[HN Gopher] Financial Institution Letters: Vacation Policies (1995)
___________________________________________________________________
Financial Institution Letters: Vacation Policies (1995)
Author : mooreds
Score : 119 points
Date : 2022-10-14 13:46 UTC (9 hours ago)
(HTM) web link (www.fdic.gov)
(TXT) w3m dump (www.fdic.gov)
| andirk wrote:
| Couple this with a Chaos Monkey [1], which is "responsible for
| randomly terminating instances in production", on their first day
| of vacation.
|
| [1] https://netflix.github.io/chaosmonkey/
| LinuxBender wrote:
| I went through this when working for a bank. It really felt like
| an outdated and not well thought out idea. I automated almost
| everything that I did daily. If I were doing something nefarious
| I would have automated it and it would still be running to this
| day within obfuscated automation accounts and systems, not as me.
| This is not even a new concept. This applies equally to
| mainframes, on-prem servers, clouds, kittens and cattle.
| aerostable_slug wrote:
| If you were able to do that, someone (probably multiple people)
| weren't doing their jobs. That should have been architecturally
| impossible.
|
| At a certain level, you can't fix stupid (note: the person in
| my anecdote wasn't the stupid person). Example: once upon a
| time I worked for a very large public utility and got to be
| friends with a cool guy who seemed to live in the underground
| server rooms below Utility HQ. He would offer us (infosec
| group) 'free' hardware from time to time, which was cool (bear
| in mind CAPEX is a very good thing in the regulated utility
| industry, so there were all kinds of things kicking around
| taking up space).
|
| At one point I was wandering around the halls underground, he
| spotted me, and said "Hey Mark, can you use this?" while
| pointing to a check printing machine loaded with valid
| corporate check paper. My jaw dropped. The first thing I did
| was look around for 'tells' of a corporate security sting.
| Dollar signs rolled in front of my eyes.
|
| I asked said subterranean server room dweller if he had any
| idea what he had, and what he could do with it (I have no doubt
| one could easily make off with zillions of dollars and have it
| written off as billing errors). He smiled and said "no," to
| which I replied that was a good thing for our shareholders, and
| that he should probably properly dispose of that thing toot
| sweet. All the processes in the world and yet there was a
| literal money-printing machine hanging out with no oversight at
| all, prey to anyone with an RS-232 connection.
| LinuxBender wrote:
| _At a certain level, you can 't fix stupid_
|
| This, and laziness in the name of _avoiding friction_ and
| _remaining competitive_. In every size organization I have
| been in the customer code will be audited by third parties. I
| have never seen internal automation audited by third parties.
| Not in banks or financial institutions. I 've worked for both
| big banks and small financial institutions that grew into big
| ones. People get spread thin and fight to maintain control of
| the systems and code they are responsible for and this is
| only getting worse with time in my experience. With time more
| command and control systems are spread out and inter-
| connected with on-prem and cloud _solutions_ that delegate
| root privs to third parties running entirely closed source
| code with very little consequences for damages. Infosec and
| security orgs apply very outdated logic that would not even
| stop an amateur attacker.
|
| _If you were able to do that, someone (probably multiple
| people) weren 't doing their jobs._
|
| By design these jobs do not exist _at least not in a
| meaningful manor_. People validate change tickets. People
| validate that code does what it says it does but that 's
| where they usually stop. Security organizations these days
| are being moved under the same orgs that manage code to
| reduce friction. This stops _Security Theater_ which is
| indeed a real problem but it also curtails people going down
| rabbit holes. _Close ticket, move onto other issues, don 't
| block a team from getting work done._ Don't like what someone
| is trying to implement? No problem, design a better solution.
| For 8000+ developers? Yeah nobody scales like that.
