The discovery of $650 million in newly minted bills at a compound in Iraq triggered an investigation that led to the imposition of a $100 million Fed fine for UBS. Chris Skinner says the case highlights the logisitical problems facing bank compliance efforts.
The US Federal Reserve Board fined UBS $100 million for financial misbehaviours this year, the second largest penalty the Reserve has ever issued. The fine was for currency trading violations when it was discovered that UBS had been exchanging US dollar bills with countries on America’s blacklist economies. That may sound innocent enough, except that the investigation was triggered when US forces found $650 million newly minted American notes in a small building in Baghdad during the overthrow of Saddam Hussein. This article reviews some of the questions raised by the fine, the wider issues of compliance and adherence to different national, international and global regulations, as well as some of the technologies that should be considered to avoid these issues occurring in the future.
They may not have found weapons of mass destruction in Iraq, but they have found a lot of other things. In particular, US forces found a lot of cash. American cash. Apparently, the US forces broke through a wall in a small building in Iraq in April 2003 and found a number of metal boxes, each containing crisp new American dollar bills. They must have thought it was their lucky day because, by the end of that day, they had discovered 164 of these boxes around Baghdad with a value to the tune of $650 million. It may have been a lot more than that, but that is how much was declared. Most of the cash bore sequential serial numbers and had apparently been held as currency reserves by the Central Bank of Iraq. But the question that bothered the Americans is how the money got there in the first place - especially when Iraq had been subject to trade sanctions for over a decade.
The US authorities began an immediate investigation and narrowed it down fairly rapidly to a few suspects. After all, there are not that many organisations that move dollars around the world and the ones that do are called banks. Although none of the major banks dealing with the distribution of freshly printed dollars overseas had sent any currency directly to Iraq, one bank – UBS – had been trading currencies with a number of countries that were under sanctions, namely the former Yugoslavia, Cuba, Libya and Iran. These countries had then traded the currency onwards. Apparently, it is not a crime for non-US banks to trade US currency with these countries, even thought they were under sanctions, and so UBS employees had been doing this since the mid-1990’s. And, just to be absolutely clear, UBS was not charged with any criminal matters as a result of the enquiries, but was given the hefty fine primarily to demonstrate the Federal Reserve’s displeasure at its activities.
UBS itself conducted an extensive internal audit of what had happened and attributed many of the issues to a small group of employees who either no longer worked for the bank or were asked to find alternative positions.
So, that is the end of that you might think, but let’s not be so hasty.
First, this appears to be yet another instance of poor regulation and audit. In fact, many US political advisors are saying the fine was not strong enough and that the Fed has not been doing its job up-to-scratch. There is now an ongoing debate about sudden audits and on-the-spot checks of banking back offices by Federal inspectors as a result, as well as a big sharpening of the Fed’s teeth in order to better manage the banking fraternity.
Second, this also appears to be yet another instance of operational risk caused by human interaction in the process.
By way of example, when Barings Bank went belly-up, the issues were caused by operational risk. In that context, it was Nick Leeson corrupting the system by being the same person running the back and the front office, in effect becoming both the salesman and the order processor. As a result, he could take sales orders, hand over his sales order to himself and process the order, pay himself the commission and tally the accounts in his favour, and do all of this without being traced...until it all backfired.
In this instance, UBS employees had just got into a way of doing business that no-one had bothered to consider might be out of kilter with the US authorities. No big deal – well actually a $100 million deal, as that was the size of the fine – and yet another issue of operational risk caused by the human hand.
The result of the above is that regulators are getting harder and harder on financial misdemeanours, whilst legislators are getting tougher and tougher on tightening the noose on the banking fraternity.
On the financial misdemeanours circuit, you only have to look at the amount of fines for the year meted out by the SEC and the FSA to get an idea of the scale of what we are talking about. The SEC fined US financial firms over $4.5 billion in the first six months of 2004 – that’s more than the whole of 2003 combined, and compares with a paltry $332 million in fines in 2001. The FSA’s total fines have doubled over the last year also, although these are distorted by the whopping £17 million fine – the largest ever – slapped on Royal Dutch Shell for false accounting.
Meantime, we see core legislation tightening between the risk reporting requirements of Basel II, the audit and accounting requirements of Sarbanes Oxley and the anti-money laundering and fraud requirements of the Patriot Act. The latter two may be US domestic policies but do not discount them too fast as these regulations are being followed fast by European and global equivalents. For example, Sarbanes Oxley is being shadowed by the Higgs Report and Companies Bill in the UK, the Nørby Committee in Denmark, the Aldama Report in Spain, the Cromme Code in Germany and so on.
Between this cocktail of operational risk and hammer-to-crack-a-nut legislative and regulatory punches, some banks are in danger of suffering a total knockout punch unless they do something drastic. But what is it they should do?
Well, I guess the answer is back-up, back-up, back-up and index. Banks must be able to show compliance and audit within every part of the process. Banks have to plaster over any cracks in the process to ensure there are no breaks, splits or spillages. Human trade-offs and subjective decision-making has to be recorded, audited and managed in a manner whereby any bank representative can stand-up, hand-on-heart, and be willing to declare that they are confident the bank’s operational procedures and processes were being adhered with. Any failure to do any of these things will no longer be tolerated, especially if you are caught in non-compliance.
Now, the danger of this is that many firms just do not have the technology infrastructure in place to be able to achieve straight-through compliance. For example, how do you capture all currency exchange movements between countries if employees do not record these movements electronically? Answer: no currency movements should take place unless they are recorded electronically and authorised. Sounds simple but it is not.
Let’s take another example. Of all the e-mails, instant messages, text messages, telephone calls and mobile calls made be the hundreds and thousands of employees of your bank each and every day, how many are backed-up and indexed on your systems? How many should be? If you were asked tomorrow to retrieve the call made by John Doe at 1.15 p.m. with the subsequent instant message discussion that took place at 1.28, could you retrieve it? How fast and how accurately?
That is really what all of this boils down to, namely the instant retrieval of any communication between your bank’s representatives and any other third party on demand. And that is the task challenging banks today in this world of heightened fear, over-regulation and proliferating communication channels. After all, if you are not managing your processes, auditing your communications, complying with local, national and international regulations throughout every step of your operations, do you really feel confident in your trading abilities? The answer is that you will do, only if you back-up, back-up, back-up and index. That is why JP Morgan Chase back-up and index over one terabyte of communications every day.
The corollary of this challenge is that if you are not managing all of these things at the micro-level, with back-up and indexing throughout every step of your operations, then you will get caught out. For example, SEC Rule 17a-4 and NASD 3110 states that broker/ dealers and exchange members "must preserve all electronic communications relating to the business of their firm in a non-rewritable, non-erasable format for three years, two (years) of which must be in an easily attainable place". An "easily attainable place" translates to you must be able to deliver any piece of electronic communications within 24 hours. That’s another reason why you just might want to start auditing everything, backing up everything, indexing everything and storing everything.
Between the tracking of currency movements, the potential for human error, the opportunity for operational risk, the fear of terrorism, the threat of regulation and the hand of legislation, the excuse that you just forgot to manage the process no longer cuts ice.Chris Skinner is a director of TowerGroup and founder of ShapingTomorrow.com.
Web links: www.towergroup.com
Author's email: Chris Skinner