Who would have thought that someone would actually be crying “terrorist attack” from of all places, Switzerland? Well, hardly. In Asia, we know about these “terrorist attacks.” The first one occurred in Singapore in 1995 when a 27-year-old former derivatives broker named Nick Leeson caused the collapse of Barings, the United Kingdom’s oldest investment bank.

What Leeson did to Barings bears considerable resemblance to what a senior UBS management executive called, with considerable hyperbole, the “terrorist attack” that sank the bank’s former CEO Oswald Grubel in early September after the discovery of a US$2.3 billion trading scandal. Grubel reportedly told the Swiss weekly Der Sonntag, the week before he officially resigned, that when someone is driven by criminal intent “you can’t do anything.”

The senior management executive said the scandal was impossible to prevent, as the embattled Swiss banking giant has claimed it is “very difficult” to build a system impervious to a determined attack.

But a closer look makes it evident that this “terrorist attack” could be prevented.

What is more disturbing is that if the top management harbors a check-the-box mentality, it is no surprise that lightning can strike twice: and the lack of a proper risk management culture does investors no favor.

The well-publicized coverage last month of the alleged unauthorized trading that drilled a US$2.3 billion hole in UBS’s books brought calls for Grubel’s resignation, a seasoned former trader known as “Saint Ossie” for reviving Credit Suisse earlier and who was pulled out of retirement two and a half years ago to seek to repeat the feat at the ailing UBS.

The alleged London-based UBS rogue trader Kweku Adoboli disguised his huge money-losing positions with fictitious counter-trades, UBS reportedly stated – a similar tactic used by Jerome Kerviel of France’s Societe Generale three years ago, who raked up €4.9 billion (US$6.5 billion) trading loss from hidden faked hedges.

Lesson number one: The Leeson case and that of Kerviel, in which the French trader was charged with breach of trust, forgery and unauthorized use of Société Générale’s computers, resulting in losses valued at €4.9 billion, have already highlighted the risk of putting someone in the frontline trading desk with deep knowledge of back-office operations and know-how. It may be discriminatory to prevent them from frontline trading career opportunities but tighter monitoring on staff with such background should be in place to ensure no possible abuse of their technical know-how for personal advantage.

According to further news coverage of the scandal, Adoboli, with his intimate knowledge gained from years of enslavement in the back-office, settled on “fictitious, forward-settling, cash ETF [exchange-traded fund] positions” –Adoboli booked fake ETF trades that were never completed because he knew very well exactly which banks do not confirm trades until settlement, and thus concealed any hint of speculative trading, which was prohibited at UBS, a loophole he took good advantage of, according to some UBS insiders as reported in the Financial Times and Wall Street Journal.

Wait a minute, so this loophole was obviously a known fact to several of his colleagues?

This leads to lesson number two: top management should have sent the right message down the chain of command that all known loopholes – stress known loopholes - should be taken care of immediately.

Unfortunately, any banker with some years in the profession would privately confess the compliance culture in many financial institutions mainly aim to satisfy regulatory requirements and thus more obsessed with checking the boxes than actually sealing up risks properly. There are tons of papers to fill for compliance that “do a lot about nothing”, my client once complaint.

This UBS chapter is “untimely” for European banks as European regulators have been considering to shore up trading rules and to propose a new framework to address transparency issues of the European ETF market. In the US, regulators have been laboring with the Volcker rule, which is aimed to prevent banks from trading on their own accounts.

These regulatory pressures aside, Grubel’s top priority should have been to close up any loopholes, especially when he was brought in after UBS nearly collapsed three years ago following some US$50 billion in securities writedowns.

Lesson number three: to get to the root of the problem, top management should have preemptively fixed the risk management culture. Rather than a “you can’t do anything” attitude, Grubel should have followed the footsteps of US President Obama by aggressively tracking down terrorists and vowed to prevent any possible attack at all costs.

These three lessons may be obvious in light of what has happened but then again, history has repeated itself. As a retired Swiss friend and disappointed UBS shareholder put it, top management never learned and “are not prepared to change their arrogant, greedy and irresponsible attitude”.

(Vanson Soo runs an independent business intelligence practice specialized in the Greater China region. Email: soovans@gmail.com This also appeared in The Standard of Hong Kong.)