This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/business/2019/dec/19/hedge-funds-hacked-into-bank-of-england-briefings

The article has changed 8 times. There is an RSS feed of changes available.

Version 4 Version 5
Bank of England executive urged to quit over security breach Watchdog investigates Bank of England security breach
(about 7 hours later)
Joanna Place told to resign after hedge funds gain early access to Mark Carney pressers Threadneedle Street says access to press conferences via back-up audiofeed unacceptable
The Bank of England’s chief operating officer should resign immediately after a security breach that gave paying hedge funds early access to Mark Carney’s market-moving press conferences, according to a former member of the Bank’s monetary policy committee. The UK’s financial watchdog has launched an investigation into a security breach at the Bank of England that allowed hedge funds early access to an audio feed of Mark Carney’s market-moving press conferences.
Joanna Place reports directly to Carney, the governor, and has had responsibility for the Bank’s information security since July 2017. In a breach casting a shadow over the governor’s final weeks at the Bank before he stands down at the end of next month, Threadneedle Street confirmed that its back-up audio feed for press conferences had been misused by a third party supplier.
Danny Blanchflower, who served on the MPC until 2009, said Place’s position was untenable after the Bank admitted the breach, first reported by the Times, late on Wednesday night. Following a rapid internal probe at the Bank after the breach was first uncovered by the Times, the central bank said it had referred the matter to the Financial Conduct Authority, which is now investigating the incident.
“Carney should be absolutely furious,” he said. “The person in charge of the Bank’s security should be quitting within the next hour. Raising questions over whether hedge funds managed to profit from accessing the market-sensitive press conference seconds ahead of others, the breach comes after years of efforts to prevent misconduct in financial markets in the wake of the 2008 financial crisis.
“Did they know this was being done? Did they know that someone was charging? If not, why not?” Threadneedle Street said that the misuse of the back-up audio feed which is up to eight seconds faster than its main video feed was “wholly unacceptable” and had been done without the Bank’s knowledge or consent. The video feed is the main vehicle for broadcasting the press conference, and is handled by the financial news and data company Bloomberg.
The Bank declined to comment on the call for Place to resign. The third-party supplier was reportedly connected to a market news service that charged clients between £2,500 and £5,000, according to the Times.
High-frequency traders could have used the information to gain an advantage over their rivals. Carney’s comments, which are broadcast online, can often move currency and bond markets if they give hints as to the future path of interest rates. The Bank did not identify the third-party provider. However, Statisma News, a little known Essex-based company that sells live streams of central bank press conferences, posted a statement on its website in response to questions from the Financial Times. The company’s directors are listed as Philip Wand and Tom Sillence, both of whom are also directors of Encoded Media, a video services provider to businesses based at the same address, which lists government departments, the NHS and the Royal Navy among its customers. The Guardian has attempted to contact Wand and Sillence for comment.
The Bank confirmed unnamed traders gained access to a backup audio feed run by an unnamed third-party supplier that was put in place in case the main feed failed. The financial data company Bloomberg handles the main video feed. The statement said: “Statisma is a technology company specialising in the delivery of publicly available audio content. We do not carry embargoed information and we do not release information without it first being made available to the public. It is impossible to ‘hack’ or ‘eavesdrop’ any live public event or press conference. Any such suggestion is dismissed out of hand.”
The audio feed, which is faster to compress and transmit than video, gave traders a head start of up to eight seconds. Statisma tweeted in April that it could provide customers with feeds “up to 10 seconds faster than watching them on live TV”, including for press conferences held by the Bank, the US Federal Reserve and European Central Bank.
The third-party supplier reportedly charged clients between £2,500 and £5,000. The Bank has referred the case to the Financial Conduct Authority (FCA), and it has prompted a review of security at the Bank’s Threadneedle Street headquarters. The ECB said on Thursday that since September this year it had offered a low latency or minimal time delay audio feed to “address exactly the issues that were in the news today”. It added: “Therefore, it doesn’t make any sense for anyone to use commercially offered solutions because the solution we offer is the fastest option available and it is free for everyone.” The Fed has also been contacted for comment.
The breach will cast a shadow over the final six weeks of Carney’s term as governor. He will leave on 31 January after carrying out one more interest rate press conference on 30 January. An announcement on his replacement by the chancellor, Sajid Javid, was expected before Christmas. The Times also reported on Thursday that a company received advance copies of speeches and other market-moving publications while it was linked to an unnamed, accredited news organisation. Livesquawk received embargoed releases before their official publication until last year when the firm was stripped of access, it is understood. According to the Times, the directors of Livesquawk and Encoded media were also co-owners of a company Microlatency that sold audio feeds to high-speed traders. Microlatency was placed into liquidation in January, the Times said, with its services now being offered by Statisma.
