What a nice dose of sarcasm - thanks. :-)
How to be a rogue trader As a City headhunter I’m repeatedly asked to explain how lone traders find themselves flushing billions of dollars down the toilet. Rogue traders can pop up just about anywhere, and so I’ll share this curriculum for you to follow, which is not specific to any bank: this is just the way it works. Being …
Yep. I've worked from back-office IT, through Risk IT to front-office desk development and backup everything Dominic says - from other things of his I've read he seems to be on the money in the industry. I can also vouch for risk paying poorly - despite doing a fantastic job (appraisals, peer review etc) I got paid shitty money and bonuses because "what you're doing is not high profile and there's another team we desperately need to prevent leakage from". I moved from there to a front-office desk role with a 75% pay-rise.
I can also vouch for the technology stack. Excel/VBA, SQL, and I'd also add a bit of C# these days. Perception is everything. It may be a laudable aim to write excellent flexible code using paradigm XYZ or pattern ABC but traders don't give a fuck. As far as they're concerned you took too long. I'm afraid it is the whims of these sometimes attention deficit seeming individuals that will decide your pay, bonus, and future. If perfection or moral high-ground is what you seek then the front-office is not for you. If high remuneration (with a side-serve of verbal punchbag) is what you seek then it is.
I think it is no coincidence that a lot of rogues seem to have worked their way through the business. This gives them a perfect insight into trade flow, procedures, and system visibility. The fact that their user accounts on these systems never seem to have their privileges corrected also helps.
flightily true, all that was missing was the low golf handicap.
But why go the route of rogue trader to fuck up a bank??? Just become a senior executive of a bank, gamble with the banks money, loose nearly all of it, get tens of thousands of people sacked to save money, leave hundreds of thousands of young people without a future because the economy is fucked and get a big pension for doing it. Take your pick of bank, barclays, HSBC, RBS, goldman sachs, bear stearns, etc. etc. etc.
During the Spanish civil war, the nationalists had 4 columns of troops attacking Madrid. Their leader broadcast that these troops were helped by a fifth column inside the besieged city. So it is with with IT systems. Every company regards the customers, or non-employees as "the enemy" so far as computer and financial security is concerned, but few take any heed of the underpaid, over-screwed (and not in a good way) people who daily, have access to all the revenue and orders that flow in or out of the company. Be it a financial trader, bank, plumber or local authority. Consequently, almost all security measures are outward-facing and few are designed to slow down the operator/programmer/sysadmin with the root password and the balls to use it.
Even fewer of the internal security measures are ever tested - for the simple reason that they'd almost all be found to be completely ineffectual against an internal attack from someone who knew what they were doing.
And when a discrepancy is discovered, the only place the investigators would look is at the audit trail, on the presumption that the trail, itself, is uncompromised: not a valid assumption against "root" and someone with a well thought out plan. [Although in fairness, there are lots of cases where computer staff have been caught, some even nicked. Generally these are the result of rushed or faulty frauds caused by unexpected opportunistic situations that didn't allow time to plan the crime properly. When doing Unix support I occasionally found myself being "parachuted" into a major credit card/finance company's machine room, logged into root and my "overseer" saying "... be back in half an hour"]
So why don't you hear about rogue sys-admins, who lose their companies millions, or billions? or end up spending their autumn years in the Carribean? Simple: Not because the dishonest ones aren't getting their (unfair) share, but because they've been able to shift the blame onto some "rogue" trader, somewhere.
From my time working on projects for the banks, lots of people are caught, but the thing is do you want the world to know that you expensively created system which trades billions per day can be compromised or are you going to give them a little shutting up money and tell them to feck off out with a good reference ???
I worked for a major private investment company and they had security absolutely all over the place. I remember propping open the door once because I had to go fetch something and had no keypass and within 30 seconds someone was over because their pager had warned them of the breach. They also had "tiger teams" whose job was penetration testing of apps. They had groups solely responsible for authentication and user sign on and security triggers plastered all over the place to detect fraud.