|
| People review individual code snippets. People stopped
| looking at big pictures of implementations. Disasters like
| Solar Winds don't happen because of one piece of nefarious
| code. They happen because a broken framework of thousands of
| pieces of poorly thought out code are glued together. There
| comes a point where the junk-yard of automation gets so big
| and ugly that even if leaders wanted to overhaul it they
| could not and if something nefarious was occurring nobody
| would see it, probably not even for a long time after damages
| were done. It's next to impossible to reverse engineer _junk-
| yard_ automation which is what most automation becomes with
| time.
| [deleted]
| montag wrote:
| Today I learned "toot sweet" is an eggcorn for "tout de
| suite" (very quickly).
| thrown_22 wrote:
| Yes, but this assumes that the people involved are the everyday
| finance idiots who think that excel is the tool of choice for
| automation.
| LinuxBender wrote:
| _Yes, but this assumes that the people involved are the
| everyday finance idiots who think that excel is the tool of
| choice for automation._
|
| There is truth in this but what I am referring to is
| happening with principal and senior developers and orgs that
| would never touch excel. In fact Microsoft products are
| forbidden _by contract_ in the production datacenters I have
| worked with in the last couple of decades.
|
| It's hard to see nefarious behavior when it depends on
| thousands of pieces of automation and frameworks that are
| poorly glued together. It's even happening _albeit slowly_ in
| my favorite operating system that has no shortage of
| incredibly intelligent and talented developers. Ironically
| these folks won 't see it because they did not experience all
| the vulnerable frameworks and bandages that Windows
| implemented early on and now history is rhyming with udev +
| systemd + debugfs + binfmt + firewalld + ebpf glued together
| but that is a long topic in and of itself.
|
| Another related topic could be vehicle automation and inter-
| connectivity. I am intrigued and curious to see how that one
| plays out.
| bombcar wrote:
| Two weeks seems weak; I would think five weeks is the minimum to
| catch things that happen monthly; unless part of the two weeks is
| specifically checking things.
| thrawaburnout wrote:
| mcculley wrote:
| I have been in peer groups of small and medium sized businesses.
| Many of these smaller organizations have only one person in the
| role of Controller or Comptroller and are vulnerable to
| embezzling. One interesting policy I have seen implemented is
| that this person gets extra vacation time in addition to what a
| normal employee gets, but never at time of their choosing. The
| CEO or COO just comes in one day and says, "Congratulations! Take
| the next X days off." The organization is forced to plan ahead
| for the Controller being unavailable and the Controller cannot
| hide much.
| x55j33 wrote:
| IT Audit/Governance manager here. This is still a very common
| preventative/detective control in many businesses even outside of
| Financial Services, so much so that it is taught as part of many
| IT governance certifications such as the ISC2 CISSP and ISACA
| CISA.
|
| Although the provenance of the control is to deter and detect
| fraud, it also helps to highlight key-person dependencies (where
| a process cannot run without a specific individual present). On
| the flip-side, humans are very innovative creatures and you can
| use this control to identify where someone has found a way to
| bypass parts of the process (the process time suddenly increases
| a lot when someone in the team is on their mandatory-vaykay, or
| the quality suddently drops).
|
| I also see it used in smaller companies by bosses who want to
| simulate the effects of a person quitting, and how confident the
| rest of the team are to take over the running of a task.
| warner25 wrote:
| Interestingly, I work in DoD IT where everyone is required to
| have certifications from ISC2, ISACA, CompTIA, etc. so we all
| get taught and tested on knowledge of this and many other
| controls, but I haven't actually heard of it formalized or
| enforced. In practice, we just rely on ad hoc high turnover as
| people change jobs every year or two, or get pulled away into
| unrelated projects, or sent away for exercises and deployments.
| twawaaay wrote:
| I worked a lot for banks and aside from mandatory vacation
| there are other rules.
|
| For example in one bank I worked for there is a 2 year limit on
| how long you can work there as a contractor. This is to make
| sure that all key personnel is actually employed by the bank
| and the assumption being that if somebody worked for 2 years
| they become key personnel by default and have to either be
| hired as an employee or fired as a contractor.
