Monthly Archives: September 2011

Immediate Vault Immediate Access

Another Rogue Trader for the Record Books

Posted on by

Since 2008, investment banks have taken quite a beating. From huge subprime losses to dwindling trust of consumers. And now, they can add another notch to their belt.

buy actos online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/actos.html no prescription pharmacy

Today, Swiss bank UBS announced that a rogue trader in its investment bank had lost $2 billion on unauthorized trades.

The incident raises questions about the bank’s management and risk policies at time when it is trying to rebuild its operations and bolster its flagging client base. The case could also bolster the efforts of regulators who have pushing in some countries to separate trading from private banking and other less risky businesses.

The trader, 31-year-old Kweku Adoboli, was arrested by UK officers though exact charges have not yet been announced.

You may remember a similar case involving Jerome Kerviel, a former trader at French bank Societe Generale, who defrauded the company by gambling away $6.7 billion. He single-handedly brought the 145-year-old bank to near bankruptcy when the trades were discovered in January 2008. He was charged and convicted of breach of trust, forgery and unauthorized use of the bank’s computer system.

buy zithromax online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/zithromax.html no prescription pharmacy

Will Adoboli be charged with the same? More importantly, why didn’t the largest bank in Switzerland learn from the Societe Generale case, which went down in history as the biggest rogue trading scandal in history?

“All men make mistakes, but only wise men learn from their mistakes.”
-Winston Churchill

UK Infrastructure Providers “Accept an Unexpectedly High Level of Risk” of Cyber-Threats, and the National Response Is “Fractured and Incoherent”

Posted on by

Hacker organizations like Anonymous and LulSec are waging a worldwide cyberwar. These new combatants are highly sophisticated and have emerged as a true threat so quickly that it is understandable why many organizations remain vulnerable.

But according to a new report from Chatham House, the UK’s critical infrastructure providers actually do understand the gravity of the threat and are very concerned about what it means for their operations — they just have chosen to do little about it.

“Many of the organizations surveyed in the course of this project have developed an attitude to cyber security that is fundamentally contradictory. In most cases, they declared themselves to be aware of cyber security threats. Yet these same organizations were willing, for a variety of resource and other reasons, to accept an unexpectedly high level of risk in this area. In several cases it was even decided that cyber risk should be managed at arm’s length from the executive authority and responsibility of the board and senior management. Paradoxically, therefore, in these organizations a heightened perception of cyber security risk is being met with diminished resources and interest.”

It gets worse.

While the weak response by critical infrastructure providers is clearly presenting a risk to national security in the United Kingdom, governments aren’t helping. Those who should be leading the charge on raising security aren’t doing enough to help those they serve keep up with the threat, say the providers.

There was a perception among those interviewed (which include 100 larges businesses and banks) for the study that “the national response mechanism is for the most part fractured and incoherent” and that there is  “little sense either of governmental vision and leadership, or of responsibility and engagement” with critical infrastructure providers. Those providers also note that better information sharing could help them considerably in preparing their defenses, but so far the UK government is “more willing to solicit information than to divulge it.”

Of course, the responsibility to mitigate this threat is not solely a public responsibility. These companies must take it upon themselves to safeguard their own operations. As the report notes, however, “this will only be achieved to the extent that board members are themselves more aware of the opportunities and threats presented by cyberspace.”

It must start at the top.

But unbelievably, the report notes that some companies have “deliberately pushed [the threat] below the boardroom level in order to remove a complex and baffling problem from sight.”

To be fair, some organizations are responding better than others. But they are the exception not the rule. “The results were varied,” said study co-author Dave Clemente on a Chatham House podcast. “Some organizations have a fairly nuanced view of cybersecurity — it comes up on their board agendas on a regular basis. And others don’t. Others respond only when something unpleasant happens to them or a competitor, and then they have to do something very quickly. Something must be done. Money is thrown at the problem. And often it produces an over-reation [that’s] not very well thought-through.”

In talking about the risk to infrastructure providers, Clemente highlighted the cyberattack that Anoynmous launched against Sony, shutting down its popular online video game platform, the PlayStation Network, for more than weeks and exposed the personal info of tens of millions of users.

Games Beat explains the details of that attack.

The company was criticized for having outdated security software that did not adequately protect the PSN from hackers when they broke in. Security experts knew Sony was running outdated versions of the Apache Web server software that did not have a firewall installed. The company said hackers were able to breach the PSN and steal sensitive data while the company was fending off denial of service attacks from Anonymous, an online hacker group that typically takes up politically charged causes.

