Toll Free:
877.456.EFSI (3374)
In 1995, a single trader—Nick Leeson—took down a 250-year-old bank.
He wasn’t a criminal mastermind. Just a mid-level employee at Barings Bank, placed in charge of executing trades in Singapore. But he was also responsible for reconciling those trades, settling them, and reporting on them.
All the power. None of the checks.
When his bets went south, he buried the losses in a hidden error account and doubled down. With no independent oversight—no segregation between trading and reporting—he got away with it.
Until he didn’t.
By the time anyone caught it, the damage was $1.4 billion. Barings—the Queen’s own bank—was gone.
So before you say, “That could never happen here,” ask yourself:
- Who’s booking the trade and reconciling it?
- Who’s pricing the position and getting paid based on it?
- Who can move money without someone else signing off?
Because it’s not the big, dramatic failures that pose the greatest risk. It’s the slow leaks—the ones buried under legacy systems, stretched teams, and unquestioned workflows.
The Risk Isn’t Negligence—It’s Assumption
Most operations professionals didn’t design the systems they now run. They inherited them.
Responsibilities, workflows, tools—all handed down from previous team members. At smaller scale, those systems might’ve worked just fine. But as firms grow, complexity increases—and so do the cracks.
It’s not unusual to find:
- A portfolio manager submitting pricing for a hard-to-value asset, with no one validating it.
- A junior ops staffer booking trades and initiating wires because “they’ve always done both.”
- NAVs finalized from a spreadsheet labeled “Final_FINAL_v3.xlsx” because that’s just how it’s done.
And when something goes wrong—when a report is off, a transfer is disputed, or an investor notices a discrepancy—suddenly everyone wants to know: Why wasn’t this caught?
When scrutiny arrives, nobody’s interested in the complexity of your systems. They’ll ask why safeguards weren’t in place.
Familiar ≠ Safe
Just because a process feels smooth doesn’t mean it’s sound.
Over time, as team members juggle multiple roles, lines blur. What began as temporary overlap becomes normalized—and that’s where real risk creeps in.
- A trader reconciling their own trades
- A PM valuing positions that influence their bonus
- A single person moving client cash, unchecked
These aren’t anomalies. They’re warning signs hiding in plain sight.
Separation of Duties Isn’t Bureaucracy—It’s Risk Management
Time and again, operational failures stem from a lack of proper role separation:
- Société Générale: A trader exploited his back-office knowledge to override risk controls. €4.9B lost.
- MF Global: Lack of clear lines between treasury and trading roles. $1.6B vanished.
- Peregrine Financial: The CEO forged statements for two decades—unverified.
These weren’t sophisticated heists. They were avoidable failures rooted in complacency. Systems that nearly worked—but left gaps no one noticed until it was too late.
The real danger isn’t fraud. It’s well-meaning people working within flawed structures.
What to Audit in Your Own Org—Right Now
Start with simple, diagnostic questions:
- Who approves wire transfers—and is a second signoff required?
- Are asset valuations reviewed independently from those who benefit from them?
- Are reconciliations conducted and documented in a centralized, transparent way—or just passed around in email threads?
These questions aren’t academic—they’re critical safeguards. Failing to answer them with confidence isn’t a minor process issue. It’s an operational time bomb.
Don’t Wait for a Fire to Check for Cracks
Most teams only rethink their structures after something goes wrong. But the most valuable interventions happen before the damage.
If you’ve got a gut feeling that roles are overlapping—or that controls aren’t as sharp as they once were—you’re probably right.
Pull the thread. Map out your workflows. Look at who owns what.
If one name shows up in too many places of critical control, that’s not just inefficiency. That’s exposure.
The Bottom Line
Separation of duties isn’t just best practice—it’s the foundation of operational integrity in financial firms.
The systems that carried your team to this point may not be enough to carry it forward. The longer your firm grows without reassessing those foundations, the more hidden risk you accumulate.
What feels manageable today is often what breaks tomorrow.
- The spreadsheet that worked last quarter becomes the liability during an audit.
- The team member wearing too many hats becomes the weak link when they’re out of office.
- The small oversight becomes the headline when regulators start asking questions.
It’s not about being paranoid. It’s about being prepared.
Examine the roles. Question the overlaps. Strengthen the foundations.
Because in this industry, reputation and compliance can be lost not through malice—but through quiet, preventable gaps.
**********
Frank Caccio is the founder of OpsCheck.com, a platform purpose-built for financial firms to gain the visibility and oversight needed to prevent operational errors. Connect with him on LinkedIn here.