| jagtesh wrote:
| One big reason for this is the tax law in US and Canada.
| Legally, contractors (esp. when incorporated) are considered
| employees if they work exclusively for one client over an
| extended period of time without interruption. Occasionally, I
| have seen such contractors take a few month sabbatical and
| return to work after that (still contracting).
|
| Note: There are other criteria that have to be met as well
| for the govt to consider someone an employee: - if work
| happens a the employer's premises - if the employer owns all
| equipment needed for work - how is the work instructed - can
| denote a manager/employee dynamic)
| lazyasciiart wrote:
| Microsoft has approximately the same rule, and it's entirely
| for the sake of employment law, not because they care about
| key personnel being contractors.
| formerkrogemp wrote:
| > IT Audit/Governance manager here. This is still a very common
| preventative/detective control in many businesses even outside
| of Financial Services, so much so that it is taught as part of
| many IT governance certifications such as the ISC2 CISSP and
| ISACA CISA.
|
| This is covered in accounting and the CPA as well. Not that I'd
| necessarily recommend a CPA over an IT auditor in many cases.
| csours wrote:
| > I also see it used in smaller companies by bosses who want to
| simulate the effects of a person quitting, and how confident
| the rest of the team are to take over the running of a task.
|
| Aka the Bus Factor. What if our lead engineer takes a bus out
| of town (or the darker version).
|
| Even in large companies, work is done by teams and those teams
| are susceptible to this problem as well.
| ok_dad wrote:
| I used to say, "in case I fall off a cliff," and then in a
| previous job a colleague went mountain climbing and literally
| fell to his death off a cliff. Now I just say, "for when I'm
| not around."
| [deleted]
| mgkimsal wrote:
| Similar here. 2000/2001(?), I was talking about the bus
| factor with a client, indicating that I'd brought on a
| couple more folks on my team - one part time, one full
| time, to avoid the bus factor.
|
| "what do you mean?"
|
| "oh, in case I get hit by a bus"
|
| Silence.
|
| Someone in their company had been hit by a bus and died a
| couple weeks earlier. Not in their department - it wasn't a
| direct friend/colleague - but it was... awkward enough that
| I didn't use that phrase again for a long time. And even
| when I do, I tend to catch myself before and rephrase it.
| csours wrote:
| Holy crap!
| jedberg wrote:
| > What if our lead engineer takes a bus out of town
|
| HA! I've never heard this version of it. I've only ever heard
| the dark version. I like this better.
| csours wrote:
| Coming up with euphemisms is my hobby. No one can tell when
| I'm being mean now.
|
| disgusting food -> interesting and unique flavor profile
|
| bad movie -> the director made decisions that challenge
| audience expectations
|
| take your crazy pills -> I had not heard of that before
|
| and of course the Southern classic
|
| you idiot -> bless your heart (this one doesn't really work
| anymore because people know it)
|
| Edit: I remembered another one:
|
| Resting B*tch Face -> Resting Business Face.
| [deleted]
| rootsudo wrote:
| Sigh.
| cosmodisk wrote:
| Are you planning to live in England by any chance?:)
| sokoloff wrote:
| "Good For You!" is code for "Go F** Yourself!" in some
| circles. (would become the same three-letter acronym)
|
| I'd heard it through two different management consultancy
| sources, but that could easily have a common root, of
| course.
| tb_technical wrote:
| In some communities "Go f** yourself!" is code for "see
| ya later!", also.
| cosmodisk wrote:
| We used to have a Scotsman as a site manager. Every
| single day when we were wrapping for a day, he used to
| say: well, fuck off now! Nice bloke.
| yeasurebut wrote:
| With respect; a lot of us out here know and used many of
| those the same way; we're silently aware of the intent. I
| used to be that way. Over time feeling the need to fake
| it fell away; now I just mock everyone through muted
| indifference and a shrug, "good job at being a member of
| social life like everyone else" kind of energy.
