Protecting European bank test data from lucrative leaks

LONDON/FRANKFURT Sun Jun 1, 2014 2:17pm IST

Related Topics

Stocks

   

LONDON/FRANKFURT (Reuters) - It would be an insider trader's dream to know ahead of time which of Europe's banks will fail or need more capital, and all that data will be stored somewhere in cyberspace as the European Central Bank assesses the euro zone's top banks.

The chances of a leak are multiplied by the thousands of consultants who will work on data for the ECB's Comprehensive Assessment of the currency bloc's most important 128 banks, which include household names like Deutsche Bank and Santander along with national champions Bank of Cyprus and Bank of Valletta.

"It (data security) is of enormous concern," said Dan Keeble, a London-based partner at Deloitte, which is working on part of the ECB's assessment, an Asset Quality Review (AQR) for the euro zone's 13 largest banks and some smaller ones.

"Aside from the fact that much of the information required to conduct the AQR is commercially sensitive to individual banks, details of the conclusions regarding the AQR have the potential to be market influencing, and could damage financial stability."

That is why the consultants working on the centralised data - U.S. firm Oliver Wyman - cannot cut and paste, take screenshots or print out the data they are working on. And they will only have access to their part of the project, and only for as long as it takes to complete their task.

Thousands of other consultants working on individual banks face similar restrictions. Anyone caught leaking the information risks a hefty jail sentence, and the ECB said all access to the data is monitored, so users can be traced.

HIGHEST PRIORITY

The ECB, long used to holding sensitive data about its market operations and keeping secret its plans for interest rate changes, told Reuters data security was the "highest priority" in the review it is undertaking before it becomes the euro zone's financial supervisor in November.

All data communicated to, from and within the ECB is stored on 'Darwin', the ECB’s document and records management system. Anyone who wants access must file a request through a designated security manager at a national financial supervisor, and the central project management office must approve.

"All Comprehensive Assessment data is classified as ECB-Confidential, and access is limited to those who require it for project purposes," the ECB told Reuters in a statement, adding that the project "may be uprated soon to ECB-Secret".

Data about individual banks is stored on isolated servers within Darwin, and elevating it to Secret means access to the database, which is encrypted, is controlled by more senior people.

As well as staff at the ECB's newly created supervisory arm, much of the heavy lifting in the review is being done by private consultancy Oliver Wyman, which is acting as project manager.

"Oliver Wyman maintains strict processes to manage the confidentiality of proprietary client information as standard policy," the ECB said. "Each person working on the Comprehensive Assessment has signed additional confidentiality documents."

Oliver Wyman, whose staff work out of the ECB's Frankfurt premises and use ECB computers and must get security clearance from the ECB, declined to comment.

BEYOND THE FRANKFURT BUBBLE

The data worked on by the ECB and Oliver Wyman in Frankfurt is the final link in a project that spans the euro zone and beyond into countries where the banks have operations.

Almost all of the national supervisors producing information for the ECB have hired auditors to help them with the job, while many of the banks have also hired third parties.

They face a similarly strict list of requirements. Documents are typically reviewed on bank PCs, and any transfer of information to auditors' computers is severely restricted, people familiar with the process told Reuters.

Auditors that do store information in their own environments must prove that access controls are good enough to protect the information, the people added.

A source familiar with the process said data on individual banks is sent to national supervisors using encrypted emails through a specially secured channel. Both sides need keys to code and decode the data. Auditors send their work in the same way.

Deloitte's Keeble said there were also financial penalties built into the audit contracts to deal with data security breaches.

But even the most advanced technology protocols are only as strong as the weakest link in the chain.

“There’s a massive concern about somebody leaving a laptop in a pub,” as one source familiar with the tests put it.

(Editing by Will Waterman)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

Reuters Showcase

Artificial Intelligence

Artificial Intelligence

Google bolsters artificial intelligence efforts, partners with Oxford.  Full Article 

Addressing Concerns

Addressing Concerns

China's Xiaomi shifts some smartphone user data out of Beijing on privacy concerns.  Full Article 

New Email Service

New Email Service

Google launches new email service dubbed "Inbox".  Full Article 

Apple-1 Auction

Apple-1 Auction

Early Apple computer sells for $905,000 at auction.  Full Article 

No More Nokia

No More Nokia

Microsoft looks set to drop Nokia name from smartphones.  Full Article 

Deal Talk

Deal Talk

Apple ponders sapphire options, leaves door open for GT.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage