French bank Société Générale (SocGen) has outlined plans to
improve IT security following
the illicit activities of employee Jerome Kerviel, which cost the
company £3.6bn.
Kerviel, a low-ranking trader, took huge gambles with the bank's
money, using his knowledge of SocGen's back-office systems to avoid
detection.
The bank has identified the need to address weaknesses in its IT
infrastructure as part of its two-year "transformation plan". It is
spending about £80m, including significant investments in IT, a
report from the SocGen board of directors, published last week,
revealed.
Making the right IT security noises will be vital to help the
bank rebuild its reputation.
"Clearly when a firm of this size experiences an issue of this
magnitude it is important that it is seen to be at the forefront of
putting in place the correct technology and processes to restore
faith," said PJ Di Giammarino, chief executive at financial
services think tank JWG-IT.
SocGen's IT security improvements are designed to prevent
unauthorised activity by employees. They will contribute to a
"considerable workload" for the overall programme of improvements,
which has 200 dedicated staff working on it.
"The capacity of the IT department to respond to all of the
demands will be a determining factor in the programme's success,"
said SocGen.
The bank plans to introduce biometric technology to ensure that
users of the most sensitive systems are authorised to use them. It
will also introduce a policy to regularly change passwords for
sensitive applications. These will prevent traders accessing
systems in the back-office, which could be manipulated to cover
unauthorised activity.
The magnitude of the losses caused by Kerviel have put SocGen in
the public gaze and have led to a major change in how the bank, and
its competitors, secure highly sensitive applications.
"During good times investment banks tend to overlook things like
IT security, but market corrections illustrate these weaknesses,"
said Bob McDowell, analyst at TowerGroup.