Nick Leeson and the Barings debacle are memorized as the biggest financial scandal in the 20th century. At the age of 28, Nick Leeson brought down 233-year-old Barings — Britain’s oldest merchant bank crashed, by losing £827 million (US$1.4 billion) in the derivative market trading. After a failed bailout attempt, Barings was declared insolvent on February 26, 1995. It was revealed that Barings’ Singapore-based trader Leeson falsified accounts and trading records.
This case study is about the security and control issues in the company which led to this scandal. The case documents the process of how Nick Leeson bypasses the risk management and auditing, and the lack of Barings security control. Moreover, the case explains why the security is not only technology issues, but also business issues.
Leeson joined Barings Bank in London in 1989 as a 22-year-old, and a year later was sent to Jakarta to sort through £100 million of back contracts which were in a complete mess. He did the job, and his reputation increased. That same year in March, he was posted to Singapore where he earned the label of being a “whiz-kid” trader, even if he did fail his A-level maths.
According to The Business Times (BT), within a year of his arrival, after-tax profits at Baring Futures (Singapore) jumped from $2.7 million in 1992, when he was rewarded with a £150,000 bonus on top of his £50,000 salary, to over $20.3 million in 1993. By early that year, he was allowed to do proprietary trading for the entire Barings group.
Leeson started dealing in Japanese government bonds, then dabbling in Nikkei 225 futures and options. And he was supposedly making the firm millions, accounting for a large chunk of its profits. Leeson held both the positions of chief trader and head of settlements, which meant that he pretty much had free reign. And he used this to his advantage, concealing losses and unauthorised trades in a secret account called “error account 88888”.
This account, which was meant to track bona fide trading mistakes and minor accounting discrepancies, was found to have been used since 1992 to hide Leeson’s losses and show artificial profits in other Barings trading accounts.
While Leeson looked to his peers to be a high-flying daredevil trader, nothing was further from the truth. By December 1994 and unknown to his bosses, he had racked up losses amounting to $373.9 million. On the official books, he was making handsome profits.
In an attempt to claw back some money, Leeson bets heavily against the Nikkei index falling below the 19,000 mark. He believed that share prices, which plunged after the Great Hanshin Earthquake hit the city of Kobe on Jan 17, 1995, would rise. But prices kept falling, and Leeson, whose gamble costs Barings $932 million, found himself in a deep hole of his own making.
That same month, alarm bells started ringing after auditors found a £50 million discrepancy. Barings investigated, but by the time the deficit was discovered in mid-February 1995, the losses had increased to $2.2 billion, twice-exceeding the bank’s capital and reserves.
Nick’s tale has made a great shock over the financial market. After that, the internal auditing and security control becomes one of the top priority tasks for investment banks. And the security issue has been raised from technical level to business level.
Organization structure must be well defined. It has to be a perfect tree where every branch ought to be supervised by a clear head. There should not have any branches left out from the tree. There should not have any branches that sourced from two roots, either. This structure clearly defines the supervision for everybody up to the headquarter management, which removes the confusion caused by overlapping supervision as well as missing the supervision.
To maintain the clear structure, every staff shall be associated with a clear role. Nobody shall be entitled to act as two roles, especially not for two roles that are crossed the border of the front office and back office. The internal auditing shall be reviewed frequently to ensure there will not be any short circuit inside the auditing and safeguard system. This department shall stand out to act as an individual department which will report to top management only.
Nick Leeson’s case gave a good lesson about how serious the consequence not paying attention to the security and control as well. This topic is always important to all the organizations. In the first place, it is a technical issue, because the security system must be able to update their system to prevent abuses via the newly found security bugs. But, no matter how advanced the security system is, the human being who operate the system will be the weakest point of the system. Therefore the security is no longer a technology issue but also a business issue. Companies should enforce the guidelines defined in the company’s security policy to ensure the information assets of the organization. The framework of the security and control is necessary to help organizations to protect themselves and achieve the business values of the information assets. At any time, security issues should not be only related to both technical departments, but also to the business departments as well.