The issue of the confidentiality of client data has been in the spotlight over the last few years. The Swiss Financial Market Authority (FINMA) has reacted by revising its circular letter “Operational risks for banks 2008 / 21”, which came into effect on 1 January 2015. Dealing with the risks associated with electronic client data has now been reformulated in appendix 3 of the circular.
The LLB Group has applied the new standards. These criteria include the documentation and classification of client identifying data (CID), the inventory of the data storage location and data access, structured risk control processes and the training of personnel who have access to client identifying data. The LLB Group has undertaken to continually adapt its security standards to suit market practice.
The amount of data that banks receive, analyse and store is increasing exponentially. On the one hand this includes client data such as the documentation requirements stipulated by the EU directive concerning the markets for financial instruments (MiFID II). On the other, digitalised data is received from business transactions with clients, as well as data generated by the expansion of communication via online channels. Furthermore, more data is processed because of the stricter risk management systems for the overall bank as well as by the legally stipulated stress tests.
The continual adaption of security infrastructure as well as of the monitoring and analysis systems, together with the training of staff form the foundation for the comprehensive protection of the information entrusted to us.
Data security has a vital role to play in banking business. Information processing systems, which guarantee confidentiality, availability and integrity, also protect against risks and threats, as well as help to avoid damage. The LLB Group’s data center has one of the highest security standards in the region (see chapter “Responsibility for society and the environment”).
We make strict demands with respect to the protection of client data. Increasingly stringent legal provisions set down clear guidelines. Dealing responsibly with client data is an integral part of the LLB’s corporate culture. The Group Information Security Department implements and maintains our information security programme. The principles governing this function are set down in groupwide directives. We are guided by the laws and regulatory provisions applying in Liechtenstein, Switzerland and Austria as well as the specific stipulations and situations in our target markets. The Group Information Security Department introduced all the employees of the LLB Group companies into the role and importance of information security and organised a range of training courses and controls in 2015. In the current year, even more active training plans have been formulated in order to raise the awareness of our staff to the significance of information security in future developments. In 2015, the Group Information Security Department received no warning reports from the persons responsible for data protection in the Group companies.