By Sinead Cruise and John O'Donnell
LONDON/FRANKFURT (Reuters) -France's largest bank BNP Paribas (OTC:BNPQY) has cut off its Russia-based workforce from its internal computer systems as it seeks to bolster its defences against any potential cyber attack, a source with direct knowledge of the matter told Reuters.
The French lender, believed to be the first major bank to have jettisoned staff in Moscow from its IT networks, has also placed employees in other locations on high alert for cyber threats emanating from Russia, following its invasion of Ukraine, an internal memo seen by Reuters showed.
The move, aimed at protecting the bank from cyber criminals who could use the local network as an access point, also further distances its shrinking Russian operations from the rest of the group.
Banks are grappling with an unprecedented wave of Western sanctions designed to smother President Vladmir Putin's aggression by sparking domestic economic chaos, while any counter sanctions from Moscow could abruptly end lenders' relationships with one of the globe's biggest energy producers.
BNPP raised the alarm in late February after regulators, including the European Central Bank, warned of the threat of retaliatory hacking as Russia seeks to promote economic instability in countries siding with Ukraine.
The Kremlin has repeatedly denied the Russian state has anything to do with hacks against other countries.
BNPP employs fewer than 500 people in Russia, a fraction of its 190,000-plus global headcount, and has been gradually reducing its presence there, exiting retail banking in 2012 and consumer finance in 2020.
Moscow-based staff lost access to the bank's network last week and it is unclear when this will be restored, the source told Reuters.
A BNPP spokesperson said it was one of the "least active" international banks in Russia but it complied strictly with all international sanctions decided by the European Union and other governments.
"In the current geopolitical context cyber attacks are likely to multiply," the bank said in a series of messages sent to top staff and seen by Reuters.
"Our cybersecurity ... teams are on heightened alert ... and are extensively monitoring our networks," it said, adding that it had told business partners to do the same, as it assigned the hacking threat the "highest priority".
VULNERABILITY
The warning underscores a vulnerability of large Western banks and investment firms beyond the direct financial impact of war on business activities and asset values.
Cyber attacks can result in customers being unable to access accounts and other services and can hamper a bank's ability to trade.
BNPP outlined a 3 billion euro ($3.29 billion) exposure to Russia and Ukraine on Wednesday, while Italy's Unicredit (MI:CRDI) said a full write-off of its Russian business would cost around 7.4 billion euros.
Citigroup (NYSE:C), Britain's Lloyds Banking Group (LON:LLOY) and Ireland's AIB Group (OTC:AIBRF) have also flagged the risk of cyber attacks since Russia launched its attack on Ukraine, which Moscow refers to as a "special military operation" to disarm and dislodge leaders it calls "neo-Nazis".
Meanwhile, the Bank of England is beefing up its Cyber Security Division, with an Emerging Threat Specialist and several Senior Cyber Defence Analyst vacancies among a raft of new roles posted on its website in recent days.
The CEO of Swiss stock exchange operator SIX said on Wednesday there had been an increase in hacker attacks around the start of Russia's military operation last month.
Kyiv's cyber watchdog agency has said that Ukrainian websites have been under non-stop attack from Russian hackers since the invasion, while Meta Platforms said it had removed a network of fake accounts, groups and pages across Facebook (NASDAQ:FB) and Instagram that operated from Russia and Ukraine targeting people in Ukraine.
($1 = 0.9107 euros)