The following statement has been issued as a conclusion to the "exceptional fraud" incident involving Jérôme Kerviel within Société Générale.
On Friday, 18th January 2008, an alert in investment banking division led to the discovery of massive unauthorised positions relating to counterparty risk. Société Générale, as an organisation, sought to immediately close the unauthorised positions of approximately €50 billion. This led to losses of €4.9 billion over the course of three days. It was identified that the individual behind the fraud was Jérôme Kerviel a 31 year old trader. Kerviel joined the Société Générale compliance department in 2000 and was promoted to junior trader in 2005. As a member of the Delta One Unit, it has been concluded by the courts that Kerviel, acting alone, and using knowledge of back office systems, established a series unauthorised derivatives positions exposing the company to high levels of unauthorised risk. Following his trial, Kerviel was found guilty on 5th October 2010, sentenced to 5 years and fined €4.9bn
Corporate Governance & Ethical Weaknesses That Contributed to That Failure
Following this incident, Société Générale has identified the core corporate governance and ethical weaknesses that contributed to the failure.
It was a clear corporate governance failure for the board of directors to claim lack of awareness.
"When the president of a company experiences a disaster of this magnitude and he doesn't face any consequences it's not normal...you can't say 'I'm going to be paid seven million Euros a year' and when there is a problem say 'It's not me'."
The role of the CEO of an organisation is to manage the company. The role of the chairman is to manage the board. Daniel Bouton held both of these positions and therefore should have sought to be aware of the workings of the organisation he was running. It is not an acceptable excuse to claim lack of awareness and is evidence of incompetent management. It also highlights the weakness of the audit committee which was not adequately empowered to report findings to the board.
Combined role of CEO & Chairman
During the period in which incident occurred the roles of chairman and CEO were jointly held by Daniel Bouton. Under the UK Corporate Governance Code it is recommended that these two roles should be separated, this is to ensure no one individual should have unfettered powers of decisions. It has been speculated that the fact that one individual had such power may have contributed to the delay in disclosure of the incident to the board once discovered. Daniel Bouton chose not to inform the board immediately of the discovery of Kerviel's trading positions despite the fact that a board meeting was schedule to take place just several hours after the incident came to light.
There was a further failure from the perspective of the UK Corporate Governance Code when, for a year following the incident, Bouton continued to hold the position of chairman having stepped down as CEO. While this separated the two roles it contravened the Code guidelines which suggest that a former CEO should not become chairman in order to maintain independence. Ultimately, in April 2009, Bouton resigned his position of chairman and Société Générale reverted to the previous system of joint CEO and Chairman when Oudea was appointed to the position. This action was taken by the company with a view
"..to ensure a tighter governance structure that is able to respond faster and better to the challenges of today's economic and financial crisis."
While some commentators may feel that this is not an ideal structure, as outlined in the "Steps Taken" section of this report, the additional appointment of a Vice Chairman with an audit, internal control and risk focus is intended to add strength and a good governance perspective to this appointment.
Weakened Board (changed this to board from neds as both were weakened)
In the immediate aftermath of the incident coming to light Bouton offered his resignation to the board. His offer was rejected by the board which suggests that Bouton had such power that he commanded great loyalty from his board but also implies a lack of accountability on the part of the board. The failure of the board to punish its Chairman and CEO could suggest the board was too weak and perhaps in particular the Non- Executive directors had not been empowered by Daniel Bouton. This issue is addressed in The European Commission Green Paper on Corporate Governance in Financial Institutions and Remuneration Policies, "faced with a chief executive officer who is omnipresent and in some cases authoritarian, non-executive directors felt unable to raise objections to, or even question, the proposed guidelines or conclusions due to a lack of technical expertise and/or confidence". (Citation needed)
Lack of effective risk policy and framework
This incident has exposed the lack of effective risk policy and framework in place in Société Générale. The utter size of the figures Kervial was dealing with could not have gone unnoticed at the uppermost levels, the bank's market capitalisation in January 2008 was just over USD $50 billion, Kerviel had exposed Société Générale to USD $73.3 billion. It is therefore reasonable to suggest that Société Générale was in breach of its internal controls.
The supervisory function of Kerviel's immediate line management was also found to be deficient by internal audit in their 2008 report. This cements the testimonies of Kerviel's management in court that they did not have the necessary training or skills to uphold the internal controls to a high enough standard. Several enquires made by Eurex into Kerviel's trading activities were treated dismissively rather than being investigated extensively.
