Société Générale is to implement biometric access controls for dealing personnel after an internal investigation into the EUR5bn rogue trading scandal found major weaknesses in its supervision, security and control procedures.
The internal probe by a bank committee identified supervisory and system weaknesses that allegedly allowed junior trader Jérome Kerviel to circumvent risk management procedures to make a series of unauthorised bets on European futures.
Kerviel's deals eventually led the bank reporting EUR5 billion in losses last month. It is thought that Kerviel's trades exceeded SocGen's market value.
Kervial is reported to have faked a series of e-mail messages to cover his tracks. Since the trading scandal came to light rumours have also surfaced that Kervial used his colleagues' log-in details to place some of the unauthorised trades.
The bank's report states that following the disclosure of the fraud, "weaknesses were identified in the supervision and control system which required immediate corrective measures".
Priority areas were identified and implemented immediately, says the report, including the strengthening of IT security through the development of biometric authentication systems. The bank is also accelerating current plans for beefing up access security and conducting targeted security audits.
Reinforcing of controls and alert procedures and improving the structure and governance of the operational risk management system were also prioritised.
However the report does not blame the bank's management for the losses and states there is no evidence of any third party knowingly assisting Kervial to conceal his positions.
According to the internal report Kervial allegedly began building up unauthorised positions of small amounts in 2005 and 2006, but began taking larger positions from March 2007 onwards. But his position were not uncovered by the bank until January 2008.
The report says that risk control procedures were followed correctly at the bank, but managers did not go beyond routine checks and carry out more detailed probes which would have resulted in the fraud being revealed earlier.
A separate probe into the scandal by the French government found that the bank's security systems and internal controls were lacking.
The report by French Finance Minister Christine Lagarde found that inspections by the banking commission carried out in 2006-7 had led to recommendations that SocGen "strengthen the security of operations".
Lagarde told reporters that SocGen failed to apply appropriate controls over Kerviel and that SocGen missed a number of "alarms", most notably in November when derivatives exchange Eurex alerted the French bank about the positions in Kerviel's book.