Bloomberg Releases Report Following Client Data Review
Bloomberg L.P. today released a report resulting from an external review of the company's client data policies and procedures, led by the law firm Hogan Lovells and the regulatory compliance firm Promontory Financial Group, which concluded that Bloomberg has appropriate client data policies and controls in place. The company also announced the adoption of additional new procedures consistent with recommendations stemming from the review.
Former IBM Chairman and CEO Samuel J. Palmisano has provided independent advice to Bloomberg's Board of Directors on the company's client data policies and practices since May 2013. Commenting on the Hogan Lovells/Promontory report, Mr. Palmisano stated, "The report issued today is thorough, objective and comprehensive. Bloomberg's leadership recognized the need for a more comprehensive set of policies and procedures. They acted quickly to enhance their existing structures and put more resources behind this critical priority. Based on my own observations, I support the report's conclusion that Bloomberg currently has appropriate policies and controls in place."
Additionally, Clark Hoyt, previously Editor-at-Large at Bloomberg News and a former Public Editor of The New York Times, led an internal review of the relationship between Bloomberg's news and commercial operations. The company released Mr. Hoyt's findings and recommendations, and has begun to implement them. Mr. Hoyt said, "Based on my review, I have offered recommendations to Bloomberg with the intention of helping news and the whole company adhere fully and consistently to their already-high standards, as well as to highlight areas where policies and practices should be revisited in a rapidly-changing world."
CEO and President Daniel L. Doctoroff, said, "We know we needed to evolve, and we have learned from our mistakes. We are already implementing many of the recommendations we received. Most importantly, we have carefully listened to our clients and other constituencies, and their suggestions are helping make us a better partner."
Peter T. Grauer, Chairman of Bloomberg, said, "Our Board of Directors placed a high priority on ensuring the experts had full and complete access to Bloomberg employees and the company's operations to identify areas of concern and address how could we fix them."
The reviews included:
- Examination of more than 500,000 news stories
- 425 interviews of Bloomberg employees
- 230,000 separate tests of client data systems
- In-depth examination of more than 350 documents, including internal policy manuals, policy notes, training guides and client visit logs
The Hogan Lovells/Promontory report, which includes Mr. Palmisano's statement on the report, and the findings and recommendations from Mr. Hoyt can be found on the Bloomberg terminal at RVWS <GO> and online at www.bloomberg.com/reviews.
Bloomberg has taken several actions related to the Hogan Lovells/Promontory report, many of which were implemented during the course of the reviews. As noted in the report, those actions include:
Enhancing the company's governance framework:
- The Bloomberg Board of Directors' Audit Committee now includes oversight of risk and compliance, and the Committee is now comprised of a majority of independent directors.
- The company is in the process of hiring a Chief Risk and Compliance Officer, reporting to the CEO. The heads of risk, corporate compliance, client data security, and security will report to him or her.
- The company has committed to periodic third-party reviews of client data compliance controls, the results of which will be made available to clients.
- These actions are in addition to the appointment of a Client Data Compliance Officer in April 2013.
Augmenting Bloomberg's prior client data compliance controls:
- Bloomberg has created a role-based permissioning framework, with a centralized access control team that oversees the granting of access privileges to restricted data.
- The company is enhancing its systems that monitor for unauthorized access.
- Bloomberg has also developed a framework that formalizes client data compliance policy and procedures.
Expanding training on privacy and client data compliance policies and
- In addition to mandatory firm-wide training on privacy and client data issues, the company is creating tailored training modules for specific workforce roles.
- The company has created a central portal to provide access to training modules, and a separate portal to provide privacy and client data policies and procedures.
Restricting journalist access to client data:
- Journalists no longer have access to client UUID and ADSK screens1 and their access to client data is the same access that non-employee terminal users have.
- Journalists no longer have access to Bloomberg's anonymous chat rooms.
Mr. Hoyt's Recommendations