column inside the besieged city. So it is with with IT systems. Every company regards the customers, or non-employees as "the enemy" so far as computer and financial security is concerned, but few take any heed of the underpaid, over-screwed (and not in a good way) people who daily, have access to all the revenue and orders that flow in or out of the company. Be it a financial trader, bank, plumber or local authority. Consequently, almost all security measures are outward-facing and few are designed to slow down the operator/programmer/sysadmin with the root password and the balls to use it.
Even fewer of the internal security measures are ever tested - for the simple reason that they'd almost all be found to be completely ineffectual against an internal attack from someone who knew what they were doing.
And when a discrepancy is discovered, the only place the investigators would look is at the audit trail, on the presumption that the trail, itself, is uncompromised: not a valid assumption against "root" and someone with a well thought out plan. [Although in fairness, there are lots of cases where computer staff have been caught, some even nicked. Generally these are the result of rushed or faulty frauds caused by unexpected opportunistic situations that didn't allow time to plan the crime properly. When doing Unix support I occasionally found myself being "parachuted" into a major credit card/finance company's machine room, logged into root and my "overseer" saying "... be back in half an hour"]
So why don't you hear about rogue sys-admins, who lose their companies millions, or billions? or end up spending their autumn years in the Carribean? Simple: Not because the dishonest ones aren't getting their (unfair) share, but because they've been able to shift the blame onto some "rogue" trader, somewhere.
From my time working on projects for the banks, lots of people are caught, but the thing is do you want the world to know that you expensively created system which trades billions per day can be compromised or are you going to give them a little shutting up money and tell them to feck off out with a good reference ???
I worked for a major private investment company and they had security absolutely all over the place. I remember propping open the door once because I had to go fetch something and had no keypass and within 30 seconds someone was over because their pager had warned them of the breach. They also had "tiger teams" whose job was penetration testing of apps. They had groups solely responsible for authentication and user sign on and security triggers plastered all over the place to detect fraud.
Everyone went through ethics training annually. Everyone was subjected to restrictions on the kinds of trades they could do with severe restrictions on traders (as opposed to programmers / managers). Everyone was required to declare and preferably move all their investments in house where they could be monitored. All gifts had to be declared and there were strict limits on the value of gifts anybody could accept in one year. Failing to comply with any of this was a disciplinary offence, possibly leading to dismissal.
Not to say they were perfect (a dwarf tossing incident paid for a client and a large fine kicked off a lot of the crackdown on ethics) but they really seemed to take it damned seriously. As I said I didn't work on the trading floor but I reckon everyone in the company and every manager had it drummed into them of the dire consequences if they let the company down. It still wouldn't stop a rogue trader but I suspect in the place I was at that they'd be very proactive in trying to find them.
I'm guessing private ownership made the difference - personal loss vs. shareholder loss.
It also sounds like most of that "education" is based around a transfer of risk from the business to the individual for litigation reasons - "they knew what they were doing was wrong because we gave them XYZ training every year"
Read Kevin Mitnick's Defensive Thinking. There's a story in there of a guy who was working on a Swiss bank's systems. He persuaded the bank that he needed root access and immediately transferred millions into his own account. And don't forget that one of the biggest fraud's in banking history was perpetrated by a bank's IT dept forging the bank's customer's credit cards.
Fooled by Randomness: The Hidden Role of Chance in Life and in the Markets
"In Fooled by Randomness, Nassim Nicholas Taleb, a professional trader and mathematics professor, examines what randomness means in business and in life and why human beings are so prone to mistake dumb luck for consummate skill. "
A serious eye opener into how these things happen, why they happen and will always happen.
This all presupposes you can get in in the first place. Several overstuffed mailboxes full increasingly desperate attempts to get recruiters even just to answer email or phone calls tell me otherwise. And of course all these places only use recruiters. That alone is reason enough why they get stuck with mediocre personnel. All of them overpaid because none know any better. I guess it's a living... off other people's money.
Brilliant article - (the story was not too bad either) ad should be incorporated in expanded form into BBC's present running of Grossman's Life and Fate.
But! I think prospective rogue traders also need advice about how to make their bonuses increase and how to salt those bonuses away from boss, company security, tax man and police (both pre- and post-crime)/
.... I have no desire personally to get onto the desk, but you are absolutely bang on the money with this article. The only thing I would say has moved on is that we've gone from shonky VBA "applications" to shonky .Net "Applications" - all deployed on a random server without BCP with a nice ASP page based on a stolen style sheet hiding a rat's nest of bad code, the source isn't checked in anywhere etc etc.... These little apps get absorbed into the formal business processes until one day the bloke who wrote it leaves, or the server crashes - cue pandemonium.
The scene:
Terminator style opening shots of post apocalyptic mayhem and carnage....
... was it war?