Hackers also hit a number of other high-profile companies like defense contractor Lockheed Martin and Bethesda Softworks, another game publisher. The number of hacking attacks has given network providers like Sony a new set of challenges when building security for company networks.

Clemente says that the hacker intrusion cost Sony $171 million.

That’s a large sum that should help any large company take notice. But he also notes that while these types of cyber threats are “substantial in a monetary sense but there’s also reputational damage as well.”

Incidentally, Tim Schaaff, a top Sony executive, told Games Beat that the attack a “great experience, really good time … Though I wouldn’t like to do it again.”

At first blush, that seems like a ridiculous position. But perhaps we can all learn a little bit from the PlayStation Network breach. Take this quote from  Schaaff that further elaborates on his view.

“A determined hacker will get you, the question is how you build your life so you’re able to cope with those things,” he said.

Of course prevention and fool-proof network security is the ultimate goal. But it is increasingly hard to achieve. As the Chatham study shows, the leap forward in sophistication of today’s hackers means that most companies are now playing catch-up — both technologically and in terms of understanding the nature of the threat.

In the interim, many companies can and will be hit.

Know that. And start game-planning a response. Perhaps going forward, conducting emergency, tabletop drills for cyberdisasters will be as beneficial in preparing for the real thing as emergency drills for natural disasters are today.

Companies that have money and reputations to lose would be silly not to be developing strategies to this threat. And those organizations tasked with providing the nation with critical infrastructure? Well, if they do not improve their defenses soon, “silly” will start looking a lot more like “negligent.”

(For more on cyberthreat whos, whats, whens, wheres, whys and and hows, stay tuned for our upcoming October issue of Risk Management magazine. We have an 8-page feature detailing the nature of the threat — and ways to combat it. )

How the NCAA Has Used the Term “Student-Athlete” to Avoid Paying Workers Comp Liabilities

Posted on by

Anyone who has spent much time following college sports should be aware of the NCAA’s hypocrisy. It demands purity from its “amateur” “student-athletes” while at the same time taking in billions in revenue from their on-field and on-court efforts. And whenever the nation expresses outrage at the revelation of yet another “scandal” in which a player received some compensation for their athletic abilities, there is much hand-wringing and finger-pointing from the sport’s governing body, which in turn imposes sanctions and other penalties against the offending schools and players.

Well, never before has anyone detailed this NCAA hypocrisy better than Taylor Branch did in the latest cover story of The Atlantic, “The Shame of College Sports.” If this sort of stuff interests you, the looooong account is well worth your time to read.

For our purposes, however, the most interesting excerpt chronicles the how and the why of the NCAA’s creation and widespread promotion of the term “student-athlete.” According to Branch, the main reason that former NCAA head Walter Byers, in his own words, “crafted the term student-athlete” and soon made sure it was “embedded in all NCAA rules and interpretations” was because it was an excellent defense against being held liable for workers compensation benefits that those injured in athletic competition could seek.

“We crafted the term student-athlete,” Walter Byers himself wrote, “and soon it was embedded in all NCAA rules and interpretations.” The term came into play in the 1950s, when the widow of Ray Dennison, who had died from a head injury received while playing football in Colorado for the Fort Lewis A&M Aggies, filed for workmen’s-compensation death benefits. Did his football scholarship make the fatal collision a “work-related” accident? Was he a school employee, like his peers who worked part-time as teaching assistants and bookstore cashiers? Or was he a fluke victim of extracurricular pursuits? Given the hundreds of incapacitating injuries to college athletes each year, the answers to these questions had enormous consequences. The Colorado Supreme Court ultimately agreed with the school’s contention that he was not eligible for benefits, since the college was “not in the football business.”

The term student-athlete was deliberately ambiguous. College players were not students at play (which might understate their athletic obligations), nor were they just athletes in college (which might imply they were professionals). That they were high-performance athletes meant they could be forgiven for not meeting the academic standards of their peers; that they were students meant they did not have to be compensated, ever, for anything more than the cost of their studies. Student-athlete became the NCAA’s signature term, repeated constantly in and out of courtrooms.

Using the “student-athlete” defense, colleges have compiled a string of victories in liability cases. On the afternoon of October 26, 1974, the Texas Christian University Horned Frogs were playing the Alabama Crimson Tide in Birmingham, Alabama. Kent Waldrep, a TCU running back, carried the ball on a “Red Right 28” sweep toward the Crimson Tide’s sideline, where he was met by a swarm of tacklers. When Waldrep regained consciousness, Bear Bryant, the storied Crimson Tide coach, was standing over his hospital bed. “It was like talking to God, if you’re a young football player,” Waldrep recalled.