Kerviel breached five levels of control over one year and was acting outside of his trading limits for two years before his unauthorised trading was discovered in January 2008. According to UK Corporate Governance Code C.2, the board is responsible "..for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives".
While it may be argued that management further down the reporting line removed controls in place to allow Kerviel exceed his limits, the board is still at fault as the UK Corporate Governance Code also states the board should at least annually review the effectiveness of the system of risk management and internal controls, which includes compliance with policies, plans, procedures, laws and regulations, something which was clearly not done adequately. It further states that internal controls should be embedded in the operations of the company, and they should consider, where necessary, any action which needs to be taken to remedy any significant failings or weaknesses. The failure of compliance and risk department along with the breaches in internal controls highlights the failure of the board to set a tone or culture of compliance within Société Générale. The lack of monitoring, reviewing and improving of the internal controls framework is the crux of the corporate governance failure at Société Générale. The markets they were operating in were increasingly dynamic and complex but Société Générale failed to mirror this environment with an increasingly reactive and extensive risk management and control framework, which ultimately ended in a corporate governance failure resulting in catastrophic losses. This can be seen in a statement given by the French Finance Minister Christine Lagarde in February 2008 in which she states, "Very clearly, certain mechanisms of internal controls of Société Générale did not function, and those that functioned were not always followed by appropriate modifications."(citation)
In addition, outside of Société Générale's own internal control structures the bank is obliged to comply with numerous industry directives, regulations and legislation to protect shareholders and other stakeholders from such an incident. In particular, Société Générale was found to be in breach of the Basel II Capital Adequacy requirements which were adopted by the French Regulator, Autorité des Marchés Financiers.
Audit committee ineffective in advising the board with respect to upholding adequate controls
It has also came to light that Kerviel's managers failed to action seventy- four internal alerts regarding his trading activities in the period up to and including the fraudulent trading. This highlights again that the audit committee not fulfilling its role correctly in reporting to and assisting the board in order to uphold the internal control frameworks correctly. While audits may have been carried out, the findings were not being dealt with correctly and follow- up to ensure compliance. The audit committee appears also to have failed in its duty, or was not empowered to report on its findings directly to the board. Ultimately, the audit committee must be given sufficient standing & authority to fulfil their role.
"There are no silver bullets or magic beans to prevent governance failures or fraud. What is needed is a significant shift in assessing and reporting risk and control." [1]
Ethical Weaknesses
Tone at the top/ Culture
"it is impossible to ensure every member of staff acts in an ethical manner all the time, but the Board must create a framework for ethical behaviour" [2]
At the time of the incident, Société Générale lacked an ethical and compliant tone being set at the top of the organisation which could then filter down throughout every tranche of the organisation. Bouton had chaired working groups on Corporate Governance best practices across France. He held a reputation for being greatly involved in this area however within his own organisation, as we have seen above several governance failures combined causing huge losses for the bank. A strong CEO uses actions to lead by example rather than paying lip service to best practices.
For example, Jean Pierre Mustier was recently fined for insider trading relating to activities undertaken in 2007. Mustier held the position of Head of Société Générale's Corporate and Investment Banking (SB CIB) division, ironically the area in which Kerviel was an employee. This illustrates the lack of emphasise on and compliance with ethical behaviours. If the supervisors themselves are engaging in unethical and criminal behaviours it creates a negative culture of "Do what I say and not what I do" and becomes impossible for them to monitor the activities of their sub-ordinates objectively.
Kerviel joined the Société Générale compliance department in 2000 holding a degree specialised in Organisation and Controls in Financial Markets. For an employee from such a background to later breach the compliance framework within the organisation to such an extent, suggests that a culture of compliance did not exist in the organisation. If a compliance department employee did not buy into a culture of compliance then it is reasonable to think that employees in other departments may not have understood or accepted the role and importance of compliance. It is the role of each employee to embed a culture of compliance within an organisation; however the direction for this and the tone should be set from the top, by the board. In this regard, the board failed to create a culture of compliance where compliant behaviour, such as not breaching set limits by removing controls, was part of the everyday activities and ethos of the firm.
Principles based approach? (not sure should this be phrased differently as a heading)
During the investigation of the incident an independent report found that while in many cases the risk control measures in place had been followed correctly, the compliance officers rarely went beyond ensuring that the letter of the law had been followed. There was a failure to raise concerns about any anomalies, even those which involved large sums. Such a "tick the box" exercise allowed for opportunities to arise for individuals such a Kerviel with in-depth knowledge of the compliance and back office functions to manipulate the system.