|
| Emotional archetypes are limited. You have borrowed
| others ideas because that's how it works; you memorized
| such emotional states from others. Awareness of such
| emotional state is not yours alone.
|
| See. That's how you put someone down. Directly. Not
| through passive aggressive southerner classics. You're
| far too obvious to those who have diverse real world
| experience and just come off as a cliche. But we silently
| eye roll rather than validate such antics through
| feedback, good or bad.
| csours wrote:
| I read this comment with a Werner Herzog accent. I hope
| that's ok with you.
| yeasurebut wrote:
| hirundo wrote:
| > (or the darker version)
|
| I default to, what if Bob wins the lottery?
| aerostable_slug wrote:
| Or moves to China...
|
| I was working with an IoT company who proudly showed us,
| their biggest customer, how the signing keys to particular
| actions that could impact many, many people were held on a
| rather trick little Spyrus USB stick. Which they displayed.
| In the pocket of a person that had the requisite
| passphrases to access it all on her own.
|
| I asked what would prevent the person from hopping a plane
| out of nearby SFO and having a pleasant CCP-funded
| retirement and they turned all sorts of colors. They
| invested in a proper storage mechanism (and key management
| processes) after that.
| ghaff wrote:
| My defined benefit pension was basically handled by one person
| through a number of decades (and a couple acquisitions). If you
| wanted to start receiving your pension or whatever, you called
| so and so. I assume some degree of chaos would have ensued if
| something unexpected happened to her one day.
|
| I assume she eventually retired or something because it was
| transferred to one of the big benefits companies a few years
| back.
| Spooky23 wrote:
| That happened to my dad when he retired from a gov agency. He
| had an unusual situation and was held hostage for about a
| year, and eventually was able to retire with the intervention
| of a State Senator.
| ghaff wrote:
| It was interesting when I joined my current employer about
| ten years ago after having worked for a big computer maker
| for about a decade (with an in between longish stint at a
| couple small to very small companies).
|
| At the computer maker, where my pension is from, getting
| things done tended to be about reaching out to the right
| person who knew how to make such and such happen. Of course
| at the intervening smaller companies everyone knew everyone
| else. Where I am now, personal connections still matter of
| course. But when I joined, it was a bit of an adjustment to
| just "submit a ticket" rather than tracking down the right
| individual to ask a question or do something--at least with
| respect to company operations like payroll, benefits, or
| legal.
| jeffrallen wrote:
| assert(busCount > 1);
| jedberg wrote:
| This is why smart companies offer sabbaticals after 4-5 years. It
| forces the senior employees to teach their peers how to do their
| jobs and make sure they don't have any critical information or
| the only ones who can access a resource.
| invalidname wrote:
| An Israeli bank was compromised in part because of that... As
| this blog post pointed out: https://debugagent.com/internal-
| security
| killjoywashere wrote:
| There's a rather prominent base with a large power footprint. So
| large that it has it's own substation right off some main
| interstate power lines. The state has a policy that if you
| anticipate your electric bill will exceed last year's electric
| bill, you can request a waiver. The base facilities person
| diligently submitted that from 1967 to 2020 when they retired.
| The 2021 bill was more than an order of magnitude larger.
| Something like 600K to 20M if I recall. The front office had to
| go ask the folks in DC for help.
| csense wrote:
| > if you anticipate your electric bill will exceed last year's
| electric bill, you can request a waiver
|
| I suspect this was intended to be utilized by poor people who
| struggle to afford to power their homes. The US Military is
| certainly well funded enough to pay its electric bills.
| [deleted]
| JCM9 wrote:
| I remember this from my time in banking. For those not familiar,
| essentially you need to disappear for two weeks a year without
| access to anything. This is basically a safeguard to make sure
| that operations are robust and won't just fall over if you're not
| there. It's also to make sure you're not cooking up something
| nefarious that requires you to be there every day and keep an eye
| on it.
