State Street is set to sit down with one of its largest pension fund clients to address improvements it has made to its data security policy, as it discusses a potential global custody renewal.
Hermant Bhide, head of State Street’s US asset owner business will take part at the next board meeting of the $57.1 billion Los Angeles County Employees Retirement Association (LACERA) on 9 January to give an update to three data security incidents that occurred at the bank last year, according to board meeting documents revealed by the pension fund.
The incidents include LACERA’s market value and performance information being disclosed to a US-based non-financial investment consultant not affiliated with LACERA, the disclosure of LACERA’s demand deposit account numbers and client contact information which was emailed to an outside party, and the exposure of sensitive trade information to a fixed income manager not affiliated with the fund.
It has since requested additional information from State Street on these incidents and specific information as to potential changes it has made to reduce the risk of such incidents occurring again.
“We take our role as a trusted provider extremely seriously. We continue to devote significant time and resources to improving the governance and controls of our information security processes. This is, and will continue to be, a top priority,” said a spokesperson for State Street.
LACERA is currently in the process of reviewing its global custody mandate with State Street, which has administered its assets since 2012, but it stated in the documents that “staff is working with State Street to re-onboard the custodial bank relationship.”
It has also reached out to SS&C Technologies, Citco and State Street for information on real estate fund administration services, the documents show.
Custodians, broker-dealers and market infrastructure providers have been encouraged to enhance their cyber-security procedures, as the financial gain on offer for cyber criminals to hack and manipulate valuable securities data could be significantly high.
Last year, the International Securities Services Association (ISSA) released a report following its symposium in May, where it concluded that although the securities services industry has so far escaped unceasing cyber-assaults of this kind, it would be complacent to assume this will continue.