Incentivised risk taking/ Performance over conformance
The bonus system in place in Société Générale was one which encouraged excessive risk taking for short term gain. Kerviel's bonus structure was based on 0.05% of declared profit by the trader. Kerviel was awarded €60,000 bonus in 2006 and sought a bonus of €600,000 for 2007 but was instead awarded half of this amount. According to Kerviel, traders in Société Générale were enticed by large bonuses to take risky positions and exceed their limits, aided by the removal of controls by management, without fear of recourse so long as a profit was being made. It has been reported the success of a trader in propriety trading would form part of their appraisal even if this was not part of the trader's day to day responsibilities, a practice which almost compelled traders into taking risks. It is clear such emphasis on performance over conformance within an organisation's bonus system could encourage a trader to take excessive short term risks. A more suitable bonus structure would involve a long term provision allowing for deferred payments dependent on future performance. A holistic approach to assessing financial performance [3] would allow for the performance of the organisation overall to be evaluated for calculation of rewards. In addition, the use of share options rather than a cash payment, along with rewards being linked to compliance related objectives would assist in balancing performance with conformance.
Steps Put in Place to Prevent a Repeated Governance Failure - Governance Perspective
The current structure of the board of Société Générale:
French law allows the company decide whether to have a two-tiered or unitary board structure. Société Générale chooses to have a unitary board structure with a combined CEO and Chairman as per below (See Appendix 1):
ONE-TIER SYSTEM
Type of member
Number of members
Executive directors
1
Non-executive directors (excl. independent directors)
4
Independent directors
9
Total board size
14
January 2008
Daniel Bouton (CEO and Chairman) & Citerne (co-CEO) offered their resignation in January. These offers were rejected by the board. Several commentators reported at the time that a possible reason for this was due to:
"fear that a change at the helm then might derail a 5.5 billion euro emergency share sale aimed at shoring up reserves that had been depleted as a result of the scandal."
French Bank in Scandal Overhauls Top Ranks
http://www.nytimes.com/2008/03/18/business/worldbusiness/18bank.html
However, as discussed above this could also have been an indication that the board were weak. Following the success of the share sale, which saw demand from investors reach nearly twice the amount of shares offered, Mr. Bouton withdrew his resignation.
Bouton's most prominent critic, President Sarkosy, summed up the situation in March 2008 by expressing his bewilderment at the board's loyalty to Bouton.
"When the president of a company experiences a disaster of this magnitude and he doesn't face any consequences," he said, "it's not normal." (needs same citation as above)
March 2008
By March 2008 the first steps were being taken to overhaul the top ranks of the bank. The Chief Financial Officer, Frédéric Oudea, was promoted to deputy chief executive. This management change took place the night before a decision was made by a Parisian appeal court whether to free Jérôme Kerviel from jail while the investigation was being carried out.
Mr. Bouton and Mr. Citerne announced at this time that they would not receive a bonus or stock options for 2007 and also would forgo salaries for the first half of the year.
The Board now assured that the threat to capital adequacy had been dealt with, we beginning to focus its attentions on who should manage the bank going forward.
May 2008
Between March and May 2008 Bouton stepped down as CEO however retained the position of Chairman.
By May 2008 shareholders began to question the management of Société Générale by calling for the resignations of Bouton and Jean- Pierre Mustier, the head of investment banking. At the annual meeting, investors accused senior management of changing the bank into a casino and sought compensation.
Later steps taken from a Corporate Governance perspective:
May 2009
Just over a year after the discovery of the exceptional fraud there was a full re-organisation of the board of directors. Following a year of separation of the roles of Chairman and CEO on May 6 2009 the Board of Directors decided to once again merge the roles of Chairman and Chief Executive Officer.
Frédéric Oudea was appointed as joint CEO and Chairman with effect from May 24, 2009.
Didier Alix and Severin Cabannes were confirmed to remain in their roles of Deputy Chief Executive Officers. Didier later retired on November 30, 2009. Bernardo Sanchez Incera and Jean-Francois Sammarcelli were appointed Deputy Chief Executive Officers as of January 1, 2010.
Philippe Citerne retired and left his position as Deputy Chief Executive Officer on April 30, 2009.
