- Key insight: Following a foiled bomb plot, several major U.S.-based banks gave their employees the option to work from home this week.
- What's at stake: As the war with Iran continues, banks must be properly prepared for potential acts of terrorism, according to security experts, who say American banks that operate across the globe can be seen as symbols of the U.S. economy.
- Expert quote: "Anyone who's working for a U.S. bank — and any American — should consider their safety around this." — Holden Triplett, co-founder of risk advisory firm Trenchcoat Advisors
American banks are taking greater security precautions internationally amid concerns about threatened terrorist attacks on their operations in Paris.
After a thwarted bombing attempt and reports of other threats, several major financial institutions told their employees in the French capital this week that they could work from home. Major banks
Banks are ever-present targets for terrorist organizations that want to harm or send a message to the U.S., said Holden Triplett, a former leader in the Federal Bureau of Investigation and co-founder of risk advisory firm Trenchcoat Advisors.
"[Banks] are a symbolic piece of the U.S. economy that are all throughout the world," Triplett said. "It's also critical infrastructure. And so, for a lot of the conflicts that we have now, where it's harder to hurt the U.S. militarily, they'll go after these economic targets, like banks."
French authorities stopped a bomb plot against a Bank of America office in Paris in the early morning last Saturday. The authorities have reportedly arrested an adult and three teens. French prosecutors hope to charge them with forming a criminal terrorist conspiracy, manufacturing an explosive or incendiary device and attempted destruction in connection with a terrorist enterprise.
A Bank of America spokesperson said the company has been in close communication with authorities in both France and the U.S. The bank's roughly 700 employees in its Paris office were given the option to work from home this week, said a source familiar with the matter.
On Thursday, French police also upped their surveillance outside Goldman Sachs' Paris offices,
Goldman employees in Paris were given the option to work from home, a source familiar with the matter said. Goldman declined to comment.
Citi employees in Paris were also working remotely, "as a precautionary measure," a company spokesperson said in an email. The company has "robust contingency and resilience plans in place to ensure business continuity," the spokesperson said.
"The safety of our employees is our number one priority, and we are taking the necessary measures to keep our employees safe," the Citi spokesperson said.
Morgan Stanley declined to comment. JPMorganChase and Wells Fargo did not respond to a request for comment.
The French Banking Federation said in an email: "We express our support for the banks and teams involved, and we trust the authorities to handle the situation."
Neither the Office of the Director of National Intelligence in the U.S. nor France's National Antiterrorism Prosecutor's Office responded to a request for comment.
Triplett said that banks are facing more pressure to protect themselves as terrorism risk becomes more sophisticated and challenging to manage. As the war with Iran continues, attacks on Americans or private assets abroad can have a major impact on the U.S. military stance, he said.
"Anyone who's working for a U.S. bank — and any American — should consider their safety around this," Triplett said. "Even though they may think, 'Well, I'm not important. Who am I?' They have to just imagine that if they were targeted, harmed or involved in an attack, that makes a huge news story."
He said it's important that banks keep on top of liaison efforts with local or federal law enforcement in the countries where they operate to stay abreast of threat information.
Craig Gundry, vice president of special projects at risk management consulting group Critical Intervention Services, said he thinks it's unlikely that locally focused threats in Europe would be directly related to risk for U.S.-based bank employees. Still, companies should be reviewing their emergency response plans and understanding their threat awareness, due to the current geopolitical environment, he said.
"We are in a period of escalated risk right now," Gundry said. "So it is good … that American businesses, regardless of industry, have a higher threat posture, or at least a higher level of alertness and readiness."
He added that companies may remain on alert for weeks or months after threats of terrorism, but it depends on the particular situation.
The incidents in Paris come as financial institutions
"In light of the ongoing military action in the Middle East, we are coordinating with relevant parties to ensure our ecosystem has continuous access to the latest intelligence and guidance to protect the global financial system," said a spokesperson for FS-ISAC, a nonprofit focused on cybersecurity at financial institutions, in an email Thursday.
Bomb threats, which are less common than cyber threats, require detailed preparations, according to experts.
Triplett said he thinks that most major corporations, including banks, are fairly reactive to security incidents, and should prioritize considerations around physical security.
"In my experience, all of them could do with being a lot more proactive, and having a much better understanding of the environment," Triplett said. "The global threat environment has shifted pretty dramatically."
Gundry, who's been consulting in this area for 30 years, said companies' efforts to boost physical security in Europe ramped up after a series of attacks in Paris in November 2015, which killed 130 people.
He has since advised companies in Europe, including banks, on their security operations. The most effective security measures are part of long-term strategic plans, he said. When concerns appear after periods of dormancy, there usually isn't much lead-up time for companies to properly prepare facilities or train their employees.
"A lot of you know these measures, especially as far as physical security is concerned, really require some kind of strategic risk-management vision," Gundry said. "Thinking about, not just in light of today's concern, but potential concerns that could arise in the future."
