Australia and New Zealand Banking Group is revamping staff access to computer systems to make sure it is protected from potential fraudulent activity such as the EUR5 billion Societe Generale rogue trading scheme. The bank is pursuing the Staff Identity Access Management program, which is designed to tighten controls over the access privileges of employees and ensure that those privileges are revoked when people change jobs within the company or resign.
"Most people are familiar with the Jerome Kerviel situation in Societe Generale. He started as a clerk in the back office at Societe Generale with a variety of different access privileges," ANZ security architect Adam Hergert said.
"Over five years . . . he became a trader and he undertook a number of unethical activities.
"But one of the things he did was leverage the privileges from his previous job to help him carry out some of the fraudulent activity."
French police have charged Mr Kerviel with breach of trust, fabricating documents and illegally accessing computers. A second Societe Generale employee was detained yesterday in relation to the rogue trading scheme.
Mr Hergert said the ANZ board pricked up its ears when it learned of the Societe Generale scandal in January and acted quickly to ensure that the bank was protected from similar fraudulent activities.
Efforts to rein in computer access privileges were already under way as part of the staff access program, or SIAM, he told the ID and Access Management Summit in Sydney yesterday.
SIAM has two main objectives: to reduce the risk of improper computer use and improve the efficiency of bank security systems.
"Risk reduction was really regarding risk that had been identified in relation to access that staff had to systems that they had accumulated over years of service within the bank," Mr Hergert said.
"This is not an uncommon situation for a large organisation and certainly there have been historically manual processes to keep this sort of thing in check.
"We only need to refer to organisations like Societe Generale to [find] situations where that's all gone bad and it's not actually that uncommon."
ANZ has about 2000 software applications and under the SIAM program it has reviewed the access its 37,000 workers have to the information systems.
The review found there were about 10 computer access accounts for every employee. "A portion of those were for people who had already left the bank," he said.
"One that we haven't quite got to yet in our roadmap is suspending access to IT systems while staff are on leave."
Companies needed to update their security processes, particularly when mergers or acquisitions added staff who might not yet have had their privileges properly vetted, Mr Hergert said.
* The bank has tightened control over who can access its software.
* A review showed that each worker had up to 10 access privileges.
* Some of them had left the company.
Fairfax Business Media
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.