A $2.3 billion loss on ETF trading at UBS

The recent trading loss of $2.3 billion suffered by UBS is a whopper of a financial loss, one coming on the heels of other very large trading losses experienced in the financial sector. Some interesting insight into some of the factors that might be involved can be found in the blog article, The ETF loophole (almost) everyone missed, written by Felix Salmon at Reuters. Another piece, Swiss miss, at The Economist points out some interesting observations about what this experience might mean for UBS and other institutions running trading disks.

The incident brings to light some rather interesting questions for supervisory and internal audit functions: probably just a few of the many functions that failed to catch the problem. The most obvious questions of course include: how did it happen, and what can be done to catch or prevent it in the future?

Obviously, more light on the specifics involving the trading losses experienced by UBS will be shed as evidence and testimony is gathered.

Magic is in the eyes of the beholder

In a larger sense, the events at UBS bring to mind the experience of watching a magician who places a noticeably white ball under one of three dark-blue cups, moves the cups around, and asks you to identify which of three cups the ball is actually in: after cups come to rest.

Invariably, you pick the wrong cup – time and again!.

Why? Well the world of magic is based on the study of illusion and human behavior. In this case, the illusion relies on your eyes paying extra attention to thehand that is moving all of the cups and the interaction you are having with the magician’s face and voice. Unseen by almost all who participate in this magic-act, is the other hand of the magician who deftly and cleverly moves the ball in or out of the cup: from the one you are intended to believe the ball is in.

This and similar illusions are successful for magicians, whether the act involves running a saw through a person in a box, pulling rabbits out of a hat, or making dove birds appear seemingly out of nowhere.

Learning what to pay attention to and what to ignore

Whether it’s magic, the recent trading losses experienced at UBS, or the world of managing risk related to the use or misuse of information and IT systems, the biggest problem for many organizations is knowing what to pay attention to: which is where internal control and information security functions come in.

Visibility and illusion: the crux of the problem

I’d be rather rich if I was paid by the number of times I’ve heard the phrase, “My biggest problem is what I don’t know (or what I don’t see).” The problem of visibility goes to the heart of unmasking illusion: be it knowing which cup the ball is under in a magic-act, illicit or highly-risky trading in financial markets, information security-breaches resulting in substantial business risk, or other endeavors in life.

Do you chalk-up success to guessing which cup the ball is under and pure luck? Well, if you do, you’re not guiding your own destiny nor that of your organization. What you might want to consider doing is shining a light on all of the visibly missing procedures that are directly related to prioritized risks.

Risk Assessment Comparison Benchmarks at ITPCG

The ITPCG has embedded results from across thousands of organizations into quick two-minute self-assessments that will enable you and your organization to assess the impact of your risk management practices – as these apply to the use of information systems – on outcomes, relative to others in your industry, your peers and the best performing organizations. A few of the assessments directly related to managing risk, include:

Risk and Compliance Management

Organizational and Policy Risks of Cloud Computing

Operational and Technology Risks of Cloud Computing

Reporting and Risk Management

We hope you find these sources of informative and useful as you make improvements in your own organization.