Oct. 1 (Bloomberg) -- European Union regulators inadvertently sent confidential data to 13 of the world’s biggest lenders as part of an antitrust complaint in an investigation of the credit derivatives industry.
The European Commission said a limited amount of sensitive information was accidentally left in the documents by law firms representing companies in the probe. After the revelation was discovered, recipients including Goldman Sachs Group Inc. and JPMorgan Chase & Co. were told they must promise to destroy the information without reading it.
“The access was caused by mistakes committed by some members of IT departments of some law firms who represent companies in this investigation,” said Antoine Colombani, a spokesman for Joaquin Almunia, the EU’s antitrust chief. “The commission declines any responsibility if document owners” use inappropriate IT software to redact sensitive information, he said.
The credit-default swaps probe, which includes HSBC Holdings Plc and Deutsche Bank AG, is one of two priority EU investigations into financial institutions. Almunia has also led the EU’s probe into the rigging of the London interbank offered rate, a scandal that’s tarnished the reputation of banks seeking to recover from the biggest financial crisis since the Great Depression.
“It is quite ironic that the CDS investigation started off, in a nutshell, as an investigation into information sharing and benchmarking,” said Emanuela Lecchi, a lawyer with Watson, Farley & Williams LLP in London. “I suspect that this will not be the last time when something of this kind happens.”
The commission, in a July statement of objections, accused the banks, data provider Markit Group Ltd. and the International Swaps & Derivatives Association of working together to prevent Deutsche Boerse AG and the Chicago Mercantile Exchange from entering the credit-derivatives business from 2006 to 2009.
The commission said it suspected that “the banks controlling” ISDA and Markit instructed them to prevent the two exchanges from obtaining licenses for data and index benchmarks in order to keep derivatives business in the over-the-counter market. The entry of exchanges would have reduced banks’ revenues from acting as intermediaries in the over-the-counter market, the regulator said.
ISDA was a late addition to the probe, with the regulator only announcing its inclusion in March.
Recipients of antitrust complaints have a right to see evidence underpinning the regulator’s case. Typically this is collated and sent in a DVD by the commission. The information malfunction came as part of this process giving recipients access to the probe file, said Colombani.
“The access to any confidential information remained limited in scope as only a fraction of the documents of the commission’s file were concerned by the incident,” Colombani said. He didn’t identify what data was revealed or companies and law firms involved.
“A law firm used forensic IT to browse and extract information from the file and discovered that more text became visible after this process,” Colombani said. “The law firm stopped the review immediately and informed the commission.”
Even though the quantity of documents containing sensitive business data was limited, each instance could have contained several hundred pages, according to a person familiar with the matter. The last time comparable slip-ups took place was in the late 1990s, when data in PDF documents weren’t securely deleted, said the person, who asked not to be identified because the probe is confidential.
“I expect the hidden information was content amended or deleted in earlier drafts of the documents,” said Michael Wainwright, a lawyer for Eversheds LLP in London. “This is often saved as metadata in electronic document formats and can be a real trap for lawyers. For example, it can reveal the offer you were going to make before you changed your mind.”
Almunia needs to move fast if he is to finish the investigation before his term ends in the second half of next year.
The EU announced the probe on April 29, 2011 -- the same day that U.K. staff at British banks Barclays Plc, HSBC and Royal Bank of Scotland Group Plc had a public holiday to celebrate the wedding of Prince William and Catherine Middleton.
European lenders Credit Suisse Group AG, BNP Paribas SA and UBS AG are also under investigation, along with U.S. banks Citigroup Inc., Morgan Stanley, Bank of America Corp. and Bear Stearns Cos., which JPMorgan acquired in 2008.
Officials at all of the banks in the probe, as well as ISDA, declined to comment on the disclosure. Markit didn’t immediately respond to a call and an e-mail. Law firms in London and Brussels declined to comment on the case.
The delivery of the statement of objections in July was a surprise because banks were still responding to an EU request for information that had an October deadline, four people familiar with the case said.
As well as the leaked data in the evidence file, the complaint contained some factual errors such as incorrectly listing the names of the companies on the ISDA board, said another person familiar with the probe.
The EU authority, which reviews mergers, state aid and polices antitrust violations, is under pressure to protect confidentiality as it handles the most intimate secrets of companies and countries from Google Inc. to Germany.
Colombani said that the commission informs those involved in cases “that their non-confidential versions will be made accessible to the parties of the proceedings and that they should check that even properties of their electronic documents do not contain any confidential information.”
After the initial inadvertent disclosure of information in the CDS case, a second evidence-file was sent, without any business secrets.
Any data lapse is unlikely to affect the fundamentals of the EU’s investigation, said Nicolas Petit, a law professor at the University of Liege in Belgium.
Bloomberg LP, the parent of Bloomberg News, competes with Markit in selling information to the financial-services industry.
To contact the editor responsible for this story: Anthony Aarons at firstname.lastname@example.org