| mooreds wrote:
| I think that time away from a job has tremendous value for
| everyone. beyond the finance industry. Let's ignore the fun and
| regenerative benefits of vacations to the vacation-taker.
|
| For the business:
|
| * It's a real life test of what happens if an employee
| quits/resigns, with less impact (a team member will probably be
| able to reach them in an emergency).
|
| * You can test your operational robustness (as mentioned by the
| parent comment).
|
| * It exposes holes in processes and documentation that have
| been papered over by a human.
|
| * The vacation may reveal tasks which can be delegated to
| others or not done at all (timeline depending, of course).
| lupire wrote:
| It's bad for the employee, by making them less uniquely
| valuable.
| ghaff wrote:
| There are certainly employees who think that they're so
| uniquely valuable that it would be unthinkable for them to
| take a 3-4 week vacation. Their employer, for the most
| part, does not suffer from the same delusion.
| mooreds wrote:
| Haha, can't tell if you are being sarcastic or not.
|
| Here are my general thoughts on that:
| https://letterstoanewdeveloper.com/2021/09/13/always-be-
| repl...
|
| tl;dr "...you should always be looking at ways to replace
| yourself. This will free you up to work on new tasks and
| learn new things."
| lmkg wrote:
| "Don't be indispensable. If you're indispensable, you
| can't be promoted."
|
| -Flavor text from _Netrunner_ CCG (1996)
| __MatrixMan__ wrote:
| If you're at that spot where being promoted means that
| your life will get worse, it's ok to be indispensable.
| csours wrote:
| Damn. This just hit home for me really hard. On a
| previous team, I would take on tasks, learn what's going
| on, and then try to get a team mate up to speed so I
| wouldn't be the only one who knew how to run things. I
| feel like none of my team mates really took on those
| tasks or aspects of the work.
|
| Over time this made me really angry at the team. It
| really shut down my brain because I had so many things to
| juggle. I really wish I could have replaced myself. I
| wound up just leaving the team, I think they struggled
| for a while.
|
| When you're on a team with someone who seems to know
| everything, some people are much less motivated to learn
| the system. Also, sometimes things just suck. Sometimes
| you just have a team of jaded short-timers about to
| leave. Sometimes you have a team of junior employees who
| can "make things work" but leave a trail of half baked
| decisions.
| matwood wrote:
| Also, frees someone up to be promoted.
| lazyasciiart wrote:
| I took a week off recently. My teammates just sat on multiple
| "24 hour turnaround" requests until I got back, because they
| were too used to thinking of it as my job to bother even
| opening them.
| thechao wrote:
| Lots of large companies (I'm familiar, via friends, with Exxon)
| have a strong "rotation" policy in finance & related, for this
| exact reason. Many classes of fraudulent activity rely on
| _networks_ of people who trust each other. If you break up the
| network, you can prevent gross levels of fraud.
|
| Tangentially related: it's one of the reasons why _government_
| positions should be (randomly) rotated. In many ways, it 's the
| same reason why we should choose our elected representatives
| randomly. (Also: I'm under the impression that random selection
| of representatives is one of the few ways to implement robust,
| fair representation.)
| ghaff wrote:
| While an interesting idea, you're now:
|
| 1.) Going to throw people into an unfamiliar role for, say, a
| couple years. So they're going to _heavily_ lean of whatever
| permanent staff /civil service there is because their knowledge
| of the job is extremely limited
|
| 2.) You'd basically be asking/telling people to take two years
| off their job--for probably quite limited pay. (Sort of federal
| grand jury duty on steroids.) Which I can't believe would be
| very popular.
| ianbutler wrote:
| For 2 just have it be you're paid the max of the roles
| minimum or your old salary for those two years, maybe with a
| good bonus to make it even more palatable.
|
| The government has the benefit of being able to eschew normal
| market pricing for things including job pay.
