PricewaterhouseCoopers handed its preliminary report to a special comitee at Société Générale's board. The 22 pages report stresses that no internal fraud ring can be suspected for now, but several major weaknesses allowed Jerome Kerviel to hide his activities.

The document judges that while the actual procedures within Société Générale were carried out diligently, they were indeed not sufficient to spot the fraud in a timely manner. And while the report stresses Jerome Kerviel's expertise at hiding his activities, it also judges that that key controls that would have been able to spot the fraud much early were not in place.

It was also noted that operators, while following the procedure, did not go above and beyond what they were supposed to look for. Small mistakes and inconsistencies in Kerviel's explanations before the fraud was discovered should have triggered an advanced investigation. But, says PricewaterhouseCoopers, the rules did not call for this, and thus operators did not pursue. At several occasions, for example, alerts actually went on but the control operators were then perfectly happy with Jerome Kerviel's email explanation.

There were troubles with the IT, too. According to the report, some anomalies that should have been investigated were justified by glitches in the system tasked with recording all operations. Such glitches seemed recurrent enough so nobody would take a small deviation seriously. Unfortunately the report does not disclose what exactly those glitches were.

The lone rogue trader theory is so far supported by this document, although nothing can be established before the official investigation is over. The auditors, though, advise to look more closely in Kerviel's ties with ex-coworkers in the control department, arguing that such friendships might have helped the trader without his friends being aware of the fraud going on.

Finally, the report offers three key areas to improve security :

• Deploy strong authentication, biometric being in top of the list. And look into Identity and Access Management solutions.
• Stronger controls procedures and alerts
• Better operational risks management, and especially by adding the human resources to the picture (Jerome Kerviel was at high stress level and did not take leaves for the past two years).