At Kinamik we firmly believe that guarantying the trustworthiness (read: integrity) of any set of data used in a GRC implementation will very soon become a key requirement. There are many elements that show us that this is particularly true (you can read about it here and here). All these elements could be seen as a “positive” proof that reinforces our view. But not all of the signs out there are positive… quite the opposite.
We are already seeing an increasing number of data manipulation scandals on front pages, and it is fair to think that many more are to come. So we have decided to participate in this public debate by commenting each time we hear about one of these cases.
The first post of this Wall of Shame series goes to the recent $350 million (265 million euro) Lloyds TSB agreed to pay to the US authorities after being charged of tampering and falsifying records so Lloyds TSB clients from Iran, Sudan and Libya could do business within the US banking system. By doing these modifications in the records Lloyds was violating the International Emergency Economic Powers Act, which allows blocking commerce with countries that were deemed a threat to the United States.
According to US prosecutors, the bank’s misconduct took place for over 12 years, between 1995 and 2007. Lloyds’ actions -known as stripping- meant faking or completely erasing information such as customer names, bank names and addresses so wire transfers can go undetected through filters at the US banks.
Lloyds TSB declared that they fully cooperated in the investigation, and said that they were “committed to running our business with the highest levels of integrity and regulatory compliance across all of our operations, and have undertaken a range of significant steps to further enhance our compliance programs”.
Indeed, an enhancement in their compliance program could have prevented the tampering of these electronic records by Lloyds’ employees. In fact, one the best ways of actually improving a compliance program is by making electronic records tamper-evident, so they could be unquestionably trustworthy, like the Kinamik Secure Audit Vault. By having this kind of system in place, a simple check-up on audit data may have detected that there was something wrong, and these kinds of actions would not have been undetected for over 12 years.
You can read more about this case here.