Concealment of Unauthorised Trading Losses

UK FSA recently fined UBS AG £8million for systems and controls failures that enabled employees to carry out unauthorised transactions involving customer money on at least 39 accounts.

The unauthorised activity, which took place between January 2006 and December 2007 at UBS' London-based wealth management business, only came to light when a whistleblower raised concerns internally.

Upon further investigation, it was discovered that UBS employees had taken part in the trading of foreign exchange and precious metals using customer money without authorisation and allocated losses to customers' accounts. An internal UBS investigation estimated that as many as 50 unauthorised transactions a day were taking place at the operation's peak.

FSA investigation found that UBS had failed to:

• manage and control the key risks, and the level of risk, created by its international wealth management business model;
• implement effective remedial measures in response to several warning signs that suggested the business' systems and controls were inadequate; and
• provide an appropriate level of supervision over customer-facing employees.

Further details disclosed by FSA's Final Notice:

• The services UBS provides to its international wealth management customers in the UK include, amongst other things: bank account services, investment advisory, portfolio management, trade execution, and the safekeeping of documents and assets.
• International wealth management customers are typically non-UK resident individuals who have substantial assets to invest, and are sophisticated, active and performance-driven investors.
• The London Branch afforded the Desk Heads a high degree of autonomy and authority. Each Desk Head supervised the Client Advisers operating on that specific International Business Desk. Desk Heads’ responsibilities included preparing investment documentation, contributing to technical discussions and liaising with Legal, Compliance and ‘Back Office’ functions. Where appropriate, Desk Heads were also expected to meet clients with the Client Advisers.
• During the Relevant Period, UBS’ control framework was designed to operate on the basis of a ‘Three Lines of Defence’ model. The ‘First Line of Defence’ was the business itself (i.e. Client Advisers and Desk Heads). The ‘Second Line of Defence’ was UBS’ Risk and Compliance department, which, amongst other things, undertook monitoring and risk assessments. The ‘Third Line of Defence’ was the Group Internal Audit function and external auditors.
• On 31 December 2007, a UBS employee reported to UBS’ Money Laundering Reporting Officer a concern regarding a proposed transfer of funds from a customer’s account to a particular Desk Head’s (“Desk Head ‘A’”) personal account. As a result, the Risk & Compliance department announced it would undertake a review of the International Business Desk headed by Desk Head ‘A’ (“Desk X”). The announcement of this review prompted another employee on Desk X to escalate a concern regarding an unauthorised inter-customer transfer of a structured product at a non-market price.
• In response to these concerns, UBS suspended relevant employees on the Desk and conducted a comprehensive investigation. The investigation established that Desk Head ‘A’ and certain other employees on Desk X had engaged in and/or facilitated unauthorised FX and precious metals transactions by using certain customers’ money without their authorisation and allocating any resulting profit or loss to the affected customers’ accounts. There was a high volume of FX transactions during the Relevant Period; UBS’ investigation identified approximately 50 such trades per day during 2006, which continued (at a reduced rate) throughout 2007.
• UBS’ investigation established that losses arising from the Unauthorised Trades were allocated to the accounts of other affected customers on the same Desk by exploiting the following failings in the control environment: (a) FX transactions could be executed by providing UBS’ FX traders with only an identifier for the trade and the details of the amount and the currency to be traded. Full details of the transaction, including the account number, could be provided to UBS’ FX traders up to 24 hours later. This allowed the performance of the trade to be assessed before Desk Head ‘A’ decided how any losses (or profits) should be allocated; (b) FX trades that had already been executed and booked could be cancelled and then subsequently re-booked onto another customer’s account; and (c) FX trades made nominally on behalf of a number of customers could be consolidated into a single trade with an ‘averaged’ price, thereby hiding the number of deals and the patterns of price.
• UBS’ investigation identified that losses resulting from the Unauthorised Trades were concealed by Desk Head ‘A’ and certain other individuals on Desk X from UBS’ customers by adopting the following techniques: (a) unauthorised transactions were made on the accounts of customers on the Desk who utilised UBS’ ‘retained mail’ facility. Customers using the ‘retained mail’ facility did not receive timely statements and updates on their accounts; as such, it was less likely that such customers would discover in a timely way the unauthorised activities on their accounts in comparison to those customers receiving periodic statements; (b) customers with significant liquid funds in their accounts were persuaded by the Desk to “lend” funds to other customers on the Desk who had incurred losses as a result of the Unauthorised Trades. These “loans” were documented on UBS headed notepaper by way of purported ‘UBS Guarantee Letters’. This procedure was intended by the employees on Desk X to give the lending customers the impression that the loan had been approved by UBS; however, no such approval had been given; and (c)a number of internal transfers were routed inappropriately through one of UBS’ internal ‘suspense’ accounts. The use of the suspense account enabled the true origin of the funds to be concealed as the source would not be displayed on the customers’ statements.
• Desk Head ‘A’ and other individuals working on Desk X were able to deploy these techniques without effective challenge from UBS’ systems and controls.
• UBS reported the findings of its investigation to the FSA on 30 January 2008. In February 2008, UBS commissioned an independent third party to assist it in identifying those customers who had been affected by the Unauthorised Trades. This work identified that 39 clients of “Desk X” had been affected by the Unauthorised Trades.

This case again reveals the highly risky control environment of private banking.