Don't be too surprised by the recent revelations that allegedly fraudulent activities of a trader at Société Générale went unnoticed for some time.  The chain of events put in motion by trading activities not only provide ample opportunity for a knowledgeable individual to exploit a weakness, but the sheer complexity of the discrete deal attributes in many markets introduce numerous chances for honest mistakes as well.

The market, credit, liquidity, operational, and other risks must all be considered in the appropriate context of the specific situation.  In fact, after many years as a credit manager working trade floors in the energy industry, I have personally seen numerous examples of control weaknesses and heard of countless others.  I have never heard of an entity which had no areas for improvement - particularly if they traded extensively in physical markets, with its numerous additional obligations associated with delivery of a commodity.

"Do we trade over the counter (OTC) or on an exchange"; "Standard enabling agreements, or via proprietary contracts?"; "Margining or no margining"?; "With the A-rated public entity or the three-man hedge fund?"; "Fixed or floating prices?"; "In the physical or the financial markets?"; and etcetera. 

The nature of the resulting risks changes with the answer to all of those and many other questions.  Before long, the resulting decision tree for one transaction alone has an impressive number of branches.  Now imagine tracking an entire forest of unique trees.  Broken branches are fairly common (to belabor the analogy).

Sometimes weaknesses are glaringly simple, such as finding users who post their passwords on a sticky note next to their computer.  Other times, and as was apparently the case at Soc Gen, it requires intimate knowledge of the control process.  Still others result from lack of training or simple oversights, such as failing to properly negotiate a letter of credit or incorrectly assuming that you have netting rights for offsetting exposures.

Unfortunately, such weaknesses are pervasive.  Even worse, not everyone recognizes that fact - although such naïveté is becoming less common.  As reported by the Wall Street Journal, Ken Moelis, former head of investment banking at UBS said "Until recently, every investment bank believed it had built an outstanding risk-management system".

Indeed, when reviewing the trading risk management efforts of numerous financial institutions, S&P Credit Analyst Prodyot Samanta said they found "no concentration of best practices at any single institution".  It is good that ratings agencies are aware of the problem.  When credit ratings begin to suffer due to weak controls - causing financing costs to rise, you can expect companies to pay significantly more attention to the issue.

Additionally, the growing interest in enterprise risk management (ERM) also signals that companies are finally beginning to appreciate the fact that market risks aren't the only risks worth addressing.

Those entities which aren't already doing so would be well advised to start taking this effort seriously.