The Bank published the latest MPC decision on Thursday but no press conference was scheduled to take place. The director of Livesquawk, Harry Daniels, said: “We have never hijacked anything, we have no access to infrastructure at the Bank. Neither I nor Livesquawk have anything to hide or be fearful of re the FCA and will happily assist them in any way possible.”
Andrew Sentance, a senior adviser to Cambridge Econometrics who previously served on the committee, said the security failure was “unprecedented” for a central bank. Many hedge funds operate a high-frequency trading business model, in which they use ultrafast computer systems to buy and sell financial products, attempting to get ahead of their rivals by microseconds. Some firms utilise microwave transmitters to gain split-second advantages.
“Central banks pride themselves on confidentiality and making sure communication is well managed,” he said. “There has been an abuse of information here. The question in your mind will be, if this happened what else has happened? Are the Bank’s communications secure?” Carney’s comments, which are broadcast online, can often move currency and bond markets if they give hints as to the future path of interest rates. The Bank’s governor is due to stand down on 31 January after carrying out one more interest rate press conference on 30 January. The chancellor, Sajid Javid, is expected to announce his replacement imminently.
John McDonnell, the shadow chancellor, described the breach as “yet another scam exposed at the heart of our financial system” and said it lent weight to his call for an inquiry into financial sector regulation.
The Bank published the latest MPC decision on Thursday but no press conference was scheduled to take place. It said that the misuse of its audio feed had taken place since earlier this year, raising the prospect that hedge fund customers had obtained advantageous access to key press events.
In 2017, the Office for National Statistics stopped giving out figures early after research showed it was highly likely they were being leaked.In 2017, the Office for National Statistics stopped giving out figures early after research showed it was highly likely they were being leaked.
The breach will be of particular embarrassment to the Bank, given its recent focus on the security policies of the companies it regulates. Researchers found there was a “credible case to link cyber-risk to systemic risk in the financial sector” in a December 2018 paper.The breach will be of particular embarrassment to the Bank, given its recent focus on the security policies of the companies it regulates. Researchers found there was a “credible case to link cyber-risk to systemic risk in the financial sector” in a December 2018 paper.
The Bank has known about the breach since before its previous press conference, held after the release of its financial stability report on 16 December.
The FCA is likely to focus on whether the information accessed early constituted inside information and then whether the managers of the investment firms involved had acted with propriety, a senior regulatory lawyer said. The investment managers involved could potentially face personal regulatory action, the lawyer said.The FCA is likely to focus on whether the information accessed early constituted inside information and then whether the managers of the investment firms involved had acted with propriety, a senior regulatory lawyer said. The investment managers involved could potentially face personal regulatory action, the lawyer said.
In a statement published on Wednesday shortly before midnight, the Bank said: “Following concerns raised with the Bank, we have recently identified that an audio feed of certain of the Bank press conferences installed only to act as a backup in case the video feed failed has been misused by a third-party supplier to the Bank since earlier this year to supply services to other external clients. Danny Blanchflower, a former member of the Bank’s monetary policy committee, said that Threadneedle Street’s chief operating officer should resign immediately in the wake of the breach.
“This wholly unacceptable use of the audio feed was without the Bank’s knowledge or consent and is being investigated further. Joanna Place, who reports directly to Carney, has had responsibility for the Bank’s information security since her appointment in July 2017.
“On identifying this, the Bank immediately disabled the third-party supplier’s access. As a result, the third-party supplier did not have any access to the most recent press conference and will no longer play any part in any of the Bank’s future press conferences. “Carney should be absolutely furious,” Blanchflower said. “The person in charge of the Bank’s security should be quitting within the next hour.
“The Bank operates the highest standards of information security around the release of the market-sensitive decisions of its policy committees. The issue identified related only to the broadcast of press conferences that follow such statements.” “Did they know this was being done? Did they know that someone was charging? If not, why not?”
The Bank declined to comment on the call for Place to resign.
Andrew Sentance, a senior adviser to Cambridge Econometrics who also previously served on the Bank’s MPC, said the security failure was “unprecedented” for a central bank.
“Central banks pride themselves on confidentiality and making sure communication is well managed,” he said. “There has been an abuse of information here. The question in your mind will be, if this happened what else has happened? Are the Bank’s communications secure?”