Waldrep was paralyzed: he had lost all movement and feeling below his neck. After nine months of paying his medical bills, Texas Christian refused to pay any more, so the Waldrep family coped for years on dwindling charity.

Through the 1990s, from his wheelchair, Waldrep pressed a lawsuit for workers’ compensation. (He also, through heroic rehabilitation efforts, recovered feeling in his arms, and eventually learned to drive a specially rigged van. “I can brush my teeth,” he told me last year, “but I still need help to bathe and dress.”) His attorneys haggled with TCU and the state worker-compensation fund over what constituted employment. Clearly, TCU had provided football players with equipment for the job, as a typical employer would—but did the university pay wages, withhold income taxes on his financial aid, or control work conditions and performance? The appeals court finally rejected Waldrep’s claim in June of 2000, ruling that he was not an employee because he had not paid taxes on financial aid that he could have kept even if he quit football. (Waldrep told me school officials “said they recruited me as a student, not an athlete,” which he says was absurd.)

The long saga vindicated the power of the NCAA’s “student-athlete” formulation as a shield, and the organization continues to invoke it as both a legalistic defense and a noble ideal. Indeed, such is the term’s rhetorical power that it is increasingly used as a sort of reflexive mantra against charges of rabid hypocrisy.

Today, the term “student-athlete” is intended to carry with it the nobility of amateur athletics that the NCAA epitomizes.

Originally?

It was a good protection for keeping those carried off the field from suing the schools.

Ten Years After

Posted on by

Of all the “where were you when?” moments, none resonates so clearly in my mind as the attacks of September 11, 2001. I’m not a sentimental person by any means but even a decade later, I find myself getting choked up when watching or reading reports of that day.

Everyone has a story. I was working in Midtown Manhattan. From my 20th floor office window, I had a view of the towers and watched as they buckled and fell before my eyes. No one in the office said anything. There were no words.

As I made my way to the train that would take me home to Long Island, the city was in shock. The expressions of sorrow, horror, confusion and fear that I saw likely mirrored my own. As I walked, I stared in a daze at the black smoke in the distance until I realized that I had been walking in the middle of the street for blocks with no regard for traffic. But no car horns ever sounded. At the train station, the mood was the same. Even though trains were delayed, no riders complained. Who would dare when you were sharing the platform with downtown workers covered in the dust of collapsed buildings that once dominated the New York skyline?

When I finally made it home, everyone wanted to hear about what I saw, but I didn’t want to talk about it. How do you describe what it’s like to watch a skyscraper full of people fall to the ground?

Thankfully, no one I knew died. I was lucky. Loss was everywhere, however, and when I finally returned to the city after a few days, sagging shoulders and hollow, glassy-eyed stares were all too common. I had to stop reading the newspapers because the reports became too excruciating. It was all I could do to keep from crying.

It’s a cliche to say that the world irrevocably changed on September 11, but it did. In a sense, the world shrank. Terrorism was no longer something that only happened overseas. The fears of the world were our fears now. And with that came the increased need for more and better security. To a certain extent, Americans had always taken their safety for granted, but now this kind of thinking was obsolete. The attacks showed us that all risks were possible and our mitigation plans were going to have to change to reflect this reality. Ten years later, this mindset lives on every time we go to the airport or participate in a disaster preparedness drill. It is a testament to our resiliency that we now find most of these things to be annoying. Evidently, not even terrorists could stop us from complaining.

If there can be anything positive to take away from this tragedy, perhaps it is that September 11 has made us more vigilant to all the risks that are around us and, as a result, organizations and individuals alike have taken great steps to reduce these threats. We still have blind spots, as evidenced by Hurricane Katrina, for instance. But overall, the argument could be made that in some ways we may be safer than we were 10 years ago.

Of course, this doesn’t mean the painful memories of September 11 have vanished, particularly for the families and friends of the nearly 3,000 people who died that day.

But there has been progress. At the World Trade Center site, the National September 11 Memorial and Museum opened on the anniversary of the attacks, while the new One World Trade Center steadily climbs to its eventual 1,776-foot height after years of political infighting and financial controversy. Hopefully, these signs of rebirth, coupled with the memory of those we lost, can inspire us to move beyond tragedy and create a new legacy for September 11 — a legacy of a better, safer world.