ABN Amro 'keeping security simple' during acquisition

ABN Amro is keeping its security function "simple and efficient" as acquirers the Royal Bank of Scotland, Santander and Fortis take over.

The bank, which was bought by the consortium, led by RBS, for £48 billion in 2007, has been working on a mammoth IT integration project to bring together the systems of the different companies.

Tom Roelofs, manager of incident response and prevention at ABN Amro, said the IT consequences of the takeover -- the largest in European banking history -- were "enormous", leading to changes in technology, outsourcing, budgets, and IT and project managers.

Speaking to Computerworld UK, he said IT integration work was progressing as the acquirers increased their direction over ABN Amro.

With the growing security risks on the web, and the heightened danger of disgruntled employees as job cuts were announced, ABN Amro knew it had to work hard to maintain high levels of security, he said.

"The combination of splitting the bank and transition to new owners at the same time, with a recession going on, is very difficult," said Roelofs, speaking at the Forrester EMEA Security Forum in London. "We had to think about how we would cope."

ABN Amro took assertive steps to structure its security processes and keep things as straightforward as possible, he said. Internal staff lead security, and outsourcers represent under 20 percent of security staff.

"We went further down the track of really structuring information security services, into divisions such as incident response, risk assessment and policy management," he explained. ABN Amro then made clear to the business all the services provided by each division.

Keeping staff on board and aware of security processes was "very critical", Roelofs said. "We have a lot of staff meetings telling them what we are doing, every two or three weeks.

"You can't afford to lose staff confidence in security. Once you've lost it, you can't get it back."