Share

Protecting European bank test data from leaks

London - It would be an insider trader's dream to know ahead of time which of Europe's banks will fail or need more capital, and all that data will be stored somewhere in cyberspace as the European Central Bank assesses the euro zone's top banks.

The chances of a leak are multiplied by the thousands of consultants who will work on data for the ECB's Comprehensive Assessment of the currency bloc's most important 128 banks, which include household names like Deutsche Bank and Santander along with national champions Bank of Cyprus and Bank of Valletta.

"It (data security) is of enormous concern," said Dan Keeble, a London-based partner at Deloitte, which is working on part of the ECB's assessment, an Asset Quality Review (AQR) for the euro zone's 13 largest banks and some smaller ones.

"Aside from the fact that much of the information required to conduct the AQR is commercially sensitive to individual banks, details of the conclusions regarding the AQR have the potential to be market influencing, and could damage financial stability."

That is why the consultants working on the centralised data - US firm Oliver Wyman - cannot cut and paste, take screenshots or print out the data they are working on. And they will only have access to their part of the project, and only for as long as it takes to complete their task.

Thousands of other consultants working on individual banks face similar restrictions. Anyone caught leaking the information risks a hefty jail sentence, and the ECB said all access to the data is monitored, so users can be traced.

Highest priority

The ECB, long used to holding sensitive data about its market operations and keeping secret its plans for interest rate changes, told Reuters data security was the "highest priority" in the review it is undertaking before it becomes the euro zone's financial supervisor in November.

All data communicated to, from and within the ECB is stored on 'Darwin', the ECB's document and records management system. Anyone who wants access must file a request through a designated security manager at a national financial supervisor, and the central project management office must approve.

"All Comprehensive Assessment data is classified as ECB-Confidential, and access is limited to those who require it for project purposes," the ECB told Reuters in a statement, adding that the project "may be uprated soon to ECB-Secret".

Data about individual banks is stored on isolated servers within Darwin, and elevating it to Secret means access to the database, which is encrypted, is controlled by more senior people.

As well as staff at the ECB's newly created supervisory arm, much of the heavy lifting in the review is being done by private consultancy Oliver Wyman, which is acting as project manager.

"Oliver Wyman maintains strict processes to manage the confidentiality of proprietary client information as standard policy," the ECB said. "Each person working on the Comprehensive Assessment has signed additional confidentiality documents."

Oliver Wyman, whose staff work out of the ECB's Frankfurt premises and use ECB computers and must get security clearance from the ECB, declined to comment.

Beyond the bubble

The data worked on by the ECB and Oliver Wyman in Frankfurt is the final link in a project that spans the euro zone and beyond into countries where the banks have operations.

Almost all of the national supervisors producing information for the ECB have hired auditors to help them with the job, while many of the banks have also hired third parties.

They face a similarly strict list of requirements. Documents are typically reviewed on bank PCs, and any transfer of information to auditors' computers is severely restricted, people familiar with the process told Reuters.

Auditors that do store information in their own environments must prove that access controls are good enough to protect the information, the people added.

A source familiar with the process said data on individual banks is sent to national supervisors using encrypted emails through a specially secured channel. Both sides need keys to code and decode the data. Auditors send their work in the same way.

Deloitte's Keeble said there were also financial penalties built into the audit contracts to deal with data security breaches.

But even the most advanced technology protocols are only as strong as the weakest link in the chain.

"There's a massive concern about somebody leaving a laptop in a pub," as one source familiar with the tests put it.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.94
-0.2%
Rand - Pound
23.91
-0.1%
Rand - Euro
20.43
+0.2%
Rand - Aus dollar
12.34
+0.1%
Rand - Yen
0.13
-0.2%
Platinum
910.50
+1.5%
Palladium
1,011.50
+1.0%
Gold
2,221.35
+1.2%
Silver
24.87
+0.9%
Brent Crude
86.09
-0.2%
Top 40
68,346
+1.0%
All Share
74,536
+0.8%
Resource 10
57,251
+2.8%
Industrial 25
103,936
+0.6%
Financial 15
16,502
-0.1%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders