Banks yesterday were fielding calls from rich clients and reassuring them on the safety of their data following the shocking report that hundreds of StanChart clients' data had been stolen.
On Thursday, Standard Chartered revealed that 647 bank statements of private bank clients had been found on a computer belonging to alleged hacker James Raj Arokiasamy. The statements were stolen in March from one of the servers at Fuji Xerox Singapore, which prints these statements for StanChart's private bank customers.
The incident has also raised the issue of the security surrounding client data especially if it is outsourced to third parties. Banks were quick to assure clients that they continually monitor the processes of these providers to protect against unauthorised access to client data.
Several banks including DBS, OCBC, Barclays, Citibank and Maybank outsource print services to third-party service providers, including printing of marketing materials, business stationery, statements and advices.
But giant private banks like Switzerland's UBS and Credit Suisse do not. Interestingly, Bank of Singapore, whose parent is OCBC, also keeps the functions in-house.
"Ensuring that data is secure is a central topic at UBS," said bank spokeswoman Rachel Lin. "All our client statement printing is done in-house within the bank's premises in Singapore.
"All data remains within UBS infrastructure at all times. At no point in the production process is data transferred externally to a third-party vendor," she added.
UBS is the biggest private bank in Asia.
"We have in place clear policies, stringent monitoring system and access controls to ensure data security throughout the lifecycle of the information we handle - from creation and classification, to handling and processing, to dispatch and transport, to storage and, finally, to destruction of information," said Ms Lin.
"All Credit Suisse client statements are printed in-house using the bank's own infrastructure and on its own premises," said a bank spokeswoman.
"Bank of Singapore does not outsource printing of any materials containing customer information. All our customer statements are printed in-house," said chief executive Renato de Guzman.
Denis Malone, OCBC Bank head, group operations, said customers' data confidentiality is very important to the bank and measures are put in place to protect customers' data and information.
He said: "Outsourcing of our operations is done very selectively with the bulk of them performed internally. However, whether the operation is done internally or outsourced to a third party, we exact the same high standards required to protect and secure our customers' data and information."
DBS Bank, the largest bank in South-east Asia, also uses outside vendors. In Singapore, the vendor is not Fuji Xerox but BT understands that DBS Bank (Hong Kong) uses a subsidiary of Fuji Xerox, Fuji Xerox Document Management Solutions Asia Ltd (FXDMS), for selected customer communications.
It is a different legal entity and there is no indication of any compromise of FXDMS's systems in Hong Kong, said a source.
BT understands also that the bank has fielded some calls from clients asking about data confidentiality.
"All the bank's outsourcing arrangements are managed under stringent risk controls that are compliant with regulations and local laws," said a DBS spokeswoman.
"We also conduct regular reviews of our outsourcing policies and work closely with our vendors to review their respective security processes. There is no indication that any customer data has been compromised," she said.
StanChart itself had calls from other customers and has reassured them that the incident does not impact them, a bank spokeswoman said.
But she declined to provide any information on the communications between the private bank clients and the bank about the case.
Ian Williams, HSBC Singapore's chief risk officer, said: "We cannot say or do anything that may potentially put our customers at risk. Therefore, we cannot talk about how or what we do, or which vendors we work with."