Credit Suisse is leaving no stone unturned under Tidjane Thiam, turning to innovative ideas to reverse the embattled Swiss bank's fortunes. But success is elusive, as two recent examples show.
Earlier this year, Credit Suisse sought to farm out risk from potential losses such as rogue traders and cybercrime in a catastrophe bond-like product to bond investors earlier this year.
Thiam's plan was to sell 4.2 billion Swiss francs of the novel products to bond investors, hedge funds and asset managers.
Dismal Bond Result
But the idea fell flat: Credit Suisse only sold 220 million francs of the products, well short of the 660 million francs it had hoped to in order to help fill its gap in capital.
Another idea was to start a joint venture with Palantir Technologies, a prominent Silicon Valley data analysis firm, called Signac, designed to identify potentially criminal or rogue employees before they can wreak financial havoc on the bank.
Next Was a Nightmare
After Palantir's software delivered favorable results at its investment bank, Credit Suisse decided to deploy it to its private bank as well.
What happened next is the nightmare of any information technology and security firm specialized in financial services: professional hackers hired by Palantir to test its own defenses last fall found huge holes exposing customer data, according to an investigation by «Buzzfeed News» based on a confidential report of the hack.
In a typical scenario, professional data intruders identified as a «red team» are pitted against a firm's own security systems – or «blue team» – in order to identify weaknesses and loopholes that could compromise the firm in the event of an actual attack.
In this case, Palantir's defenses were deemed vulnerable to even a low-level breach by hackers and potentially compromising «critical systems and sensitive data, including customer-specific information», cyber-security firm Veris Group concluded according to a document dated October 2015 and seen by «Buzzfeed».
Revelation Does Not Bode Well
Veris recommended that Palantir take steps to improve its data security «immediately» after gaining complete control of the security firm's domain.
The revelation doesn't bode well for Credit Suisse, which began working with Palantir to root out rogue traders, after UBS lost $2 billion as a result of unauthorized trades placed by London trader Kweku Adoboli.
Credit Suisse set up a joint venture with Palantir, Signac, earlier this year and plans to expand the partnership to monitor all employee behavior, catch breaches of conduct rules, and eventually offer the service to other banks.
Hacks Staged Routinely
Palantir told «Buzzfeed» that the findings were old and had since been resolved. «Our systems and our customers’ information were never at risk. As part of our best practices, we conduct regular reviews and tests of our systems, like every other technology company does» a spokeswoman for Palantir told «Buzzfeed».
To be sure, the point of Palantir's exercise with an outside cyber-security firm is to identify and root out potential weak spots in its systems and processes in order to better defend itself against an actual attack.
According to security experts, cyber-security is a near-constant game of brinkmanship in which preventive measures by banks target the channels that potential hackers seek into banks, while hackers home in on additional security measures taken by banks.
