I believe every U.S. global systemically important bank has engaged in bid rigging or rate rigging.

You believing in it doesn't make it true.

How would we know? The code is not open source

The code is not relevant. The fund position is transparent to the regulators

The position is visible to regulators via code - if the code is fraudulent or buggy, the regulators will believe false information.

Financial audits of public firms are not done through code. They're done by CPAs who copy files and generally run everything through generic Microsoft applications that aren't going to commit fraud for a bank.

At least at the firms I’ve worked with, new records were digitized and old files were undergoing digitization. Maybe it’s different in your country?

There’s always some process a firm must use to make digital records available to an auditor - it’s at this point in the step code must be trusted even if it’s supposed to be as simple as “make everything available “.

> it’s at this point in the step code must be trusted even if it’s supposed to be as simple as “make everything available “

The "step code" here is a group of humans adding documents to some type of storage available to the auditor.

There is no question of fraud in that code because it's generic. Microsoft, Box, Dropbox, etc. aren't building in custom code to commit fraud.

When publicly-audited firms commit fraud, it's not an issue of untrustworthy code. It's because humans are going to some trouble to commit fraud. There are even "checksums" (balances) that tell you if something is accidentally missing, so it's rare that financial fraud can be conflated with an innocent mistake.