In the NYT of July 16, 2015 there was much ado about the to date investigative failures of law enforcement agencies in the U.K. and the U.S. (at a minimum) to criminally (or civilly) assign responsibility for unprofitable and misleadingly reported trades originating from a JPMorgan Chase (the publicly traded principal) desk in London. The primary underlying wrongful activity allegedly was cooking the books; that is, knowingly inflating the monetary value of the net financial position of the principal by its agents (including Mr. Iksil) through preparation of intentionally misleading records. The data values were purportedly too high, not reflective of the rights and obligations of the principal, not measured in good faith, etc…. by the agents. The work product was reviewed and approved by supervisors (including Mr. Martin-Artajo) within the internal control environment of the principal.
This may be another case of process or form trumping substance. So long as ‘some other dude’ more or less independently checked (and did not dissent from) the documentation, the result and outcome may survive severe legal and regulatory challenges. Bad faith is especially difficult to prove where the documentation demonstrates actual oversight notwithstanding its ineffectiveness in preventing the use of materially false financial statements. The inputs of data were intentionally contaminated. The corporate process aided and abetted the transformation of these inputs into deficient financial statement outputs. Who knew this kool-aid was bad?
The actions of investigation and audit include the two-fold procedures below:
- Reviewing transactions from the population of reports to the supporting records; that is, vouching. This is designed to prove that the reports are accurate.
- Reviewing the population of records to the reports; that is, tracing. This is designed to prove that the reports are complete.
As this is no secret, how do organizations / subunits therein fail to prepare reports that are accurate and complete in all material respects? In this case the problem does not seem to be the lack of knowledge or the lack of oversight. This knowledge and applied skill existed and occurred within the principal.
For a time the financial position was too big to fail from the agents’ perspectives. Their legal duties and contractual obligations to their employer-principal were subjectively ranked secondary, if not lower, to their prayer for profit and concern for concealment of the unfolding loss caused by creating the financial position. The authority delegated to these agents was not adequately controlled in hindsight, but issues of abuse of authority, exercise of less than professional judgment, abuse of discretion, exploitation of information asymmetry, etc. are not new.
I suspect the case of the London Whale, while not offering enough bait within and across law enforcement agencies, provides lessons in the failures of both automated and manual control systems as tools to monitor effectively those to whom authority is delegated. As more tasks and functions are controlled through computer-based technologies, the skills and habits of those responsible for manual / mental oversight and inspection of these technologies’ effectiveness in mitigating the risks inherent to process over substance conditions (among other hazards) atrophy. It’s way too easy to rely on the reports written by software controls than to examine the underlying records and data. To verify and/or falsify are essential skills, commonly known as a sanity check. Clearly, it does not work where ‘the inmates are running the asylum,’ which may be unfair on my part as the inmates of asylums tend to have better excuses and defenses than those established to date at the London desk. (See also AIG and credit default swaps for similar issues.)