What the Swiss HSBC leak means for the future of banks and data security

The leak of 30,000 accounts from HSBC's Swiss Private Bank raises new concerns for banking and data security. We ask an expert what to expect.

Last week, a conglomerate of journalists spilled the money-colored, corruption-rife guts of HSBC’s Swiss Private Bank, leaking information from 30,000 accounts held by celebrities and captains of industry alike. The 30,000 accounts stitch together a story of $120 billion in assets hidden from tax authorities and the bank’s implicit role in the scandal. It reads like the sort of spy paperback you’d find in a cottage country supermarket spindle. In case you’ve been hiding in a bunker, here’s what happened.

In 2006-2007, Franco-Italian computer engineer and HSBC employee, Hervé Falciani, began surreptitiously extracting account details. In 2008, he got arrested in Geneva but escaped to France while on bail. French authorities refused to extradite, and over the course of the next few years some bank managers were given top government posts. Belgium, Argentina and France levied charges at HSBC in November. The whole mess came to a head when – after months of sharing information via encrypted chat rooms and securely over the cloud – The Guardian, Le Monde, BBC Panorama and the International Consortium of Investigative Journalists banned together and opened the floodgates.

It’s a colossal leak, unprecedented even, but certainly not shocking. Swiss bank accounts have seemingly always held a surreptitious meaning, a colloquialism used by Bond villains and movie gangsters for the vaults they stash their riches in to evade taxes. It was a joke we were all in on.

Unfortunately, account holders like Australian supermodel Elle MacPherson and American actor Christian Slater aren’t laughing after seeing there names listed next to alleged arms brokers like Aziza Kulsum Gulamali from Burundi and South African Fana Hlongwane.

Ultimately, this leak is just the tip of the iceberg, says Jean-Philippe Vergne of the Ivey School of Business.

“If you look at the amount hidden by HSBC – $200 billion over two years, 2006 and 2007, that’s $100 billion a year,” says Vergne.

But a study commissioned by Tax Justice Network in 2012 surmises that extremely wealthy have a collected $21 trillion hidden in secretive offshore accounts.

“Sure, now we know a little bit more about how one bank in one year can manage the flow of $100 billion,” says Vergne. “But that’s less than one percent of the total, so where’s everything else? Where is the other missing 99 per cent?”

But there’s another overarching story here, he says. A tale of the changing paradigm surrounding the way we communicate and the way we protect our data both on a personal and corporate level.

“I think implications from this case as well as the recent Sony hack case – which in many ways is comparable – shows that the traditional boundary between what happens inside the firm with certain standard levels of secrecy and what happens outside are disappearing,” says Vergne, who teaches a course on how piracy is reshaping capitalism.

He believes that Firms both large and small need to come to terms with the idea that anything happening inside the walls of the business – email exchanges, conversations, memos – could easily be made public in the event of a hack.

“There’s a very strong movement across society at the global level that pushes these transparency standards and basically uses transparency as a weapon to push the ethical standards of corporations and governments,” he says. “This is exactly the value proposition of whistle blowing.”

But like the well-touted idiom of hiding cash in Swiss banks, cyber espionage, whistleblowing and leaks are nothing new. They’re just becoming more public as a generation of smartphone touting, social media-obsessed watches intrigued, chewing at their nails and seeing a little bit of their own disregard for cyber-security reflected back at them.

And it’s not just the dirty little secrets. Even common business practices, details surrounding deals, and trade secrets are being exposed, says Vergne.

He points to the Sony case with its leaked salary lists and personal exchanges between employees. If the emails had been encrypted and protected, the public embarrassments and firings of top execs wouldn’t have even taken place.

“Any employee can become a whistle blower and there’s no way to know who might do it and who might not do it,” adds Vergne. “(But if firms) want to maintain a certain level of secrecy they have up their game when it comes to cyber security and email encryption.”

Andrew Seale

Andrew Seale is a Toronto-based business writer who contributes frequently to Yahoo Canada Finance, The Globe and Mail's Report on Business and The Toronto Star.