Standard Chartered bank gets cyber-security expertise with former GCHQ chief Iain Lobban

Standard Chartered appoints UK security and intelligence organisation GCHQ former director Iain Lobban to its Financial Crime Risk Committee

Standard Chartered bank has appointed UK security and intelligence organisation GCHQ former director Iain Lobban to its Board Financial Crime Risk Committee.

Lobban was director of GCHQ from 2008 to late 2014, after serving as director general of operations from 2004 at the organisation. In his ten years at GCHQ he was involved in cyber security.

“Cyber security has been at the heart of Lobban’s role in recent years, during which he set new direction for innovative partnerships internationally, with the private sector and with academia,” said a Standard Chartered statement. 

As the director of GCHQ he attended weekly UK National Security Council meetings and was a member of the Joint Intelligence Committee.

He has been appointed by the bank for a two-year, renewable term.

The committee was announced in December 2014 as part of Standard Chartered bank’s strategic priority of combating financial crime.

Read more about cyber security in banking

Bank of England warns of complacency

Standard Chartered chairman John Peace said the bank is proud of the appointment. “He has served the UK government and the international intelligence community with great distinction for many years, and we look forward to having the benefit of his extensive experience as we advance our financial crime-fighting efforts.”

In a survey of 36 financial firms in the UK, the Bank of England revealed it found no immediate gaps in their IT defences of banks – but warned against complacency.

A senior Bank of England executive said the regulator will be going back to banks again to check improvements are made in certain areas.

In January 2015, Bank of England director Andrew Gracie said banks should be prepared for the highest-level security attacks, including state-sponsored intrusions. 

“Given the importance of these firms to the stability of the financial system, this implies a level of resilience that goes beyond basic cyber hygiene but aims instead to ensure that firms are in a position to manage advanced persistent threats that are the hallmark of some state-sponsored attackers," Gracie said.

He warned that cyber security should not be the responsibility of junior IT staff and company boards need to get involved.

Read more on Regulatory compliance and standard requirements