Why There Is No Bank Secrecy in Russia
In recent times, there has been a lot of talk in Russia about regular leaks of personal data. Unfortunately, the situation is quite bleak: people have become accustomed to ineffective legislation in this area, to the sale of databases, to “lookups,” and to the black market. There is also a general acceptance of the lack of punishment for those involved in these illegal activities.
But what if, instead of just your passport or police database information, all your bank accounts, cards, and transaction history became publicly available? Personal finances are an especially private matter for everyone. An adversary might know your name, address, phone number, and even your car’s make and license plate, but when they find out how much you spent at the supermarket yesterday or how much you saved up for a birthday gift, it’s a whole different story.
Why does this happen, and what makes it reasonable to say that bank secrecy in Russia is essentially nonexistent?
How Bank Secrecy Is Violated
In my previous article about the illegal personal data trade, I only briefly mentioned egregious violations of bank secrecy laws. I didn’t name the offending banks, though readers quickly recognized them by their signature colors (and, by the way, those ads are still up, with new positive reviews being added). Some criticized me for self-censorship. To clarify, I hide bank names because most of them have their own blogs on Habr, which brings profit and influence to the platform—unlike me. So, let’s just say any similarities are coincidental.
Another “coincidence”: last year, a well-known bank started pursuing two bloggers for “damaging business reputation.” Unsurprisingly, “lookup” services for this bank are also widely available on the black market.
To be fair, the entire Russian banking top tier is represented on the black market. In fact, the smaller the bank, the less likely you’ll find lookup services for it.
Banks do try to fight leaks and identify employees involved in such activities. Historically, each bank develops its own information security strategy and internal security services.
The State’s Role in the Problem
However, the government has made things worse with its desire to peek into citizens’ wallets. Today, external API interfaces are being implemented, allowing Russian government agencies to extract information about the accounts of individuals and legal entities (the latter have been accessible for a long time). This creates a bottomless hole, seemingly designed for all types of criminals and fraudsters. The banks’ “business reputation” and billions invested in security over the years are now at risk.
No bank security service can help if crafty government employees have one-click access to account information. The integrity of these people is questionable for many reasons, but perhaps the most telling is how openly they sell access to their own departmental databases.
While this “bright future” hasn’t fully arrived yet, comprehensive bank lookup services are still rare and cost significantly more than the market average. However, the future is already clear.
Account Freezes and Business Risks
Another significant event of the past three years: a huge field for fraud was created when agencies gained the ability to freeze any individual or business account. Previously, this was only possible with fake paper letters (for example, from the Federal Bailiff Service, which was much harder to pull off). The Central Bank’s directives finished the job, as banks themselves began eagerly finding formal reasons to freeze accounts. Can you guess what happened next?
Imagine you run a business in Russia and have competitors willing to use any means to push you out of the market. They already know every detail of your income and expenses. Now, they simply order an account freeze, and—bam—the trigger in the database flips from false to true, and there’s no way back. After months of running between the bank, tax authorities, and possibly the courts, you finally get your accounts restored. But is it any comfort if your business is already ruined by then?
A Systemic Issue
The situation is discouraging. When problems are systemic, it’s hard not to question the entire system’s integrity. No matter how you look at it, being honest in such an environment is much harder and less profitable than skillfully playing by its unwritten rules, forgetting about conscience and other “unnecessary” qualities. This is especially striking against the backdrop of endless talk about a “special path,” high morals, strong values, and great spirituality.
But it’s also about basic professionalism. In the commercial banking sector, an employee caught leaking data is likely to be fired and unable to find a similar job. In government agencies, unfortunately, ethical standards are lacking. Banks at least care somewhat about their reputation in the eyes of clients.
In government agencies, even employees caught leaking data usually avoid punishment and keep their jobs. But that’s another story and problem (without solving which, no positive changes will happen in the country). And who says anyone will even look for those employees?
Why Does This Happen Despite World-Class Fintech?
Why do such outrageous things happen in a country with some of the world’s best fintech (no exaggeration—Russian fintech may be the best)? I can’t find an answer, as the world has probably never seen such large-scale abuses: entire agencies with gaping holes, and lookup services running like clockwork online. All this happens while new personal data protection laws are constantly being passed, which only add headaches for small businesses—another excuse for fines over trivialities like “incorrect consent form format.”
Some readers may object: “You’re criticizing Russia again, but all countries are building systems to monitor financial flows, and the USA and Western Europe did it first.”
That’s true. Every state seeks economic security. All countries have had leaks, local corruption, and cases where employees sold information for a “thank you.”
The difference is fundamental. First, in all first-world countries, such leaks mean real prison time, not “let’s not air our dirty laundry.” Second, and most importantly, there’s a moral aspect.
If you feel comfortable in your country and know you can live with dignity by being an honest, hardworking person, you subconsciously don’t mind oversight agencies. Paradoxically, in such countries, the ethical and professional level of agency employees is much higher: they do their jobs so that everyone can live comfortably. You yourself become the beneficiary of their work.
If the opposite is true, then oversight mechanisms, multiplied by rampant corruption and staffed by unprofessional employees hired through negative selection, evoke very different feelings. The rhetorical question remains: who benefits from their work?
As always, I leave it to readers to draw their own conclusions.