Internal affairs: As rogue employees target money and data, financial institutions reckon with how to protect their clients and operations from inside jobs

By Alexandra Posadzki

Shortly before noon on June 17, someone attempted to access banking information belonging to two Canadian prime ministers at the Royal Bank of Canada.

The person succeeded in viewing current Prime Minister Mark Carney’s information, and attempted to access former prime minister Justin Trudeau’s.

But the perpetrator wasn’t a hacker that had wormed his way into the bank’s IT systems. It was one of RBC’s own employees, a 23-year-old client adviser named Ibrahim El-Hakim working out of a branch near Parliament Hill, police allege in court documents.

The employee’s workstation, housed within a gleaming office tower at 99 Bank St., was under video surveillance, according to court documents. And his activity in RBC’s internal sales portal was being tracked by the bank, which monitors employees’ access of customer accounts.

The allegations against Mr. El-Hakim, which have not been proven in court, are the latest example of a pervasive problem facing Canadian banks and other institutions: the threat that someone inside the organization could abuse their access to critical systems and data.

Published by the Globe and Mail.