Do Russia’s spies have backdoor access to Europe’s central bank?

Are private investigators able to source details of individual and company bank accounts across Europe from deep inside the European Central Bank? And do so lawfully?

Those questions are being tested in a remarkable legal battle spanning the US, England and the UK’s Channel Islands. The answers will have implications far beyond the world of corporate intelligence and asset recovery. If the answer to both questions is “Yes”, the consequences for banks and their customers could be far-reaching.

The protagonists in the legal drama include a leading London law firm, a wealthy widow and her stepchildren, a politically-connected investigations boutique and a former East European intelligence agent in Russia. For six months, they have been tussling over the origin – and authenticity – of highly sensitive data. The data, deployed by the London lawyers to advance their case, is said to have been obtained from the European Central Bank. The bank operates payment systems used by nearly 2,000 European and British banks.

The backstory is a familiar one: a wealthy widow and her stepchildren disagree over the administration of their late father’s estate. The dispute goes to court. The stepchildren suspect her of concealing assets that should be disclosed.

In April 2023, the UK lawyers acting for the stepchildren engaged a London-based investigations firm. In May, this firm provided the lawyers with detailed information about offshore companies and bank accounts purportedly belonging to the stepmother.

The investigators appeared to have hit a goldmine. They provided intelligence about five bank accounts (purportedly in the stepmother’s name) containing over €100m. The accounts were with four private banks variously in Switzerland, Monaco and Luxembourg. When asked by the lawyers to confirm the accuracy of the intelligence, they provided numerous documents that detailed the dates, parties and amounts of scores of individual transactions to and from the accounts. These documents, which included SWIFT messages of individual transactions, appeared to show that the stepmother had received undisclosed payments over US$ 140m since the death of her husband. In July, further documents detailing accounts at a private bank in Monaco were produced.

It is unusual for asset tracing investigations to generate this level of detail. Assurances were sought that the information had been lawfully obtained. The investigation firm emphatically stated (and continues to state) that this is the case. In July, the stepchildren used the bank documents to support their case in a Jersey court.

The stepmother strongly refutes the accuracy of the information. She denies any knowledge of the bank accounts and of three Liechtenstein companies to which the investigators reported she is connected. Each of the four banks stated that they did not hold – or had ever held – accounts in her name. One bank went further: it pointed out that the SWIFT references for some transactions were in the wrong format. Various asset managers and trustee companies have also stated that they have no relationship with the stepmother, contrary to information provided by the investigators.

In short, the stepmother states that the documents are forged. In July, she successfully obtained from the Jersey courts an order obliging the stepchildren to provide information about the provenance of the disputed documents so she could discover who was responsible for the alleged forgery.

The stepchildren have found this difficult. The investigation firm has been reluctant to provide its own clients with the information requested by the Jersey Court, citing (among other reasons) a duty of confidentiality to its sources.

The stepmother does not assert that the London investigators forged the documents, only that someone involved in their supply did so. In December, an English court (while rebuffing her attempts to force the investigators to provide more information) seemed inclined to agree with her. Making reference to the multiple bank denials, the judge remarked that “the evidence of forgery is, as it presently appears, very strong”.

The investigation firm insists the documents are genuine. To prove its case, it has sought orders from courts in the United States for disclosure of records that US clearing systems hold for the transactions that were made in dollars. If the ECB documents are genuine, the US information will have matching records of the same transactions. (The US CHIPS clearing system and Federal Reserve Bank have records of all US dollar transactions, irrespective of the countries in which they were made). Papers filed in the US courts reveal the following:

• To obtain the banking information, the investigation firm engaged a “trusted individual” who is a “former intelligence operative within the intelligence service of an eastern European country”. This “trusted individual” lives in Russia.
• Most of the documents were produced from records held by the European Central Bank.
• The former intelligence operative accessed the ECB data using one or more “human sources” of his own.
• One (perhaps both) of these human sources “works for an organisation other than the ECB which nonetheless has access to the information within the ECB”.
• The data was not obtained by hacking, according to the investigation firm.
• The investigators would not disclose the identity of the former intelligence operative living in Russia, claiming that his safety would be put at risk.
• It could not disclose the identity of the two human sources, because it did not know their identity.
• The investigation firm again emphasised that the ECB and other records were obtained lawfully – and that “no payment was made for their provision”.

Greyhawk is not involved in this dispute and can make no comment on the accuracy of the competing claims. Greyhawk does not suggest or imply any wrongdoing by any of the parties.

It is possible that the information comes from a payments system operated by the ECB called Target2, mainly used for large transactions. The system processes around 350,000 transactions every day, with an average daily throughput of €1.8 trillion. It is not known if the “organisation…that has access to the ECB” data is one of the commercial banks that use the system or one of three central banks (Banque de France, Deutsche Bundesbank, and Banca d’Italia) that operate the system on behalf of the ECB.

But if it is proven that private individuals in Russia (not least those with a background in intelligence) can call up data of any transaction, between any individual or company who are customers of a thousand-odd European banks – then the ECB is likely to launch an urgent overhaul of its information security.