Thursday, March 11, 2010

HSBC Data Theft

BBC Reports:

About 24,000 clients of HSBC's private banking operation in Switzerland had personal details stolen by a former employee, the company has admitted.

In December, HSBC said that just 10 account holders were affected by the theft, which happened three years ago.

The information stolen concerns 15,000 accounts that are still active. Another 9,000 accounts have been closed since the theft.

HSBC says that it does not think the data can be used to access accounts.

"We deeply regret this situation and unreservedly apologise to our clients for this threat to their privacy," said Alexandre Zeller, chief executive of HSBC Private Bank (Suisse).

"We are determined to protect our clients' interests and are taking every necessary measure to do so, actively contacting all our clients with Swiss-based accounts," he said.

The former employee, Herve Falciani, who worked in HSBC's IT division, fled to France while under investigation in Switzerland.

French authorities subsequently seized the data, and then passed it to the Swiss Federal Prosecutor.

Switzerland's financial and banking regulator said it had launched "formal administrative proceedings against HSBC" over the security breach, adding that the stolen data was "extensive".

HSBC, which first learnt of a data breach in December 2008, said it had since invested 100m Swiss francs ($93.3m; £62.3m) to upgrade and improve the security of its data systems.

Mr Zeller said, however, that it was "still unclear how Falciani managed to steal the information".

He said that HSBC had only become aware of the extent of the leak after Swiss authorities received the information from France and then alerted the bank on 3 March.

HSBC said that the account holders were based in several European countries, including Britain.

Tax evasion

News of the theft comes as the US and some countries in Europe try to crack down on tax evasion through the use of overseas accounts.

In recent years there has been pressure on Switzerland and Liechtenstein to become more transparent about accounts held there.

This is thought to have led to some bank employees stealing account data and passing it to tax authorities.

In Germany, an anonymous informer has offered to sell data stolen from an unnamed Swiss bank to tax officials.

Previously, Germany bought similar stolen data about clients of a bank in Liechtenstein. Some of this information was handed to tax authorities in the UK, which is also thought to have paid for the data.

French tax authorities are thought to be investigating up to 3,000 of its nationals using bank accounts outside the country.

Government authorities have defended paying for stolen data as in the public interest. However, the practice has been strongly criticised.

The UK's Revenue & Customs (HMRC) office paid around £100,000 for information about its taxpayers with bank accounts in Liechtenstein, according to accountants UHY Hacker Young.

"Paying criminals for data stolen from banks is highly questionable," said the firm's tax partner, Roy Maugham.

"If people know that there is a market for this data, they will steal it in expectation that HMRC or another tax authority will hand over a six figure sum," he said.

Monday, January 25, 2010

Google vs. China

China has denied any state involvement in alleged cyber attacks on Google and accused the US of double standards. Read at BBC

Saturday, January 16, 2010

e-Governance Africa Forum

The theme for this year’s e-Governance Africa Forum has been set. Organizers, the Commonwealth Telecommunications Organisation (CTO), said the event will be held under the theme “Effective Governance, transparent public services and citizen empowerment through Information and Communication Technologies”.

The event, aimed at facilitating and promoting information and communications technology development through knowledge-sharing events, is scheduled for Maputo, Mozambique, from 23 to 25 March.

“At a time when ICTs are defining the way the world lives and conducts business, it is important for African governments to evolve themselves to meet the demands of changing trends in order to deliver effective services and to improve their citizenry.

“This also requires the formation of Public Private Peoples Partnerships to be geared towards achieving developmental goals through the application of ICTs to governance (e-governance/e-government), electoral processes (e-democracy), food and nutrition (e-agriculture), health delivery (e-health/telemedicine), learning and capacity development (e-education) and trade (e-commerce), among others”, CTO said.

CTO in conjunction with the ICT Ministry of Mozambique will be organising the 4th annual e-Governance Africa Forum where stakeholders in the sector will converge.

Article extracted from ITnewsAfrica

East African Mobile Communication market to reach $9 billion in 2015

The mobile communications markets of Kenya, Tanzania, Uganda and Rwanda, earned revenues of $2.62 billion in 2008 combined and are expected to deliver $8.99 billion in 2015, following the availability of cheaper handsets and network investments in this region............Read Article

Corporate Governance

We need to start a debate about how we build a stronger culture of long term commitment to sustainable company growth in this country, based on a strong compact between institutional shareholders and the corporate sector. On one hand we need a system that enables shareholders to discipline poor management. But we also need to give management some scope to plan and build without the excessive demands for quick returns that characterise too much modern public company ownership.

Takeovers provide a very clear test here - for all involved. Companies making acquisitions should set out transparently and publicly their long term plans for the assets they propose to acquire, including company headquarters, R&D sites and main plants. Although these remain commercial decisions, firms or investors should expect to brave the court of public opinion if they are motivated only by short term profit.


