Société Générale outlines plans to improve IT security

French bank Société Générale (SocGen) has outlined plans to improve IT security following the...

French bank Société Générale (SocGen) has outlined plans to improve IT security following the illicit activities of employee Jerome Kerviel, which cost the company £3.6bn.

Kerviel, a low-ranking trader, took huge gambles with the bank's money, using his knowledge of SocGen's back-office systems to avoid detection.

The bank has identified the need to address weaknesses in its IT infrastructure as part of its two-year "transformation plan". It is spending about £80m, including significant investments in IT, a report from the SocGen board of directors, published last week, revealed.

Making the right IT security noises will be vital to help the bank rebuild its reputation.

"Clearly when a firm of this size experiences an issue of this magnitude it is important that it is seen to be at the forefront of putting in place the correct technology and processes to restore faith," said PJ Di Giammarino, chief executive at financial services think tank JWG-IT.

SocGen's IT security improvements are designed to prevent unauthorised activity by employees. They will contribute to a "considerable workload" for the overall programme of improvements, which has 200 dedicated staff working on it.

"The capacity of the IT department to respond to all of the demands will be a determining factor in the programme's success," said SocGen.

The bank plans to introduce biometric technology to ensure that users of the most sensitive systems are authorised to use them. It will also introduce a policy to regularly change passwords for sensitive applications. These will prevent traders accessing systems in the back-office, which could be manipulated to cover unauthorised activity.

The magnitude of the losses caused by Kerviel have put SocGen in the public gaze and have led to a major change in how the bank, and its competitors, secure highly sensitive applications.

"During good times investment banks tend to overlook things like IT security, but market corrections illustrate these weaknesses," said Bob McDowell, analyst at TowerGroup.

Read more on IT risk management