... was it alien(s) invasion?
... did superman decide to take his cape home?
... no, merely the results of economic carnage impacting on western lifestyles.
ps: no need to worry about traders going overseas (China, Russia, Korea and India will probably fill the vacuum easily?)
"As a City headhunter I’m repeatedly asked to explain how lone traders find themselves flushing billions of dollars down the toilet."
We don't care none for your sort round these parts pardner.
/spits gob full of tobacco juice on the floor
(damn good read, however it's still nectie party time)
my god..
This article is bang on the money.. (Well not sure about the rogue dodgy practices, but the general stuff about working in IT for traders it's like the author has been stood over my shoulder the last few years)
Particularly the stuff about skills etc. VBA / SQL etc.. and the visible fixes.. The fact that getting the solution made as quickly as possible ignoring the fact that it'll obviously be buggy and shit.. The fact you get more credit for continually fixing stuff that breaks compared to making something that works.. The almost complete abscence of testing and any form of quality control..
I've worked as a general IT support monkey for traders in small hedge funds the last few years and I'm desperate to get out of it now.. No desire to go into trading, I know I don't have the appetite for risk, trouble is the last few years mean my IT skills can now be summed up as VBA expert but everything else mediocre / forgotten.. It's crap.. I realised the other day I'd forgotten how pointers worked and had to go look them up.
Anyone have any tips how to move out of cowboy coding VBA for traders and into something more interesting / rewarding??
Hang on -- I've been studying the media coverage of this very closely, and I deduced that there must be a rule that anybody who writes about it must have absolutely no idea of what a trading desk does or how it does it. I know the reg is cavalier towards journalistic norms, but such this article flouts the rule followed by all other newspapers and online sources so badly that surely trouble must be on its way.
"..and as the regulators invent new rules that they pretend will make the markets safer."
Amen. And that is Achilles Heel, for to know how the Game is rigged, allows Stealthy Android Progress in Virtual Machine Worlds creating Live Operational Virtual Environments with Future Play Controls 42 Command Energy in SMART Cloud Layers with NEUKlearer HyperRadioproActive IT Powers.
Novel constructive and disruptive Intellectual Property able to collapse empires built without proper dreams and perfect preparation and planning to prevent piss-poor performance and sub-prime reward, is a mighty powerful force.
"Traders are hostile to IT departments because they see them as black holes sucking money out of bonus pools and delivering little of any use any time soon. This is why front office want their own IT people."
Such a pity that they don't both recognise themselves as being, although nominally independent of each other, ideally interdependent upon each other for the delivery of excellence ..... which paints things with a suitably wide and ambiguous brush so as not to have anyone wasting time on specifics.
Of course, you may have to consider that the nature and mechanics of trading have fundamentally changed with insider dealing on zeroday trading of systemic vulnerabilities, a colossal underground black economy spinner, and if the front office can't beat them, would it be wise to enjoin with them.?!
They don't need your IP address.
They don't need your website to be plugged into your back office systems.
They got past your security screening (assuming you do it).
They're just waiting to get enough information together to make their move.
As long as people remain ignorant they won't have to wait long.
Mine's the one with a copy of "The Consultant" in the pocket. It's 30 years old.
"Some of the smartest IT guys on the planet work in investment banks, but looking at the systems they use for risk and compliance you’d think their software had been developed in a joint venture between Capita and Accenture."
Reading this while sitting opposite an Accenture 'transition team' did make me laugh, but at the same time I was a little bit sick in my mouth...
Spot on. I knew a bloke who wrote darn near perfect error free code. Of course, that meant it was viewed as easy to do and he wasn't going anywhere-- so he eventually left the company.
A further hint for rogues:
Good enough quick enough to meet schedules gets you further, even better if all the software is "self documenting" with just a few comments to jog your own memory when inevitable changes or fixes are needed. Never remove dead code. You'll remember it is zombie, but anyone else trying to figure it out will have no idea what the mystery code does and will fear to touch it. Don't update section comments either-- if anyone wonders why the comments don't match the code, it is because of "time pressure" when some change was made, or perhaps an oversight (be apologetic, since whoever is asking obviously has a least a semblance of a clue and is therefore useful and needs to be suborned).
If you want to get anywhere in a bank's IT department, is to write perfect code. If it just goes out there, on time, and works without issue, no-one notices it, and you get no credit.
If you do a piss poor job, and it goes horrifically wrong, losing the company money left right and centre, you get to be the guy seen fixing everything after the shit has hit the fan, and get hailed as a saviour!
Front office IT can be a great laugh at times. My favourite was when an architect asked a business area "So, you essentially want to replace a custom built distributed IT system, with all of the user control, and infrastructure already in place for thousands of users, with an Excel spreadsheet that someone in your team knocked up over a weekend?" He went off in a huff after getting the answer.