Look at the International Corporate Governance Network (ICGN) - Global Corporate Governance Princinciples of November 2009


The Principles are intended to be of general application around the world, irrespective of legislative background or listing rules. As global guidelines, they need to be read with an understanding that local rules and structures may lead to different approaches to these concepts. The core aspects of corporate governance are the accountability of board members to shareholders and alignment between the interests of management and investors.

internet banking & the northern rock bank run

The Northern Rock Bank run (a bank run occurs when a large number of bank customers withdraw their deposits because they believe the bank is, or might become, insolvent) - is just an emblematic illustration of how internet can accelerate the speed at which a bank run can occur since depositors in a uncoordinated manner can decide to transfer instantly their account to another bank. This case raises questions regarding the impact of internet banking on the way banks and banking authorities need to handle liquidity crisis:

1. the easy access to individual accounts created by internet banking makes depositors more tempted to test whether or not their bank is bank-run proof. These uncoordinated action may ultimately lead to an illiquidity problem that a bank can hardly predict. this situation has greater chance to occur take place under "troubled" times since depositors can reasonably doubt the "true" state of their bank.

2. as the information confirming the ailing state of the bank is released, the run takes place instantly. Network breaks down can still slow down the process a it has been the case for Northen Rock but it is reasonable to assume that this will improve in the near future.

3. the run has been limited to Northern Rock and started only when the leak from the BBC alarmed the public about the state of the bank. This shows despite the easiness of transferring accounts to another bank by internet banking depositors use that opportunity only when they have been directly informed about the fragile state of the bank. Moreover, there has not been any contagion to other banks. This proves that internet banking does not aggravate spillover effect despite the unfavourable banking context.

There are two related issues at stake here:

1. the uncoordinated "bank run" can jeopardize the of the solvent bank. Indeed in order to meet the withdrawals the targeted bank need to borrow quickly. The problem is that under troubled times, the conditions in the interbank market get tougher and the bank can end up not being able to borrow despite its solvent state because the other market participants prefer hoarding liquidity as a buffer. At that point the only alternative for the bank is to turn to the central bank in order to get the liquidity unavailable in the market. In that context the action of the central bank has to be prompt in order to stop the run on the targeted bank and its potential extension to other banks because of a general suspicion about the state of the banks. the difficult part for the central bank is to make sure the bank is turly illiquid but still solvent.

2. when the bank run concerns an ailing bank that financial troubles have finally been confirmed to the public, the action taken by the central bank as the lender of last resort in agreement with the banking authorities must be prompt. In particular, this requires from the central bank to have a consistent view of its role as a lender of last resort. It needs to avoid the king of confused behaviour the Bank of England demonstrated with Northern Rock. To begin with, if the targeted bank is retained to be truly solvent but just illiquid, the central bank needs to give its unconditional support to the bank in order to stop the run. Unconditional support means that it should accept any good collateral in exchange of the emergency loan priced at a fair rate even if it includes a penalty. On that occasion the central bank can temporarily broaden the range of eligibleassets.

This unconditional support sends a reassuring signal to the interbank market, allows the bank to face the massive withdrawals and maximises its chance to go back to normal business. In this case the prompt intervention of the central bank just confirms that the bank's problem wa just a liquidity problem. On the contrary, if the targeted bank is retained to face solvency issues like Northern Rock because of a deteriorated portfolio, the extent of the central bank action depends on whether or not it supports a policy of "too big to fail" and the risk of contagion that the bank represents. In any case if the central bank retains that the bank cannot fail, it needs to take prompt action as well in order to stop the bank run that would otherwise precipitate the bankruptcy of the targeted bank.

3. there is another alternative to prevent instant bank run because of internet banking; the banking authorities could decide to offer full coverage of all retail deposits without any limit. Indeed the case of Northern Rock shows that if retail individual depositors had been insured on a full coverage basis, they would not had ran the bank in the first place. The main drawback with full coverage is that it may undermine the incentive for "big" retail depositors to monitor their bank.

In conclusion, the case of Northern Rock Bank shows that the inconsistency of the Bank of England policy led to the initial bank run and that because it persisted in that direction it further led to the bank's bankruptcy. Internet banking did not cause the failure of the bank bu tit certainly accelerated the fall of the bank. This calls for a greater consistency of the central bank role as a lender of last resort since internet banking drastically reduces not only the lag between "the bad news" and the effective bank run but makes it easier for depositors to check if their bank is run proof during troubled times.

Indeed the creation of the lender of last resort facility and the deposit insurance in most of the countries since the last century eliminated traditional panics. To that respect the Northern Rock bank case has been a dramatic episode that reminded the old times with people queuing at the bank's branches even though the run started electronically. What the Northern Rock bank's failure taught us is that despite the existence of lender of last resort and deposit insurance scheme, market participants and individual depositors in particiular do not like confusing messages during certain times. With the access to internet banking services, confusion can have a devastating impact since the reaction of the public is instanteneous and leaves more room for uncoordinated action. Therefore, initial temporary liquidity shortage may become quickly major and permanent liquidity shock since interbank markets participants may hoard liquidity for precautionary reason. At that point the prompt corrective action of the monetary authorities is crucial if their objective is to avoid major failures due to liquidity shortage. Under these circumstances the lender of last resort should lend uncondtionally against good collateral to the banks avoid its extension to other banks. If it turns out that some illiquid banks happen to be insovent as well and do not hold good portfolios, the monetary authorities in agreement with the banking authorities need to decide whether or not they are ready to endorse the consequences of a "too big to fail" policy if they retain the banks "too big to fail". To that regard the Northern Rock bank case and generally speaking the crisis offers a unique opportunity to the authorities to give a clear understanding of the role they intend to play in the future.