On May 6, 2009, the Board of Directors also created the position of Vice-Chairman of the Board of Directors. Anthony Wyand was appointed to this position. Wyand also holds the position of Chairman of the Audit, Internal Control and Risk Committee (formerly the Audit Committee). The new role of Vice-Chairman was developed to assist the Chairman in his duties,
"notably the organisation and sound functioning of the Board of Directors and other Committees, and the supervision of corporate governance, internal control and risk management".
The above steps have been taken, in particular the recognition of the importance of the Audit, Internal Control and Committee to the board by promoting the Chairman of this committee to the position of Vice-Chairman of the Board of Directors, to improve corporate governance within Société Générale.
Steps Put in Place to Prevent a Repeated Governance Failure - Operations Perspective
"Société Générale learned the lessons of this affair from the outset, and has committed significant human and financial resources to strengthening all of its controls." [4]
As soon as the fraud was discovered, action plans were immediately drawn up to reinforce and adapt internal controls related to trading activities [5] . These actions plans; collectively referred to as the "Fighting Back" program included immediate remediation measures in order to reinforce operational controls and access rights to IT systems as well as structural measures aimed at long-term transformation of the trading environment. A third strand of the program sought to assess performance of the actions implemented and identify further areas for continuous improvement. 1.jpg
The measures contained within the "Fighting Back" program were consistent with those advocated by the French ministry of Economy & Finance in the Lagarde report [6] . The governance of the Fighting Back program was placed under the Group Deputy CEO with implementation of the program subject to strict monitoring.
Measure I: Remedial measures
When the fraud was discovered, a crisis team immediately took control of the situation and put in place essential corrective actions. They focused on priority actions including identifying all fictitious transactions and putting in place additional controls to prevent or detect further such transactions. Supervision of Front Office activities and access rights to IT systems was strengthened. An alert management process was also implemented. Examples of additional controls implemented on specific areas include limits on positions, controls of amend and cancellations and reviews of out of market price transactions. These controls were fully implemented across all trading activities by mid 2009.
Measure II: Transformation plan
A transformation plan covered four axes of the operational control framework:
Creation of a Product Control Group and re-organisation of Middle offices
A Product Control Group with more than 600 staff was created in November 2008 charged with the independent production of daily and monthly accounting P&L as well as balance sheet verification - with a focus on the reduction of breaks and manual entries. Simultaneously, Middle Offices were re-organised to re-establish roles and responsibilities of employees and reinforce the independence of support functions.
Strengthening Operations security
A Security & Anti-Fraud Expertise 'SAFE' department was set up with the aim of strengthening the analytical capabilities and operational risk management of SG CIB. It sought to assess the quality and efficiency of control mechanisms within SG CIB and ensure ongoing improvement through:
Coordination of overall supervision of SG CIB through front offices and support functions in coordination with Group Internal Inspection and Audit.
Fraud prevention and detection including monitoring of alerts in a central control room to quickly identify unusual patterns and immediately launch investigations.
Strengthening of IT Security
Access rights & security across 150 sensitive applications was strengthened according to a risk analysis methodology. 45,000 accounts were recertified and over 80 applications were migrated to a central authentication system aligned with best industry practice.
Accountability and culture
Training programs and awareness workshops aimed at managers and staff covered topics including SG CIB's Business Principles, a framework for professional behaviours and redefined function and job roles, missions, responsibilities and procedures. More than 7,800 SG CIB staff attended these training courses, including all traders. These actions were subsequently fully integrated into HR and SAFE's remit.
Measure III: Continual assessment and permanent improvement of the control system
An investment of €150mn and 200 employees between 2008-2010 ensured that the controls and measures identified above were successfully implemented according to schedule, budget and definition. Independent quarterly reviews undertaken by PriceWaterhouseCoopers were translated into progress reports to the Audit Committee with subsequent information relayed to the Board of Directors.
The measures are now fully integrated into the operational control framework of SG CIB, and are continuously reviewed with a view to the permanent improvement of the control architecture. An example of continuous improvement was the launch of the C.O.S.I. (Converge, Secure, Industrialise) program which includes four areas:
Convergence and optimization of controls
Development, strengthening and convergence of the IT systems that support controls
Implementation of a unique organisational reference framework
Extension of the alert monitoring IT system
SG CIB is also undertaking a fundamental transformation of its operational model, optimising and developing processes, strengthening risk controls and operational security mechanisms as part of the Resolution program - the strategic transformation plan of the Group which aims to further transform the bank's operational model over the long term.
Concluding Remarks
Remark