| thechao wrote:
| By case:
|
| (1.A) Yes. As I said in another comment, though, it turns out
| that in the limited research that's been done, the average
| person is somewhat better at doing the job than the average
| career politician. The argument is that the sort of person
| who wants to be a career-politician is uniquely unsuited to
| actually running a government.
|
| (1.B) The civil servants should be randomly rotated.
|
| (2) There's normally a mechanism to preselect a pool of
| applicants. Universal sortition is interesting, but has
| drawbacks. I am drawn to a nomination mechanism: you have to
| get enough (unique) nominations before you're allowed in the
| sortition pool.
| yamtaddle wrote:
| > (1.B) The civil servants should be randomly rotated.
|
| Institutional knowledge in civil service is the only reason
| our government functions even as well as it does. I'm not
| sure that's a great idea.
|
| Also, it's a job like any other, and the more unpleasant
| you make it, the more workers with options will leave. And
| the workers with options will tend to be your best ones.
| merely-unlikely wrote:
| Could start by rotating the members of Congressional
| committees. Effectively making Congress the pool.
| pirate787 wrote:
| This is a major reform, as the politicians who are
| captured by various interests have STRONG incentives to
| join that Committee. For example, look at the Senate
| Energy & Natural Resources Committee -- there's only two
| Senators from states east of the Mississippi River, and
| one is West Virginia (a major energy provider as well).
| An elected official requesting a spot on the committee
| from an energy consuming state will have a very hard
| time.
|
| https://www.energy.senate.gov/members
|
| The Republican party is somewhat better than the
| Democrats on this-- Committee reform was a major plank of
| the 1994 Contract With America and the GOP still has term
| limits for Committee Chairmen.
|
| https://about.bgov.com/news/frustrated-democrats-mount-
| push-...
| ghaff wrote:
| It probably somewhat depends on the level. I don't really
| expect random state reps or other local elected officials
| have any particular qualifications. They certainly aren't
| paid as if they did. In some states, such are basically
| part-time jobs. I do think it's a job a fair number of
| people would hate.
| Retric wrote:
| Low pay at the state/local level basically guarantees
| some level of corruption as the pool of applicants gets
| very tight when you combine small districts with minimum
| wealth requirements. How much that's a feature or a bug
| is debatable.
| cwmma wrote:
| Isn't this sort of how ministries work in the UK, you have a
| dedicated civil service that does most of the work and then a
| politician that may or may not know whats going on setting
| direction?
|
| Source: have watched "The Think of It"
| scarby2 wrote:
| > Isn't this sort of how ministries work in the UK
|
| yes
|
| > you have a dedicated civil service that does most of the
| work and then a politician that may or may not know whats
| going on setting direction?
|
| this is the ministers and their private secretary.
|
| > have watched "The Think of It"
|
| you should also watch "Yes Minister" i find it a bit more
| charming if a little dated, but also quite real.
| cosmodisk wrote:
| >you should also watch "Yes Minister" i find it a bit
| more charming if a little dated, but also quite real.
|
| It has aged well and is arguably more relevant than it
| was when they released it.
| Loic wrote:
| For people interested in random selection of representatives:
| https://en.wikipedia.org/wiki/Sortition
| toss1 wrote:
| YES!
|
| I've long thought that once a person attains a certain level
| of success, _roughly_ including college degree, certain
| military rank, managerial position of certain scope at
| medium-large company, etc., they should be subject to random
| political service in state or federal legislature or
| executive branches. Perhaps after one term, they can stand
| for re-election for maximum of two terms, 10 years max, to
| take advantage of experience gained. Pay should be greater of
| a set level or 110% of their max earnings in previous 5yrs
| (so service is not punitive).
|
| There would of course be some random evil and grifters, but
| their concentration and ability to embed for life would be
| very limited.
|
| How we get from constitutional structure to there is another
| question.
| thechao wrote:
| The research I've seen (slight) is that a random person is,
| on average, a more competent statesman than the average
| politician. (This is a result of the self-selection bias in
| people choosing a political career.)
