流氓交易员也是一种“黑天鹅”现象，罕见却极端危险。尽管金融和大宗商品交易公司通常拥有极其先进的信息技术和分析手段，流氓交易员还是能给他们造成严重损失。原因可能就在于公司面临着创收的巨大压力，有意或无意地忽视了风险意识文化的贯彻，也没有采用支持公司交易和风险管理所必需的技术手段。

    流氓交易意味着公司风险管理的全面破产，包括公司治理、文化、流程和技术的问题。用以预防流氓交易的风险管理措施不仅仅应该是全面的，还应该是整体的、有机结合的。而经常发生的情况是，组织内部的“筒仓效应”（近邻的相互隔绝）妨碍了风险管理架构和责任的有效结合。整合措施的缺口和前中后台的分割被流氓交易员利用。此外，创收的压力下甚至可能滋生流氓交易文化，让人们对明星交易员的违规行为视而不见。虽然这些人代表着在短期内产生巨大利润的机会，但这种放任自流的行为可能导致灾难性的后果。

    埃森哲（Accenture）最近的一项风险管理研究调查了来自不同产业的数百名高管，发现他们在交易业务中面临前所未有的巨大风险。而领先公司在实践有效管理风险的努力中着重于四个关键元素：

    1. 治理。风险治理结构或者内部风控体系中最基本的是风险管理委员会，然后延伸至董事会以及如下的部门：内部审计、战略、计划、安全管理、法律、金融、税务、库务、会计和信息技术。我们的研究表明，风险管理责任到人是另一个关键问题：专职官员（一般职务为首席风险官）负责必不可少。

    设立了首席风险官的职位并不意味着这名官员就一定会成功。很多大型资本市场和大宗商品交易公司的首席风险官难以保持独立，也得不到足够的支持来对抗交易部门。而领先公司通常设立独立的风险委员会来评估交易头寸，同时，首席风险官直接向董事会报告。

    在交易和风险管理部门内部，前中后台之间的报告关系必须分割开来。如果没有依托强劲的治理结构对交易活动的报告和核对进行明晰的制衡，利益冲突就可能发生。

    2. 文化。再强的系统和措施也可能被为追求利益而不择手段的人挫败。系统可能在关键时刻掉链子，导致严重后果。业界领先的风险管理组织注重风险和回报之间的微妙平衡，也有方便的措施来降低风险。忽略风险和回报平衡的薪酬结构会造成承担过度风险的环境。

    Rogue traders are rare but can be extremely dangerous. They can cause major losses, despite the fact that financial and commodity trading firms are generally extremely sophisticated in their use of information technology and analytics. Companies facing immense pressure to generate revenue, however, do not always implement the risk-aware culture and implement the capabilities needed to support their trading and risk management operations.

    Rogue trading reflects a breakdown of a firm's risk management governance, culture, processes and technology. Risk management practices designed to prevent rogue trading must be comprehensive but also holistic and integrated. All too often, organizational "silos" prevent effective integration of risk management structures and responsibilities. Gaps in integrated practices and segmentation of front, mid and back offices have been exploited by rogue traders. In addition, the pressure for revenue can incubate a rogue trading culture that turns a blind eye toward the behavior of star traders. Although such individuals represent opportunities to make significant profits in a short period of time, these behaviors can lead to serious consequences.

    Accenture's recent Risk Management Research surveyed hundreds of executives across many industries, and found that senior managers face more and larger risks in their trading operations than ever before. We see leading practice companies addressing four key elements in their efforts to manage risk effectively:

    1. Governance. A governance structure or internal control system should start with a Risk Management Committee and then extend to the board of directors as well as the following functions: Internal audit, strategy, planning, security management, legal, finance, tax, treasury, accounting and IT. Our research indicates that ownership of risk management is another key issue; having a dedicated executive in place – often called the Chief Risk Officer (CRO) – is essential to mastering this problem.

    Having a CRO in place, however, is not enough to make that executive successful. Many CROs at large capital markets and commodity trading firms struggle with independence and the necessary support to stand up to the trading organization. Leading companies often use an independent risk committee to assess positions, and also have the CRO report directly to the Board of Directors.

    Within the trading and risk management organization, reporting relationships between front, mid and back offices need to be segmented. Conflict of interest can arise in absence of a robust governance structure of clear checks and balances in reporting and reconciling trading activities.

