The Societe Generale (SG) report of 25th May 2008 is, in fact, three separate reports, by different bodies. The first report is by a Special Committee, consisting of 'independent' directors, of the very Board that allowed the loss of EUR 4.9 Billion (some $ 7 Billion) to take place. This report relies heavily on the second report by PWC, which is entitled 'Summary of PWC diagnostic review and analysis of the action plan'. Both these reports focus mainly on the 'action plan' for 'transformation of the control methods for market activities'. The reports are forward looking, attempting to assure shareholders and regulators that the bank will achieve a "new balance between the objectives of profitable growth and risk management".
The tone of the Special Committee's report is incredibly self-congratulatory, for example: 'Thanks to the actions of Senior Management [i.e. ourselves] since the discovery of the fraud - the majority of the negative effects of the fraud on the Bank's business situation have been overcome.'
So what negative effects precisely have been overcome? The share price is languishing some 30% below its level before the detection of the fraud, Q1 profits have fallen by over 20% year on year and, so far, Monsieur Kerviel is not reported to have coughed up the $7 Billion. Maybe the canapes in the Directors' dining room have improved? So pleased was it with its efforts, the Committee wound itself up, having 'completed its assignment'.
Because its terms of reference were purely to look at the measures already proposed by the senior management of SG, PWC confined itself to analyzing managements' proposals and making recommendations as to how such an 'ambitious programme' may be managed. The overall programme may be summarized as 'more of the same, then even more of the same'.
Admittedly it is all very laudable to move quickly to put in place changes necessary to ensure that a similar disaster does not happen in the future, but such an effort is only meaningful if the underlying causes of the problem have been properly identified. Otherwise, it is just wasting time and money.
For the analysis of the events leading to the loss, both the Special Committee and PWC relied exclusively on the third report into the 'fraud committed by Jerome Kerviel (JK)', published by SG's 'General Inspection Department' (equivalent to Internal Audit).
Herein lies a major problem. Not only is the bank investigating itself, it is doing so on an extremely narrow basis - very specifically: the details of the fraud; the mechanisms used; the motives; the specific failure of controls that assisted the fraud; and a general check that the same mechanisms were not being used in other parts of the SGCIB (Corporate and Investment Banking) division.
In other major trading failures, such as Allied Irish Bank (AIB) and National Australia Bank (NAB), the Boards of these banks called in truly independent investigators and gave them a mandate to look at structural in addition to control failures. In these cases, and others such as Barings, investigators found faults not only with controls in the trading environment but also with Risk Management, Internal Audit, Senior Management, the Board's Risk Committee and the Board itself. Regulators also were given considerable stick.
In their investigation at SG, the Inspections department did not find any fault with itself (what a surprise!) nor with the Board, nor with Senior Management, again hardly surprising, since biting the hand that feeds is rarely appetizing, even in French cuisine.
A second and ultimately much deeper problem with the Inspectors' report is its stunning reluctance to ask the simplest question - why?
The report is peppered with many examples of pure naivety. For example, an 'alert' was raised on some 'fictitious transactions' in January 2007 - note a full year before the fraud was detected. When asked why nothing was done about this alert, the answer came back that 'procedures were followed by Middle Office but no initiative was taken to verify the truth of JK's assertions or to transmit the information to immediate superiors (actions not explicitly called for by procedures)'. In other words - we were just following orders.
Similar answers for other important alerts were given by the Back Office, the Risk department, Accounting, the business line and on and on. The Inspection team appeared not to have asked the most basic question: why did no one tell senior management? Inspector Clouseau is alive and well and living in La Defense, Paris.
From the information provided in the Inspectors' report there would appear to have been serious deficiencies in SG's 'risk culture' that permitted staff in multiple departments to simply ignore potentially grave problems. As recognized in other risk management failures, and demanded by Basel II, a strong 'risk culture' must start at the top of the organization. Firms that fail to recognize the importance of a coherent risk culture, as demonstrated in this case by the Special Committee of the SG Board, are asking for trouble.
Openness, transparency and a willingness to face unpalatable truths are hallmarks of good risk management, but these are sadly missing from the SG reports. On the contrary, the attempt by the bank to fob off a tawdry report as serious analysis, merely illustrates the corporate hubris that caused the Kerviel problem in the first place.
Which brings us back to PWC. While SG management may be expected to try to cover up its deficiencies, PWC appear not to have asked the question that the Inspection department failed to ask - why did no one tell the Board? In the fine print of their report, PWC admit that 'we were not instructed to assess the overall relevance of the conclusions reached by the General Inspection department' - it appears that they, too, were just following orders! Furthermore, PWC noted that 'we did not at any stage carry out procedures designed to attribute responsibility.' This is from a firm that identified one of the 'key success factors' of the proposed programme to 'transform' cultural change to be to 'foster a sense of responsibility on the part of the players.' Would SG know responsibility, if they saw it?
Of course, PWC is a relatively minor player in these events; it is the regulators of the banking system in France who have gone 'Missing In Action (MIA)'. If the French Banking Commission needs some advice on how to handle the situation, they merely have to pick up the phone and talk to their colleagues in APRA (the Australian banking regulator) who, although admittedly late to the game, showed how to apply muscular regulation to the Board of NAB in similar circumstances.
Regulators should ask the tough questions: Why was the bank allowed to get away with a purely internal inquiry? Why were the terms of reference of the Special Committee, General Inspections department's investigation and the PWC assignment set so narrowly? Why, ultimately, was the problem let grow to the size it did without senior management and the Board not doing something?
As they say in France: 'Je ne sais pourquoi' - I don't know why. Nor apparently does SG or its regulators!
