The involvement of WikiLeaks in the private banking industry is likely to lead to as big a clampdown in practices among such banks as it is likely to do in the field of diplomacy.

When the sacked Julius Baer employee Rudolf Elmer was convicted by a Swiss court last week for the crimes of breaching bank secrecy and “coercion”, it underlined how the privacy that people supposedly pay good money for in wealth management is under attack as never before. And the attacks are not just a problem for Swiss banks – the whole sector needs to review how it can guard against bankers “going rogue”.

Two days before he received what some might regard as a mild punishment for these offences – prosecutors wanted the man jailed – Elmer announced in a press conference that he had passed a CD containing names and details of thousands of Julius Baer clients to WikiLeaks, the “whistleblower” site. Private bankers who may have enjoyed the red faces of politicians after WikiLeaks published confidential diplomatic messages last year are not laughing now that their own business is in the firing line.

After all, this is not the first occasion that WikiLeaks has published private client account data. In the summer of 2009, details of clients at Kaupthing, the now-defunct Icelandic bank that was hit by the financial panic of 2008, were disclosed. 

The Julius Baer issue is arguably more serious because governments, such as the German one, have offered to pay for stolen data, creating an incentive for bankers to break client confidentiality. A number of Swiss banks, or banks with Swiss operations, such as HSBC in Geneva, have been hit by disgruntled former employees taking client data and then sending it to national authorities, in some cases for a price. And not just Switzerland: in 2002, data from Liechtenstein's LGT was leaked; it was later sold to the German authorities.

However, the involvement of WikiLeaks takes this problem to a new level. It is not reassuring to be told by Julian Assange, the founder of WikiLeaks, that a team of his fellow “WikiLeakers” are scrutinising the CD before handing over some information. Who gave them, or indeed the mercurial Assange, the right to decide whether to hand over such material or in what quantities? It may be true that some of the clients whose data is now in the public domain may have been up to no good. But a large number of these accounts were held by people making legitimate use of a long-established Swiss banking system, in some cases concealing wealth from rapacious governments. (This is why bank secrecy is not a black and white issue).

Speaking personally as a financial journalist with more than 20 years in the media business, including a stint as a crime reporter, I also wonder about the ethics of how WikiLeaks acts. I learned that if you are told by a source that X or Y has a supposedly illicit offshore bank account, the least that you should do is to contact not just the bank, but the account holder, and try and get a comment. That is how this publication seeks to operate, and we pride ourselves on that. But this is not, as far as I can tell, how WikiLeaks operates, although it may start to change (it has already redacted some leaked data on other issues in the recent past). It tends to put out information with as little editorial filtering as possible and only at that point would any other news organisation then try and contact the parties concerned. According to a recent article in Vanity Fair magazine, for example, WikiLeaks dealt with the Guardian newspaper over a certain story, although the relationship between the website and UK newspaper has proven to be a decidely awkward one, at least if the Vanity Fair version of events is accurate.

WikiLeaks should be open itself on how it interacts with the organisations it embarrasses. (On Friday, 21 January, I sent an email to WikiLeaks seeking clarification on its methods; so far, I have received a brief email reply saying that it is being deluged with messages and will take time to reply. We shall see.) 

How to respond

So what should banks do about this? I think they will probably react by taking even more rigorous steps to vet potentially “rogue” staff. I know of several firms that work on making due diligence checks into the background of wannabe private bankers, ranging from checking resumés to making background searches to establish more general points. But I would expect this sort of work to extend to checks on staff while they are in employment as a sort of ongoing procedure. It could be irksome – but most upstanding private bankers will understand the reasons for this activity.

I would also hope that rogue bankers who leak data and threaten to dump reams of information into the public domain, particularly if the leaks affect innocent parties, are properly punished. The SFr7,200 ($7,517) fine meted out to Elmer seems light given the scale of the offence and the threats he is said to have made to his bank. The Zurich court’s actions will not deter bankers hoping to make a fat fee by selling data. (As I point out below, bankers are, however, obliged to set aside client confidentiality and inform the authorities about suspected money laundering).

The risk of data leaks in future may also deter some organisations from some forms of outsourcing of administration. Developments such as "cloud computing", whereby firms no longer perform all their IT operations in-house but operate via the "cloud" of the internet, could be hobbled by fears about what happens to client security. And remember that governments themselves have had their share of security breaches relating to citizens' personal details, such as in 2007 when it was reported that data on 25 million people was lost by HM Revenue & Customs in the UK.

There will also need to be more consideration about how data is actually stored. The fact that the names of thousands of people can be held on a single compact disc is a risk too far; as the HMRC example I refer to above shows, centralised aggregation of data is an accident waiting to happen. Banks will have to impose limits on how many client details can be held in any one place. Again, this may be irksome, but it may be a price worth paying.

It is not just even banks that have an issue here over privacy of high net worth clients. Consider the case of HNW insurance. If a wealthy collector of art insures it, then the risk of an employee leaking such information out of a grudge would be disastrous – it gives every potential burglar information about the exact whereabouts and value of such assets. One of the reasons why art is often uninsured, so I hear, is precisely because people do not trust insurers to keep their mouths shut.

Of course, it is naïve for anyone who uses a private bank or similar organisation to imagine that their business affairs will not be made known to governments in some way; after all, under anti-money laundering laws, for example – becoming much tougher since 9/11 – bank staff in many countries are now obliged to report certain transactions to the authorities. Such staff can, as in the UK for instance, be punished under the criminal law if they fail to act as a whistleblower.

Even so, the behaviour of Elmer and WikiLeaks will lead to as big a clampdown in practices among such banks as it is likely to do in the field of diplomacy. While the actions of some dubious characters may be brought to light as a result of leaks, innocent folk with good reasons to use private banks will be caught up in the glare of publicity. Remember, the overwhelming issue for private banking now is to restore trust. If people fear that rogue bankers will sell their data off, that trust will be even harder to regain.