    2. Culture. The strongest systems and measures can be foiled by people who are motivated to attain profit by any means possible. Systems can let an organization down, sometimes with significant downside. Industry-leading risk management organizations value the fine balance of risk and reward and the means at hand to mitigate risks. Compensation structures that ignore the risk-reward balance create an environment for excessive risk taking.

    3. 流程。交易和风险管理流程的整合是有效风险管理的必要组成部分。在最近的几次流氓交易员事件中，这类流程整合并不存在，特别是横跨前、中、后台的整合。每天应将所有交易与经纪商报表和对家确认一一对应，但有些公司却缺乏这样的流程。没有中台的监督，交易员就可以通过连续地调整头寸来掩盖不断累积的损失。前、中、后台部门之间的信息流应该畅通无阻，而信息应该在整个公司层面上集合起来，以获得对公司风险敞口的整体评估。

    有效的流程和整合的报告体系相结合使得公司不仅能了解整个公司范围内对单个对家的敞口，也可以依据这些信息做出迅速反应。

    其它重要的整合流程包括对交易汇总结构的评估、交易员的强制休假或“冷静”期、对违反限制的审查、对所有修正或被取消交易的审查。最后，流程还需要跟上技术进步的步伐。

    4. 技术。技术必须和治理、文化及流程统一起来，单单凭借技术无法防止流氓交易事件。技术及其系统的合理设计及实施是整个风险管理的关键组成部分。创新科技能够帮助公司监测和报告头寸，使得他们可以几乎实时地了解风险敞口。这些高科技系统还可以审查交易模式，发现与交易小组整体战略不符的交易活动。对公司整体头寸的透彻理解不仅能够降低发生流氓交易的风险，也能够限制对某个特定商品、衍生物类型或对家的敞口。有鉴于最近的交易丑闻，监管部门特别关注交易监督方面的合规控制。传统的监督系统只有在流氓交易发生之后才能发现有问题，而新一代的风险管理技术将更具前瞻性，可以探测到高风险的交易模式，从而防患于未然。每当合规人员问到他们的行为时，交易员总是辩护说：“只要是系统允许的，就肯定没问题。”因此，控制与政策必须融于系统当中，以发现和阻止不当行为。

    金融和大宗商品交易行业不可能完全绝缘于不利事件。然而，全面整合的风险管理方式可以帮助公司保护自己（及其股东），避免流氓交易员带来的重大风险。

    Shelley Hurley是埃森哲风险管理部门的执行董事和全球资源主管。

    3. Processes. The integration of trading and risk management processes is an essential component of effective risk management. In a number of recent major incidents involving rogue traders, such process integration was not in place – especially those integrating activities across the front, mid and back office organizations. Several of these firms did not have a daily process of tying all trades back to either the broker statements or counterparty confirmations. Without the oversight of the mid-office, traders could continuously adjust their positions to cover the mounting losses. Front, mid and back office functions should be integrated in information flow and information should also be aggregated enterprise wide, for a comprehensive corporate view of risk exposure.

    Effective processes, when coupled with an integrated reporting system, allow firms to not only identify their enterprise-wide exposure to an individual counterparty, but also to have the processes in place to act on such information.

    Other important integrated processes include review of trading aggregation structure; mandatory vacation or "cooling off" periods for traders; review of limit breaches; and review of all amended and cancelled trades. Finally, processes need to keep pace with technological changes.

    4. Technology. Technology needs to be aligned with governance, culture and processes and alone, cannot guard against rogue trading events. The proper design and implementation of technology and systems is a critical piece of the overall risk management puzzle. Innovative technologies can help firms monitor and report on their positions, allowing them to understand their risk exposure in near real-time. These systems can also review trade patterns and highlight activities that do not align with the overall strategy of the trading desk. A complete understanding of a firm's overall position can not only mitigate the risk of rogue events, but also limit the exposure to a particular commodity, derivative type or counterparty.In light of recent trading scandals, regulators are paying special attention to compliance controls related to trade surveillance. While traditional surveillance systems spot rogue behavior after it occurs, the next generation of risk management technologies will be more proactive, identifying risky patterns in a way that may prevent disaster in the first place. When questioned by compliance personnel about their actions, traders will often use the defense that, "if the system let me do it, then it must be OK." Thus, controls and policies must be embedded within the system to identify and block undesired behaviors.

    Financial and commodity trading businesses cannot be completely insulated from adverse events. A comprehensive, integrated approach to risk management, however, can help these firms protect themselves (and their shareholders) from the serious risks of rogue traders.

    Shelley Hurley is Executive Director of Risk Management and Global Resources Lead at Accenture.