Protecting European bank test data from lucrative leaks

LONDON/FRANKFURT Sun Jun 1, 2014 2:17pm IST

Related Topics


Border Security Force (BSF) soldiers ride their camels as they rehearse for the "Beating the Retreat" ceremony in New Delhi January 27, 2015. REUTERS/Ahmad Masood

"Beating The Retreat" Rehearsals

Rehearsals are on for "Beating the Retreat" ceremony which symbolises retreat after a day on the battlefield, and marks the official end of the Republic Day celebrations.  Slideshow 

LONDON/FRANKFURT (Reuters) - It would be an insider trader's dream to know ahead of time which of Europe's banks will fail or need more capital, and all that data will be stored somewhere in cyberspace as the European Central Bank assesses the euro zone's top banks.

The chances of a leak are multiplied by the thousands of consultants who will work on data for the ECB's Comprehensive Assessment of the currency bloc's most important 128 banks, which include household names like Deutsche Bank and Santander along with national champions Bank of Cyprus and Bank of Valletta.

"It (data security) is of enormous concern," said Dan Keeble, a London-based partner at Deloitte, which is working on part of the ECB's assessment, an Asset Quality Review (AQR) for the euro zone's 13 largest banks and some smaller ones.

"Aside from the fact that much of the information required to conduct the AQR is commercially sensitive to individual banks, details of the conclusions regarding the AQR have the potential to be market influencing, and could damage financial stability."

That is why the consultants working on the centralised data - U.S. firm Oliver Wyman - cannot cut and paste, take screenshots or print out the data they are working on. And they will only have access to their part of the project, and only for as long as it takes to complete their task.

Thousands of other consultants working on individual banks face similar restrictions. Anyone caught leaking the information risks a hefty jail sentence, and the ECB said all access to the data is monitored, so users can be traced.


The ECB, long used to holding sensitive data about its market operations and keeping secret its plans for interest rate changes, told Reuters data security was the "highest priority" in the review it is undertaking before it becomes the euro zone's financial supervisor in November.

All data communicated to, from and within the ECB is stored on 'Darwin', the ECB’s document and records management system. Anyone who wants access must file a request through a designated security manager at a national financial supervisor, and the central project management office must approve.

"All Comprehensive Assessment data is classified as ECB-Confidential, and access is limited to those who require it for project purposes," the ECB told Reuters in a statement, adding that the project "may be uprated soon to ECB-Secret".

Data about individual banks is stored on isolated servers within Darwin, and elevating it to Secret means access to the database, which is encrypted, is controlled by more senior people.

As well as staff at the ECB's newly created supervisory arm, much of the heavy lifting in the review is being done by private consultancy Oliver Wyman, which is acting as project manager.

"Oliver Wyman maintains strict processes to manage the confidentiality of proprietary client information as standard policy," the ECB said. "Each person working on the Comprehensive Assessment has signed additional confidentiality documents."

Oliver Wyman, whose staff work out of the ECB's Frankfurt premises and use ECB computers and must get security clearance from the ECB, declined to comment.


The data worked on by the ECB and Oliver Wyman in Frankfurt is the final link in a project that spans the euro zone and beyond into countries where the banks have operations.

Almost all of the national supervisors producing information for the ECB have hired auditors to help them with the job, while many of the banks have also hired third parties.

They face a similarly strict list of requirements. Documents are typically reviewed on bank PCs, and any transfer of information to auditors' computers is severely restricted, people familiar with the process told Reuters.

Auditors that do store information in their own environments must prove that access controls are good enough to protect the information, the people added.

A source familiar with the process said data on individual banks is sent to national supervisors using encrypted emails through a specially secured channel. Both sides need keys to code and decode the data. Auditors send their work in the same way.

Deloitte's Keeble said there were also financial penalties built into the audit contracts to deal with data security breaches.

But even the most advanced technology protocols are only as strong as the weakest link in the chain.

“There’s a massive concern about somebody leaving a laptop in a pub,” as one source familiar with the tests put it.

(Editing by Will Waterman)


After wave of QE, onus shifts to leaders to boost economy

DAVOS, Switzerland - Central banks have done their best to rescue the world economy by printing money and politicians must now act fast to enact structural reforms and pro-investment policies to boost growth, central bankers said on Saturday.

Apple Earnings

Reuters Showcase

ONGC Share Sale

ONGC Share Sale

ONGC share sale scheduled for this fiscal - oil minister  Full Article 

The Apple logo is pictured inside the newly opened Omotesando Apple store at a shopping district in Tokyo June 26, 2014. REUTERS/Yuya Shino/Files

Record Earnings

Apple iPhone sales trample expectations as profit sets global record  Full Article 

'Umrika' At Sundance

'Umrika' At Sundance

From Oscars to Sundance, Sharma and Revolori discuss India's 'Umrika'  Full Article 

Australian Open

Australian Open

Smooth Wawrinka, ill Serena through to Melbourne semis   Full Article 

India's Male Tenor

India's Male Tenor

India's lone male tenor aims to sing opera in local key  Full Article 

Japan Hostages

Japan Hostages

Mother of Japanese captive begs PM to save son held by Islamic State  Full Article 

Tripoli Attack

Tripoli Attack

Frenchman, American among those killed in Tripoli hotel attack - Libyan official.  Full Article 

U.S. Blizzard

U.S. Blizzard

Blizzard hits Boston and New England, spares New York despite forecasts.  Full Article 

Spying Row

Spying Row

Spying program leaked by Snowden is tied to campaign in many countries.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device  Full Coverage