Major Security Problems at Baltic Bank Group

Documents discovered by EconoTwist’s confirms a major security problem at the Baltic Bank Group DnB NORD, owned by the Norwegian partly state-owned bank DnB NOR. According to a report by the Danish Financial Authority the Baltic bank group is lacking a sufficient IT security strategy, and do not meet the regulatory requirements for IT security in financial institutions. Other documents reveal a unique insight on how the US government are monitoring and controlling foreign bank activity.

DnB NOR Bank ASA New York Branch is prohibited from establishing, maintaining, administering, managing or engaging in a correspondent banking relationship, such as an account for or on behalf of all of the following entities:”

When DnB NORD was established in 2006, they were bragging about their new advanced, state-of-the-art,  technological solutions. Five years later the Financial Authority finds that there’s no fully implemented security policy, and that the Latvian-based bank group on several key business areas do not meet the regulatory requirements of IT security for financial institutions.

Now, that’s something you won’t find in the regular earnings reports from the Norwegian state controlled owner, DnB NOR.

The inspection was conducted by the Danish Financial Authority in October – December 2010, and the report is dated June 17. 2011.

Contrary to most reports of this kind, I have not been able to find an English version, but here’s the conclusions, translated from Danish:

  • “On inspection, the FSA its IT strategy and IT security policy, organizational issues, outsourcing, backup, contingency planning and systems development.”
  • “FSA’s assessment is that the bank in some areas do not meet the regulatory requirements for IT security for financial institutions.”
  • “The bank had not updated IT security and some key business times in relation to IT security is not fully implemented, the Bank has not secured a sufficient legal basis for controlling the main supplier and the reporting rate from this.
  • “The Bank also has a faulty IT security preparedness.”

And the Danish Financial Authority concludes:

“Based on the inspection, FSA have given the bank an order to undertake a risk assessment on the IT security area and prepare an IT security policy based on a current risk assessment. There are also given orders that the bank’s guidelines for outsourcing must follow the law in this area, and that the bank must develop an IT contingency plan.”

Now, let’s have a look at the English version of  the report:

No mention of the IT security problems. This reports the Danish Supervisory Authority examined the 13 largest credit exposures, and carries out spot checks on another 100 credit exposures to corporate- and retail customers.

Here’s the findings:

  • “In some cases we noted shortcomings in the calculation of the indication of impairment. In the opinion of the Supervisory Authority it had, however, no significant effect on the Group’s total impairment charges at the time of the inspection. Bank DnB NORD A/S has been ordered to strengthen the quality of the Lithuanian subsidiary bank’s impairment calculations.”
  • “Prior to the inspection the DnB NORD Group raised its solvency ratio to 13.2 percent. The increase was made as a consequence of discussions with the Supervisory Authority. The actual solvency is 13.5 percent.”
  • “The Supervisory Authority has instructed Bank DnB NORD A/S to have intensified focus on any changes in the financial situation in Lithuania or changes in the country’s legislation that might have influence on the Group’s impairment charges or solvency need.”
The US Instructions
Returning to the security issues:
The Baltic bank’s servers seem to be more or less wide open, and internal documents are available though a simple Google-search.
Below is some of the correspondence with US authorities, revealing the increasingly monitoring of, and control with, any foreign bank that directly or indirectly do business in the US, or with US corporations:
The US Customer Identification Program:
Special Measures
Unlawful Internet Gambling

This is just some examples of the documents I’ve been able to pull out of the DnB NORD system. I’m about to look into the rest, and analyze the importance of these.

I’ll keep you posted!

1 Comment

Filed under International Econnomic Politics, Laws and Regulations, National Economic Politics, Technology

One response to “Major Security Problems at Baltic Bank Group

  1. Pingback: Fortune 500 Companies Leaked 20GB of Sensitive Information | EconoTwist's