I was just listening to a presentation of how the SIEM deployment at Société Générale did not work adequately. It is not hard to figure out the vendor they used, so I’ll leave it alone here, but you might want to look it up if you own one or are considering a purchase.

Researching some of the control/compliance mistakes brought me to a site called innovation Creators where a consultant had a few blistering comments, attacking both the WSJ and Société Générale management:

Derivatives trades may be complex bets, but they do result in real money flowing back and forth. That real money comes out of real bank accounts. Eventually, the CFO has to notice. Something like

“Holy Crap!, we have 500 Million more Euros than we thought we would”

And, when your bets start to get into the Billions of Euros, if you are betting exchange traded futures, real margin calls start to happen. If you are betting OTC derivatives, other banks, with half way decent internal controls, start calling you up and asking for more collateral.

The SocGen CFO and the head of Treasury should have noticed.

Some good questions raised by the author, and useful insights, albeit a bit condemning of human error. I am most curious about how the SIEM implementation will change now, or whether they will abandon the current vendor and seek out one of the market leaders to help fix their controls.