|
| The major downside is a lack of accountability; however, at
| least in large parts of the US, factionalism & gerrymandering
| have almost completely removed accountability, so we're not
| really losing anything.
| rocqua wrote:
| Links to the research?
| Supermancho wrote:
| I don't know if this helps: https://www.researchgate.net/
| publication/344163235_Sortition...
|
| MP means Member of Parliament (or equivalent
| representative of a democratic government). Belgium has
| been a hot-spot for this kind of initiative.
| pdabbadabba wrote:
| Can you point us to any of that research? I'd be very
| interested to see how they managed to measure people's
| competence to serve as government officials. I'm frankly
| skeptical that can be done in a useful way.
| [deleted]
| 0cf8612b2e1e wrote:
| ChrisMarshallNY wrote:
| The Japanese company that I worked for, for almost 27 years,
| had a similar policy.
|
| _Everyone_ in Japan, rotated, at least, every two years.
| Often, more frequently. This included very senior-level
| executives.
|
| I'm not sure that it was to combat fraud, but I'm sure that was
| a knock-on effect.
|
| I would work with engineers for many years, but they would be
| working on different projects, and might suddenly appear in the
| project I was on, many years after the last time I saw them.
|
| They also had a _lot_ of vacation /holiday time, but the
| company told them when they would take it. I think that more
| seniority gave you more discretion.
| toss1 wrote:
| Groups indeed!
|
| When I worked at IBM just out of college, my manager introduced
| me to someone who was getting promoted three levels up. It
| turned out that he had some months previously figured out how
| four people working together could evade the accounting
| controls and transfer $25 million out of the company on a
| Friday afternoon and be in Brazil or wherever (never to be seen
| again, presumably) before Monday. He reported the flaw in the
| controls and the promotion was the recognition of his acumen...
| mhb wrote:
| tldr:
|
| _Such a policy is considered an important internal safeguard
| largely because of the fact that perpetration of an embezzlement
| of any substantial size usually requires the constant presence of
| the embezzler in order to manipulate records, respond to
| inquiries from customers or other employees, and otherwise
| prevent detection._
| cafard wrote:
| Where my wife used to work, the CFO seldom took vacations. A
| department head who loathed the CFO thought this very suspicious.
| As far as I ever heard, though, the CFO, whatever her faults, was
| honest.
| seanhunter wrote:
| Fun related anecdote: I used to be involved with doing data
| analysis of rogue traders in financial services and was involved
| in discovering and investigating several of these incidents.
|
| In every case that I was personally involved in
| uncovering/investigating, suspicions were initially raised when
| the employee went on compulsory block leave.
| nonethewiser wrote:
| Do you have any more details/stories you could share on that?
| Sounds fascinating. What clues emerged when one of these
| employees left?
| seanhunter wrote:
| Not that much detail I can share publicly about detection
| methods etc although some of it is public because I have
| patents.
|
| The reason block leave is important is that some of the
| coverup behaviour has ponzi-like characteristics. So say you
| have a hole in one account because you've lost a lot of
| money. You find a way to cover that up by booking fake trades
| say. Well trades have a settlement and some gnome in the back
| office is going to contact the counterparty on the fake trade
| when the trade fails to settle and your fraud will be
| discovered so you have to cover that up before the trade
| settles. So maybe you move some money from another account
| (by booking a trade) and cancel your first fake trade, then
| you need to book a fake trade in your second account which
| you will then need to cancel and cover hp in the same way.
|
| Basically the perpetrator often ends up on the coverup merry
| go round which falls apart if the take time away.
| moron4hire wrote:
| You have to also make sure everyone is not taking vacation at the
| same time. In most of the places I've worked, nothing gets done
| in December because everyone is using up their vacation over the
| holidays. If something untoward were going on, nobody would be
| around to notice the absence of the bad actor.
___________________________________________________________________
(page generated 2022-10-14 23:01 UTC)