Data leak reinforces importance of due diligence for regulated financial bodies

Recent developments around the data leak at Credit Suisse brings into sharp focus, once again, the role being played by regulated financial institutions and governments in the global fight against fraud.

Documents leaked by a disgruntled (former) employee of Credit Suisse showed details of 30,000 accounts linked to the bank’s customers, relating to assets worth £80 billion. The leak points to widespread failures to carry out adequate due diligence as the bank opened and maintained accounts for a number of high-risk clients and convicted criminals across the world.

This is not just a national problem, as the bank has clients in 120 jurisdictions, and could lead to a host of criminal investigations and prosecutions being brought against not just the individual client customers who may have stolen funds from these jurisdictions, but the bank as well who may have breached anti-money laundering laws.

This is not the first time that Credit Suisse has been in the news. These developments follow reports that it became the first major bank to face criminal charges relating to allegations that it helped launder money from the cocaine trade on behalf of the Bulgarian mafia.

The story will not only put focus on Switzerland’s notoriously secretive banking regime, but will lead to tighter controls and scrutiny in other countries with large financial sectors, such as the UK. In 2021, reported fraud in the UK leapt to £10 billion. The UK Government has recently confirmed that it has written off £6 billion in fraudulent “bounce bank” loans introduced during the global pandemic by the Government to assist businesses suffering financial difficulties. That news prompted the resignation of Lord Agnew, the Governments treasury minister and led to renewed scrutiny on the UK Government’s ability to enforce its own strict anti-fraud laws in the face of the continued influx of wealthy foreign nationals from known high-risk countries into the UK.

These developments signify an ongoing global shift towards corporate responsibility and robust self-governance. Once again, regulated financial bodies are reminded of the need not only to perform robust due diligence on new clients, but to continually reassess existing customers.

Another angle to this story is that the bank has responsibility to keep its clients’ personal information secure and what national or European laws it may have breached in that regard. Whilst many institutions are required to treat customers’ personal data carefully, once it has been leaked it is impossible to “put the genie back in the bottle”. Many of the 30,000 clients whose details have been leaked are legitimate customers. It will be interesting to see if any of those customers attempt to sue Credit Suisse under existing data privacy laws.