Everyone went through ethics training annually. Everyone was subjected to restrictions on the kinds of trades they could do with severe restrictions on traders (as opposed to programmers / managers). Everyone was required to declare and preferably move all their investments in house where they could be monitored. All gifts had to be declared and there were strict limits on the value of gifts anybody could accept in one year. Failing to comply with any of this was a disciplinary offence, possibly leading to dismissal.
Not to say they were perfect (a dwarf tossing incident paid for a client and a large fine kicked off a lot of the crackdown on ethics) but they really seemed to take it damned seriously. As I said I didn't work on the trading floor but I reckon everyone in the company and every manager had it drummed into them of the dire consequences if they let the company down. It still wouldn't stop a rogue trader but I suspect in the place I was at that they'd be very proactive in trying to find them.
I'm guessing private ownership made the difference - personal loss vs. shareholder loss.
It also sounds like most of that "education" is based around a transfer of risk from the business to the individual for litigation reasons - "they knew what they were doing was wrong because we gave them XYZ training every year"
Read Kevin Mitnick's Defensive Thinking. There's a story in there of a guy who was working on a Swiss bank's systems. He persuaded the bank that he needed root access and immediately transferred millions into his own account. And don't forget that one of the biggest fraud's in banking history was perpetrated by a bank's IT dept forging the bank's customer's credit cards.
Fooled by Randomness: The Hidden Role of Chance in Life and in the Markets
"In Fooled by Randomness, Nassim Nicholas Taleb, a professional trader and mathematics professor, examines what randomness means in business and in life and why human beings are so prone to mistake dumb luck for consummate skill. "
A serious eye opener into how these things happen, why they happen and will always happen.
This all presupposes you can get in in the first place. Several overstuffed mailboxes full increasingly desperate attempts to get recruiters even just to answer email or phone calls tell me otherwise. And of course all these places only use recruiters. That alone is reason enough why they get stuck with mediocre personnel. All of them overpaid because none know any better. I guess it's a living... off other people's money.
Brilliant article - (the story was not too bad either) ad should be incorporated in expanded form into BBC's present running of Grossman's Life and Fate.
But! I think prospective rogue traders also need advice about how to make their bonuses increase and how to salt those bonuses away from boss, company security, tax man and police (both pre- and post-crime)/
.... I have no desire personally to get onto the desk, but you are absolutely bang on the money with this article. The only thing I would say has moved on is that we've gone from shonky VBA "applications" to shonky .Net "Applications" - all deployed on a random server without BCP with a nice ASP page based on a stolen style sheet hiding a rat's nest of bad code, the source isn't checked in anywhere etc etc.... These little apps get absorbed into the formal business processes until one day the bloke who wrote it leaves, or the server crashes - cue pandemonium.
Terminator style opening shots of post apocalyptic mayhem and carnage....
... was it war?
... was it alien(s) invasion?
... did superman decide to take his cape home?
... no, merely the results of economic carnage impacting on western lifestyles.
ps: no need to worry about traders going overseas (China, Russia, Korea and India will probably fill the vacuum easily?)
"As a City headhunter I’m repeatedly asked to explain how lone traders find themselves flushing billions of dollars down the toilet."
We don't care none for your sort round these parts pardner.
/spits gob full of tobacco juice on the floor
(damn good read, however it's still nectie party time)
This article is bang on the money.. (Well not sure about the rogue dodgy practices, but the general stuff about working in IT for traders it's like the author has been stood over my shoulder the last few years)
Particularly the stuff about skills etc. VBA / SQL etc.. and the visible fixes.. The fact that getting the solution made as quickly as possible ignoring the fact that it'll obviously be buggy and shit.. The fact you get more credit for continually fixing stuff that breaks compared to making something that works.. The almost complete abscence of testing and any form of quality control..
I've worked as a general IT support monkey for traders in small hedge funds the last few years and I'm desperate to get out of it now.. No desire to go into trading, I know I don't have the appetite for risk, trouble is the last few years mean my IT skills can now be summed up as VBA expert but everything else mediocre / forgotten.. It's crap.. I realised the other day I'd forgotten how pointers worked and had to go look them up.
Anyone have any tips how to move out of cowboy coding VBA for traders and into something more interesting / rewarding??
Biting the hand that feeds IT © 1998–2020